// According to book ".NET Framework Security" this method
// iterates all possible keys then return null
protected virtual AsymmetricAlgorithm GetPublicKey()
{
if (m_signature.KeyInfo == null)
{
return(null);
}
if (pkEnumerator == null)
{
pkEnumerator = m_signature.KeyInfo.GetEnumerator();
}
#if SECURITY_DEP
if (_x509Enumerator != null)
{
if (_x509Enumerator.MoveNext())
{
X509Certificate cert = (X509Certificate)_x509Enumerator.Current;
return(new X509Certificate2(cert.GetRawCertData()).PublicKey.Key);
}
else
{
_x509Enumerator = null;
}
}
#endif
while (pkEnumerator.MoveNext())
{
AsymmetricAlgorithm key = null;
KeyInfoClause kic = (KeyInfoClause)pkEnumerator.Current;
if (kic is DSAKeyValue)
{
key = DSA.Create();
}
else if (kic is RSAKeyValue)
{
key = RSA.Create();
}
if (key != null)
{
key.FromXmlString(kic.GetXml().InnerXml);
return(key);
}
#if SECURITY_DEP
if (kic is KeyInfoX509Data)
{
_x509Enumerator = ((KeyInfoX509Data)kic).Certificates.GetEnumerator();
if (_x509Enumerator.MoveNext())
{
X509Certificate cert = (X509Certificate)_x509Enumerator.Current;
return(new X509Certificate2(cert.GetRawCertData()).PublicKey.Key);
}
}
#endif
}
return(null);
}
public void LoadXml(XmlElement value)
{
if (value is null)
{
throw new ArgumentNullException(nameof(value));
}
XmlElement keyInfoElement = value;
_id = Utils.GetAttribute(keyInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl);
if (!Utils.VerifyAttributes(keyInfoElement, "Id"))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "KeyInfo");
}
XmlNode child = keyInfoElement.FirstChild;
while (child != null)
{
XmlElement elem = child as XmlElement;
if (elem != null)
{
// Create the right type of KeyInfoClause; we use a combination of the namespace and tag name (local name)
string kicString = elem.NamespaceURI + " " + elem.LocalName;
// Special-case handling for KeyValue -- we have to go one level deeper
if (kicString == "http://www.w3.org/2000/09/xmldsig# KeyValue")
{
if (!Utils.VerifyAttributes(elem, (string[])null))
{
throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "KeyInfo/KeyValue");
}
XmlNodeList nodeList2 = elem.ChildNodes;
foreach (XmlNode node2 in nodeList2)
{
XmlElement elem2 = node2 as XmlElement;
if (elem2 != null)
{
kicString += "/" + elem2.LocalName;
break;
}
}
}
KeyInfoClause keyInfoClause = CryptoHelpers.CreateFromName <KeyInfoClause>(kicString);
// if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode:
if (keyInfoClause == null)
{
keyInfoClause = new KeyInfoNode();
}
// Ask the create clause to fill itself with the corresponding XML
keyInfoClause.LoadXml(elem);
// Add it to our list of KeyInfoClauses
AddClause(keyInfoClause);
}
child = child.NextSibling;
}
}
/// <include file='doc\KeyInfo.uex' path='docs/doc[@for="KeyInfo.LoadXml"]/*' />
public void LoadXml(XmlElement value)
{
// Guard against nulls
if (value == null)
{
throw new ArgumentNullException("value");
}
// Validate what we are passed against the DTD
XmlElement keyInfoElement = value;
if (keyInfoElement.HasAttribute("Id"))
{
m_strId = keyInfoElement.GetAttribute("Id");
}
XmlNodeList nodeList = keyInfoElement.ChildNodes;
foreach (XmlNode node in nodeList)
{
XmlElement elem = node as XmlElement;
// We only care about XmlElement nodes here
if (elem == null)
{
continue;
}
// Create the right type of KeyInfoClause
// We use a combination of the namespace and tag name (local name)
String kicString = elem.NamespaceURI + " " + elem.LocalName;
// Special-case handling for KeyValue -- we have to go one level deeper
if (kicString == "http://www.w3.org/2000/09/xmldsig# KeyValue")
{
XmlNodeList nodeList2 = elem.ChildNodes;
foreach (XmlNode node2 in nodeList2)
{
XmlElement elem2 = node2 as XmlElement;
if (elem2 != null)
{
kicString += "/" + elem2.LocalName;
break;
}
}
}
KeyInfoClause keyInfoClause = (KeyInfoClause)CryptoConfig.CreateFromName(kicString);
// if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode:
if (keyInfoClause == null)
{
keyInfoClause = new KeyInfoNode();
}
// Ask the create clause to fill itself with the
// corresponding XML
keyInfoClause.LoadXml(elem);
// Add it to our list of KeyInfoClauses
AddClause(keyInfoClause);
}
}
/**
* Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance).
