Esempio n. 1
        private void btnJiaMi_Click(object sender, EventArgs e)
            if (label1.Text == "")
                RijndaelManaged key = new RijndaelManaged();
                keyIv  = key.IV;
                keyKey = key.Key;
                XmlDocument xmlDoc = new XmlDocument();
                xmlDoc.PreserveWhitespace = true;
                XmlElement elementToEncrypt = xmlDoc.GetElementsByTagName("creditcard")[0] as XmlElement;
                EncryptedData edElement = new EncryptedData();
                edElement.Type = EncryptedXml.XmlEncElementUrl;//填充Url标识符
                string encryptionMethod = null;
                if (key is TripleDES)
                    encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
                else if (key is DES)
                    encryptionMethod = EncryptedXml.XmlEncDESUrl;
                if (key is Rijndael)
                    switch (key.KeySize)
                    case 128:
                        encryptionMethod = EncryptedXml.XmlEncAES128Url;

                    case 192:
                        encryptionMethod = EncryptedXml.XmlEncAES192Url;

                    case 256:
                        encryptionMethod = EncryptedXml.XmlEncAES256Url;
                    throw new CryptographicException("没有为XML加密的指定算法!");
                edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);//生成具有加密算法的Url标识符
                EncryptedXml eXml             = new EncryptedXml();
                byte[]       encryptedElement = eXml.EncryptData(elementToEncrypt, key, false);
                edElement.CipherData.CipherValue = encryptedElement;
                EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
            catch (Exception ex)
Esempio n. 2
        public static XmlDocument Encrypt(XmlDocument Doc, string ElementToEncrypt, string KeyName)
            CspParameters cspParams = new CspParameters();

            cspParams.KeyContainerName = "XML_ENC_RSA_KEY";
            RSA Alg = new RSACryptoServiceProvider(cspParams);

            // Check the arguments.
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            if (ElementToEncrypt == null)
                throw new ArgumentNullException("ElementToEncrypt");

            XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

            // Throw an XmlException if the element was not found.
            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");

            RijndaelManaged sessionKey = new RijndaelManaged();

            sessionKey.KeySize = 256;

            EncryptedXml eXml = new EncryptedXml();

            byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);

            EncryptedData edElement = new EncryptedData();

            edElement.Type = EncryptedXml.XmlEncElementUrl;

            // Create an EncryptionMethod element so that the
            // receiver knows which algorithm to use for decryption.

            edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);

            // Encrypt the session key and add it to an EncryptedKey element.
            EncryptedKey ek = new EncryptedKey();

            byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

            ek.CipherData = new CipherData(encryptedKey);

            ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

            // Set the KeyInfo element to specify the
            // name of the RSA key.

            // Create a new KeyInfo element.
            edElement.KeyInfo = new KeyInfo();

            // Create a new KeyInfoName element.
            KeyInfoName kin = new KeyInfoName();

            // Specify a name for the key.
            kin.Value = KeyName;

            // Add the KeyInfoName element to the
            // EncryptedKey object.

            // Add the encrypted key to the
            // EncryptedData object.

            edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

            // Add the encrypted element data to the
            // EncryptedData object.
            edElement.CipherData.CipherValue = encryptedElement;

            EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

Esempio n. 3
 public void ReplaceElement_XmlElementNull()
     Assert.Throws <ArgumentNullException>(() => EncryptedXml.ReplaceElement(null, new EncryptedData(), true));
Esempio n. 4
        public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
            // Check the arguments.
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            if (ElementToEncrypt == null)
                throw new ArgumentNullException("ElementToEncrypt");
            if (EncryptionElementID == null)
                throw new ArgumentNullException("EncryptionElementID");
            if (Alg == null)
                throw new ArgumentNullException("Alg");
            if (KeyName == null)
                throw new ArgumentNullException("KeyName");

            // Find the specified element in the XmlDocument
            // object and create a new XmlElemnt object.
            XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

            // Throw an XmlException if the element was not found.
            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");
            RijndaelManaged sessionKey = null;

                // Create a new instance of the EncryptedXml class
                // and use it to encrypt the XmlElement with the
                // a new random symmetric key.

                // Create a 256 bit Rijndael key.
                sessionKey         = new RijndaelManaged();
                sessionKey.KeySize = 256;

                EncryptedXml eXml = new EncryptedXml();

                byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
                // Construct an EncryptedData object and populate
                // it with the desired encryption information.

                EncryptedData edElement = new EncryptedData();
                edElement.Type = EncryptedXml.XmlEncElementUrl;
                edElement.Id   = EncryptionElementID;
                // Create an EncryptionMethod element so that the
                // receiver knows which algorithm to use for decryption.

                edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
                // Encrypt the session key and add it to an EncryptedKey element.
                EncryptedKey ek = new EncryptedKey();

                byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

                ek.CipherData = new CipherData(encryptedKey);

                ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

                // Create a new DataReference element
                // for the KeyInfo element.  This optional
                // element specifies which EncryptedData
                // uses this key.  An XML document can have
                // multiple EncryptedData elements that use
                // different keys.
                DataReference dRef = new DataReference();

                // Specify the EncryptedData URI.
                dRef.Uri = "#" + EncryptionElementID;

                // Add the DataReference to the EncryptedKey.
                // Add the encrypted key to the
                // EncryptedData object.

                edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
                // Set the KeyInfo element to specify the
                // name of the RSA key.

                // Create a new KeyInfoName element.
                KeyInfoName kin = new KeyInfoName();

                // Specify a name for the key.
                kin.Value = KeyName;

                // Add the KeyInfoName element to the
                // EncryptedKey object.
                // Add the encrypted element data to the
                // EncryptedData object.
                edElement.CipherData.CipherValue = encryptedElement;
                // Replace the element from the original XmlDocument
                // object with the EncryptedData element.
                EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
            catch (Exception e)
                // re-throw the exception.
                throw e;
                if (sessionKey != null)
Esempio n. 5
        public Message SecureMessage()
            secprop = Message.Properties.Security ?? new SecurityMessageProperty();

            SecurityToken encToken =
                secprop.InitiatorToken != null ? secprop.InitiatorToken.SecurityToken : security.EncryptionToken;
            // FIXME: it might be still incorrect.
            SecurityToken signToken =
                Parameters == CounterParameters ? null :
            MessageProtectionOrder protectionOrder =
            SecurityBindingElement element =
            SecurityAlgorithmSuite suite = element.DefaultAlgorithmSuite;

            string      messageId         = "uuid-" + Guid.NewGuid();
            int         identForMessageId = 1;
            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            var action = msg.Headers.Action;

            if (msg.Version.Addressing != AddressingVersion.None)

