/// <summary>
/// An example on how to decrypt an encrypted assertion.
/// </summary>
/// <param name="file">The file.</param>
public static void DecryptAssertion(string file)
{
var doc = new XmlDocument();
doc.Load(file);
var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, doc);
var encryptedData = new EncryptedData();
encryptedData.LoadXml(encryptedDataElement);
var nodelist = doc.GetElementsByTagName(Schema.XmlDSig.KeyInfo.ElementName, Saml20Constants.Xmldsig);
Assert.That(nodelist.Count > 0);
var key = new KeyInfo();
key.LoadXml((XmlElement)nodelist[0]);
// Review: Is it possible to figure out which certificate to load based on the Token?
/*
* Comment:
* It would be possible to provide a key/certificate identifier in the EncryptedKey element, which contains the "recipient" attribute.
* The implementation (Safewhere.Tokens.Saml20.Saml20EncryptedAssertion) currently just expects an appropriate asymmetric key to be provided,
* and is not not concerned about its origin.
* If the need arises, we can easily extend the Saml20EncryptedAssertion class with a property that allows extraction key info, eg. the "recipient"
* attribute.
*/
var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234");
// ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.NETDEVFX.v20.en/CPref18/html/T_System_Security_Cryptography_Xml_KeyInfoClause_DerivedTypes.htm
// Look through the list of KeyInfo elements to find the encrypted key.
SymmetricAlgorithm symmetricKey = null;
foreach (KeyInfoClause keyInfoClause in key)
{
if (keyInfoClause is KeyInfoEncryptedKey)
{
var keyInfoEncryptedKey = (KeyInfoEncryptedKey)keyInfoClause;
var encryptedKey = keyInfoEncryptedKey.EncryptedKey;
symmetricKey = new RijndaelManaged
{
Key = EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, (RSA)cert.PrivateKey, false)
};
}
}
// Explode if we didn't manage to find a viable key.
Assert.IsNotNull(symmetricKey);
var encryptedXml = new EncryptedXml();
var plaintext = encryptedXml.DecryptData(encryptedData, symmetricKey);
var assertion = new XmlDocument();
assertion.Load(new StringReader(System.Text.Encoding.UTF8.GetString(plaintext)));
// A very simple test to ensure that there is indeed an assertion in the plaintext.
Assert.AreEqual(Assertion.ElementName, assertion.DocumentElement.LocalName);
Assert.AreEqual(Saml20Constants.Assertion, assertion.DocumentElement.NamespaceURI);
// At this point, assertion will contain a decrypted assertion.
}
private void DecryptEncryptedGrants(XmlNodeList encryptedGrantList, IRelDecryptor decryptor)
{
XmlElement encryptionMethod;
XmlElement keyInfo;
XmlElement cipherData;
EncryptionMethod encryptionMethodObj;
KeyInfo keyInfoObj;
CipherData cipherDataObj;
for (int i = 0, count = encryptedGrantList.Count; i < count; i++)
{
encryptionMethod = encryptedGrantList[i].SelectSingleNode("//r:encryptedGrant/enc:EncryptionMethod", _namespaceManager) as XmlElement;
keyInfo = encryptedGrantList[i].SelectSingleNode("//r:encryptedGrant/dsig:KeyInfo", _namespaceManager) as XmlElement;
cipherData = encryptedGrantList[i].SelectSingleNode("//r:encryptedGrant/enc:CipherData", _namespaceManager) as XmlElement;
if ((encryptionMethod != null) &&
(keyInfo != null) &&
(cipherData != null))
{
encryptionMethodObj = new EncryptionMethod();
keyInfoObj = new KeyInfo();
cipherDataObj = new CipherData();
encryptionMethodObj.LoadXml(encryptionMethod);
keyInfoObj.LoadXml(keyInfo);
cipherDataObj.LoadXml(cipherData);
MemoryStream toDecrypt = null;
Stream decryptedContent = null;
StreamReader streamReader = null;
try
{
toDecrypt = new MemoryStream(cipherDataObj.CipherValue);
decryptedContent = _relDecryptor.Decrypt(encryptionMethodObj,
keyInfoObj, toDecrypt);
if ((decryptedContent == null) || (decryptedContent.Length == 0))
{
throw new CryptographicException(SR.Cryptography_Xml_XrmlUnableToDecryptGrant);
}
streamReader = new StreamReader(decryptedContent);
string clearContent = streamReader.ReadToEnd();
encryptedGrantList[i].ParentNode.InnerXml = clearContent;
}
finally
{
toDecrypt?.Close();
decryptedContent?.Close();
streamReader?.Close();
}
}
}
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
if ((value.LocalName == XmlSignature.ElementNames.Signature) && (value.NamespaceURI == XmlSignature.NamespaceURI))
{
id = GetAttribute(value, XmlSignature.AttributeNames.Id);
// LAMESPEC: This library is totally useless against eXtensibly Marked-up document.
