public static string Sign(string xml, X509Certificate2 certificate)
{
if (xml == null) throw new ArgumentNullException("xml");
if (certificate == null) throw new ArgumentNullException("certificate");
if (!certificate.HasPrivateKey) throw new ArgumentException("Certificate should have a private key", "certificate");
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(xml);
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = certificate.PrivateKey;
// Attach certificate KeyInfo
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Attach transforms
var reference = new Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false));
reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false));
signedXml.AddReference(reference);
// Compute signature
signedXml.ComputeSignature();
var signatureElement = signedXml.GetXml();
// Add signature to bundle
doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true));
return doc.OuterXml;
}
/// <summary>
/// Creates the necessary key descriptors for the metadata based on the certificate in the IDPConfig class.
/// </summary>
/// <returns></returns>
private static KeyDescriptor[] CreateKeyDescriptors()
{
List<KeyDescriptor> keys = new List<KeyDescriptor>();
// Pack the certificate.
KeyInfo keyinfo = new KeyInfo();
KeyInfoX509Data keyClause = new KeyInfoX509Data(IDPConfig.IDPCertificate, X509IncludeOption.EndCertOnly);
keyinfo.AddClause(keyClause);
{ // Create signing key element.
KeyDescriptor key = new KeyDescriptor();
keys.Add(key);
key.use = KeyTypes.signing;
key.useSpecified = true;
key.KeyInfo = Serialization.DeserializeFromXmlString<dk.nita.saml20.Schema.XmlDSig.KeyInfo>(keyinfo.GetXml().OuterXml);
}
{ // Create encryption key element
KeyDescriptor key = new KeyDescriptor();
keys.Add(key);
key.use = KeyTypes.encryption;
key.useSpecified = true;
key.KeyInfo = Serialization.DeserializeFromXmlString<dk.nita.saml20.Schema.XmlDSig.KeyInfo>(keyinfo.GetXml().OuterXml);
}
return keys.ToArray();
}
public XmlDocument Xml()
{
if (_xml != null)
{
return _xml;
}
try
{
_xml = OpprettXmlDokument();
var signaturnode = Signaturnode();
var referanser = Referanser(_forsendelse.Dokumentpakke.Hoveddokument,
_forsendelse.Dokumentpakke.Vedlegg, _manifest);
OpprettReferanser(signaturnode, referanser);
var keyInfoX509Data = new KeyInfoX509Data(_sertifikat, X509IncludeOption.EndCertOnly);
signaturnode.KeyInfo.AddClause(keyInfoX509Data);
signaturnode.ComputeSignature();
_xml.DocumentElement.AppendChild(_xml.ImportNode(signaturnode.GetXml(), true));
}
catch (Exception e)
{
throw new XmlParseException("Kunne ikke bygge Xml for signatur.", e);
}
return _xml;
}
public void Constructor_Empty ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
Assert.IsNull (data.Certificates, "Certificates");
Assert.IsNull (data.CRL, "Certificates");
Assert.IsNull (data.IssuerSerials, "IssuerSerials");
Assert.IsNull (data.SubjectKeyIds, "SubjectKeyIds");
Assert.IsNull (data.SubjectNames, "SubjectNames");
Assert.AreEqual (data.GetXml ().OuterXml, "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\" />");
}
/// <summary>
/// Creates a KeyInfo object based on information from specified certificate
/// </summary>
/// <param name="certificate">The certificate used to create the KeyInfo from</param>
/// <returns>KeyInfo object</returns>
private static KeyInfo CreateKeyInfoFromCertificate(X509Certificate2 certificate)
{
// create KeyInfoX509Data object & include certificate subject
KeyInfoX509Data kiData = new KeyInfoX509Data(certificate);
kiData.AddSubjectName(certificate.Subject);
// create KeyInfo object with specified KeyInfoX509Data
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(kiData);
return keyInfo;
}
private void CreateMetadataDocument(HttpContext context, bool sign)
{
SAML20FederationConfig configuration = ConfigurationReader.GetConfig<SAML20FederationConfig>();
KeyInfo keyinfo = new KeyInfo();
KeyInfoX509Data keyClause = new KeyInfoX509Data(ConfigurationReader.GetConfig<FederationConfig>().SigningCertificate.GetCertificate(), X509IncludeOption.EndCertOnly);
keyinfo.AddClause(keyClause);
Saml20MetadataDocument doc = new Saml20MetadataDocument(configuration, keyinfo, sign);
context.Response.Write(doc.ToXml( context.Response.ContentEncoding ));
}
private KeyInfo getKeyInfo()
{
X509Extension extension = this.settings.Certificate.Extensions[1];
AsnEncodedData asndata = new AsnEncodedData(extension.Oid, extension.RawData);
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(this.settings.Certificate.Issuer, this.settings.Certificate.SerialNumber);
keyInfoData.AddSubjectName(this.settings.Certificate.SubjectName.Name);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoData);
return keyInfo;
}
private SignedXml SignatureElement()
{
SignedXml signedXml = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat);
var reference = new Sha256Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform("ns9"));
signedXml.AddReference(reference);
var keyInfoX509Data = new KeyInfoX509Data(Settings.Databehandler.Sertifikat);
signedXml.KeyInfo.AddClause(keyInfoX509Data);
signedXml.ComputeSignature();
return signedXml;
}
/// <summary>
/// Creates the metadata document.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="sign">if set to <c>true</c> sign the document.</param>
private void CreateMetadataDocument(HttpContext context, bool sign)
{
Logger.Debug(TraceMessages.MetadataDocumentBeingCreated);
var configuration = Saml2Config.GetConfig();
var keyinfo = new KeyInfo();
var keyClause = new KeyInfoX509Data(Saml2Config.GetConfig().ServiceProvider.SigningCertificate.GetCertificate(), X509IncludeOption.EndCertOnly);
keyinfo.AddClause(keyClause);
var doc = new Saml20MetadataDocument(configuration, keyinfo, sign);
Logger.Debug(TraceMessages.MetadataDocumentCreated);
context.Response.Write(doc.ToXml(context.Response.ContentEncoding));
}
public override string SignXml(XmlDocument Document)
{
SignedXmlWithId signedXml = new SignedXmlWithId(Document);
signedXml.SigningKey = manager.Certificate.PrivateKey;
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(manager.Certificate);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// the DataObject has to point to a XmlNodeList
DataObject dataObject = new DataObject();
dataObject.Id = "MyObjectID1";
dataObject.Data =
new CustomXmlNodeList(new[] { Document.DocumentElement });
signedXml.AddObject(dataObject);
// Add the reference to the SignedXml object.