            // wss:Security
            WSSecurityMessageHeader header =
                new WSSecurityMessageHeader(security.TokenSerializer);

            // 1. [Timestamp]
            if (element.IncludeTimestamp)
                AddTimestampToHeader(header, messageId + "-" + identForMessageId++);

            XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);

            nsmgr.AddNamespace("s", msg.Version.Envelope.Namespace);
            nsmgr.AddNamespace("o", Constants.WssNamespace);
            nsmgr.AddNamespace("u", Constants.WsuNamespace);
            nsmgr.AddNamespace("o11", Constants.Wss11Namespace);

            SecurityToken primaryToken = null;
            SecurityToken actualToken  = null;
            SecurityKeyIdentifierClause actualClause = null;

            SymmetricAlgorithm masterKey = new RijndaelManaged();

            masterKey.KeySize = suite.DefaultSymmetricKeyLength;
            masterKey.Mode    = CipherMode.CBC;
            masterKey.Padding = PaddingMode.ISO10126;
            SymmetricAlgorithm actualKey = masterKey;

            // 2. [Encryption Token]

            // SecurityTokenInclusionMode
            // - Initiator or Recipient
            // - done or notyet. FIXME: not implemented yet
            // It also affects on key reference output

            bool includeEncToken = // /* FIXME: remove this hack */Parameters is SslSecurityTokenParameters ? false :
                Security.RecipientParameters.InclusionMode, false);
            bool includeSigToken = // /* FIXME: remove this hack */ Parameters is SslSecurityTokenParameters ? false :
                Security.InitiatorParameters.InclusionMode, false);

            SecurityKeyIdentifierClause encClause = ShouldOutputEncryptedKey ?
                                                    CounterParameters.CallCreateKeyIdentifierClause(encToken, !ShouldOutputEncryptedKey ? SecurityTokenReferenceStyle.Internal : includeEncToken ? Parameters.ReferenceStyle : SecurityTokenReferenceStyle.External) : null;

            MessagePartSpecification encSpec = EncryptionPart;

            // encryption key (possibly also used for signing)
            // FIXME: get correct SymmetricAlgorithm according to the algorithm suite
            if (secprop.EncryptionKey != null)
                actualKey.Key = secprop.EncryptionKey;

// FIXME: remove thid hack
            if (!ShouldOutputEncryptedKey)
                primaryToken = secprop.ProtectionToken.SecurityToken as WrappedKeySecurityToken;
                primaryToken =
                    // FIXME: remove this hack?
                    encToken is SecurityContextSecurityToken ? encToken :
                    new WrappedKeySecurityToken(messageId + "-" + identForMessageId++,
                                                // security.DefaultKeyWrapAlgorithm,
                                                Parameters.InternalHasAsymmetricKey ?
                                                suite.DefaultAsymmetricKeyWrapAlgorithm :
                                                encClause != null ? new SecurityKeyIdentifier(encClause) : null);

            // If it reuses request's encryption key, do not output.
            if (ShouldOutputEncryptedKey)

            actualToken = primaryToken;

            // FIXME: I doubt it is correct...
            WrappedKeySecurityToken requestEncKey = ShouldOutputEncryptedKey ? null : primaryToken as WrappedKeySecurityToken;

            actualClause = requestEncKey == null ? (SecurityKeyIdentifierClause)
                           new LocalIdKeyIdentifierClause(actualToken.Id, typeof(WrappedKeySecurityToken)) :
                           new InternalEncryptedKeyIdentifierClause(SHA1.Create().ComputeHash(requestEncKey.GetWrappedKey()));

            // generate derived key if needed
            if (CounterParameters.RequireDerivedKeys)
                var dkeyToken = CreateDerivedKey(GenerateId(doc), actualClause, actualKey);
                actualToken   = dkeyToken;
                actualKey.Key = ((SymmetricSecurityKey)dkeyToken.SecurityKeys [0]).GetSymmetricKey();
                actualClause  = new LocalIdKeyIdentifierClause(dkeyToken.Id);

            ReferenceList refList = new ReferenceList();

            // When encrypted with DerivedKeyToken, put references
            // immediately after the derived token (not inside the
            // primary token).
            // Similarly, when we do not output EncryptedKey,
            // output ReferenceList in the same way.
            if (CounterParameters.RequireDerivedKeys ||
                ((WrappedKeySecurityToken)primaryToken).ReferenceList = refList;

            // [Signature Confirmation]
            if (security.RequireSignatureConfirmation && secprop.ConfirmedSignatures.Count > 0)
                foreach (string value in secprop.ConfirmedSignatures)
                    header.AddContent(new Wss11SignatureConfirmation(GenerateId(doc), value));

            SupportingTokenInfoCollection tokenInfos =
                Direction == MessageDirection.Input ?
                security.CollectSupportingTokens(GetAction()) :
                new SupportingTokenInfoCollection(); // empty

            foreach (SupportingTokenInfo tinfo in tokenInfos)

            // populate DOM to sign.
            XPathNavigator nav = doc.CreateNavigator();

            using (XmlWriter w = nav.AppendChild())

            XmlElement body   = doc.SelectSingleNode("/s:Envelope/s:Body/*", nsmgr) as XmlElement;
            string     bodyId = null;
            Collection <WSSignedXml> endorsedSignatures =
                new Collection <WSSignedXml> ();
            bool signatureProtection = (protectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);

            // Below are o:Security contents that are not signed...
            if (includeSigToken && signToken != null)

            switch (protectionOrder)
            case MessageProtectionOrder.EncryptBeforeSign:
                // FIXME: implement
                throw new NotImplementedException();

            case MessageProtectionOrder.SignBeforeEncrypt:
            case MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature:

                var sig = CreateSignature(doc, body, nsmgr, tokenInfos,
                                          actualClause, actualKey, signToken, includeSigToken,
                                          signatureProtection, header, endorsedSignatures,
                                          ref bodyId);

                // encrypt

                WSEncryptedXml exml = new WSEncryptedXml(doc);

                EncryptedData edata = Encrypt(body, actualKey, actualToken.Id, refList, actualClause, exml, doc, EncryptedXml.XmlEncElementContentUrl);
                EncryptedXml.ReplaceElement(body, edata, false);