* @param sap the XmlSignatureAppearance
* @param externalSignature the interface providing the actual signing
* @param keyInfo KeyInfo for verification
* @throws GeneralSecurityException
* @throws IOException
* @throws DocumentException
*/
public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) {
VerifyArguments(sap, externalSignature);
List<XmlElement> references = new List<XmlElement>(1);
references.Add(GenerateContentReference(sap.GetXmlLocator().GetDocument(), sap, null));
XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), null, false);
Sign(signature, sap.GetXmlLocator(), externalSignature, references, null, keyInfo);
sap.Close();
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
XmlElement element = value;
this.m_id = System.Security.Cryptography.Xml.Utils.GetAttribute(element, "Id", "http://www.w3.org/2000/09/xmldsig#");
for (XmlNode node = element.FirstChild; node != null; node = node.NextSibling)
{
XmlElement element2 = node as XmlElement;
if (element2 != null)
{
string name = element2.NamespaceURI + " " + element2.LocalName;
if (name == "http://www.w3.org/2000/09/xmldsig# KeyValue")
{
foreach (XmlNode node2 in element2.ChildNodes)
{
XmlElement element3 = node2 as XmlElement;
if (element3 != null)
{
name = name + "/" + element3.LocalName;
break;
}
}
}
KeyInfoClause clause = (KeyInfoClause)CryptoConfig.CreateFromName(name);
if (clause == null)
{
clause = new KeyInfoNode();
}
clause.LoadXml(element2);
this.AddClause(clause);
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="X509CertificateCredentials"/> class.
/// </summary>
/// <remarks>The X509Certificate2 argument should have private key in order to sign the message.</remarks>
/// <param name="certificate">The X509Certificate2 object.</param>
public X509CertificateCredentials(X509Certificate2 certificate)
: base(null, true)
{
EwsUtilities.ValidateParam(certificate, "certificate");
if (!certificate.HasPrivateKey)
{
throw new ServiceValidationException(Strings.CertificateHasNoPrivateKey);
}
this.certificate = certificate;
string certId = WSSecurityUtilityIdSignedXml.GetUniqueId();
this.SecurityToken = string.Format(
X509CertificateCredentials.BinarySecurityTokenFormat,
certId,
Convert.ToBase64String(this.certificate.GetRawCertData()));
SafeXmlDocument doc = new SafeXmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(string.Format(X509CertificateCredentials.KeyInfoClauseFormat, certId));
this.keyInfoClause = new KeyInfoNode(doc.DocumentElement);
}
private Legacy.KeyInfoEncryptedKey EncryptKey(byte[] key, RSA encryptionKey, string method, Legacy.KeyInfoClause encryptionKeyInfoClause)
{
var encryptionKeyInfo = new Legacy.KeyInfo();
encryptionKeyInfo.AddClause(encryptionKeyInfoClause);
var cipherValue = Legacy.EncryptedXml.EncryptKey(key, encryptionKey, true);
var encryptedKey = new Legacy.EncryptedKey
{
CipherData = new Legacy.CipherData {
CipherValue = cipherValue
},
EncryptionMethod = new Legacy.EncryptionMethod(method),
KeyInfo = encryptionKeyInfo
};
return(new Legacy.KeyInfoEncryptedKey {
EncryptedKey = encryptedKey
});
}
private static void Sign(XmlElement signature, IXmlLocator xmlLocator, IExternalSignature externalSignature,
List<XmlElement> references, XmlElement dsObject, KeyInfoClause keyInfo) {
XmlDocument originalDoc = xmlLocator.GetDocument();
if (signature == null)
throw new InvalidOperationException();
XmlElement signedInfo = originalDoc.CreateElement("SignedInfo", SecurityConstants.XMLDSIG_URI);
signature.AppendChild(signedInfo);
XmlElement canonicalizationMethod = originalDoc.CreateElement("CanonicalizationMethod", SecurityConstants.XMLDSIG_URI);
canonicalizationMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_C14N);
signedInfo.AppendChild(canonicalizationMethod);
XmlElement signatureMethod = originalDoc.CreateElement("SignatureMethod", SecurityConstants.XMLDSIG_URI);
if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA))
signatureMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_RSA_SHA1);
else if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.DSA))
signatureMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_DSA_SHA1);
signedInfo.AppendChild(signatureMethod);
foreach (XmlElement reference in references)
signedInfo.AppendChild(reference);
//if append Signature to original document upper - reference digest will be incorrect.