Reference reference = new Reference();
reference.Uri = "#MyObjectID1";
signedXml.AddReference(reference);
// Create a reference to be signed.
if (c14)
{
XmlDsigC14NTransform env = new XmlDsigC14NTransform();
reference.AddTransform(env);
}
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// create detached envelope
XmlDocument envelope = new XmlDocument();
envelope.AppendChild(envelope.CreateElement("Envelope"));
envelope.DocumentElement.AppendChild(
envelope.ImportNode(xmlDigitalSignature, true));
return envelope.OuterXml;
}
public override string SignXml(XmlDocument Document)
{
// create detached envelope
XmlDocument envelope = new XmlDocument();
envelope.PreserveWhitespace = true;
envelope.AppendChild(envelope.CreateElement("Envelope"));
XmlElement message = envelope.CreateElement("Message");
message.InnerXml = Document.DocumentElement.OuterXml;
message.SetAttribute("Id", "MyObjectID");
envelope.DocumentElement.AppendChild(message);
SignedXmlWithId signedXml = new SignedXmlWithId(envelope);
signedXml.SigningKey = manager.Certificate.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#MyObjectID";
if (c14)
{
XmlDsigC14NTransform env = new XmlDsigC14NTransform();
reference.AddTransform(env);
}
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(manager.Certificate);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
envelope.DocumentElement.AppendChild(
envelope.ImportNode(xmlDigitalSignature, true));
return envelope.OuterXml;
}
public override string SignXml(XmlDocument Document)
{
SignedXmlWithId signedXml = new SignedXmlWithId(Document);
signedXml.SigningKey = manager.Certificate.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env =
new XmlDsigEnvelopedSignatureTransform(true);
reference.AddTransform(env);
if (c14)
{
XmlDsigC14NTransform c14t = new XmlDsigC14NTransform();
reference.AddTransform(c14t);
}
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(manager.Certificate);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
Document.DocumentElement.AppendChild(
Document.ImportNode(xmlDigitalSignature, true));
return Document.OuterXml;
}
/// <summary>
/// Signs an XML Document for a Saml Response
/// </summary>
/// <param name="xml"></param>
/// <param name="cert2"></param>
/// <param name="referenceId"></param>
/// <returns></returns>
public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue)
{
SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
// Add the key to the SignedXml xmlDocument.
sig.SigningKey = cert2.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = String.Empty;
// reference.Uri = "#" + referenceValue;
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new
XmlDsigEnvelopedSignatureTransform();
XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform();
reference.AddTransform(env);
reference.AddTransform(env2);
// Add the reference to the SignedXml object.
sig.AddReference(reference);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);
keyInfo.AddClause(keyData);
sig.KeyInfo = keyInfo;
// Compute the signature.
sig.ComputeSignature();
// Get the XML representation of the signature and save it to an XmlElement object.
XmlElement xmlDigitalSignature = sig.GetXml();
return xmlDigitalSignature;
}
internal static X509Certificate2Collection BuildBagOfCerts (KeyInfoX509Data keyInfoX509Data, CertUsageType certUsageType) {
X509Certificate2Collection collection = new X509Certificate2Collection();
ArrayList decryptionIssuerSerials = (certUsageType == CertUsageType.Decryption ? new ArrayList() : null);
if (keyInfoX509Data.Certificates != null) {
foreach (X509Certificate2 certificate in keyInfoX509Data.Certificates) {
switch (certUsageType) {
case CertUsageType.Verification:
collection.Add(certificate);
break;
case CertUsageType.Decryption:
decryptionIssuerSerials.Add(new X509IssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber));
break;
}
}
}
if (keyInfoX509Data.SubjectNames == null && keyInfoX509Data.IssuerSerials == null &&
keyInfoX509Data.SubjectKeyIds == null && decryptionIssuerSerials == null)
return collection;
// Open LocalMachine and CurrentUser "Other People"/"My" stores.
// Assert OpenStore since we are not giving back any certificates to the user.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Assert();
X509Store[] stores = new X509Store[2];
string storeName = (certUsageType == CertUsageType.Verification ? "AddressBook" : "My");
stores[0] = new X509Store(storeName, StoreLocation.CurrentUser);
stores[1] = new X509Store(storeName, StoreLocation.LocalMachine);
for (int index=0; index < stores.Length; index++) {
if (stores[index] != null) {
X509Certificate2Collection filters = null;
// We don't care if we can't open the store.
try {
stores[index].Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
filters = stores[index].Certificates;
stores[index].Close();
if (keyInfoX509Data.SubjectNames != null) {
foreach (string subjectName in keyInfoX509Data.SubjectNames) {
filters = filters.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
}
}
if (keyInfoX509Data.IssuerSerials != null) {
foreach (X509IssuerSerial issuerSerial in keyInfoX509Data.IssuerSerials) {
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
if (keyInfoX509Data.SubjectKeyIds != null) {
foreach (byte[] ski in keyInfoX509Data.SubjectKeyIds) {
string hex = X509Utils.EncodeHexString(ski);
filters = filters.Find(X509FindType.FindBySubjectKeyIdentifier, hex, false);
}
}
if (decryptionIssuerSerials != null) {
foreach (X509IssuerSerial issuerSerial in decryptionIssuerSerials) {
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
}
catch (CryptographicException) {}
if (filters != null)
collection.AddRange(filters);
}
}
return collection;
}
///////////////////////////////////////////////////////////////////////
///
/// <summary>
/// Carry out the Sign command.