                // encrypt signature
                if (signatureProtection)
                    XmlElement sigxml = sig.GetXml();
                    edata = Encrypt(sigxml, actualKey, actualToken.Id, refList, actualClause, exml, doc, EncryptedXml.XmlEncElementUrl);

                    foreach (WSSignedXml ssxml in endorsedSignatures)
                        sigxml = ssxml.GetXml();
                        edata  = Encrypt(sigxml, actualKey, actualToken.Id, refList, actualClause, exml, doc, EncryptedXml.XmlEncElementUrl);

                    if (security.RequireSignatureConfirmation)
                        Collection <Wss11SignatureConfirmation> confs = header.FindAll <Wss11SignatureConfirmation> ();
                        int count = 0;
                        foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/o11:SignatureConfirmation", nsmgr))
                            edata = Encrypt(elem, actualKey, confs [count].Id, refList, actualClause, exml, doc, EncryptedXml.XmlEncElementUrl);
                            EncryptedXml.ReplaceElement(elem, edata, false);
                            header.Contents.Insert(header.Contents.IndexOf(confs [count]), edata);
                            header.Contents.Remove(confs [count++]);

                // encrypt Encrypted supporting tokens
                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    if (tinfo.Mode == SecurityTokenAttachmentMode.SignedEncrypted)
                        XmlElement el = exml.GetIdElement(doc, tinfo.Token.Id);
                        tinfo.Encrypted = Encrypt(el, actualKey, actualToken.Id, refList, actualClause, exml, doc, EncryptedXml.XmlEncElementUrl);
                        EncryptedXml.ReplaceElement(el, tinfo.Encrypted, false);
                        header.Contents.Insert(header.Contents.IndexOf(tinfo.Token), tinfo.Encrypted);

            Message ret = new WSSecurityMessage(Message.CreateMessage(msg.Version, action, new XmlNodeReader(doc.SelectSingleNode("/s:Envelope/s:Body/*", nsmgr) as XmlElement)), bodyId);

            ret.Properties.Security = (SecurityMessageProperty)secprop.CreateCopy();
            ret.Properties.Security.EncryptionKey = masterKey.Key;

            // FIXME: can we support TransportToken here?
            if (element is AsymmetricSecurityBindingElement)
                ret.Properties.Security.InitiatorToken = new SecurityTokenSpecification(encToken, null);  // FIXME: second argument
                ret.Properties.Security.InitiatorToken = new SecurityTokenSpecification(signToken, null); // FIXME: second argument
                ret.Properties.Security.ProtectionToken = new SecurityTokenSpecification(primaryToken, null);


            // Header contents are:
            //	- Timestamp
            //	- SignatureConfirmation if required
            //	- EncryptionToken if included
            //	- derived key token for EncryptionToken
            //	- ReferenceList for encrypted items
            //	- signed supporting tokens
            //	- signed endorsing supporting tokens
            //	(i.e. Signed/SignedEncrypted/SignedEndorsing)
            //	- Signature Token if different from enc token.
            //	- derived key token for sig token if different
            //	- Signature for:
            //		- Timestamp
            //		- supporting tokens (regardless of
            //		  its inclusion)
            //		- message parts in SignedParts
            //		- SignatureToken if TokenProtection
            //		  (regardless of its inclusion)
            //	- Signatures for the main signature (above),
            //	  for every endorsing token and signed
            //	  endorsing token.

//MessageBuffer zzz = ret.CreateBufferedCopy (100000);
//ret = zzz.CreateMessage ();
//Console.WriteLine (zzz.CreateMessage ());
Esempio n. 6
    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, RSA Alg, string KeyName)
        // Check the arguments.
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found.
        if (elementToEncrypt == null)
            throw new XmlException("The specified element was not found");

        // Create a new instance of the EncryptedXml class
        // and use it to encrypt the XmlElement with the
        // a new random symmetric key.

        // Create a 256 bit Aes key.
        Aes sessionKey = Aes.Create();

        sessionKey.KeySize = 256;

        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);

        // Construct an EncryptedData object and populate
        // it with the desired encryption information.

        EncryptedData edElement = new EncryptedData();

        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // Create an EncryptionMethod element so that the
        // receiver knows which algorithm to use for decryption.

        edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);

        // Encrypt the session key and add it to an EncryptedKey element.
        EncryptedKey ek = new EncryptedKey();

        byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

        ek.CipherData = new CipherData(encryptedKey);

        ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

        // Set the KeyInfo element to specify the
        // name of the RSA key.

        // Create a new KeyInfo element.
        edElement.KeyInfo = new KeyInfo();

        // Create a new KeyInfoName element.
        KeyInfoName kin = new KeyInfoName();

        // Specify a name for the key.
        kin.Value = KeyName;

        // Add the KeyInfoName element to the
        // EncryptedKey object.

        // Add the encrypted key to the
        // EncryptedData object.

        edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

        // Add the encrypted element data to the
        // EncryptedData object.
        edElement.CipherData.CipherValue = encryptedElement;

        // Replace the element from the original XmlDocument
        // object with the EncryptedData element.

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
Esempio n. 7
        public void ReplaceElement_EncryptedDataNull()
            XmlDocument doc = new XmlDocument();

            Assert.Throws <ArgumentNullException>(() => EncryptedXml.ReplaceElement(doc.DocumentElement, null, false));
Esempio n. 8
 public void ReplaceElement_XmlElementNull()
     EncryptedXml.ReplaceElement(null, new EncryptedData(), true);
Esempio n. 9
        public void ReplaceElement_EncryptedDataNull()
            XmlDocument doc = new XmlDocument();

            EncryptedXml.ReplaceElement(doc.DocumentElement, null, false);
        public override XmlNode Encrypt(XmlNode node)
            XmlDocument  xmlDocument;
            EncryptedXml exml;

            byte[]                   rgbOutput;
            EncryptedData            ed;
            KeyInfoName              kin;
            EncryptedKey             ek;
            KeyInfoEncryptedKey      kek;
            XmlElement               inputElement;
            RSACryptoServiceProvider rsa = GetCryptoServiceProvider(false, false);

