public UpgradeParameters()
{
_ocspServers = new List <string>();
_crls = new List <X509Crl>();
_digestMethod = _defaultDigestMethod;
_crlParser = new X509CrlParser();
}
public static byte[] ComputeHashValue(byte[] value, DigestMethod digestMethod)
{
using (var alg = DigestUtil.GetHashAlg(digestMethod))
{
return(alg.ComputeHash(value));
}
}
public UpgradeParameters()
{
_ocspServers = new List <OcspServer>();
_crls = new List <X509Crl>();
_digestMethod = _defaultDigestMethod;
_crlParser = new X509CrlParser();
_getOcspUrlFromCertificate = true;
}
public XElement Serialize()
{
var result = new XElement(Constants.XMLNamespaces.DS + "Reference",
new XAttribute("URI", Uri),
Transforms.Serialize(),
DigestMethod.Serialize(),
new XElement(Constants.XMLNamespaces.DS + "DigestValue", DigestValue));
return(result);
}
private BcCms.Attribute GetTimeStampAttribute(DerObjectIdentifier oid
, TimeStampClient tsa, DigestMethod digestMethod, byte[] messageImprint)
{
byte[] toTimeStamp = digestMethod.CalculateDigest(messageImprint);
byte[] timeStampToken = tsa.GetTimeStamp(toTimeStamp, digestMethod, true);
BcCms.Attribute signatureTimeStamp = new BcCms.Attribute(oid, new DerSet(Asn1Object.FromByteArray
(timeStampToken)));
return(signatureTimeStamp);
}
/// <summary>Serves as the default hash function. </summary>
/// <returns>A hash code for the current object.</returns>
public override int GetHashCode()
{
unchecked
{
int hashCode = URI.GetHashCode();
hashCode = (hashCode * 397) ^ Transforms.GetHashCode();
hashCode = (hashCode * 397) ^ DigestMethod.GetHashCode();
hashCode = (hashCode * 397) ^ DigestValue.GetHashCode();
return(hashCode);
}
}
public static SMimeDigestMethod FindByDigestMethod(DigestMethod digestMethod)
{
foreach (SMimeDigestMethod method in Values())
{
if (method.digestMethod.Equals(digestMethod))
{
return(method);
}
}
throw new ArgumentException(string.Format("Digest method '{0}' not known.", digestMethod));
}
/// <summary>
/// Realiza la peticiĆ³n de sellado del hash que se pasa como parametro y devuelve la
/// respuesta del servidor.
/// </summary>
/// <param name="url"></param>
/// <param name="hash"></param>
/// <param name="digestMethod"></param>
/// <param name="certReq"></param>
/// <returns></returns>
public static byte[] GetTimeStamp(string url, byte[] hash, DigestMethod digestMethod, bool certReq)
{
string digestAlg;
TimeStampRequestGenerator tsrq = new TimeStampRequestGenerator();
tsrq.SetCertReq(certReq);
if (digestMethod == DigestMethod.SHA1)
{
digestAlg = TspAlgorithms.Sha1;
}
else if (digestMethod == DigestMethod.SHA256)
{
digestAlg = TspAlgorithms.Sha256;
}
else
{
digestAlg = TspAlgorithms.Sha512;
}
TimeStampRequest tsr = tsrq.Generate(digestAlg, hash, BigInteger.ValueOf(100));
byte[] data = tsr.GetEncoded();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "POST";
req.ContentType = "application/timestamp-query";
req.ContentLength = data.Length;
Stream reqStream = req.GetRequestStream();
reqStream.Write(data, 0, data.Length);
reqStream.Close();
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
if (res == null)
{
return(null);
}
else
{
Stream resStream = new BufferedStream(res.GetResponseStream());
TimeStampResponse tsRes = new TimeStampResponse(resStream);
resStream.Close();
return(tsRes.TimeStampToken.GetEncoded());
}
}
/// <summary>
/// Realiza la peticiĆ³n de sellado del hash que se pasa como parametro y devuelve la
/// respuesta del servidor.