originalDoc.DocumentElement.AppendChild(signature);
XmlElement signedInfoDigest = (XmlElement)signedInfo.CloneNode(true);
NormalizeNamespaces(signedInfo.CreateNavigator(), signedInfoDigest.CreateNavigator());
XmlDocument signedInfoDoc = new XmlDocument(originalDoc.NameTable);
signedInfoDoc.LoadXml(signedInfoDigest.OuterXml);
byte[] byteRange = CalculateC14nByteRange(signedInfoDoc);
//Sign with ExternalSignature
String valueBase64 = Convert.ToBase64String(externalSignature.Sign(byteRange));
XmlElement signatureValue = originalDoc.CreateElement("SignatureValue", SecurityConstants.XMLDSIG_URI);
signatureValue.AppendChild(originalDoc.CreateTextNode(valueBase64));
signature.AppendChild(signatureValue);
if(keyInfo != null) {
XmlElement keyInfoElement = originalDoc.CreateElement("KeyInfo", SecurityConstants.XMLDSIG_URI);
keyInfoElement.AppendChild(originalDoc.ImportNode(keyInfo.GetXml(), true));
signature.AppendChild(keyInfoElement);
}
if (dsObject != null)
signature.AppendChild(dsObject);
xmlLocator.SetDocument(originalDoc);
}
//
// public constructors
//
public void AddClause(KeyInfoClause clause) {
m_KeyInfoClauses.Add(clause);
}
//
// public constructors
//
public void AddClause(KeyInfoClause clause)
{
_keyInfoClauses.Add(clause);
}
public void AddClause(KeyInfoClause clause)
{
Info.Add(clause);
}
public void LoadXml(XmlElement value)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
Id = value.Attributes ["Id"] != null?value.GetAttribute("Id") : null;
if ((value.LocalName == XmlSignature.ElementNames.KeyInfo) && (value.NamespaceURI == XmlSignature.NamespaceURI))
{
foreach (XmlNode n in value.ChildNodes)
{
if (n.NodeType != XmlNodeType.Element)
{
continue;
}
KeyInfoClause kic = null;
switch (n.LocalName)
{
case XmlSignature.ElementNames.KeyValue:
XmlNodeList xnl = n.ChildNodes;
if (xnl.Count > 0)
{
// we must now treat the whitespace !
foreach (XmlNode m in xnl)
{
switch (m.LocalName)
{
case XmlSignature.ElementNames.DSAKeyValue:
kic = (KeyInfoClause) new DSAKeyValue();
break;
case XmlSignature.ElementNames.RSAKeyValue:
kic = (KeyInfoClause) new RSAKeyValue();
break;
}
}
}
break;
case XmlSignature.ElementNames.KeyName:
kic = (KeyInfoClause) new KeyInfoName();
break;
case XmlSignature.ElementNames.RetrievalMethod:
kic = (KeyInfoClause) new KeyInfoRetrievalMethod();
break;
case XmlSignature.ElementNames.X509Data:
kic = (KeyInfoClause) new KeyInfoX509Data();
break;
case XmlSignature.ElementNames.RSAKeyValue:
kic = (KeyInfoClause) new RSAKeyValue();
break;
#if NET_2_0
case XmlSignature.ElementNames.EncryptedKey:
kic = (KeyInfoClause) new KeyInfoEncryptedKey();
break;
#endif
default:
kic = (KeyInfoClause) new KeyInfoNode();
break;
}
if (kic != null)
{
kic.LoadXml((XmlElement)n);
AddClause(kic);
}
}
}
// No check is performed on MS.NET...
}
/// <summary>
/// Attempts to retrieve an asymmetric key from the KeyInfoClause given as parameter.
/// </summary>
/// <param name="keyInfoClause">The key info clause.</param>
/// <returns>null if the key could not be found.</returns>
public static AsymmetricAlgorithm ExtractKey(KeyInfoClause keyInfoClause)
{
if (keyInfoClause is RSAKeyValue)
{
var key = (RSAKeyValue)keyInfoClause;
return key.Key;
}
if (keyInfoClause is KeyInfoX509Data)
{
var cert = GetCertificateFromKeyInfo((KeyInfoX509Data)keyInfoClause);
return cert != null ? cert.PublicKey.Key : null;
}
if (keyInfoClause is DSAKeyValue)
{
var key = (DSAKeyValue)keyInfoClause;
return key.Key;
}
return null;
}
/**
* Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance).
* @param sap the XmlSignatureAppearance
* @param externalSignature the interface providing the actual signing
* @param keyInfo KeyInfo for verification
* @throws GeneralSecurityException
* @throws IOException
* @throws DocumentException
*/
public static void signXmlDSig(XmlSignatureAppearance sap,
IExternalSignature externalSignature, KeyInfoClause keyInfo) {
throw new NotImplementedException("Xml signatures are not supported yet");
}
public void AddClause(KeyInfoClause clause)
{
this.m_KeyInfoClauses.Add(clause);
}
public void AddClause (KeyInfoClause clause)
{
Info.Add (clause);
}