            // Encrypt the node with the new key
            xmlDocument = new XmlDocument();
            xmlDocument.PreserveWhitespace = true;
            ProtectedConfigurationProvider.LoadXml(xmlDocument, "<foo>" + node.OuterXml + "</foo>");
            exml         = new EncryptedXml(xmlDocument);
            inputElement = xmlDocument.DocumentElement;

            using (SymmetricAlgorithm symAlg = GetSymAlgorithmProvider()) {
                rgbOutput           = exml.EncryptData(inputElement, symAlg, true);
                ed                  = new EncryptedData();
                ed.Type             = EncryptedXml.XmlEncElementUrl;
                ed.EncryptionMethod = GetSymEncryptionMethod();
                ed.KeyInfo          = new KeyInfo();

                ek = new EncryptedKey();
                ek.EncryptionMethod       = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
                ek.KeyInfo                = new KeyInfo();
                ek.CipherData             = new CipherData();
                ek.CipherData.CipherValue = EncryptedXml.EncryptKey(symAlg.Key, rsa, UseOAEP);

            kin       = new KeyInfoName();
            kin.Value = _KeyName;
            kek = new KeyInfoEncryptedKey(ek);
            ed.CipherData             = new CipherData();
            ed.CipherData.CipherValue = rgbOutput;
            EncryptedXml.ReplaceElement(inputElement, ed, true);


            // Get node from the document
            foreach (XmlNode node2 in xmlDocument.ChildNodes)
                if (node2.NodeType == XmlNodeType.Element)
                    foreach (XmlNode node3 in node2.ChildNodes) // node2 is the "foo" node
                        if (node3.NodeType == XmlNodeType.Element)
                            return(node3); // node3 is the "EncryptedData" node
Esempio n. 11
        public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            if (ElementToEncrypt == null)
                throw new ArgumentNullException("ElementToEncrypt");
            if (EncryptionElementID == null)
                throw new ArgumentNullException("EncryptionElementID");
            if (Alg == null)
                throw new ArgumentNullException("Alg");
            if (KeyName == null)
                throw new ArgumentNullException("KeyName");
            XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");
            Aes sessionKey = null;

                sessionKey = Aes.Create();

                EncryptedXml eXml = new EncryptedXml();

                byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);

                EncryptedData edElement = new EncryptedData();
                edElement.Type = EncryptedXml.XmlEncElementUrl;
                edElement.Id   = EncryptionElementID;

                edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
                EncryptedKey ek = new EncryptedKey();

                byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

                ek.CipherData = new CipherData(encryptedKey);

                ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

                DataReference dRef = new DataReference();

                dRef.Uri = "#" + EncryptionElementID;


                edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

                KeyInfoName kin = new KeyInfoName();

                kin.Value = KeyName;


                edElement.CipherData.CipherValue = encryptedElement;

                EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
            catch (Exception e)
                // re-throw the exception.
                throw e;
                if (sessionKey != null)
        public ActionResult Index(XmlModel model)
            if (model.Action == "encrypt")
                var recipientCertificate = LoadCertificate(model.RecipientThumbprint);
                var signingCertificate   = LoadCertificate(model.SenderThumbprint);
                var xmlDocument          = new XmlDocument();

                var elementToEncrypt = xmlDocument.GetElementsByTagName("message")[0] as XmlElement;
                var encryptedXml     = new EncryptedXml();

                // Encrypt the element.
                var encryptedElement = encryptedXml.Encrypt(elementToEncrypt, recipientCertificate);
                EncryptedXml.ReplaceElement(elementToEncrypt, encryptedElement, false);

                // Sign the document
                var signedXml = new SignedXml(xmlDocument)
                    SigningKey = signingCertificate.PrivateKey
                var reference = new Reference {
                    Uri = string.Empty

                var transform = new XmlDsigC14NTransform();

                var envelope = new XmlDsigEnvelopedSignatureTransform();

                var keyInfo = new KeyInfo();
                keyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
                signedXml.KeyInfo = keyInfo;

                var xmlDigitalSignature = signedXml.GetXml();
                xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(xmlDigitalSignature, true));

                model.PlainText = "";
                model.Envelope  = XmlToString(xmlDocument);
            else if (model.Action == "decrypt")
                var xmlDocument = new XmlDocument();

                // Validate the signature
                var signedXml = new SignedXml(xmlDocument);
                var nodeList  = xmlDocument.GetElementsByTagName("Signature");

                if (nodeList.Count <= 0)
                    throw new Exception("No signature found.");


                // XML signatures allows signing only parts of a document or
                // even worse, can refer to another resource that's not even
                // part of the document containing the signature. To make
                // sure that the signature we're validating is actually signing
                // the document we have to check the reference. An empty
                // reference refers to the entire enclosing document.
                if (signedXml.SignedInfo.References.Cast <Reference>().Single().Uri != "")
                    throw new Exception("Signature does not refer to entire document. Validating signatures for part of the document is not supported by this code.");

                AsymmetricAlgorithm signingKey;
                if (!signedXml.CheckSignatureReturningKey(out signingKey))
                    throw new Exception("Invalid Signature");
                    IEnumerable <X509Certificate2> keyInfoCertificates =
                        signedXml.KeyInfo.OfType <KeyInfoX509Data>()
                        .SelectMany(x => x.Certificates.Cast <X509Certificate2>());
                    var signingCertificate = keyInfoCertificates.FirstOrDefault(x => x.PublicKey.Key == signingKey);
                    if (signingCertificate == null)
                        throw new Exception("Signing certificate not found in KeyInfo.");
                    model.SenderSubject = signingCertificate.Subject;

                var encryptedXml = new EncryptedXml(xmlDocument);

                model.Envelope  = "";
                model.PlainText = XmlToString(xmlDocument);

            model.RecipientThumbprint = RecipientThumbprint;
            model.SenderThumbprint    = SenderThumbprint;
Esempio n. 13
         * Doc = documentul xml
         * ElementToEncrypt = numele elementului de criptat
         * EncryptionElementID = id-ul elementului ce va fi criptat
         * RSA = algoritmul de criptare (algoritm asimetric)
         * KeyNane = numele cheii de criptare
        public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
            // Verificarea argumentelor
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            if (ElementToEncrypt == null)
                throw new ArgumentNullException("ElementToEncrypt");
            if (EncryptionElementID == null)
                throw new ArgumentNullException("EncryptionElementID");
            if (Alg == null)
                throw new ArgumentNullException("Alg");
            if (KeyName == null)
                throw new ArgumentNullException("KeyName");

            // Identificarea elementului de criptat
            XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

            // Daca nu este gasit se arunca o exceptie
            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");
            RijndaelManaged sessionKey = null;

                // Se creeaza o noua instanta a clasei EncryptedXml
                // si se foloseste pentru criptarea elementului xml
                // cu o noua cheie simetrica generata random.