/// </summary>
/// <param name="hash"></param>
/// <param name="digestMethod"></param>
/// <param name="certReq"></param>
/// <returns></returns>
public byte[] GetTimeStamp(byte[] hash, DigestMethod digestMethod, bool certReq)
{
TimeStampRequestGenerator tsrq = new TimeStampRequestGenerator();
tsrq.SetCertReq(certReq);
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks);
TimeStampRequest tsr = tsrq.Generate(digestMethod.Oid, hash, nonce);
byte[] data = tsr.GetEncoded();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_url);
req.Method = "POST";
req.ContentType = "application/timestamp-query";
req.ContentLength = data.Length;
if (!string.IsNullOrEmpty(_user) && !string.IsNullOrEmpty(_password))
{
string auth = string.Format("{0}:{1}", _user, _password);
req.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.Default.GetBytes(auth), Base64FormattingOptions.None);
}
Stream reqStream = req.GetRequestStream();
reqStream.Write(data, 0, data.Length);
reqStream.Close();
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
if (res.StatusCode != HttpStatusCode.OK)
{
throw new Exception("El servidor ha devuelto una respuesta no vƔlida");
}
else
{
Stream resStream = new BufferedStream(res.GetResponseStream());
TimeStampResponse tsRes = new TimeStampResponse(resStream);
resStream.Close();
tsRes.Validate(tsr);
if (tsRes.TimeStampToken == null)
{
throw new Exception("El servidor no ha devuelto ningĆŗn sello de tiempo");
}
return(tsRes.TimeStampToken.GetEncoded());
}
}
SMimeDigestMethod(
string[] identifier,
string method,
string algorithm,
Asn1Object oid,
DigestMethod digestMethod,
TransportProfile transportProfile)
{
this.identifier = identifier;
this.method = method;
this.algorithm = algorithm;
this.oid = oid;
this.digestMethod = digestMethod;
this.transportProfile = transportProfile;
}
/// <summary>
/// Realiza la peticiĆ³n de sellado del hash que se pasa como parametro y devuelve la
/// respuesta del servidor.
/// </summary>
/// <param name="url"></param>
/// <param name="hash"></param>
/// <param name="digestMethod"></param>
/// <param name="certReq"></param>
/// <returns></returns>
public static byte[] GetTimeStamp(string url, byte[] hash, DigestMethod digestMethod, bool certReq)
{
string digestAlg;
TimeStampRequestGenerator tsrq = new TimeStampRequestGenerator();
tsrq.SetCertReq(certReq);
if (digestMethod == DigestMethod.SHA1)
{
digestAlg = TspAlgorithms.Sha1;
}
else if (digestMethod == DigestMethod.SHA256)
{
digestAlg = TspAlgorithms.Sha256;
}
else
{
digestAlg = TspAlgorithms.Sha512;
}
TimeStampRequest tsr = tsrq.Generate(digestAlg, hash, BigInteger.ValueOf(100));
byte[] data = tsr.GetEncoded();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "POST";
req.ContentType = "application/timestamp-query";
req.ContentLength = data.Length;
Stream reqStream = req.GetRequestStream();
reqStream.Write(data, 0, data.Length);
reqStream.Close();
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
if (res == null)
{
return null;
}
else
{
Stream resStream = new BufferedStream(res.GetResponseStream());
TimeStampResponse tsRes = new TimeStampResponse(resStream);
resStream.Close();
return tsRes.TimeStampToken.GetEncoded();
}
}
/// <summary>
/// Indicates whether the current object is equal to another object of the same type.