int i = NextElementPos(value.ChildNodes, 0, XmlSignature.ElementNames.SignedInfo, XmlSignature.NamespaceURI, true);
XmlElement sinfo = (XmlElement)value.ChildNodes [i];
info = new SignedInfo();
info.LoadXml(sinfo);
i = NextElementPos(value.ChildNodes, ++i, XmlSignature.ElementNames.SignatureValue, XmlSignature.NamespaceURI, true);
XmlElement sigValue = (XmlElement)value.ChildNodes [i];
signature = Convert.FromBase64String(sigValue.InnerText);
// signature isn't required: <element ref="ds:KeyInfo" minOccurs="0"/>
i = NextElementPos(value.ChildNodes, ++i, XmlSignature.ElementNames.KeyInfo, XmlSignature.NamespaceURI, false);
if (i > 0)
{
XmlElement kinfo = (XmlElement)value.ChildNodes [i];
key = new KeyInfo();
key.LoadXml(kinfo);
}
XmlNodeList xnl = value.SelectNodes("xd:Object", dsigNsmgr);
foreach (XmlElement xn in xnl)
{
DataObject obj = new DataObject();
obj.LoadXml(xn);
AddObject(obj);
}
}
else
{
throw new CryptographicException("Malformed element: Signature.");
}
// if invalid
if (info == null)
{
throw new CryptographicException("SignedInfo");
}
if (signature == null)
{
throw new CryptographicException("SignatureValue");
}
}
public void LoadXml(XmlElement value)
{
// Make sure we don't get passed null
if (value == null)
{
throw new ArgumentNullException("value");
}
// Signature
XmlElement signatureElement = value;
if (!signatureElement.LocalName.Equals("Signature"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Signature");
}
// Attributes
m_id = Utils.GetAttribute(signatureElement, "Id", SignedXml.XmlDsigNamespaceUrl);
if (!Utils.VerifyAttributes(signatureElement, "Id"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Signature");
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
int expectedChildNodes = 0;
// SignedInfo
XmlNodeList signedInfoNodes = signatureElement.SelectNodes("ds:SignedInfo", nsm);
if (signedInfoNodes == null || signedInfoNodes.Count == 0 || (!Utils.GetAllowAdditionalSignatureNodes() && signedInfoNodes.Count > 1))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
XmlElement signedInfoElement = signedInfoNodes[0] as XmlElement;
expectedChildNodes += signedInfoNodes.Count;
this.SignedInfo = new SignedInfo();
this.SignedInfo.LoadXml(signedInfoElement);
// SignatureValue
XmlNodeList signatureValueNodes = signatureElement.SelectNodes("ds:SignatureValue", nsm);
if (signatureValueNodes == null || signatureValueNodes.Count == 0 || (!Utils.GetAllowAdditionalSignatureNodes() && signatureValueNodes.Count > 1))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignatureValue");
}
XmlElement signatureValueElement = signatureValueNodes[0] as XmlElement;
expectedChildNodes += signatureValueNodes.Count;
m_signatureValue = Convert.FromBase64String(Utils.DiscardWhiteSpaces(signatureValueElement.InnerText));
m_signatureValueId = Utils.GetAttribute(signatureValueElement, "Id", SignedXml.XmlDsigNamespaceUrl);
if (!Utils.VerifyAttributes(signatureValueElement, "Id"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignatureValue");
}
// KeyInfo - optional single element
XmlNodeList keyInfoNodes = signatureElement.SelectNodes("ds:KeyInfo", nsm);
m_keyInfo = new KeyInfo();
if (keyInfoNodes != null)
{
if (!Utils.GetAllowAdditionalSignatureNodes() && keyInfoNodes.Count > 1)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "KeyInfo");
}
foreach (XmlNode node in keyInfoNodes)
{
XmlElement keyInfoElement = node as XmlElement;
if (keyInfoElement != null)
{
m_keyInfo.LoadXml(keyInfoElement);
}
}
expectedChildNodes += keyInfoNodes.Count;
}
// Object - zero or more elements allowed
XmlNodeList objectNodes = signatureElement.SelectNodes("ds:Object", nsm);
m_embeddedObjects.Clear();
if (objectNodes != null)
{
foreach (XmlNode node in objectNodes)
{
XmlElement objectElement = node as XmlElement;
if (objectElement != null)
{
DataObject dataObj = new DataObject();
dataObj.LoadXml(objectElement);
m_embeddedObjects.Add(dataObj);
}
}
expectedChildNodes += objectNodes.Count;
}
// Select all elements that have Id attributes
XmlNodeList nodeList = signatureElement.SelectNodes("//*[@Id]", nsm);
if (nodeList != null)
{
foreach (XmlNode node in nodeList)
{
m_referencedItems.Add(node);
}
}
// Verify that there aren't any extra nodes that aren't allowed
if (!Utils.GetAllowAdditionalSignatureNodes() && (signatureElement.SelectNodes("*").Count != expectedChildNodes))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Signature");
}
}
/// <include file='doc\Signature.uex' path='docs/doc[@for="Signature.LoadXml"]/*' />
