public void ReplaceElement_EncryptedDataNull()
{
XmlDocument doc = new XmlDocument();
doc.LoadXml("<root />");
Assert.Throws <ArgumentNullException>(() => XmlDecryption.ReplaceElement(doc.DocumentElement, null, false));
}
public void RoundtripSample1()
{
using (StringWriter sw = new StringWriter())
{
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml("<root> <child>sample</child> </root>");
XmlElement body = doc.DocumentElement;
var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING");
var ivdata = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw==");
var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
XmlEncryption exml = new XmlEncryption();
byte[] encrypted = exml.EncryptData(body, param, false);
EncryptedData edata = new EncryptedData();
edata.Type = XmlNameSpace.Url[NS.XmlEncElementUrl];
edata.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url);
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = keydata;
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(NS.XmlEncRSA15Url);
DataReference dr = new DataReference();
dr.Uri = "_0";
ekey.AddReference(dr);
edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
ekey.KeyInfo.AddClause(new RsaKeyValue());
edata.CipherData.CipherValue = encrypted;
XmlDecryption.ReplaceElement(doc.DocumentElement, edata, false);
doc.Save(new XmlTextWriter(sw));
}
{
var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING");
var random = new SecureRandom();
var ivdata = new byte[aes.GetBlockSize()];
var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
random.NextBytes(ivdata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(sw.ToString());
XmlDecryption encxml = new XmlDecryption(doc);
EncryptedData edata = new EncryptedData();
edata.LoadXml(doc.DocumentElement);
encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, param));
}
}
}
public void ReplaceElement_ContentTrue()
{
XmlDocument doc = new XmlDocument();
doc.LoadXml("<root />");
EncryptedData edata = new EncryptedData();
edata.CipherData.CipherValue = new byte[16];
XmlDecryption.ReplaceElement(doc.DocumentElement, edata, true);
Assert.Equal("root", doc.DocumentElement.Name);
Assert.Equal("EncryptedData", doc.DocumentElement.FirstChild.Name);
}
private static void EncryptElement(XmlDocument doc, string elementName, ICipherParameters key)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
var encryptedXml = new XmlEncryption();
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
EncryptionMethod = new EncryptionMethod(GetEncryptionMethodName(key))
};
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, key, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
private XmlDocument GetTransformedOutput(XmlDocument doc, string nodeToEncrypt)
{
var aes = CipherUtilities.GetCipher("AES/CBC/PKCS7");
var random = new SecureRandom();
var keyData = new byte[aes.GetBlockSize()];
var ivData = new byte[aes.GetBlockSize()];
random.NextBytes(ivData);
random.NextBytes(keyData);
var key = new ParametersWithIV(new KeyParameter(keyData), ivData);
var encryptedXml = new XmlEncryption();
encryptedXml.AddKeyNameMapping("aes", key);
XmlElement elementToEncrypt = (XmlElement)doc.DocumentElement.SelectSingleNode(nodeToEncrypt);
EncryptedData encryptedData = encryptedXml.Encrypt(elementToEncrypt, "aes");
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(doc.NameTable);
xmlNamespaceManager.AddNamespace("enc", XmlNameSpace.Url[NS.XmlEncNamespaceUrl]);
XmlElement encryptedNode = (XmlElement)doc.DocumentElement.SelectSingleNode("//enc:EncryptedData", xmlNamespaceManager);
encryptedNode.SetAttribute("ID", "#_0");
transform.LoadInput(doc);
var dencryptedXml = new XmlDecryption();
dencryptedXml.AddKeyNameMapping("aes", key);
transform.XmlDecryption = dencryptedXml;
XmlDocument transformedDocument = (XmlDocument)transform.GetOutput();
transform.XmlDecryption = null;
return(transformedDocument);
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, RsaKeyParameters rsaKey, string keyName, bool useOAEP)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