/// </summary>
/// <param name="other">An object to compare with this object.</param>
/// <returns>true if the current object is equal to the <paramref name="other" /> parameter; otherwise, false.</returns>
public bool Equals(Reference other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return(string.Equals(URI, other.URI) &&
Transforms.SequenceEqual(other.Transforms) &&
DigestMethod.Equals(other.DigestMethod) &&
DigestValue.Equals(other.DigestValue));
}
/// <summary>
/// MƩtodo que busca en las demƔs firmas el message-digest que coincida con el algoritmo de huella dado
/// </summary>
/// <param name="siStore"></param>
/// <param name="digestMethod"></param>
/// <returns></returns>
private byte[] GetDigestValue(SignerInformationStore siStore, DigestMethod digestMethod)
{
var signers = siStore.GetSigners();
foreach (SignerInformation signerInfo in signers)
{
if (signerInfo.DigestAlgOid == digestMethod.Oid)
{
BcCms.Attribute digest = signerInfo.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtMessageDigest];
DerOctetString derHash = (DerOctetString)digest.AttrValues[0];
return(derHash.GetOctets());
}
}
return(null);
}
public static HashAlgorithm GetHashAlg(DigestMethod digestMethod)
{
if (digestMethod == DigestMethod.SHA1)
{
return(SHA1.Create());
}
else if (digestMethod == DigestMethod.SHA256)
{
return(SHA256.Create());
}
else if (digestMethod == DigestMethod.SHA512)
{
return(SHA512.Create());
}
else
{
throw new Exception("Algoritmo no soportado");
}
}
public static void SetCertDigest(byte[] rawCert, DigestMethod digestMethod, DigestAlgAndValueType destination)
{
string digestAlgorithm = null;
switch (digestMethod)
{
case DigestMethod.SHA1:
digestAlgorithm = FirmaXades.SHA1Uri;
break;
case DigestMethod.SHA256:
digestAlgorithm = FirmaXades.SHA256Uri;
break;
case DigestMethod.SHA512:
digestAlgorithm = FirmaXades.SHA512Uri;
break;
}
SetCertDigest(rawCert, digestAlgorithm, destination);
}
public byte[] GetTimeStamp(byte[] hash, DigestMethod digestMethod, bool certReq)
{
TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
timeStampRequestGenerator.SetCertReq(certReq);
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks);
TimeStampRequest timeStampRequest = timeStampRequestGenerator.Generate(digestMethod.Oid, hash, nonce);
byte[] encoded = timeStampRequest.GetEncoded();
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(_url);
httpWebRequest.Method = "POST";
httpWebRequest.ContentType = "application/timestamp-query";
httpWebRequest.ContentLength = encoded.Length;
if (!string.IsNullOrEmpty(_user) && !string.IsNullOrEmpty(_password))
{
string s = $"{_user}:{_password}";
httpWebRequest.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.Default.GetBytes(s), Base64FormattingOptions.None);
}
Stream requestStream = httpWebRequest.GetRequestStream();
requestStream.Write(encoded, 0, encoded.Length);
requestStream.Close();
HttpWebResponse httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse();
if (httpWebResponse.StatusCode != HttpStatusCode.OK)
{
throw new Exception("El servidor ha devuelto una respuesta no vƔlida");
}
Stream stream = new BufferedStream(httpWebResponse.GetResponseStream());
TimeStampResponse timeStampResponse = new TimeStampResponse(stream);
stream.Close();
timeStampResponse.Validate(timeStampRequest);
if (timeStampResponse.TimeStampToken == null)
{
throw new Exception("El servidor no ha devuelto ningĆŗn sello de tiempo");
}
return(timeStampResponse.TimeStampToken.GetEncoded());
}
public ValidationResult Validate(SignatureDocument sigDocument, SignerInfoNode signerNode)
{
ValidationResult result = new ValidationResult();
try
{
if (!signerNode.SignerInformation.Verify(signerNode.Certificate))
{
result.IsValid = false;
result.Message = "Signature verification failed";
return(result);
}
if (signerNode.TimeStamp != null)
{
DigestMethod tokenDigestMethod = DigestMethod.GetByOid(signerNode.TimeStamp.TimeStampInfo.HashAlgorithm.ObjectID.Id);
byte[] signatureValueHash = tokenDigestMethod.CalculateDigest(signerNode.SignerInformation.GetSignature());