public void LoadXml(XmlElement value)
{
// Make sure we don't get passed null
if (value == null)
{
throw new ArgumentNullException("value");
}
// Signature
XmlElement signatureElement = value;
if (!signatureElement.LocalName.Equals("Signature"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Signature");
}
XmlAttributeCollection signatureAttributes = signatureElement.Attributes;
XmlNode idAttribute = signatureAttributes["Id"];
if (idAttribute == null)
{
m_strId = null;
}
//throw new CryptographicException(String.Format(Environment.GetResourceString("Cryptography_XML_MalformedXML"),"Signature"));
// Look for SignedInfo and SignatureValue. There may optionally be
// a KeyInfo and some Objects
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// SignedInfo
//XmlNodeList signatureChilds = signatureElement.GetElementsByTagName("SignedInfo", SignedXml.XmlDsigNamespaceUrl);
XmlNodeList signatureChilds = signatureElement.SelectNodes("ds:SignedInfo", nsm);
if (signatureChilds.Count == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
XmlElement signedInfoElement = (XmlElement)signatureChilds.Item(0);
m_signedInfo = new SignedInfo();
m_signedInfo.LoadXml(signedInfoElement);
// SignatureValue
XmlNodeList signatureValueNodes = signatureElement.SelectNodes("ds:SignatureValue", nsm);
if (signatureValueNodes.Count == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureValue");
}
XmlElement signatureValueElement = (XmlElement)signatureValueNodes.Item(0);
m_rgbSignatureValue = Convert.FromBase64String(SignedXml.DiscardWhiteSpaces(signatureValueElement.InnerText));
XmlNodeList keyInfoNodes = signatureElement.SelectNodes("ds:KeyInfo", nsm);
if (keyInfoNodes.Count != 0)
{
XmlElement keyInfoElement = (XmlElement)keyInfoNodes.Item(0);
m_keyInfo = new KeyInfo();
m_keyInfo.LoadXml(keyInfoElement);
}
XmlNodeList objectNodes = signatureElement.SelectNodes("ds:Object", nsm);
for (int i = 0; i < objectNodes.Count; ++i)
{
XmlElement objectElement = (XmlElement)objectNodes.Item(i);
DataObject dataObj = new DataObject();
dataObj.LoadXml(objectElement);
m_embeddedObjects.Add(dataObj);
}
// Select all elements that have Id attributes
XmlNodeList nodeList = signatureElement.SelectNodes("//*[@Id]", nsm);
if (nodeList != null)
{
foreach (XmlNode node in nodeList)
{
m_referencedItems.Add(node);
}
}
}
public override void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
if ((value.LocalName != XmlEncryption.ElementNames.EncryptedData) || (value.NamespaceURI != EncryptedXml.XmlEncNamespaceUrl))
{
throw new CryptographicException("Malformed EncryptedData element.");
}
else
{
EncryptionMethod = null;
EncryptionMethod = null;
EncryptionProperties.Clear();
Id = null;
Type = null;
MimeType = null;
Encoding = null;
foreach (XmlNode n in value.ChildNodes)
{
if (n is XmlWhitespace)
{
continue;
}
switch (n.LocalName)
{
case XmlEncryption.ElementNames.EncryptionMethod:
EncryptionMethod = new EncryptionMethod();
EncryptionMethod.LoadXml((XmlElement)n);
break;
case XmlSignature.ElementNames.KeyInfo:
KeyInfo = new KeyInfo();
KeyInfo.LoadXml((XmlElement)n);
break;
case XmlEncryption.ElementNames.CipherData:
CipherData = new CipherData();
CipherData.LoadXml((XmlElement)n);
break;
case XmlEncryption.ElementNames.EncryptionProperties:
foreach (XmlElement element in ((XmlElement)n).GetElementsByTagName(XmlEncryption.ElementNames.EncryptionProperty, EncryptedXml.XmlEncNamespaceUrl))
{
EncryptionProperties.Add(new EncryptionProperty(element));
}
break;
}
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Id))
{
Id = value.Attributes [XmlEncryption.AttributeNames.Id].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Type))
{
Type = value.Attributes [XmlEncryption.AttributeNames.Type].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.MimeType))
{
MimeType = value.Attributes [XmlEncryption.AttributeNames.MimeType].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Encoding))
{
Encoding = value.Attributes [XmlEncryption.AttributeNames.Encoding].Value;
}
}
}
private void DecryptEncryptedGrants(XmlNodeList encryptedGrantList, IRelDecryptor decryptor) {
XmlElement encryptionMethod = null;
XmlElement keyInfo = null;
XmlElement cipherData = null;
EncryptionMethod encryptionMethodObj = null;
KeyInfo keyInfoObj = null;
CipherData cipherDataObj = null;
for (int i = 0, count = encryptedGrantList.Count; i < count; i++) {
encryptionMethod = encryptedGrantList[i].SelectSingleNode("//r:encryptedGrant/enc:EncryptionMethod", namespaceManager) as XmlElement;