                // Se creaza o cheie de sesiune SIMETRICA Rijndael de 256 de biti
                sessionKey         = new RijndaelManaged();
                sessionKey.KeySize = 256;

                EncryptedXml eXml = new EncryptedXml();

                byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
                // Se creeaza un obiect EncryptedData si se populeaza
                // cu informatia criptata.

                EncryptedData edElement = new EncryptedData();
                edElement.Type = EncryptedXml.XmlEncElementUrl;
                edElement.Id   = EncryptionElementID;

                // Se creeaza un element de tip EncryptionMethod astfel incat
                // destinatarul sa stie ce algoritm va folosi pentru decriptare.
                edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);

                // Cripteaza cheia de sesiune si se adauga intr-un element de tip EncryptedKey.
                EncryptedKey ek = new EncryptedKey();

                byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

                ek.CipherData = new CipherData(encryptedKey);

                ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

                // Din cauza faptului ca un document xml poate avea
                // mai multe elemente EncrypredData criptate cu mai multe chei
                // este nevoie de specificarea unui element de tip DataReference
                // care sa indice elementul criptat cu aceasta cheie
                DataReference dRef = new DataReference();

                // Se specifica URI-ul
                dRef.Uri = "#" + EncryptionElementID;

                // Se adauga DataReference la EncryptedKey.

                // Se adauga cheia criptata la obiectul EncryptedData
                // EncryptedData object.
                edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

                // Se seteaza numele cheii RSA
                KeyInfoName kin = new KeyInfoName();

                kin.Value = KeyName;

                // Adauga obiectul kin la cheia criptata

                // Se adauga elementul criptat
                edElement.CipherData.CipherValue = encryptedElement;

                // Se inlocuieste elementul original cu elementul criptat
                EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
            catch (Exception e)
                // re-throw the exception.
                throw e;
                if (sessionKey != null)
        /// <summary>
        /// Encrypts the specified XML element.
        /// </summary>
        /// <param name="plaintextElement">The plaintext to encrypt.</param>
        /// <returns>
        /// An <see cref="EncryptedXmlInfo" /> that contains the encrypted value of
        /// <paramref name="plaintextElement" /> along with information about how to
        /// decrypt it.
        /// </returns>
        /// <exception cref="System.ArgumentNullException">
        /// Thrown if <paramref name="plaintextElement" /> is <see langword="null" />.
        /// </exception>
        /// <exception cref="ObjectDisposedException">
        /// Thrown if this method is called after <see cref="Dispose()"/> is called.
        /// </exception>
        public EncryptedXmlInfo Encrypt(XElement plaintextElement)
            if (plaintextElement == null)
                throw new ArgumentNullException(nameof(plaintextElement));

            if (this._disposed)
                throw new ObjectDisposedException("Unable to encrypt after the object has been disposed.");

            this.Logger.LogDebug("Encrypting XML with certificate {0}.", this._keyName);

            // Create a faux XML document from the XElement so we can use EncryptedXml.
            var xmlDocument      = plaintextElement.ToXmlDocumentWithRootNode();
            var elementToEncrypt = xmlDocument.ElementToProcess();

            // Do the actual encryption. Algorithm based on MSDN docs:
            var encryptedXml     = new EncryptedXml();
            var encryptedElement = encryptedXml.EncryptData(elementToEncrypt, this._sessionKey, false);

            // Build the wrapper elements that provide information about
            // the algorithms used, the name of the key used, and so on.
            var encryptedData = new EncryptedData
                Type             = EncryptedXml.XmlEncElementUrl,
                Id               = EncryptedElementId,
                EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url),

            var encryptedKey = new EncryptedKey
                CipherData       = new CipherData(EncryptedXml.EncryptKey(this._sessionKey.Key, this._keyProvider, false)),
                EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),

            // "Connect" the encrypted data and encrypted key with
            // element references.
            var encryptedElementDataReference = new DataReference
                Uri = "#" + EncryptedElementId,

            encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));

            var keyName = new KeyInfoName
                Value = this._keyName,


            encryptedData.CipherData.CipherValue = encryptedElement;

            // Swap the plaintext element for the encrypted element.
            EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);

            return(new EncryptedXmlInfo(xmlDocument.ElementToProcess().ToXElement(), typeof(CertificateXmlDecryptor)));
Esempio n. 15
        /// <summary>
        /// Encrypts the specified x document.
        /// </summary>
        /// <param name="xDoc">The x document.</param>
        /// <param name="elementToEncrypt">The element to encrypt.</param>
        /// <param name="algo">The algo.</param>
        /// <param name="keyName">Name of the key.</param>
        /// <returns></returns>
        /// <exception cref="System.Security.Cryptography.CryptographicException">
        /// The specified algorithm is not supported for XML Encryption.
        /// </exception>
        public static XmlDocument Encrypt(ref XmlDocument xDoc, XmlElement elementToEncrypt, SymmetricAlgorithm algo, string keyName)
            var docCopy = (XmlDocument)xDoc.Clone();

            docCopy.PreserveWhitespace = xDoc.PreserveWhitespace;

            var eXml             = new EncryptedXml();
            var encryptedElement = eXml.EncryptData(elementToEncrypt, algo, false);
            var edElement        = new EncryptedData()
                Type = EncryptedXml.XmlEncElementUrl

            string encryptionMethod = null;

            if (algo is TripleDES)
                encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
                if (algo is DES)
                    encryptionMethod = EncryptedXml.XmlEncDESUrl;
                    if (algo is Rijndael)
                        switch (algo.KeySize)
                        case 128:
                            encryptionMethod = EncryptedXml.XmlEncAES128Url;

                        case 192:
                            encryptionMethod = EncryptedXml.XmlEncAES192Url;

                        case 256:
                            encryptionMethod = EncryptedXml.XmlEncAES256Url;

                            throw new CryptographicException(string.Format("Unsupported key size: {0}", algo.KeySize));
                        throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");

            edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);
            edElement.KeyInfo          = new KeyInfo();
            edElement.KeyInfo.AddClause(new KeyInfoName(keyName));
            edElement.CipherData.CipherValue = encryptedElement;

            EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

            if (xDoc.FirstChild is XmlDeclaration)

            var rDoc = xDoc;

            xDoc = docCopy;