if (!signerNode.TimeStamp.TimeStampInfo.GetMessageImprintDigest().SequenceEqual(signatureValueHash))
{
result.IsValid = false;
result.Message = "The stamp of the time stamp does not correspond to the one calculated";
return(result);
}
}
result.IsValid = true;
result.Message = "Signature verification suceeded";
}
catch (Exception ex)
{
result.IsValid = false;
result.Message = ex.Message;
}
return(result);
}
public ValidationResult Validate(SignatureDocument sigDocument, SignerInfoNode signerNode)
{
ValidationResult result = new ValidationResult();
try
{
if (!signerNode.SignerInformation.Verify(signerNode.Certificate))
{
result.IsValid = false;
result.Message = "La verificaciĆ³n de la firma no ha sido satisfactoria";
return(result);
}
if (signerNode.TimeStamp != null)
{
DigestMethod tokenDigestMethod = DigestMethod.GetByOid(signerNode.TimeStamp.TimeStampInfo.HashAlgorithm.ObjectID.Id);
byte[] signatureValueHash = tokenDigestMethod.CalculateDigest(signerNode.SignerInformation.GetSignature());
if (!signerNode.TimeStamp.TimeStampInfo.GetMessageImprintDigest().SequenceEqual(signatureValueHash))
{
result.IsValid = false;
result.Message = "La huella del sello de tiempo no se corresponde con la calculada";
return(result);
}
}
result.IsValid = true;
result.Message = "VerificaciĆ³n de la firma satisfactoria";
}
catch (Exception ex)
{
result.IsValid = false;
result.Message = ex.Message;
}
return(result);
}
public void ShouldSerializeAuthnResponseSignatureElement()
{
#region Arrange
string x509Cert = "MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==";
string signatureValue = "d9QXcvDyn+7R8ZMha1W1XcSKctmS+tz5X75ktZRWQ7QHqqkG2h3+wvrtDAIXtzbvolH6+sP0qfcVbBD5XjYuUsqtarnHKmaPwttRKoX2P1tJHKxbpGXbB6e7NoePjqpA211Pjfr0YPrLx2ZfXkkmbYOpDV/yHtg1YwmtJcUo9NY=";
string responseWithSignature = @$ "
<samlp:Response xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' ID='pfx185f69c9-c006-ddeb-ce3b-5f0d0f51a1b2' Version='2.0' IssueInstant='2014-07-17T01:01:48Z' Destination='http://sp.example.com/demo1/index.php?acs' InResponseTo='ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685'>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>
<ds:Reference URI='#pfx185f69c9-c006-ddeb-ce3b-5f0d0f51a1b2'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>
<ds:DigestValue>Ldgd30/+CCun6XlBOeiJUnpgPJo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>{signatureValue}</ds:SignatureValue>
public XElement Serialize()
{
var result = new XElement(Constants.XMLNamespaces.DS + "Transforms");
if (Transforms != null)
{
foreach (var transform in Transforms)
{
result.Add(transform.Serialize());
}
}
if (DigestMethod != null)
{
result.Add(DigestMethod.Serialize());
}
if (!string.IsNullOrWhiteSpace(DigestValue))
{
result.Add(new XElement(Constants.XMLNamespaces.DS + "DigestValue", DigestValue));
}
return(result);
}
private void ReadInformation()
{
if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime] != null)
{
_signingDate = DerUtcTime.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime].AttrValues[0]).ToDateTime().ToLocalTime();
}
if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr] != null)
{
var signerAttr = SignerAttribute.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr].AttrValues[0]);
List <string> claimedRoles = new List <string>();
foreach (BcCms.Attribute claimedAttr in signerAttr.ClaimedAttributes)
{
foreach (var value in claimedAttr.AttrValues)
{
claimedRoles.Add(DerUtf8String.GetInstance(value).GetString());
}
}
_signerRoles = claimedRoles;
}
if (_signerInformation.UnsignedAttributes != null &&
_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken] != null)
{
_timeStamp = new TimeStampToken(new CmsSignedData(_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken].AttrValues[0].GetEncoded()));
}
// Se leen las contrafirmas
var signers = _signerInformation.GetCounterSignatures().GetSigners();
_counterSignatures = new List <SignerInfoNode>();
foreach (var signer in signers)
{
SignerInfoNode node = new SignerInfoNode((SignerInformation)signer, _sigDocument);
_counterSignatures.Add(node);
}