/// </summary>
///
static void DoSignCommand(string title, X509Certificate2 certificate) {
Console.WriteLine();
Console.WriteLine("Signing Xml file \"" + fileNames[0] + "\"...");
Console.WriteLine();
// display more details for verbose operation.
if (verbose) {
DisplayDetail(null, certificate, detached);
}
SignedXml signedXml = new SignedXml();
ICspAsymmetricAlgorithm csp = (ICspAsymmetricAlgorithm) certificate.PrivateKey;
if (csp.CspKeyContainerInfo.RandomlyGenerated)
throw new InternalException("Internal error: This certificate does not have a corresponding private key.");
signedXml.SigningKey = (AsymmetricAlgorithm) csp;
Console.WriteLine(signedXml.SigningKey.ToXmlString(false));
if (detached) {
Reference reference = new Reference();
reference.Uri = "file://" + Path.GetFullPath((string) fileNames[0]);
signedXml.AddReference(reference);
} else {
Reference reference = new Reference();
reference.Uri = "#object-1";
// Add an object
XmlDocument dataObject = new XmlDocument();
dataObject.PreserveWhitespace = true;
XmlElement dataElement = (XmlElement) dataObject.CreateElement("DataObject", SignedXml.XmlDsigNamespaceUrl);
dataElement.AppendChild(dataObject.CreateTextNode(new UTF8Encoding(false).GetString(ReadFile((string) fileNames[0]))));
dataObject.AppendChild(dataElement);
DataObject obj = new DataObject();
obj.Data = dataObject.ChildNodes;
obj.Id = "object-1";
signedXml.AddObject(obj);
signedXml.AddReference(reference);
}
signedXml.KeyInfo = new KeyInfo();
if (includeOptions.Count == 0) {
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(certificate, X509IncludeOption.ExcludeRoot));
} else {
KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data();
foreach (IncludeOptions includeOption in includeOptions) {
switch (includeOption) {
case IncludeOptions.ExcludeRoot:
case IncludeOptions.EndCertOnly:
case IncludeOptions.WholeChain:
keyInfoX509Data = new KeyInfoX509Data(certificate, (X509IncludeOption) includeOption);
break;
case IncludeOptions.SubjectName:
keyInfoX509Data.AddSubjectName(certificate.SubjectName.Name);
break;
case IncludeOptions.SKI:
X509ExtensionCollection extensions = certificate.Extensions;
foreach (X509Extension extension in extensions) {
if (extension.Oid.Value == "2.5.29.14") { // OID for SKI extension
X509SubjectKeyIdentifierExtension ski = extension as X509SubjectKeyIdentifierExtension;
if (ski != null) {
keyInfoX509Data.AddSubjectKeyId(ski.SubjectKeyIdentifier);
break;
}
}
}
break;
case IncludeOptions.IssuerSerial:
keyInfoX509Data.AddIssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber);
break;
}
signedXml.KeyInfo.AddClause(keyInfoX509Data);
}
}
// compute the signature
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
// write it out
XmlTextWriter xmltw = new XmlTextWriter((string) fileNames[1], new UTF8Encoding(false));
xmlDigitalSignature.WriteTo(xmltw);
xmltw.Close();
Console.WriteLine();
Console.WriteLine("Signature written to file \"" + fileNames[1] + "\".");
Console.WriteLine();
return;
}
public void Constructor_X509Certificate ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data ();
KeyInfoX509Data data2 = new KeyInfoX509Data (cert);
XmlElement xel = data2.GetXml ();
string s = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Certificate>MIIJuTCCCSKgAwIBAgIQIAs1Xs7EsGO33sY0uXA0RDANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYwODIxMDAwMDAwWhcNOTcwODIwMjM1OTU5WjCCAQoxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxFjAUBgNVBAMTDURhdmlkIFQuIEdyYXkxHjAcBgkqhkiG9w0BCQEWD2RhdmlkQGZvcm1hbC5pZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFgQei6w+4//j4HO4y/78SNWr5a8i+L/s+rwRRSqzdECmozUBbZh6Y7/JMd/qPhtEhZ5JESsSJyYPPiJ9v4jI1AgMBAAGjggcIMIIHBDAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogV";
s += "GhlIENvbW1vbiBOYW1lIGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBWZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuIFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRoZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhlIFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBMSU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklDVExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RBVEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJRUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVSQ0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQgV0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENFUlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJhdGUgaW5mb3JtYXRpb24gdmFsaWRhdGVkIApieSB0aGUgSUEuMA0GCSqGSIb3DQEBBAUAA4GBACs9RMcyWa7xX48/h+M+64Ew+KmW2wFCCwTvNwI/1CBhWMRKOjmz+9n4pcReM1oO+pNWL2/WYaKvpQwd4kFl80B1ZoPSWrS3VguODaEzE31Jw7EAaIN/tWbUMjL+i5pa1gFyMV2FkbyTm2VgJcYfvN1pRGLCsm9Gqy8gpW/aSGyc</X509Certificate></X509Data>";
Assert.AreEqual (s, (data2.GetXml ().OuterXml), "1 cert");
data1.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
X509Certificate x509 = new X509Certificate (cert);
KeyInfoX509Data data3 = new KeyInfoX509Data (x509);
Assert.AreEqual ((data2.GetXml ().OuterXml), (data3.GetXml ().OuterXml), "data2==data3");
}
public void Constructor_X509CertificateByteArray_Null ()
{
KeyInfoX509Data data = new KeyInfoX509Data ((byte[]) null);
}
public void Constructor_X509Certificate_Null ()
{
KeyInfoX509Data data = new KeyInfoX509Data ((X509Certificate)null);
}
internal static X509Certificate2Collection BuildBagOfCerts(KeyInfoX509Data keyInfoX509Data, CertUsageType certUsageType)
{
X509Certificate2Collection collection = new X509Certificate2Collection();
ArrayList decryptionIssuerSerials = (certUsageType == CertUsageType.Decryption ? new ArrayList() : null);
if (keyInfoX509Data.Certificates != null)
{
foreach (X509Certificate2 certificate in keyInfoX509Data.Certificates)
{
switch (certUsageType)
{
case CertUsageType.Verification:
collection.Add(certificate);
break;
case CertUsageType.Decryption:
decryptionIssuerSerials.Add(new X509IssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber));
break;
}
}
}
if (keyInfoX509Data.SubjectNames == null && keyInfoX509Data.IssuerSerials == null &&
keyInfoX509Data.SubjectKeyIds == null && decryptionIssuerSerials == null)
{
return(collection);
}
// Open LocalMachine and CurrentUser "Other People"/"My" stores.