        /// <summary>
        /// Encrypts a list of elements.
        /// </summary>
        /// <param name="elementToAddEncKeysTo"></param>
        /// <param name="elementsToEncrypt"></param>
        /// <param name="certificates"></param>
        /// <param name="cipherKey"></param>
        public void Encrypt(XmlElement elementToAddEncKeysTo,
                            IList <XmlElement> elementsToEncrypt,
                            X509Certificate2Collection certificates, byte[] cipherKey)
            ArgumentUtils.CheckNotNull(elementToAddEncKeysTo, "elementToAddEncKeysTo");
            ArgumentUtils.CheckNotNullNorEmpty(elementsToEncrypt, "elementsToEncrypt");
            CertificateUtils.CheckNotNullOrEmpty(certificates, "certificates");

            // Check all the elements to encrypt are not the same as the element
            // to add the keys to and check they belong to the same document.
            foreach (XmlElement elementToEncrypt in elementsToEncrypt)
                if (elementToEncrypt == elementToAddEncKeysTo)
                    throw new XspException(
                              "Cannot add keys to an element that is being encrypted");

                if (elementToAddEncKeysTo.OwnerDocument !=
                    throw new XspException(
                              "Elements to encrypt must belong to the same document as the " +
                              "keys element");

                if (XmlUtils.IsDescendant(elementToEncrypt, elementToAddEncKeysTo))
                    throw new XspException(
                              "Element the keys are added to cannot be a child element of an " +
                              "element to encrypt");

            // Get the container document
            XmlDocument containerDoc = elementToAddEncKeysTo.OwnerDocument;

            // Create a random session key
            RijndaelManaged sessionKey = new RijndaelManaged();

            sessionKey.KeySize = 256;

            if (cipherKey != null)
                sessionKey.Key = cipherKey;

            IList <string> referenceIdList = new List <string>();

            foreach (XmlElement elementToEncrypt in elementsToEncrypt)
                // Generate a unique reference identifier
                string referenceId = "_" + Guid.NewGuid().ToString();

                // Add it to the reference list

                // Create the encrypted data
                EncryptedData encryptedData = XmlSecurityUtils.Encrypt(
                    sessionKey, elementToEncrypt, referenceId);

                // Replace the original element with the encrypted data
                EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);

            foreach (X509Certificate2 certificate in certificates)
                // Create the encrypted key
                EncryptedKey encryptedKey = XmlSecurityUtils.CreateEncryptedKey(
                    sessionKey, certificate, referenceIdList);

                // Import the encrypted key element into the container document
                XmlNode encryptedKeyElem =
                    containerDoc.ImportNode(encryptedKey.GetXml(), true);

        /// <summary>
        /// Encrypts the XML node passed to it.
        /// </summary>
        /// <param name="node">The XmlNode to encrypt.</param>
        /// <returns></returns>
        public override XmlNode Encrypt(XmlNode node)
            // Get the RSA public key to encrypt the node. This key will encrypt
            // a symmetric key, which will then be encryped in the XML document.
            RSACryptoServiceProvider cryptoServiceProvider = this.GetCryptoServiceProvider(true);

            // Create an XML document and load the node to be encrypted in it.
            XmlDocument document = new XmlDocument
                PreserveWhitespace = true

            document.LoadXml("<Data>" + node.OuterXml + "</Data>");

            // Create a new instance of the EncryptedXml class
            // and use it to encrypt the XmlElement with the
            // a new random symmetric key.
            EncryptedXml       xml                = new EncryptedXml(document);
            XmlElement         documentElement    = document.DocumentElement;
            SymmetricAlgorithm symmetricAlgorithm = new RijndaelManaged();

            // Create a 192 bit random key.
            symmetricAlgorithm.Key = this.GetRandomKey();
            symmetricAlgorithm.Padding = PaddingMode.PKCS7;

            byte[] buffer = xml.EncryptData(documentElement ?? throw new InvalidOperationException(), symmetricAlgorithm, true);

            // Construct an EncryptedData object and populate
            // it with the encryption information.
            EncryptedData encryptedData = new EncryptedData();

            encryptedData.Type = EncryptedXml.XmlEncElementUrl;

            // Create an EncryptionMethod element so that the
            // receiver knows which algorithm to use for decryption.
            encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES192Url);
            encryptedData.KeyInfo          = new KeyInfo();

            // Encrypt the session key and add it to an EncryptedKey element.
            EncryptedKey encryptedKey =
                new EncryptedKey
                EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),
                KeyInfo          = new KeyInfo(),
                CipherData       = new CipherData
                    CipherValue = EncryptedXml.EncryptKey(symmetricAlgorithm.Key, cryptoServiceProvider, false)
            KeyInfoName clause = new KeyInfoName
                Value = "rsaKey"

            // Add the encrypted key to the EncryptedData object.
            KeyInfoEncryptedKey key2 = new KeyInfoEncryptedKey(encryptedKey);

            encryptedData.CipherData             = new CipherData();
            encryptedData.CipherData.CipherValue = buffer;

            // Replace the element from the original XmlDocument
            // object with the EncryptedData element.
            EncryptedXml.ReplaceElement(documentElement, encryptedData, true);
            foreach (XmlNode node2 in document.ChildNodes)
                if (node2.NodeType == XmlNodeType.Element)
                    foreach (XmlNode node3 in node2.ChildNodes)
                        if (node3.NodeType == XmlNodeType.Element)
Esempio n. 18
        public static void Encrypt(XmlDocument Doc, String ElementName, SymmetricAlgorithm Key)
            //Check the arguments provided
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            else if (ElementName == null)
                throw new ArgumentNullException("ElementToEncrypt");
            else if (Key == null)
                throw new ArgumentNullException("Algorithm");

            //Find the specified xmlElement object, encrypt it then create a new xmlElement object
            XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementName)[0] as XmlElement;

            //Throw an XmlException if the element isn't found
            if (elementToEncrypt == null)
                throw new XmlException("The specified element could not be found");

            EncryptedXml eXml = new EncryptedXml();

            byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Key, false);

            //Create an EncryptedData object and populate it with the desired encrypted information
            EncryptedData edElement = new EncryptedData();

            edElement.Type = EncryptedXml.XmlEncElementUrl;