// Se intenta identificar el certificado empleado para la firma, esto quizƔs se pueda mejorar
byte[] certHash = null;
IssuerSerial issuerSerial = null;
if (_signerInformation.DigestAlgOid == DigestMethod.SHA1.Oid)
{
BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
SigningCertificate sc = SigningCertificate.GetInstance(attr.AttrValues[0]);
EssCertID ecid = sc.GetCerts()[0];
issuerSerial = ecid.IssuerSerial;
certHash = ecid.GetCertHash();
}
else
{
BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
SigningCertificateV2 sc2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);
EssCertIDv2 ecid = sc2.GetCerts()[0];
issuerSerial = ecid.IssuerSerial;
certHash = ecid.GetCertHash();
}
DigestMethod digestMethod = DigestMethod.GetByOid(_signerInformation.DigestAlgOid);
foreach (X509CertificateStructure cs in _sigDocument.Certificates)
{
if (issuerSerial == null || cs.TbsCertificate.SerialNumber.Equals(issuerSerial.Serial))
{
byte[] currentCertHash = digestMethod.CalculateDigest(cs.GetEncoded());
if (certHash.SequenceEqual(currentCertHash))
{
_certificate = new X509Certificate(cs);
break;
}
}
}
}
/** * Creates a <code>Reference</code> with the specified URI and digest * method. * * @param uri the reference URI (may be <code>null</code>) * @param dm the digest method * @return a <code>Reference</code> * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396 * compliant * @throws NullPointerException if <code>dm</code> is <code>null</code> */ public abstract Reference newReference(String uri, DigestMethod dm);
/// <summary>
/// Devuelve hash de una cadena tras codificarla
/// en UTF8.
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
private byte[] GetStringUTF8Hash(string text)
{
return(DigestMethod.ComputeHash(CanonicalizationMethod.Encoding.GetBytes(text)));
}
/**
* Creates a <code>Reference</code> with the specified parameters and
* pre-calculated digest value.
*
* <p>This method is useful when the digest value of a
* <code>Reference</code> has been previously computed. See for example,
* the
* <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss">
* OASIS-DSS (Digital Signature Services)</a> specification.
*
* @param uri the reference URI (may be <code>null</code>)
* @param dm the digest method
* @param transforms a list of {@link Transform}s. The list is defensively
* copied to protect against subsequent modification. May be
* <code>null</code> or empty.
* @param type the reference type, as a URI (may be <code>null</code>)
* @param id the reference ID (may be <code>null</code>)
* @param digestValue the digest value. The array is cloned to protect
* against subsequent modification.
* @return a <code>Reference</code>
* @throws ClassCastException if any of the <code>transforms</code> are
* not of type <code>Transform</code>
* @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
* compliant
* @throws NullPointerException if <code>dm</code> or
* <code>digestValue</code> is <code>null</code>
*/
public abstract Reference newReference(String uri, DigestMethod dm,
java.util.List<Object> transforms, String type, String id, byte[] digestValue);
/**
* Creates a <code>Reference</code> with the specified parameters.
*
* <p>This method is useful when a list of transforms have already been
* applied to the <code>Reference</code>. See for example,
* the
* <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss">
* OASIS-DSS (Digital Signature Services)</a> specification.
*
* <p>When an <code>XMLSignature</code> containing this reference is
* generated, the specified <code>transforms</code> (if non-null) are
* applied to the specified <code>result</code>. The
* <code>Transforms</code> element of the resulting <code>Reference</code>
* element is set to the concatenation of the
* <code>appliedTransforms</code> and <code>transforms</code>.
*
* @param uri the reference URI (may be <code>null</code>)
* @param dm the digest method
* @param appliedTransforms a list of {@link Transform}s that have
* already been applied. The list is defensively
* copied to protect against subsequent modification. The list must
* contain at least one entry.