// Assert OpenStore since we are not giving back any certificates to the user.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Assert();
X509Store[] stores = new X509Store[2];
string storeName = (certUsageType == CertUsageType.Verification ? "AddressBook" : "My");
stores[0] = new X509Store(storeName, StoreLocation.CurrentUser);
stores[1] = new X509Store(storeName, StoreLocation.LocalMachine);
for (int index = 0; index < stores.Length; index++)
{
if (stores[index] != null)
{
X509Certificate2Collection filters = null;
// We don't care if we can't open the store.
try {
stores[index].Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
filters = stores[index].Certificates;
stores[index].Close();
if (keyInfoX509Data.SubjectNames != null)
{
foreach (string subjectName in keyInfoX509Data.SubjectNames)
{
filters = filters.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
}
}
if (keyInfoX509Data.IssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in keyInfoX509Data.IssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
if (keyInfoX509Data.SubjectKeyIds != null)
{
foreach (byte[] ski in keyInfoX509Data.SubjectKeyIds)
{
string hex = X509Utils.EncodeHexString(ski);
filters = filters.Find(X509FindType.FindBySubjectKeyIdentifier, hex, false);
}
}
if (decryptionIssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in decryptionIssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
}
catch (CryptographicException) {}
if (filters != null)
{
collection.AddRange(filters);
}
}
}
return(collection);
}
public void InvalidKeyNode1 ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data ();
data1.LoadXml (null);
}
internal static X509Certificate2Collection BuildBagOfCerts(KeyInfoX509Data keyInfoX509Data, CertUsageType certUsageType)
{
X509Certificate2Collection collection = new X509Certificate2Collection();
ArrayList decryptionIssuerSerials = (certUsageType == CertUsageType.Decryption ? new ArrayList() : null);
if (keyInfoX509Data.Certificates != null)
{
foreach (X509Certificate2 certificate in keyInfoX509Data.Certificates)
{
switch (certUsageType)
{
case CertUsageType.Verification:
collection.Add(certificate);
break;
case CertUsageType.Decryption:
decryptionIssuerSerials.Add(CreateX509IssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber));
break;
}
}
}
if (keyInfoX509Data.SubjectNames == null && keyInfoX509Data.IssuerSerials == null &&
keyInfoX509Data.SubjectKeyIds == null && decryptionIssuerSerials == null)
{
return(collection);
}
// Open LocalMachine and CurrentUser "Other People"/"My" stores.
X509Store[] stores = new X509Store[2];
string storeName = (certUsageType == CertUsageType.Verification ? "AddressBook" : "My");
stores[0] = new X509Store(storeName, StoreLocation.CurrentUser);
stores[1] = new X509Store(storeName, StoreLocation.LocalMachine);
for (int index = 0; index < stores.Length; index++)
{
if (stores[index] != null)
{
X509Certificate2Collection filters = null;
// We don't care if we can't open the store.
try
{
stores[index].Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
filters = stores[index].Certificates;
stores[index].Close();
if (keyInfoX509Data.SubjectNames != null)
{
foreach (string subjectName in keyInfoX509Data.SubjectNames)
{
filters = filters.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
}
}
if (keyInfoX509Data.IssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in keyInfoX509Data.IssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
if (keyInfoX509Data.SubjectKeyIds != null)
{
foreach (byte[] ski in keyInfoX509Data.SubjectKeyIds)
{
string hex = EncodeHexString(ski);
filters = filters.Find(X509FindType.FindBySubjectKeyIdentifier, hex, false);
}
}
if (decryptionIssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in decryptionIssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
}
// Store doesn't exist, no read permissions, other system error
catch (CryptographicException) { }
// Opening LocalMachine stores (other than Root or CertificateAuthority) on Linux
catch (PlatformNotSupportedException) { }
if (filters != null)
{
collection.AddRange(filters);
}
}
}
return(collection);
}
public void DigestValue_LF ()
{
XmlDocument doc = CreateSomeXml ("\n");
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
transform.LoadInput (doc);
Stream s = (Stream) transform.GetOutput ();
string output = Stream2String (s);
Assert.AreEqual ("<person>\n <birthplace>Brussels</birthplace>\n</person>", output, "#1");
s.Position = 0;
HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
byte[] digest = hash.ComputeHash (s);
Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2");
X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
SignedXml signedXml = new SignedXml (doc);
signedXml.SigningKey = cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference ();
reference.Uri = "";
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
reference.AddTransform (env);
signedXml.AddReference (reference);
KeyInfo keyInfo = new KeyInfo ();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
x509KeyInfo.AddCertificate (cert);
keyInfo.AddClause (x509KeyInfo);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature ();
digest = reference.DigestValue;
Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");
Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"
+ "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
+ "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
+ "<Reference URI=\"\">"
+ "<Transforms>"
+ "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
+ "</Transforms>"
+ "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
+ "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
+ "</Reference>"
+ "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
}
public void Complex ()
{
KeyInfoName name = new KeyInfoName ();