keyInfo = encryptedGrantList[i].SelectSingleNode("//r:encryptedGrant/dsig:KeyInfo", namespaceManager) as XmlElement;
cipherData = encryptedGrantList[i].SelectSingleNode("//r:encryptedGrant/enc:CipherData", namespaceManager) as XmlElement;
if ((encryptionMethod != null) &&
(keyInfo != null) &&
(cipherData != null)) {
encryptionMethodObj = new EncryptionMethod();
keyInfoObj = new KeyInfo();
cipherDataObj = new CipherData();
encryptionMethodObj.LoadXml(encryptionMethod);
keyInfoObj.LoadXml(keyInfo);
cipherDataObj.LoadXml(cipherData);
MemoryStream toDecrypt = null;
Stream decryptedContent = null;
StreamReader streamReader = null;
try {
toDecrypt = new MemoryStream(cipherDataObj.CipherValue);
decryptedContent = relDecryptor.Decrypt(encryptionMethodObj,
keyInfoObj, toDecrypt);
if ((decryptedContent == null) || (decryptedContent.Length == 0))
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_XrmlUnableToDecryptGrant"));
streamReader = new StreamReader(decryptedContent);
string clearContent = streamReader.ReadToEnd();
encryptedGrantList[i].ParentNode.InnerXml = clearContent;
}
finally {
if (toDecrypt != null)
toDecrypt.Close();
if (decryptedContent != null)
decryptedContent.Close();
if (streamReader != null)
streamReader.Close();
}
encryptionMethodObj = null;
keyInfoObj = null;
cipherDataObj = null;
}
encryptionMethod = null;
keyInfo = null;
cipherData = null;
}
}
public override void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlEncryption.ElementNames.EncryptedData) || (value.NamespaceURI != EncryptedXml.XmlEncNamespaceUrl))
throw new CryptographicException ("Malformed EncryptedData element.");
else {
EncryptionMethod = null;
EncryptionMethod = null;
EncryptionProperties.Clear ();
Id = null;
Type = null;
MimeType = null;
Encoding = null;
foreach (XmlNode n in value.ChildNodes) {
if (n is XmlWhitespace)
continue;
switch (n.LocalName) {
case XmlEncryption.ElementNames.EncryptionMethod:
EncryptionMethod = new EncryptionMethod ();
EncryptionMethod.LoadXml ((XmlElement) n);
break;
case XmlSignature.ElementNames.KeyInfo:
KeyInfo = new KeyInfo ();
KeyInfo.LoadXml ((XmlElement) n);
break;
case XmlEncryption.ElementNames.CipherData:
CipherData = new CipherData ();
CipherData.LoadXml ((XmlElement) n);
break;
case XmlEncryption.ElementNames.EncryptionProperties:
foreach (XmlElement element in ((XmlElement) n).GetElementsByTagName (XmlEncryption.ElementNames.EncryptionProperty, EncryptedXml.XmlEncNamespaceUrl))
EncryptionProperties.Add (new EncryptionProperty (element));
break;
}
}
if (value.HasAttribute (XmlEncryption.AttributeNames.Id))
Id = value.Attributes [XmlEncryption.AttributeNames.Id].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.Type))
Type = value.Attributes [XmlEncryption.AttributeNames.Type].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.MimeType))
MimeType = value.Attributes [XmlEncryption.AttributeNames.MimeType].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.Encoding))
Encoding = value.Attributes [XmlEncryption.AttributeNames.Encoding].Value;
}
}
public override void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
Id = Utils.GetAttribute(value, "Id", EncryptedXml.XmlEncNamespaceUrl);
Type = Utils.GetAttribute(value, "Type", EncryptedXml.XmlEncNamespaceUrl);
MimeType = Utils.GetAttribute(value, "MimeType", EncryptedXml.XmlEncNamespaceUrl);
Encoding = Utils.GetAttribute(value, "Encoding", EncryptedXml.XmlEncNamespaceUrl);
XmlNode encryptionMethodNode = value.SelectSingleNode("enc:EncryptionMethod", nsm);
// EncryptionMethod
EncryptionMethod = new EncryptionMethod();
if (encryptionMethodNode != null)
{
EncryptionMethod.LoadXml(encryptionMethodNode as XmlElement);
}
// Key Info
KeyInfo = new KeyInfo();
XmlNode keyInfoNode = value.SelectSingleNode("ds:KeyInfo", nsm);
if (keyInfoNode != null)
{
KeyInfo.LoadXml(keyInfoNode as XmlElement);
}
// CipherData
XmlNode cipherDataNode = value.SelectSingleNode("enc:CipherData", nsm);
if (cipherDataNode == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingCipherData"));
}
CipherData = new CipherData();
CipherData.LoadXml(cipherDataNode as XmlElement);
// EncryptionProperties
XmlNode encryptionPropertiesNode = value.SelectSingleNode("enc:EncryptionProperties", nsm);
if (encryptionPropertiesNode != null)
{
// Select the EncryptionProperty elements inside the EncryptionProperties element
XmlNodeList encryptionPropertyNodes = encryptionPropertiesNode.SelectNodes("enc:EncryptionProperty", nsm);
if (encryptionPropertyNodes != null)
{
foreach (XmlNode node in encryptionPropertyNodes)