* @param result the result of processing the sequence of
* <code>appliedTransforms</code>
* @param transforms a list of {@link Transform}s that are to be applied
* when generating the signature. The list is defensively copied to
* protect against subsequent modification. May be <code>null</code>
* or empty.
* @param type the reference type, as a URI (may be <code>null</code>)
* @param id the reference ID (may be <code>null</code>)
* @return a <code>Reference</code>
* @throws ClassCastException if any of the transforms (in either list)
* are not of type <code>Transform</code>
* @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
* compliant or <code>appliedTransforms</code> is empty
* @throws NullPointerException if <code>dm</code>,
* <code>appliedTransforms</code> or <code>result</code> is
* <code>null</code>
*/
public abstract Reference newReference(String uri, DigestMethod dm,
java.util.List<Object> appliedTransforms, Data result, java.util.List<Object> transforms, String type,
String id);
private Digest(DigestMethod method, byte[] value)
{
this.Method = method;
this.Value = value;
}
/**
* Creates a <code>Reference</code> with the specified parameters.
*
* <p>This method is useful when a list of transforms have already been
* applied to the <code>Reference</code>. See for example,
* the
* <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss">
* OASIS-DSS (Digital Signature Services)</a> specification.
*
* <p>When an <code>XMLSignature</code> containing this reference is
* generated, the specified <code>transforms</code> (if non-null) are
* applied to the specified <code>result</code>. The
* <code>Transforms</code> element of the resulting <code>Reference</code>
* element is set to the concatenation of the
* <code>appliedTransforms</code> and <code>transforms</code>.
*
* @param uri the reference URI (may be <code>null</code>)
* @param dm the digest method
* @param appliedTransforms a list of {@link Transform}s that have
* already been applied. The list is defensively
* copied to protect against subsequent modification. The list must
* contain at least one entry.
* @param result the result of processing the sequence of
* <code>appliedTransforms</code>
* @param transforms a list of {@link Transform}s that are to be applied
* when generating the signature. The list is defensively copied to
* protect against subsequent modification. May be <code>null</code>
* or empty.
* @param type the reference type, as a URI (may be <code>null</code>)
* @param id the reference ID (may be <code>null</code>)
* @return a <code>Reference</code>
* @throws ClassCastException if any of the transforms (in either list)
* are not of type <code>Transform</code>
* @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
* compliant or <code>appliedTransforms</code> is empty
* @throws NullPointerException if <code>dm</code>,
* <code>appliedTransforms</code> or <code>result</code> is
* <code>null</code>
*/
public abstract Reference newReference(String uri, DigestMethod dm,
java.util.List <Object> appliedTransforms, Data result, java.util.List <Object> transforms, String type,
String id);
/// <summary>
/// Returns true if SamlConfigurationProperties instances are equal
/// </summary>
/// <param name="other">Instance of SamlConfigurationProperties to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(SamlConfigurationProperties other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
Path == other.Path ||
Path != null &&
Path.Equals(other.Path)
) &&
(
ServiceRanking == other.ServiceRanking ||
ServiceRanking != null &&
ServiceRanking.Equals(other.ServiceRanking)
) &&