name.Value = "Mono::";
info.AddClause (name);
DSA keyDSA = DSA.Create ();
keyDSA.FromXmlString (xmlDSA);
DSAKeyValue dsa = new DSAKeyValue (keyDSA);
info.AddClause (dsa);
RSA keyRSA = RSA.Create ();
keyRSA.FromXmlString (xmlRSA);
RSAKeyValue rsa = new RSAKeyValue (keyRSA);
info.AddClause (rsa);
KeyInfoRetrievalMethod retrieval = new KeyInfoRetrievalMethod ();
retrieval.Uri = "http://www.go-mono.org/";
info.AddClause (retrieval);
X509Certificate x509 = new X509Certificate (cert);
KeyInfoX509Data x509data = new KeyInfoX509Data (x509);
info.AddClause (x509data);
string s = "<KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><KeyName>Mono::</KeyName><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><DSAKeyValue><P>rjxsMU368YOCTQejWkiuO9e/vUVwkLtq1jKiU3TtJ53hBJqjFRuTa228vZe+BH2su9RPn/vYFWfQDv6zgBYe3eNdu4Afw+Ny0FatX6dl3E77Ra6Tsd3MmLXBiGSQ1mMNd5G2XQGpbt9zsGlUaexXekeMLxIufgfZLwYp67M+2WM=</P><Q>tf0K9rMyvUrU4cIkwbCrDRhQAJk=</Q><G>S8Z+1pGCed00w6DtVcqZLKjfqlCJ7JsugEFIgSy/Vxtu9YGCMclV4ijGEbPo/jU8YOSMuD7E9M7UaopMRcmKQjoKZzoJjkgVFP48Ohxl1f08lERnButsxanx3+OstFwUGQ8XNaGg3KrIoZt1FUnfxN3RHHTvVhjzNSHxMGULGaU=</G><Y>LnrxxRGLYeV2XLtK3SYz8RQHlHFZYrtznDZyMotuRfO5uC5YODhSFyLXvb1qB3WeGtF4h3Eo4KzHgMgfN2ZMlffxFRhJgTtH3ctbL8lfQoDkjeiPPnYGhspdJxr0tyZmiy0gkjJG3vwHYrLnvZWx9Wm/unqiOlGBPNuxJ+hOeP8=</Y><J>9RhE5TycDtdEIXxS3HfxFyXYgpy81zY5lVjwD6E9JP37MWEi80BlX6ab1YPm6xYSEoqReMPP9RgGiW6DuACpgI7+8vgCr4i/7VhzModJAA56PwvTu6UMt9xxKU/fT672v8ucREkMWoc7lEey</J><Seed>HxW3N4RHWVgqDQKuGg7iJTUTiCs=</Seed><PgenCounter>Asw=</PgenCounter></DSAKeyValue></KeyValue>";
s += "<KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><RSAKeyValue><Modulus>9DC4XNdQJwMRnz5pP2a6U51MHCODRilaIoVXqUPhCUb0lJdGroeqVYT84ZyIVrcarzD7Tqs3aEOIa3rKox0N1bxQpZPqayVQeLAkjLLtzJW/ScRJx3uEDJdgT1JnM1FH0GZTinmEdCUXdLc7+Y/c/qqIkTfbwHbRZjW0bBJyExM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue>";
#if NET_1_0
s += "<RetrievalElement URI=\"http://www.go-mono.org/\" />";
#else
s += "<RetrievalMethod URI=\"http://www.go-mono.org/\" />";
#endif
s += "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">";
s += "<X509Certificate>MIICHTCCAYYCARQwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCQ0ExHzAdBgNVBAMTFktleXdpdG5lc3MgQ2FuYWRhIEluYy4xKDAmBgorBgEEASoCCwIBExhrZXl3aXRuZXNzQGtleXdpdG5lc3MuY2EwHhcNOTYwNTA3MDAwMDAwWhcNOTkwNTA3MDAwMDAwWjBYMQswCQYDVQQGEwJDQTEfMB0GA1UEAxMWS2V5d2l0bmVzcyBDYW5hZGEgSW5jLjEoMCYGCisGAQQBKgILAgETGGtleXdpdG5lc3NAa2V5d2l0bmVzcy5jYTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAzSP6KuHtmPTp0JM+13qAAkzMwQKvXLYff/pXQm8w0SDFtSEHQCyphsLzZISuPYUu7YW9VLAYKO9q+BvnCxYfkyVPx/iOw7nKmIQOVdAv73h3xXIoX2C/GSvRcqK32D/glzRaAb0EnMh4Rc2TjRXydhARq7hbLp5S3YE+nGTIKZMCAQMwDQYJKoZIhvcNAQEEBQADgYEAMho1ur9DJ9a01Lh25eObTWzAhsl3NbprFi0TRkqwMlOhW1rpmeIMhogXTg3+gqxOR+/7/zms7jXI+lI3CkmtWa3iiqkcxl8f+G9zfs2gMegMvvVN2bKrihK2MHhoEXwN8UlNo/2y6f8d8JH6VIX/M5Dowb+km6RiRr1hElmYQYk=</X509Certificate></X509Data></KeyInfo>";
AssertCrypto.AssertXmlEquals ("Complex", s, (info.GetXml ().OuterXml));
AssertEquals ("RetrievalMethod count", 5, info.Count);
}
/// <summary>
/// Takes the configuration class and converts it to a SAML2.0 metadata document.
/// </summary>
/// <param name="config">The config.</param>
/// <param name="keyInfo">The keyInfo.</param>
private void ConvertToMetadata(Saml2Configuration config)
{
var entity = CreateDefaultEntity();
entity.EntityId = config.ServiceProvider.Id;
if (config.ServiceProvider.UseValidUntil)
{
entity.ValidUntil = DateTime.Now.AddDays(7);
}
var serviceProviderDescriptor = new SpSsoDescriptor
{
ProtocolSupportEnumeration = new[] { Saml20Constants.Protocol },
AuthnRequestsSigned = XmlConvert.ToString(config.ServiceProvider.AuthNRequestsSigned),
WantAssertionsSigned = XmlConvert.ToString(config.ServiceProvider.WantAssertionsSigned)
};
if (config.ServiceProvider.NameIdFormats.Count > 0)
{
serviceProviderDescriptor.NameIdFormat = new string[config.ServiceProvider.NameIdFormats.Count];
var count = 0;
foreach (var elem in config.ServiceProvider.NameIdFormats)
{
serviceProviderDescriptor.NameIdFormat[count++] = elem.Format;
}
}
var baseUrl = new Uri(config.ServiceProvider.Server);
var logoutServiceEndpoints = new List <Endpoint>();
var signonServiceEndpoints = new List <IndexedEndpoint>();
var artifactResolutionEndpoints = new List <IndexedEndpoint>(2);
// Include endpoints.
foreach (var endpoint in config.ServiceProvider.Endpoints)
{
if (endpoint.Type == EndpointType.SignOn)
{
var loginEndpoint = new IndexedEndpoint
{
Index = endpoint.Index,
IsDefault = endpoint.Default,
Location = new Uri(baseUrl, endpoint.LocalPath).ToString(),
Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost)
};
signonServiceEndpoints.Add(loginEndpoint);
if (config.ServiceProvider.IncludeArtifactResolutionEndpoints)
{
var artifactSignonEndpoint = new IndexedEndpoint
{
Binding = Saml20Constants.ProtocolBindings.HttpSoap,
Index = loginEndpoint.Index,
Location = loginEndpoint.Location
};
artifactResolutionEndpoints.Add(artifactSignonEndpoint);
}
continue;
}
if (endpoint.Type == EndpointType.Logout)
{
var location = new Uri(baseUrl, endpoint.LocalPath).ToString();
var logoutEndpoint = new Endpoint
{
Location = location,
ResponseLocation = location,
Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost)
};
logoutServiceEndpoints.Add(logoutEndpoint);
if (config.ServiceProvider.IncludeArtifactResolutionEndpoints)
{
var artifactLogoutEndpoint = new IndexedEndpoint
{
Binding = Saml20Constants.ProtocolBindings.HttpSoap,
Index = endpoint.Index,
Location = logoutEndpoint.Location
};
artifactResolutionEndpoints.Add(artifactLogoutEndpoint);
}
continue;
}
}
serviceProviderDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray();
serviceProviderDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray();
// Attribute consuming service.