{
EncryptionProperty ep = new EncryptionProperty();
ep.LoadXml(node as XmlElement);
EncryptionProperties.Add(ep);
}
}
}
// Save away the cached value
_cachedXml = value;
}
public void LoadXml(XmlElement value)
{
// Make sure we don't get passed null
if (value == null)
{
throw new ArgumentNullException("value");
}
// Signature
XmlElement signatureElement = value;
if (!signatureElement.LocalName.Equals("Signature"))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Signature");
}
// Id attribute -- optional
m_id = Utils.GetAttribute(signatureElement, "Id", SignedXml.XmlDsigNamespaceUrl);
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// SignedInfo
XmlElement signedInfoElement = signatureElement.SelectSingleNode("ds:SignedInfo", nsm) as XmlElement;
if (signedInfoElement == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
}
this.SignedInfo = new SignedInfo();
this.SignedInfo.LoadXml(signedInfoElement);
// SignatureValue
XmlElement signatureValueElement = signatureElement.SelectSingleNode("ds:SignatureValue", nsm) as XmlElement;
if (signatureValueElement == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureValue");
}
m_signatureValue = Convert.FromBase64String(Utils.DiscardWhiteSpaces(signatureValueElement.InnerText));
m_signatureValueId = Utils.GetAttribute(signatureValueElement, "Id", SignedXml.XmlDsigNamespaceUrl);
XmlNodeList keyInfoNodes = signatureElement.SelectNodes("ds:KeyInfo", nsm);
m_keyInfo = new KeyInfo();
if (keyInfoNodes != null)
{
foreach (XmlNode node in keyInfoNodes)
{
XmlElement keyInfoElement = node as XmlElement;
if (keyInfoElement != null)
{
m_keyInfo.LoadXml(keyInfoElement);
}
}
}
XmlNodeList objectNodes = signatureElement.SelectNodes("ds:Object", nsm);
m_embeddedObjects.Clear();
if (objectNodes != null)
{
foreach (XmlNode node in objectNodes)
{
XmlElement objectElement = node as XmlElement;
if (objectElement != null)
{
DataObject dataObj = new DataObject();
dataObj.LoadXml(objectElement);
m_embeddedObjects.Add(dataObj);
}
}
}
// Select all elements that have Id attributes
XmlNodeList nodeList = signatureElement.SelectNodes("//*[@Id]", nsm);
if (nodeList != null)
{
foreach (XmlNode node in nodeList)
{
m_referencedItems.Add(node);
}
}
}
// Reads the X.509 certificates contained within an IdP or SP SSO descriptor
private static void ReadX509Certificates(RoleDescriptorType roleDescriptor)
{
foreach (KeyDescriptor keyDescriptor in roleDescriptor.KeyDescriptors) {
KeyInfo keyInfo = new KeyInfo();
keyInfo.LoadXml(keyDescriptor.KeyInfo);
IEnumerator enumerator = keyInfo.GetEnumerator(typeof(KeyInfoX509Data));
while (enumerator.MoveNext()) {
KeyInfoX509Data keyInfoX509Data = (KeyInfoX509Data)enumerator.Current;
foreach (X509Certificate2 x509Certificate in keyInfoX509Data.Certificates) {
Console.WriteLine("X509 certificate: " + x509Certificate.ToString());
}
}
foreach (XmlElement xmlElement in keyDescriptor.EncryptionMethods) {
Console.WriteLine("Encryption method: " + KeyDescriptor.GetEncryptionMethodAlgorithm(xmlElement));
}
}
}
public static string SignXmlFile(string xml, RSA Key)
{
// Create a new XML document.
var doc = new XmlDocument();
// Format the document to ignore white spaces.
doc.PreserveWhitespace = false;
using (var textReader = new StringReader(xml))
{
doc.Load(new XmlTextReader(textReader));
}
// Create a SignedXml object.
var signedXml = new SignedXmlWithId(doc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Specify a canonicalization method.
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// Set the InclusiveNamespacesPrefixList property.
var canMethod = (XmlDsigExcC14NTransform)signedXml.SignedInfo.CanonicalizationMethodObject;
var ref1 = new Reference("#Body52be6364-045f-1550-625d-b20b0390691e");
var ref2 = new Reference("#Timestamp5257ab43-882c-4937-3835-6763e9a2d700");
// Add an enveloped transformation to the reference.
var env = new XmlDsigEnvelopedSignatureTransform();
ref1.AddTransform(canMethod);
ref2.AddTransform(canMethod);
// Add the reference to the SignedXml object.
signedXml.AddReference(ref1);
signedXml.AddReference(ref2);
string keyInfoStr = "<KeyInfo><wsse:SecurityTokenReference xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:Reference URI=\"#holderOfKeyCertificate\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/></wsse:SecurityTokenReference></KeyInfo>";
var xd = new XmlDocument();
xd.LoadXml(keyInfoStr);
var ki = new KeyInfo();
ki.LoadXml(xd.DocumentElement);
signedXml.KeyInfo = ki;
// Compute the signature.