(
IdpUrl == other.IdpUrl ||
IdpUrl != null &&
IdpUrl.Equals(other.IdpUrl)
) &&
(
IdpCertAlias == other.IdpCertAlias ||
IdpCertAlias != null &&
IdpCertAlias.Equals(other.IdpCertAlias)
) &&
(
IdpHttpRedirect == other.IdpHttpRedirect ||
IdpHttpRedirect != null &&
IdpHttpRedirect.Equals(other.IdpHttpRedirect)
) &&
(
ServiceProviderEntityId == other.ServiceProviderEntityId ||
ServiceProviderEntityId != null &&
ServiceProviderEntityId.Equals(other.ServiceProviderEntityId)
) &&
(
AssertionConsumerServiceURL == other.AssertionConsumerServiceURL ||
AssertionConsumerServiceURL != null &&
AssertionConsumerServiceURL.Equals(other.AssertionConsumerServiceURL)
) &&
(
SpPrivateKeyAlias == other.SpPrivateKeyAlias ||
SpPrivateKeyAlias != null &&
SpPrivateKeyAlias.Equals(other.SpPrivateKeyAlias)
) &&
(
KeyStorePassword == other.KeyStorePassword ||
KeyStorePassword != null &&
KeyStorePassword.Equals(other.KeyStorePassword)
) &&
(
DefaultRedirectUrl == other.DefaultRedirectUrl ||
DefaultRedirectUrl != null &&
DefaultRedirectUrl.Equals(other.DefaultRedirectUrl)
) &&
(
UserIDAttribute == other.UserIDAttribute ||
UserIDAttribute != null &&
UserIDAttribute.Equals(other.UserIDAttribute)
) &&
(
UseEncryption == other.UseEncryption ||
UseEncryption != null &&
UseEncryption.Equals(other.UseEncryption)
) &&
(
CreateUser == other.CreateUser ||
CreateUser != null &&
CreateUser.Equals(other.CreateUser)
) &&
(
AddGroupMemberships == other.AddGroupMemberships ||
AddGroupMemberships != null &&
AddGroupMemberships.Equals(other.AddGroupMemberships)
) &&
(
GroupMembershipAttribute == other.GroupMembershipAttribute ||
GroupMembershipAttribute != null &&
GroupMembershipAttribute.Equals(other.GroupMembershipAttribute)
) &&
(
DefaultGroups == other.DefaultGroups ||
DefaultGroups != null &&
DefaultGroups.Equals(other.DefaultGroups)
) &&
(
NameIdFormat == other.NameIdFormat ||
NameIdFormat != null &&
NameIdFormat.Equals(other.NameIdFormat)
) &&
(
SynchronizeAttributes == other.SynchronizeAttributes ||
SynchronizeAttributes != null &&
SynchronizeAttributes.Equals(other.SynchronizeAttributes)
) &&
(
HandleLogout == other.HandleLogout ||
HandleLogout != null &&
HandleLogout.Equals(other.HandleLogout)
) &&
(
LogoutUrl == other.LogoutUrl ||
LogoutUrl != null &&
LogoutUrl.Equals(other.LogoutUrl)
) &&
(
ClockTolerance == other.ClockTolerance ||
ClockTolerance != null &&
ClockTolerance.Equals(other.ClockTolerance)
) &&
(
DigestMethod == other.DigestMethod ||
DigestMethod != null &&
DigestMethod.Equals(other.DigestMethod)
) &&
(
SignatureMethod == other.SignatureMethod ||
SignatureMethod != null &&
SignatureMethod.Equals(other.SignatureMethod)
) &&
(
UserIntermediatePath == other.UserIntermediatePath ||
UserIntermediatePath != null &&
UserIntermediatePath.Equals(other.UserIntermediatePath)
));
}
public SignaturePolicyInfo()
{
this.PolicyDigestAlgorithm = _defaultPolicyDigestAlgorithm;
}
/// <summary>
/// Gets the hash code
/// </summary>
/// <returns>Hash code</returns>
public override int GetHashCode()
{
unchecked // Overflow is fine, just wrap
{
var hashCode = 41;
// Suitable nullity checks etc, of course :)
if (Path != null)
{
hashCode = hashCode * 59 + Path.GetHashCode();
}
if (ServiceRanking != null)
{
hashCode = hashCode * 59 + ServiceRanking.GetHashCode();
}
if (IdpUrl != null)
{
hashCode = hashCode * 59 + IdpUrl.GetHashCode();
}
if (IdpCertAlias != null)
{
hashCode = hashCode * 59 + IdpCertAlias.GetHashCode();
}
if (IdpHttpRedirect != null)
{
hashCode = hashCode * 59 + IdpHttpRedirect.GetHashCode();
}
if (ServiceProviderEntityId != null)
{
hashCode = hashCode * 59 + ServiceProviderEntityId.GetHashCode();