if (config.Metadata.RequestedAttributes.Count > 0)
{
var attConsumingService = new AttributeConsumingService();
serviceProviderDescriptor.AttributeConsumingService = new[] { attConsumingService };
attConsumingService.Index = signonServiceEndpoints[0].Index;
attConsumingService.IsDefault = true;
attConsumingService.ServiceName = new[] { new LocalizedName("SP", "en") };
attConsumingService.RequestedAttribute = new RequestedAttribute[config.Metadata.RequestedAttributes.Count];
for (var i = 0; i < config.Metadata.RequestedAttributes.Count; i++)
{
attConsumingService.RequestedAttribute[i] = new RequestedAttribute
{
Name = config.Metadata.RequestedAttributes[i].Name,
NameFormat = SamlAttribute.NameformatBasic
};
if (config.Metadata.RequestedAttributes[i].IsRequired)
{
attConsumingService.RequestedAttribute[i].IsRequired = true;
}
}
}
else
{
serviceProviderDescriptor.AttributeConsumingService = new AttributeConsumingService[0];
}
if (config.Metadata == null || !config.Metadata.ExcludeArtifactEndpoints)
{
serviceProviderDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray();
}
entity.Items = new object[] { serviceProviderDescriptor };
// Keyinfo
var keySigning = new KeyDescriptor();
var keyEncryption = new KeyDescriptor();
serviceProviderDescriptor.KeyDescriptor = new[] { keySigning, keyEncryption };
keySigning.Use = KeyTypes.Signing;
keySigning.UseSpecified = true;
keyEncryption.Use = KeyTypes.Encryption;
keyEncryption.UseSpecified = true;
var keyinfo = new System.Security.Cryptography.Xml.KeyInfo();
var keyClause = new System.Security.Cryptography.Xml.KeyInfoX509Data(config.ServiceProvider.SigningCertificate, X509IncludeOption.EndCertOnly);
keyinfo.AddClause(keyClause);
// Ugly conversion between the .Net framework classes and our classes ... avert your eyes!!
keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyinfo.GetXml().OuterXml);
keyEncryption.KeyInfo = keySigning.KeyInfo;
// apply the <Organization> element
if (config.Metadata.Organization != null)
{
entity.Organization = new Schema.Metadata.Organization
{
OrganizationName = new[] { new LocalizedName {
Value = config.Metadata.Organization.Name, Language = "en"
} },
OrganizationDisplayName = new[] { new LocalizedName {
Value = config.Metadata.Organization.DisplayName, Language = "en"
} },
OrganizationURL = new[] { new LocalizedURI {
Value = config.Metadata.Organization.Url, Language = "en"
} }
};
}
if (config.Metadata.Contacts != null && config.Metadata.Contacts.Any())
{
entity.ContactPerson = config.Metadata.Contacts.Select(x => new Schema.Metadata.Contact
{
ContactType =
(Schema.Metadata.ContactType)
((int)x.Type),
Company = x.Company,
GivenName = x.GivenName,
SurName = x.SurName,
EmailAddress = new[] { x.Email },
TelephoneNumber = new[] { x.Phone }
}).ToArray();
}
}
public static void SignXml(ref XmlDocument document, X509Certificate2 certificate, RequestType requestType)
{
document.PreserveWhitespace = true;
if (requestType == RequestType.Invoice || requestType == RequestType.Buisness_premise)
{
XmlNode nodeTaxNumber = document.GetElementsByTagName("fu:TaxNumber")[0];
nodeTaxNumber.InnerText = AppLink.VATNumber;
string taxNumber = nodeTaxNumber.InnerText;
if (requestType == RequestType.Invoice)
{
string issueDate = DateTime.Now.ToUniversalTime().ToString("s");
XmlNode nodeIssueDate = document.GetElementsByTagName("fu:IssueDateTime")[0];
nodeIssueDate.InnerText = issueDate;
XmlNode nodeInvoiceNumber = document.GetElementsByTagName("fu:InvoiceNumber")[0];
string invoiceNumber = nodeInvoiceNumber.InnerText;
XmlNode nodeBusinessPremiseID = document.GetElementsByTagName("fu:BusinessPremiseID")[0];
string businessPremiseID = nodeBusinessPremiseID.InnerText;
XmlNode nodeElectronicDeviceID = document.GetElementsByTagName("fu:ElectronicDeviceID")[0];
string electronicDeviceID = nodeElectronicDeviceID.InnerText;
XmlNode nodeInvoiceAmount = document.GetElementsByTagName("fu:InvoiceAmount")[0];
string invoiceAmount = nodeInvoiceAmount.InnerText;
string zoi = CalculateZOI(taxNumber, issueDate, invoiceNumber, businessPremiseID, electronicDeviceID, invoiceAmount, certificate);
XmlNode nodeZoi = document.GetElementsByTagName("fu:ProtectedID")[0];
nodeZoi.InnerText = zoi;
}
}
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
if (document == null)
throw new ArgumentException("xmlDoc");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(document);
byte[] data = certificate.GetPublicKey();
string base64 = Convert.ToBase64String(data);
RSACryptoServiceProvider rsaCSP = (RSACryptoServiceProvider)certificate.PrivateKey;
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = rsaCSP.CspKeyContainerInfo.KeyContainerName;
cspParameters.KeyNumber = rsaCSP.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2;
RSACryptoServiceProvider rsaAesCSP = new RSACryptoServiceProvider(cspParameters);
signedXml.SigningKey = rsaAesCSP; //newKey;
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(certificate.Issuer, certificate.SerialNumber);
X509Extension extension = certificate.Extensions[1];
AsnEncodedData asndata = new AsnEncodedData(extension.Oid, extension.RawData);
keyInfoData.AddSubjectName(certificate.SubjectName.Name);
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#test";