//signedXml.ComputeSignature(KeyedHashAlgorithm.Create("HMACSHA256"));
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDigitalSignature.SetAttribute("Id", "holderOfKeyProofSignature");
var sb = new StringBuilder();
using (var sw = new StringWriter(sb))
{
using (var writer = new XmlTextWriter(sw))
{
xmlDigitalSignature.WriteTo(writer);
}
}
return sb.ToString();
}
public void LoadXml(XmlElement value) {
// Make sure we don't get passed null
if (value == null)
throw new ArgumentNullException("value");
// Signature
XmlElement signatureElement = value;
if (!signatureElement.LocalName.Equals("Signature"))
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Signature");
// Id attribute -- optional
m_id = Utils.GetAttribute(signatureElement, "Id", SignedXml.XmlDsigNamespaceUrl);
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
// SignedInfo
XmlElement signedInfoElement = signatureElement.SelectSingleNode("ds:SignedInfo", nsm) as XmlElement;
if (signedInfoElement == null)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo");
this.SignedInfo = new SignedInfo();
this.SignedInfo.LoadXml(signedInfoElement);
// SignatureValue
XmlElement signatureValueElement = signatureElement.SelectSingleNode("ds:SignatureValue", nsm) as XmlElement;
if (signatureValueElement == null)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/SignatureValue");
m_signatureValue = Convert.FromBase64String(Utils.DiscardWhiteSpaces(signatureValueElement.InnerText));
m_signatureValueId = Utils.GetAttribute(signatureValueElement, "Id", SignedXml.XmlDsigNamespaceUrl);
XmlNodeList keyInfoNodes = signatureElement.SelectNodes("ds:KeyInfo", nsm);
m_keyInfo = new KeyInfo();
if (keyInfoNodes != null) {
foreach(XmlNode node in keyInfoNodes) {
XmlElement keyInfoElement = node as XmlElement;
if (keyInfoElement != null)
m_keyInfo.LoadXml(keyInfoElement);
}
}
XmlNodeList objectNodes = signatureElement.SelectNodes("ds:Object", nsm);
m_embeddedObjects.Clear();
if (objectNodes != null) {
foreach(XmlNode node in objectNodes) {
XmlElement objectElement = node as XmlElement;
if (objectElement != null) {
DataObject dataObj = new DataObject();
dataObj.LoadXml(objectElement);
m_embeddedObjects.Add(dataObj);
}
}
}
// Select all elements that have Id attributes
XmlNodeList nodeList = signatureElement.SelectNodes("//*[@Id]", nsm);
if (nodeList != null) {
foreach (XmlNode node in nodeList) {
m_referencedItems.Add(node);
}
}
}
private void DecryptEncryptedGrants(XmlNodeList encryptedGrantList, IRelDecryptor decryptor)
{
XmlElement element = null;
XmlElement element2 = null;
XmlElement element3 = null;
EncryptionMethod encryptionMethod = null;
KeyInfo keyInfo = null;
CipherData data = null;
int num = 0;
int count = encryptedGrantList.Count;
while (num < count)
{
element = encryptedGrantList[num].SelectSingleNode("//r:encryptedGrant/enc:EncryptionMethod", this.namespaceManager) as XmlElement;
element2 = encryptedGrantList[num].SelectSingleNode("//r:encryptedGrant/dsig:KeyInfo", this.namespaceManager) as XmlElement;
element3 = encryptedGrantList[num].SelectSingleNode("//r:encryptedGrant/enc:CipherData", this.namespaceManager) as XmlElement;
if (((element != null) && (element2 != null)) && (element3 != null))
{
encryptionMethod = new EncryptionMethod();
keyInfo = new KeyInfo();
data = new CipherData();
encryptionMethod.LoadXml(element);
keyInfo.LoadXml(element2);
data.LoadXml(element3);
MemoryStream toDecrypt = null;
Stream stream = null;
StreamReader reader = null;
try
{
toDecrypt = new MemoryStream(data.CipherValue);
stream = this.relDecryptor.Decrypt(encryptionMethod, keyInfo, toDecrypt);
if ((stream == null) || (stream.Length == 0L))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_XrmlUnableToDecryptGrant"));
}
reader = new StreamReader(stream);
string str = reader.ReadToEnd();
encryptedGrantList[num].ParentNode.InnerXml = str;
}
finally
{
if (toDecrypt != null)
{
toDecrypt.Close();
}
if (stream != null)
{
stream.Close();
}
if (reader != null)
{
reader.Close();
}
}
encryptionMethod = null;
keyInfo = null;
data = null;
}
element = null;
element2 = null;
element3 = null;
num++;
}
}
public override void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
Id = Utils.GetAttribute(value, "Id", EncryptedXml.XmlEncNamespaceUrl);
Type = Utils.GetAttribute(value, "Type", EncryptedXml.XmlEncNamespaceUrl);
MimeType = Utils.GetAttribute(value, "MimeType", EncryptedXml.XmlEncNamespaceUrl);
Encoding = Utils.GetAttribute(value, "Encoding", EncryptedXml.XmlEncNamespaceUrl);
Recipient = Utils.GetAttribute(value, "Recipient", EncryptedXml.XmlEncNamespaceUrl);
XmlNode encryptionMethodNode = value.SelectSingleNode("enc:EncryptionMethod", nsm);
// EncryptionMethod
EncryptionMethod = new EncryptionMethod();
if (encryptionMethodNode != null)
{
EncryptionMethod.LoadXml(encryptionMethodNode as XmlElement);
}
// Key Info
KeyInfo = new KeyInfo();
XmlNode keyInfoNode = value.SelectSingleNode("ds:KeyInfo", nsm);
if (keyInfoNode != null)