}
if (AssertionConsumerServiceURL != null)
{
hashCode = hashCode * 59 + AssertionConsumerServiceURL.GetHashCode();
}
if (SpPrivateKeyAlias != null)
{
hashCode = hashCode * 59 + SpPrivateKeyAlias.GetHashCode();
}
if (KeyStorePassword != null)
{
hashCode = hashCode * 59 + KeyStorePassword.GetHashCode();
}
if (DefaultRedirectUrl != null)
{
hashCode = hashCode * 59 + DefaultRedirectUrl.GetHashCode();
}
if (UserIDAttribute != null)
{
hashCode = hashCode * 59 + UserIDAttribute.GetHashCode();
}
if (UseEncryption != null)
{
hashCode = hashCode * 59 + UseEncryption.GetHashCode();
}
if (CreateUser != null)
{
hashCode = hashCode * 59 + CreateUser.GetHashCode();
}
if (AddGroupMemberships != null)
{
hashCode = hashCode * 59 + AddGroupMemberships.GetHashCode();
}
if (GroupMembershipAttribute != null)
{
hashCode = hashCode * 59 + GroupMembershipAttribute.GetHashCode();
}
if (DefaultGroups != null)
{
hashCode = hashCode * 59 + DefaultGroups.GetHashCode();
}
if (NameIdFormat != null)
{
hashCode = hashCode * 59 + NameIdFormat.GetHashCode();
}
if (SynchronizeAttributes != null)
{
hashCode = hashCode * 59 + SynchronizeAttributes.GetHashCode();
}
if (HandleLogout != null)
{
hashCode = hashCode * 59 + HandleLogout.GetHashCode();
}
if (LogoutUrl != null)
{
hashCode = hashCode * 59 + LogoutUrl.GetHashCode();
}
if (ClockTolerance != null)
{
hashCode = hashCode * 59 + ClockTolerance.GetHashCode();
}
if (DigestMethod != null)
{
hashCode = hashCode * 59 + DigestMethod.GetHashCode();
}
if (SignatureMethod != null)
{
hashCode = hashCode * 59 + SignatureMethod.GetHashCode();
}
if (UserIntermediatePath != null)
{
hashCode = hashCode * 59 + UserIntermediatePath.GetHashCode();
}
return(hashCode);
}
}
/** * Creates a <code>Reference</code> with the specified URI and digest * method. * * @param uri the reference URI (may be <code>null</code>) * @param dm the digest method * @return a <code>Reference</code> * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396 * compliant * @throws NullPointerException if <code>dm</code> is <code>null</code> */ public abstract Reference newReference(String uri, DigestMethod dm);
public Supplement()
{
this._digestMethod = new DigestMethod();
}
/**
* Creates a <code>Reference</code> with the specified parameters and
* pre-calculated digest value.
*
* <p>This method is useful when the digest value of a
* <code>Reference</code> has been previously computed. See for example,
* the
* <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss">
* OASIS-DSS (Digital Signature Services)</a> specification.
*
* @param uri the reference URI (may be <code>null</code>)
* @param dm the digest method
* @param transforms a list of {@link Transform}s. The list is defensively
* copied to protect against subsequent modification. May be
* <code>null</code> or empty.
* @param type the reference type, as a URI (may be <code>null</code>)
* @param id the reference ID (may be <code>null</code>)
* @param digestValue the digest value. The array is cloned to protect
* against subsequent modification.
* @return a <code>Reference</code>
* @throws ClassCastException if any of the <code>transforms</code> are
* not of type <code>Transform</code>
* @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
* compliant
* @throws NullPointerException if <code>dm</code> or
* <code>digestValue</code> is <code>null</code>
*/
public abstract Reference newReference(String uri, DigestMethod dm,
java.util.List <Object> transforms, String type, String id, byte[] digestValue);
public static Digest Of(DigestMethod method, byte[] value)
{
return(new Digest(method, value));
}