reference.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
XmlNode element;
if (requestType == RequestType.Invoice)
{
element = document.GetElementsByTagName("fu:InvoiceRequest")[0];
}
else
{
element = document.GetElementsByTagName("fu:BusinessPremiseRequest")[0];
}
element.AppendChild(xmlDigitalSignature);
}
public void AddSubjectName_Null ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
data.AddSubjectName (null);
Assert.IsNull (data.Certificates, "Certificates");
Assert.IsNull (data.CRL, "Certificates");
Assert.IsNull (data.IssuerSerials, "IssuerSerials");
Assert.IsNull (data.SubjectKeyIds, "SubjectKeyIds");
Assert.AreEqual (1, data.SubjectNames.Count, "SubjectNames");
Assert.IsNull (data.SubjectNames[0], "SubjectNames[0]");
Assert.AreEqual ("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509SubjectName></X509SubjectName></X509Data>", data.GetXml ().OuterXml, "XML");
}
public void InvalidKeyNode3 ()
{
string bad = "<Test></Test>";
XmlDocument doc = new XmlDocument ();
doc.LoadXml (bad);
KeyInfoX509Data data1 = new KeyInfoX509Data ();
data1.LoadXml (doc.DocumentElement);
}
public void X509Data ()
{
X509Certificate x509 = new X509Certificate (cert);
KeyInfoX509Data x509data = new KeyInfoX509Data (x509);
info.AddClause (x509data);
AssertCrypto.AssertXmlEquals ("X509Data", "<KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Certificate>MIICHTCCAYYCARQwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCQ0ExHzAdBgNVBAMTFktleXdpdG5lc3MgQ2FuYWRhIEluYy4xKDAmBgorBgEEASoCCwIBExhrZXl3aXRuZXNzQGtleXdpdG5lc3MuY2EwHhcNOTYwNTA3MDAwMDAwWhcNOTkwNTA3MDAwMDAwWjBYMQswCQYDVQQGEwJDQTEfMB0GA1UEAxMWS2V5d2l0bmVzcyBDYW5hZGEgSW5jLjEoMCYGCisGAQQBKgILAgETGGtleXdpdG5lc3NAa2V5d2l0bmVzcy5jYTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAzSP6KuHtmPTp0JM+13qAAkzMwQKvXLYff/pXQm8w0SDFtSEHQCyphsLzZISuPYUu7YW9VLAYKO9q+BvnCxYfkyVPx/iOw7nKmIQOVdAv73h3xXIoX2C/GSvRcqK32D/glzRaAb0EnMh4Rc2TjRXydhARq7hbLp5S3YE+nGTIKZMCAQMwDQYJKoZIhvcNAQEEBQADgYEAMho1ur9DJ9a01Lh25eObTWzAhsl3NbprFi0TRkqwMlOhW1rpmeIMhogXTg3+gqxOR+/7/zms7jXI+lI3CkmtWa3iiqkcxl8f+G9zfs2gMegMvvVN2bKrihK2MHhoEXwN8UlNo/2y6f8d8JH6VIX/M5Dowb+km6RiRr1hElmYQYk=</X509Certificate></X509Data></KeyInfo>", (info.GetXml ().OuterXml));
AssertEquals ("X509Data count", 1, info.Count);
}
public void Complex ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data (cert);
KeyInfoX509Data data2 = new KeyInfoX509Data ();
XmlElement xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
AssertCrypto.AssertEquals ("Certificate[0]", cert, c);
// add a second X.509 certificate
X509Certificate x509 = new X509Certificate (cert2);
data1.AddCertificate (x509);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
c = (data1.Certificates [1] as X509Certificate).GetRawCertData();
Assert.AreEqual (cert2, c, "Certificate[1]");
// add properties from a third X.509 certificate
x509 = new X509Certificate (cert3);
data1.AddIssuerSerial (x509.GetIssuerName (), x509.GetSerialNumberString ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
// TODO: The type of IssuerSerial isn't documented
// X509Certificate doesn't export SubjectKeyId so we must improvise
byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
data1.AddSubjectKeyId (skid);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
Assert.AreEqual (skid, (byte[])data1.SubjectKeyIds[0], "SubjectKeyId");
data1.AddSubjectName (x509.GetName ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
string s = (string) data1.SubjectNames [0];
Assert.AreEqual (x509.GetName (), s, "SubjectName");
}
public void ReadXml (XmlReader r)
{
r.MoveToContent ();
XmlDocument doc = new XmlDocument ();
data = new KeyInfoX509Data ();
data.LoadXml (doc.ReadNode (r) as XmlElement);
}
public void CRL ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data ();
data1.CRL = x509crl;
XmlElement xel = data1.GetXml ();
KeyInfoX509Data data2 = new KeyInfoX509Data ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
Assert.AreEqual (data1.CRL, data2.CRL, "crl1==crl2");
}
// creates a signed XML document with two certificates in the X509Data
// element, with the second being the one that should be used to verify
// the signature
static XmlDocument CreateSignedXml (X509Certificate2 cert, string canonicalizationMethod, string lineFeed)
{
XmlDocument doc = CreateSomeXml (lineFeed);
SignedXml signedXml = new SignedXml (doc);
signedXml.SigningKey = cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod;
Reference reference = new Reference ();
reference.Uri = "";
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
reference.AddTransform (env);
signedXml.AddReference (reference);
KeyInfo keyInfo = new KeyInfo ();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
x509KeyInfo.AddCertificate (cert);
keyInfo.AddClause (x509KeyInfo);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature ();
XmlElement xmlDigitalSignature = signedXml.GetXml ();
doc.DocumentElement.AppendChild (doc.ImportNode (xmlDigitalSignature, true));
return doc;
}
public void ImportX509Data ()
{