            //The EncryptionMethod so that the receiver knows which algorithm to use for decryption

            string encryptionMethod = null;

            if (Key is TripleDES)
                encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
            else if (Key is DES)
                encryptionMethod = EncryptedXml.XmlEncDESUrl;
            if (Key is Rijndael)
                switch (Key.KeySize)
                case 128:
                    encryptionMethod = EncryptedXml.XmlEncAES128Url;

                case 192:
                    encryptionMethod = EncryptedXml.XmlEncAES192Url;

                case 256:
                    encryptionMethod = EncryptedXml.XmlEncAES256Url;
                //Throw an exception if the transform is not in the previous categories
                throw new CryptographicException("The specified algorithm is not supported for XML");

            edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

            //Add the encrypted element data to the original XMlDocument object with the EncryptedData element
            edElement.CipherData.CipherValue = encryptedElement;

            //Replace the element from the original XmlDocument object with the Encrypted Data element
            EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
Esempio n. 19
        internal static void Encrypt(this XmlElement elementToEncrypt, EncryptingCredentials encryptingCredentials)
            if (elementToEncrypt == null)
                throw new ArgumentNullException(nameof(elementToEncrypt));

            if (encryptingCredentials == null)
                throw new ArgumentNullException(nameof(encryptingCredentials));

            string enc;
            int    keySize;

            switch (encryptingCredentials.Enc)
            case SecurityAlgorithms.Aes128CbcHmacSha256:
                enc     = EncryptedXml.XmlEncAES128Url;
                keySize = 128;

            case SecurityAlgorithms.Aes192CbcHmacSha384:
                enc     = EncryptedXml.XmlEncAES192Url;
                keySize = 192;

            case SecurityAlgorithms.Aes256CbcHmacSha512:
                enc     = EncryptedXml.XmlEncAES256Url;
                keySize = 256;

                throw new CryptographicException(
                          $"Unsupported cryptographic algorithm {encryptingCredentials.Enc}");

            var encryptedData = new EncryptedData
                Type             = EncryptedXml.XmlEncElementUrl,
                EncryptionMethod = new EncryptionMethod(enc)

            string alg;

            switch (encryptingCredentials.Alg)
            case SecurityAlgorithms.RsaOAEP:
                alg = EncryptedXml.XmlEncRSAOAEPUrl;

            case SecurityAlgorithms.RsaPKCS1:
                alg = EncryptedXml.XmlEncRSA15Url;

                throw new CryptographicException(
                          $"Unsupported cryptographic algorithm {encryptingCredentials.Alg}");

            var encryptedKey = new EncryptedKey
                EncryptionMethod = new EncryptionMethod(alg),

            var encryptedXml = new EncryptedXml();

            byte[] encryptedElement;
            using (var symmetricAlgorithm = new RijndaelManaged())
                X509SecurityKey x509SecurityKey = encryptingCredentials.Key as X509SecurityKey;
                if (x509SecurityKey == null)
                    throw new CryptographicException(
                              "The encrypting credentials have an unknown key of type {encryptingCredentials.Key.GetType()}");

                symmetricAlgorithm.KeySize = keySize;
                encryptedKey.CipherData    = new CipherData(EncryptedXml.EncryptKey(symmetricAlgorithm.Key,
                                                                                    (RSA)x509SecurityKey.PublicKey, alg == EncryptedXml.XmlEncRSAOAEPUrl));
                encryptedElement = encryptedXml.EncryptData(elementToEncrypt, symmetricAlgorithm, false);

            encryptedData.CipherData.CipherValue = encryptedElement;

            encryptedData.KeyInfo = new KeyInfo();
            encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
            EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);
Esempio n. 20
        /// <summary>
        /// Encrypts the NameID attribute of the AttributeQuery request.
        /// </summary>
        /// <param name="certValue">
        /// Encoded X509 certificate retrieved from the identity provider's metadata
        /// and used to encrypt generated symmetric key.
        /// </param>
        /// <param name="xmlDoc">
        /// XML document to be encrypted.
        /// </param>
        /// <param name="symmetricAlgorithmUri">
        /// Symmetric algorithm uri used for encryption.
        /// </param>
        public static void EncryptAttributeQueryNameID(string certValue, string symmetricAlgorithmUri, XmlDocument xmlDoc)
            if (string.IsNullOrWhiteSpace(certValue))
                throw new Saml2Exception(Resources.EncryptedXmlCertNotFound);

            if (string.IsNullOrWhiteSpace(symmetricAlgorithmUri))
                throw new Saml2Exception(Resources.EncryptedXmlInvalidEncrAlgorithm);

            if (xmlDoc == null)
                throw new Saml2Exception(Resources.SignedXmlInvalidXml);

            byte[]           byteArray = Encoding.UTF8.GetBytes(certValue);
            X509Certificate2 cert      = new X509Certificate2(byteArray);

            if (cert == null)
                throw new Saml2Exception(Resources.EncryptedXmlCertNotFound);

            XmlNamespaceManager nsMgr = new XmlNamespaceManager(xmlDoc.NameTable);

            nsMgr.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
            nsMgr.AddNamespace("saml", Saml2Constants.NamespaceSamlAssertion);
            nsMgr.AddNamespace("samlp", Saml2Constants.NamespaceSamlProtocol);

            string  xpath = "/samlp:AttributeQuery/saml:Subject/saml:NameID";
            XmlNode root  = xmlDoc.DocumentElement;
            XmlNode node  = root.SelectSingleNode(xpath, nsMgr);

            XmlNode encryptedID = xmlDoc.CreateNode(XmlNodeType.Element, "EncryptedID", Saml2Constants.NamespaceSamlAssertion);


            XmlElement elementToEncrypt = (XmlElement)encryptedID.AppendChild(node.Clone());

            if (elementToEncrypt == null)
                throw new Saml2Exception(Resources.EncryptedXmlInvalidXml);

            SymmetricAlgorithm alg = Saml2Utils.GetAlgorithm(symmetricAlgorithmUri);

            if (alg == null)
                throw new Saml2Exception(Resources.EncryptedXmlInvalidEncrAlgorithm);


            string        encryptionElementID    = Saml2Utils.GenerateId();
            string        encryptionKeyElementID = Saml2Utils.GenerateId();
            EncryptedData encryptedData          = new EncryptedData();

            encryptedData.Type             = EncryptedXml.XmlEncElementUrl;
            encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128Url);
            encryptedData.Id = encryptionElementID;

            EncryptedXml encryptedXml = new EncryptedXml();

            byte[] encryptedElement = encryptedXml.EncryptData(elementToEncrypt, alg, false);
            encryptedData.CipherData.CipherValue = encryptedElement;
            encryptedData.KeyInfo = new KeyInfo();