{
KeyInfo.LoadXml(keyInfoNode as XmlElement);
}
// CipherData
XmlNode cipherDataNode = value.SelectSingleNode("enc:CipherData", nsm);
if (cipherDataNode == null)
{
throw new CryptographicException(SR.Cryptography_Xml_MissingCipherData);
}
CipherData = new CipherData();
CipherData.LoadXml(cipherDataNode as XmlElement);
// EncryptionProperties
XmlNode encryptionPropertiesNode = value.SelectSingleNode("enc:EncryptionProperties", nsm);
if (encryptionPropertiesNode != null)
{
// Select the EncryptionProperty elements inside the EncryptionProperties element
XmlNodeList encryptionPropertyNodes = encryptionPropertiesNode.SelectNodes("enc:EncryptionProperty", nsm);
if (encryptionPropertyNodes != null)
{
foreach (XmlNode node in encryptionPropertyNodes)
{
EncryptionProperty ep = new EncryptionProperty();
ep.LoadXml(node as XmlElement);
EncryptionProperties.Add(ep);
}
}
}
// CarriedKeyName
XmlNode carriedKeyNameNode = value.SelectSingleNode("enc:CarriedKeyName", nsm);
if (carriedKeyNameNode != null)
{
CarriedKeyName = carriedKeyNameNode.InnerText;
}
// ReferenceList
XmlNode referenceListNode = value.SelectSingleNode("enc:ReferenceList", nsm);
if (referenceListNode != null)
{
// Select the DataReference elements inside the ReferenceList element
XmlNodeList dataReferenceNodes = referenceListNode.SelectNodes("enc:DataReference", nsm);
if (dataReferenceNodes != null)
{
foreach (XmlNode node in dataReferenceNodes)
{
DataReference dr = new DataReference();
dr.LoadXml(node as XmlElement);
ReferenceList.Add(dr);
}
}
// Select the KeyReference elements inside the ReferenceList element
XmlNodeList keyReferenceNodes = referenceListNode.SelectNodes("enc:KeyReference", nsm);
if (keyReferenceNodes != null)
{
foreach (XmlNode node in keyReferenceNodes)
{
KeyReference kr = new KeyReference();
kr.LoadXml(node as XmlElement);
ReferenceList.Add(kr);
}
}
}
// Save away the cached value
_cachedXml = value;
}
private void DecryptEncryptedGrants(XmlNodeList encryptedGrantList, IRelDecryptor decryptor)
{
XmlElement element = null;
XmlElement element2 = null;
XmlElement element3 = null;
EncryptionMethod encryptionMethod = null;
KeyInfo keyInfo = null;
CipherData data = null;
int num = 0;
int count = encryptedGrantList.Count;
while (num < count)
{
element = encryptedGrantList[num].SelectSingleNode("//r:encryptedGrant/enc:EncryptionMethod", this.namespaceManager) as XmlElement;
element2 = encryptedGrantList[num].SelectSingleNode("//r:encryptedGrant/dsig:KeyInfo", this.namespaceManager) as XmlElement;
element3 = encryptedGrantList[num].SelectSingleNode("//r:encryptedGrant/enc:CipherData", this.namespaceManager) as XmlElement;
if (((element != null) && (element2 != null)) && (element3 != null))
{
encryptionMethod = new EncryptionMethod();
keyInfo = new KeyInfo();
data = new CipherData();
encryptionMethod.LoadXml(element);
keyInfo.LoadXml(element2);
data.LoadXml(element3);
MemoryStream toDecrypt = null;
Stream stream = null;
StreamReader reader = null;
try
{
toDecrypt = new MemoryStream(data.CipherValue);
stream = this.relDecryptor.Decrypt(encryptionMethod, keyInfo, toDecrypt);
if ((stream == null) || (stream.Length == 0L))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_XrmlUnableToDecryptGrant"));
}
reader = new StreamReader(stream);
string str = reader.ReadToEnd();
encryptedGrantList[num].ParentNode.InnerXml = str;
}
finally
{
if (toDecrypt != null)
{
toDecrypt.Close();
}
if (stream != null)
{
stream.Close();
}
if (reader != null)
{
reader.Close();
}
}
encryptionMethod = null;
keyInfo = null;
data = null;
}
element = null;
element2 = null;
element3 = null;
num++;
}
}
public override void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
if ((value.LocalName != XmlEncryption.ElementNames.EncryptedKey) || (value.NamespaceURI != EncryptedXml.XmlEncNamespaceUrl))
{
throw new CryptographicException("Malformed EncryptedKey element.");
}
else
{
EncryptionMethod = null;
EncryptionMethod = null;
EncryptionProperties.Clear();
ReferenceList.Clear();
CarriedKeyName = null;
Id = null;
Type = null;
MimeType = null;
Encoding = null;
Recipient = null;
foreach (XmlNode n in value.ChildNodes)
{
if (n is XmlWhitespace)
{
continue;
}
switch (n.LocalName)
{
case XmlEncryption.ElementNames.EncryptionMethod:
EncryptionMethod = new EncryptionMethod();
EncryptionMethod.LoadXml((XmlElement)n);
break;
case XmlSignature.ElementNames.KeyInfo:
KeyInfo = new KeyInfo();
KeyInfo.LoadXml((XmlElement)n);
break;
case XmlEncryption.ElementNames.CipherData:
CipherData = new CipherData();
CipherData.LoadXml((XmlElement)n);
break;
case XmlEncryption.ElementNames.EncryptionProperties:
foreach (XmlElement element in ((XmlElement)n).GetElementsByTagName(XmlEncryption.ElementNames.EncryptionProperty, EncryptedXml.XmlEncNamespaceUrl))
{
EncryptionProperties.Add(new EncryptionProperty(element));
}
break;
case XmlEncryption.ElementNames.ReferenceList:
foreach (XmlNode r in ((XmlElement)n).ChildNodes)
{
if (r is XmlWhitespace)
{