string simple = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Certificate>MIIJuTCCCSKgAwIBAgIQIAs1Xs7EsGO33sY0uXA0RDANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYwODIxMDAwMDAwWhcNOTcwODIwMjM1OTU5WjCCAQoxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxFjAUBgNVBAMTDURhdmlkIFQuIEdyYXkxHjAcBgkqhkiG9w0BCQEWD2RhdmlkQGZvcm1hbC5pZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFgQei6w+4//j4HO4y/78SNWr5a8i+L/s+rwRRSqzdECmozUBbZh6Y7/JMd/qPhtEhZ5JESsSJyYPPiJ9v4jI1AgMBAAGjggcIMIIHBDAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogV";
simple += "GhlIENvbW1vbiBOYW1lIGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBWZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuIFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRoZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhlIFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBMSU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklDVExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RBVEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJRUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVSQ0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQgV0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENFUlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJhdGUgaW5mb3JtYXRpb24gdmFsaWRhdGVkIApieSB0aGUgSUEuMA0GCSqGSIb3DQEBBAUAA4GBACs9RMcyWa7xX48/h+M+64Ew+KmW2wFCCwTvNwI/1CBhWMRKOjmz+9n4pcReM1oO+pNWL2/WYaKvpQwd4kFl80B1ZoPSWrS3VguODaEzE31Jw7EAaIN/tWbUMjL+i5pa1gFyMV2FkbyTm2VgJcYfvN1pRGLCsm9Gqy8gpW/aSGyc</X509Certificate></X509Data>";
XmlDocument doc = new XmlDocument ();
doc.LoadXml (simple);
KeyInfoX509Data data1 = new KeyInfoX509Data ();
data1.LoadXml (doc.DocumentElement);
// verify that proper XML is generated (equals to original)
string s = (data1.GetXml ().OuterXml);
Assert.AreEqual (simple, s, "Xml-Simple");
// verify that property is parsed correctly
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
Assert.AreEqual (cert, c, "Certificate[0]");
string complex = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509IssuerSerial><X509IssuerName>C=US, O=U.S. Government, OU=DoD, CN=Armed Forces Root</X509IssuerName><X509SerialNumber>03</X509SerialNumber></X509IssuerSerial><X509SKI>3q3A3g==</X509SKI><X509SubjectName>C=US, O=U.S. Government, OU=DoD, CN=Armed Forces Root</X509SubjectName><X509Certificate>MIIJuTCCCSKgAwIBAgIQIAs1Xs7EsGO33sY0uXA0RDANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYwODIxMDAwMDAwWhcNOTcwODIwMjM1OTU5WjCCAQoxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxFjAUBgNVBAMTDURhdmlkIFQuIEdyYXkxHjAcBgkqhkiG9w0BCQEWD2RhdmlkQGZvcm1hbC5pZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFgQei6w+4//j4HO4y/78SNWr5a8i+L/s+rwRRSqzdECmozUBbZh6Y7/JMd/qPhtEhZ5JESsSJyYPPiJ9v4jI1AgMBAAGjggcIMIIHBDAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELq";
complex += "AOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogVGhlIENvbW1vbiBOYW1lIGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBWZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuIFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRoZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhlIFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBMSU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklDVExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RBVEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJRUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVSQ0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQgV0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENFUlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJhdGUgaW5mb3JtYXRpb24gdmF";
complex += "saWRhdGVkIApieSB0aGUgSUEuMA0GCSqGSIb3DQEBBAUAA4GBACs9RMcyWa7xX48/h+M+64Ew+KmW2wFCCwTvNwI/1CBhWMRKOjmz+9n4pcReM1oO+pNWL2/WYaKvpQwd4kFl80B1ZoPSWrS3VguODaEzE31Jw7EAaIN/tWbUMjL+i5pa1gFyMV2FkbyTm2VgJcYfvN1pRGLCsm9Gqy8gpW/aSGyc</X509Certificate><X509Certificate>MIICHTCCAYYCARQwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCQ0ExHzAdBgNVBAMTFktleXdpdG5lc3MgQ2FuYWRhIEluYy4xKDAmBgorBgEEASoCCwIBExhrZXl3aXRuZXNzQGtleXdpdG5lc3MuY2EwHhcNOTYwNTA3MDAwMDAwWhcNOTkwNTA3MDAwMDAwWjBYMQswCQYDVQQGEwJDQTEfMB0GA1UEAxMWS2V5d2l0bmVzcyBDYW5hZGEgSW5jLjEoMCYGCisGAQQBKgILAgETGGtleXdpdG5lc3NAa2V5d2l0bmVzcy5jYTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAzSP6KuHtmPTp0JM+13qAAkzMwQKvXLYff/pXQm8w0SDFtSEHQCyphsLzZISuPYUu7YW9VLAYKO9q+BvnCxYfkyVPx/iOw7nKmIQOVdAv73h3xXIoX2C/GSvRcqK32D/glzRaAb0EnMh4Rc2TjRXydhARq7hbLp5S3YE+nGTIKZMCAQMwDQYJKoZIhvcNAQEEBQADgYEAMho1ur9DJ9a01Lh25eObTWzAhsl3NbprFi0TRkqwMlOhW1rpmeIMhogXTg3+gqxOR+/7/zms7jXI+lI3CkmtWa3iiqkcxl8f+G9zfs2gMegMvvVN2bKrihK2MHhoEXwN8UlNo/2y6f8d8JH6VIX/M5Dowb+km6RiRr1hElmYQYk=</X509Certificate></X509Data>";
doc.LoadXml (complex);
KeyInfoX509Data data2 = new KeyInfoX509Data ();
data2.LoadXml (doc.DocumentElement);
s = (data2.GetXml ().OuterXml);
Assert.AreEqual (complex, s, "Xml-Complex");
string crl = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509CRL>HoIBBTByAgEBMAsGCSqGSIb3DQEBBTBRMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxGjAYBgNVBAMTEUFybWVkIEZvcmNlcyBSb290Fw0wMjEwMTExMzEyNTBaMAsGCSqGSIb3DQEBBQOBgQB9otEZbQ8Py+SjvuA2CvNMm6/mT/bjr89V88bbq0wWMqpzrczcMjNg34vMk7VPauxwU6/PBw+gzWasAFfGXF0hsb0wiY53jdRpfsA2ftLYIHEIgNLLdIvYQhcEmYCkUnAuwOOMC/95t0V33MXPQ5iRffEB91PXxlE18InMwf/iiQ==</X509CRL></X509Data>";
doc.LoadXml (crl);
KeyInfoX509Data data3 = new KeyInfoX509Data ();
data3.LoadXml (doc.DocumentElement);
s = (data3.GetXml ().OuterXml);
Assert.AreEqual (crl, s, "Xml-Crl");
}