var sessionKeyData = EncryptingAndDecryptingSymmetric.GenerateBlock(256);
var sessionKeyIV = EncryptingAndDecryptingSymmetric.GenerateBlock(128);
var sessionKey = new ParametersWithIV(new KeyParameter(sessionKeyData), sessionKeyIV);
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(sessionKeyData, rsaKey, useOAEP)),
EncryptionMethod = new EncryptionMethod(useOAEP ? NS.XmlEncRSAOAEPUrl : NS.XmlEncRSA15Url)
};
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
Id = encryptionElementID,
EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url)
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new XmlEncryption();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, sessionKey, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
public void PropagatedNamespaces_XmlDecryptionTransform(bool addPropagatedNamespace, string expectedResult)
{
XmlDocument baseDocument = new XmlDocument();
baseDocument.LoadXml("<a><b><c xmlns=\"urn:foo\"/></b></a>");
var aes = CipherUtilities.GetCipher("AES/CBC/PKCS7");
var random = new SecureRandom();
var keyData = new byte[aes.GetBlockSize()];
var ivData = new byte[aes.GetBlockSize()];
random.NextBytes(ivData);
random.NextBytes(keyData);
var key = new ParametersWithIV(new KeyParameter(keyData), ivData);
XmlEncryption encryptedXml = new XmlEncryption(baseDocument);
XmlDecryption decryptedXml = new XmlDecryption(baseDocument);
encryptedXml.AddKeyNameMapping("key", key);
decryptedXml.AddKeyNameMapping("key", key);
XmlElement bElement = (XmlElement)baseDocument.DocumentElement.SelectSingleNode("b");
EncryptedData encryptedData = encryptedXml.Encrypt(bElement, "key");
XmlDecryption.ReplaceElement(bElement, encryptedData, false);
XmlDecryptionTransform decryptionTransform = new XmlDecryptionTransform();
decryptionTransform.XmlDecryption = decryptedXml;
decryptionTransform.LoadInput(baseDocument);
if (addPropagatedNamespace)
{
decryptionTransform.PropagatedNamespaces.Add("f", "urn:foo");
}
XmlDocument decryptedDocument = (XmlDocument)decryptionTransform.GetOutput(typeof(XmlDocument));
Assert.Equal(expectedResult, decryptedDocument.OuterXml);
}
public static void DecryptWithCertificate_NotInStore()
{
const string SecretMessage = "Grilled cheese is tasty";
XmlDocument document = new XmlDocument();
document.LoadXml($"<data><secret>{SecretMessage}</secret></data>");
XmlElement toEncrypt = (XmlElement)document.DocumentElement.FirstChild;
var cert = TestHelpers.GetSampleX509Certificate();
XmlEncryption encryptor = new XmlEncryption(document);
EncryptedData encryptedElement = encryptor.Encrypt(toEncrypt, cert.Item1);
XmlDecryption.ReplaceElement(toEncrypt, encryptedElement, false);
XmlDocument document2 = new XmlDocument();
document2.LoadXml(document.OuterXml);
XmlDecryption decryptor = new XmlDecryption(document2);
Assert.Throws <System.Security.Cryptography.CryptographicException>(() => decryptor.DecryptDocument());
Assert.DoesNotContain(SecretMessage, document2.OuterXml);
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, ICipherParameters key, string keyName, Func <ICipherParameters> innerKeyFactory)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
ICipherParameters innerKey = innerKeyFactory();
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(((KeyParameter)((ParametersWithIV)innerKey).Parameters).GetKey(), (KeyParameter)((ParametersWithIV)key).Parameters)),
EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(key, keyWrap: true))
};
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
Id = encryptionElementID,
EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(innerKey, keyWrap: false))
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new XmlEncryption();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, innerKey, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
public void ReplaceElement_XmlElementNull()
{
Assert.Throws <ArgumentNullException>(() => XmlDecryption.ReplaceElement(null, new EncryptedData(), true));
}