continue;
}
switch (r.LocalName)
{
case XmlEncryption.ElementNames.DataReference:
DataReference dr = new DataReference();
dr.LoadXml((XmlElement)r);
AddReference(dr);
break;
case XmlEncryption.ElementNames.KeyReference:
KeyReference kr = new KeyReference();
kr.LoadXml((XmlElement)r);
AddReference(kr);
break;
}
}
break;
case XmlEncryption.ElementNames.CarriedKeyName:
CarriedKeyName = ((XmlElement)n).InnerText;
break;
}
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Id))
{
Id = value.Attributes [XmlEncryption.AttributeNames.Id].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Type))
{
Type = value.Attributes [XmlEncryption.AttributeNames.Type].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.MimeType))
{
MimeType = value.Attributes [XmlEncryption.AttributeNames.MimeType].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Encoding))
{
Encoding = value.Attributes [XmlEncryption.AttributeNames.Encoding].Value;
}
if (value.HasAttribute(XmlEncryption.AttributeNames.Recipient))
{
Encoding = value.Attributes [XmlEncryption.AttributeNames.Recipient].Value;
}
}
}
public override void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlEncryption.ElementNames.EncryptedKey) || (value.NamespaceURI != EncryptedXml.XmlEncNamespaceUrl))
throw new CryptographicException ("Malformed EncryptedKey element.");
else {
EncryptionMethod = null;
EncryptionMethod = null;
EncryptionProperties.Clear ();
ReferenceList.Clear ();
CarriedKeyName = null;
Id = null;
Type = null;
MimeType = null;
Encoding = null;
Recipient = null;
foreach (XmlNode n in value.ChildNodes) {
if (n is XmlWhitespace)
continue;
switch (n.LocalName) {
case XmlEncryption.ElementNames.EncryptionMethod:
EncryptionMethod = new EncryptionMethod ();
EncryptionMethod.LoadXml ((XmlElement) n);
break;
case XmlSignature.ElementNames.KeyInfo:
KeyInfo = new KeyInfo ();
KeyInfo.LoadXml ((XmlElement) n);
break;
case XmlEncryption.ElementNames.CipherData:
CipherData = new CipherData ();
CipherData.LoadXml ((XmlElement) n);
break;
case XmlEncryption.ElementNames.EncryptionProperties:
foreach (XmlElement element in ((XmlElement) n).GetElementsByTagName (XmlEncryption.ElementNames.EncryptionProperty, EncryptedXml.XmlEncNamespaceUrl))
EncryptionProperties.Add (new EncryptionProperty (element));
break;
case XmlEncryption.ElementNames.ReferenceList:
foreach (XmlNode r in ((XmlElement) n).ChildNodes) {
if (r is XmlWhitespace)
continue;
switch (r.LocalName) {
case XmlEncryption.ElementNames.DataReference:
DataReference dr = new DataReference ();
dr.LoadXml ((XmlElement) r);
AddReference (dr);
break;
case XmlEncryption.ElementNames.KeyReference:
KeyReference kr = new KeyReference ();
kr.LoadXml ((XmlElement) r);
AddReference (kr);
break;
}
}
break;
case XmlEncryption.ElementNames.CarriedKeyName:
CarriedKeyName = ((XmlElement) n).InnerText;
break;
}
}
if (value.HasAttribute (XmlEncryption.AttributeNames.Id))
Id = value.Attributes [XmlEncryption.AttributeNames.Id].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.Type))
Type = value.Attributes [XmlEncryption.AttributeNames.Type].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.MimeType))
MimeType = value.Attributes [XmlEncryption.AttributeNames.MimeType].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.Encoding))
Encoding = value.Attributes [XmlEncryption.AttributeNames.Encoding].Value;
if (value.HasAttribute (XmlEncryption.AttributeNames.Recipient))
Encoding = value.Attributes [XmlEncryption.AttributeNames.Recipient].Value;
}
}
public void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName == XmlSignature.ElementNames.Signature) && (value.NamespaceURI == XmlSignature.NamespaceURI)) {
id = GetAttribute (value, XmlSignature.AttributeNames.Id);
// LAMESPEC: This library is totally useless against eXtensibly Marked-up document.
int i = NextElementPos (value.ChildNodes, 0, XmlSignature.ElementNames.SignedInfo, XmlSignature.NamespaceURI, true);
XmlElement sinfo = (XmlElement) value.ChildNodes [i];
info = new SignedInfo ();
info.LoadXml (sinfo);
i = NextElementPos (value.ChildNodes, ++i, XmlSignature.ElementNames.SignatureValue, XmlSignature.NamespaceURI, true);
XmlElement sigValue = (XmlElement) value.ChildNodes [i];
signature = Convert.FromBase64String (sigValue.InnerText);
// signature isn't required: <element ref="ds:KeyInfo" minOccurs="0"/>
i = NextElementPos (value.ChildNodes, ++i, XmlSignature.ElementNames.KeyInfo, XmlSignature.NamespaceURI, false);
if (i > 0) {
XmlElement kinfo = (XmlElement) value.ChildNodes [i];
key = new KeyInfo ();
key.LoadXml (kinfo);
}
XmlNodeList xnl = value.SelectNodes ("xd:Object", dsigNsmgr);
foreach (XmlElement xn in xnl) {
DataObject obj = new DataObject ();
obj.LoadXml (xn);
AddObject (obj);
}
}
else
throw new CryptographicException ("Malformed element: Signature.");
// if invalid
if (info == null)
throw new CryptographicException ("SignedInfo");
if (signature == null)
throw new CryptographicException ("SignatureValue");
}
