///////////////////////////////////////////////////////////////////////
///
/// <summary>
/// Carry out the Sign command.
/// </summary>
///
static void DoSignCommand(string title, X509Certificate2 certificate) {
Console.WriteLine();
Console.WriteLine("Signing Xml file \"" + fileNames[0] + "\"...");
Console.WriteLine();
// display more details for verbose operation.
if (verbose) {
DisplayDetail(null, certificate, detached);
}
SignedXml signedXml = new SignedXml();
ICspAsymmetricAlgorithm csp = (ICspAsymmetricAlgorithm) certificate.PrivateKey;
if (csp.CspKeyContainerInfo.RandomlyGenerated)
throw new InternalException("Internal error: This certificate does not have a corresponding private key.");
signedXml.SigningKey = (AsymmetricAlgorithm) csp;
Console.WriteLine(signedXml.SigningKey.ToXmlString(false));
if (detached) {
Reference reference = new Reference();
reference.Uri = "file://" + Path.GetFullPath((string) fileNames[0]);
signedXml.AddReference(reference);
} else {
Reference reference = new Reference();
reference.Uri = "#object-1";
// Add an object
XmlDocument dataObject = new XmlDocument();
dataObject.PreserveWhitespace = true;
XmlElement dataElement = (XmlElement) dataObject.CreateElement("DataObject", SignedXml.XmlDsigNamespaceUrl);
dataElement.AppendChild(dataObject.CreateTextNode(new UTF8Encoding(false).GetString(ReadFile((string) fileNames[0]))));
dataObject.AppendChild(dataElement);
DataObject obj = new DataObject();
obj.Data = dataObject.ChildNodes;
obj.Id = "object-1";
signedXml.AddObject(obj);
signedXml.AddReference(reference);
}
signedXml.KeyInfo = new KeyInfo();
if (includeOptions.Count == 0) {
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(certificate, X509IncludeOption.ExcludeRoot));
} else {
KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data();
foreach (IncludeOptions includeOption in includeOptions) {
switch (includeOption) {
case IncludeOptions.ExcludeRoot:
case IncludeOptions.EndCertOnly:
case IncludeOptions.WholeChain:
keyInfoX509Data = new KeyInfoX509Data(certificate, (X509IncludeOption) includeOption);
break;
case IncludeOptions.SubjectName:
keyInfoX509Data.AddSubjectName(certificate.SubjectName.Name);
break;
case IncludeOptions.SKI:
X509ExtensionCollection extensions = certificate.Extensions;
foreach (X509Extension extension in extensions) {
if (extension.Oid.Value == "2.5.29.14") { // OID for SKI extension
X509SubjectKeyIdentifierExtension ski = extension as X509SubjectKeyIdentifierExtension;
if (ski != null) {
keyInfoX509Data.AddSubjectKeyId(ski.SubjectKeyIdentifier);
break;
}
}
}
break;
case IncludeOptions.IssuerSerial:
keyInfoX509Data.AddIssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber);
break;
}
signedXml.KeyInfo.AddClause(keyInfoX509Data);
}
}
// compute the signature
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
// write it out
XmlTextWriter xmltw = new XmlTextWriter((string) fileNames[1], new UTF8Encoding(false));
xmlDigitalSignature.WriteTo(xmltw);
xmltw.Close();
Console.WriteLine();
Console.WriteLine("Signature written to file \"" + fileNames[1] + "\".");
Console.WriteLine();
return;
}
public void Complex ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data (cert);
KeyInfoX509Data data2 = new KeyInfoX509Data ();
XmlElement xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
AssertCrypto.AssertEquals ("Certificate[0]", cert, c);
// add a second X.509 certificate
X509Certificate x509 = new X509Certificate (cert2);
data1.AddCertificate (x509);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
c = (data1.Certificates [1] as X509Certificate).GetRawCertData();
Assert.AreEqual (cert2, c, "Certificate[1]");
// add properties from a third X.509 certificate
x509 = new X509Certificate (cert3);
data1.AddIssuerSerial (x509.GetIssuerName (), x509.GetSerialNumberString ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
// TODO: The type of IssuerSerial isn't documented
// X509Certificate doesn't export SubjectKeyId so we must improvise
byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
data1.AddSubjectKeyId (skid);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
Assert.AreEqual (skid, (byte[])data1.SubjectKeyIds[0], "SubjectKeyId");
data1.AddSubjectName (x509.GetName ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
string s = (string) data1.SubjectNames [0];
Assert.AreEqual (x509.GetName (), s, "SubjectName");
}
public void AddSubjectKeyId_String_Null ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data ();
data1.AddSubjectKeyId ((string)null);
}
[Category ("NotWorking")] // beta2 bug
public void AddSubjectKeyId_String_BadHexData ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
data.AddSubjectKeyId ("Hello");
Assert.IsNull (data.Certificates, "Certificates");
Assert.IsNull (data.CRL, "Certificates");
Assert.IsNull (data.IssuerSerials, "IssuerSerials");
// looks like "garbage"
Assert.AreEqual (1, data.SubjectKeyIds.Count, "SubjectKeyIds");
Assert.IsNull (data.SubjectNames, "SubjectNames");
}
public void AddSubjectKeyId_Byte_Null ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
data.AddSubjectKeyId ((byte[])null);
Assert.IsNull (data.Certificates, "Certificates");
Assert.IsNull (data.CRL, "Certificates");
Assert.IsNull (data.IssuerSerials, "IssuerSerials");
Assert.AreEqual (1, data.SubjectKeyIds.Count, "SubjectKeyIds");
Assert.IsNull (data.SubjectNames, "SubjectNames");
// beta2 bug - throw an ArgumentNullException (a little too late)
// Assert.AreEqual ("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\" />", data.GetXml ().OuterXml);
}