            EncryptedKey encryptedKey = new EncryptedKey();

            encryptedKey.Id = encryptionKeyElementID;
            RSA publicKeyRSA = cert.PublicKey.Key as RSA;

            encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
            encryptedKey.CipherData       = new CipherData(EncryptedXml.EncryptKey(alg.Key, publicKeyRSA, false));

            encryptedData.KeyInfo.AddClause(new KeyInfoRetrievalMethod("#" + encryptionKeyElementID, ""));

            KeyInfoName kin = new KeyInfoName();

            kin.Value = cert.SubjectName.Name;

            EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);

            XmlNode importKeyNode = xmlDoc.ImportNode(encryptedKey.GetXml(), true);

Esempio n. 21
        public static void Encrypt(XmlDocument Doc, string ElementName, SymmetricAlgorithm Key)
            // Check the arguments.
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            if (ElementName == null)
                throw new ArgumentNullException("ElementToEncrypt");
            if (Key == null)
                throw new ArgumentNullException("Alg");

            // Find the specified element in the XmlDocument
            // object and create a new XmlElement object.
            XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementName)[0] as XmlElement;

            // Throw an XmlException if the element was not found.
            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");

            // Create a new instance of the EncryptedXml class
            // and use it to encrypt the XmlElement with the
            // symmetric key.

            EncryptedXml eXml = new EncryptedXml();

            byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Key, false);
            // Construct an EncryptedData object and populate
            // it with the desired encryption information.

            EncryptedData edElement = new EncryptedData();

            edElement.Type = EncryptedXml.XmlEncElementUrl;

            // Create an EncryptionMethod element so that the
            // receiver knows which algorithm to use for decryption.
            // Determine what kind of algorithm is being used and
            // supply the appropriate URL to the EncryptionMethod element.

            string encryptionMethod = null;

            if (Key is Aes)
                encryptionMethod = EncryptedXml.XmlEncAES256Url;
                // Throw an exception if the transform is not AES
                throw new CryptographicException("The specified algorithm is not supported or not recommended for XML Encryption.");

            edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

            // Add the encrypted element data to the
            // EncryptedData object.
            edElement.CipherData.CipherValue = encryptedElement;

            // Replace the element from the original XmlDocument
            // object with the EncryptedData element.
            EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
Esempio n. 22
        /// <summary>
        /// Encrypt document
        /// </summary>
        /// <param name="Doc">XmlDocument to encrypt</param>
        /// <param name="ElementName">Encrypt all elements of this type</param>
        /// <param name="Key">Encryption key to use</param>
        private static void Encrypt(XmlDocument Doc, string ElementName, SymmetricAlgorithm Key)
            // Check the arguments.
            if (Doc == null)
                throw new ArgumentNullException("Doc");
            if (ElementName == null)
                throw new ArgumentNullException("ElementToEncrypt");
            if (Key == null)
                throw new ArgumentNullException("Alg");

            // Find the specified element in the XmlDocument
            // object and create a new XmlElemnt object.
            //XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementName)[0] as XmlElement;

            XmlNodeList lst = Doc.GetElementsByTagName(ElementName);

            for (int i = lst.Count - 1; i >= 0; i--)
                XmlElement elementToEncrypt = (XmlElement)lst[i];

                // Throw an XmlException if the element was not found.
                if (elementToEncrypt == null)
                    throw new XmlException("The specified element was not found");

                // Create a new instance of the EncryptedXml class
                // and use it to encrypt the XmlElement with the
                // symmetric key.

                EncryptedXml eXml = new EncryptedXml();

                byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Key, false);
                // Construct an EncryptedData object and populate
                // it with the desired encryption information.

                EncryptedData edElement = new EncryptedData();
                edElement.Type = EncryptedXml.XmlEncElementUrl;

                // Create an EncryptionMethod element so that the
                // receiver knows which algorithm to use for decryption.
                // Determine what kind of algorithm is being used and
                // supply the appropriate URL to the EncryptionMethod element.

                string encryptionMethod = null;

                if (Key is TripleDES)
                    encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
                else if (Key is DES)
                    encryptionMethod = EncryptedXml.XmlEncDESUrl;
                if (Key is Rijndael)
                    switch (Key.KeySize)
                    case 128:
                        encryptionMethod = EncryptedXml.XmlEncAES128Url;

                    case 192:
                        encryptionMethod = EncryptedXml.XmlEncAES192Url;

                    case 256:
                        encryptionMethod = EncryptedXml.XmlEncAES256Url;
                    // Throw an exception if the transform is not in the previous categories
                    throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");

                edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

                // Add the encrypted element data to the
                // EncryptedData object.
                edElement.CipherData.CipherValue = encryptedElement;

                // Replace the element from the original XmlDocument
                // object with the EncryptedData element.
                EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
Esempio n. 23
    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, SymmetricAlgorithm Alg, string KeyName)
        // Check the arguments.
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found.
        if (elementToEncrypt == null)
            throw new XmlException("The specified element was not found");

        // Create a new instance of the EncryptedXml class
        // and use it to encrypt the XmlElement with the
        // symmetric key.

        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Alg, false);

        // Construct an EncryptedData object and populate
        // it with the desired encryption information.

        EncryptedData edElement = new EncryptedData();

        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // Create an EncryptionMethod element so that the
        // receiver knows which algorithm to use for decryption.
        // Determine what kind of algorithm is being used and
        // supply the appropriate URL to the EncryptionMethod element.

        string encryptionMethod = null;

        if (Alg is TripleDES)
            encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
        else if (Alg is DES)
            encryptionMethod = EncryptedXml.XmlEncDESUrl;
        else if (Alg is Aes)
            switch (Alg.KeySize)
            case 128:
                encryptionMethod = EncryptedXml.XmlEncAES128Url;

            case 192:
                encryptionMethod = EncryptedXml.XmlEncAES192Url;

            case 256:
                encryptionMethod = EncryptedXml.XmlEncAES256Url;
            // Throw an exception if the transform is not in the previous categories
            throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");

        edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

        // Set the KeyInfo element to specify the
        // name of a key.

        // Create a new KeyInfo element.
        edElement.KeyInfo = new KeyInfo();

        // Create a new KeyInfoName element.
        KeyInfoName kin = new KeyInfoName();

        // Specify a name for the key.
        kin.Value = KeyName;

        // Add the KeyInfoName element.

        // Add the encrypted element data to the
        // EncryptedData object.
        edElement.CipherData.CipherValue = encryptedElement;

        // Replace the element from the original XmlDocument
        // object with the EncryptedData element.

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
Esempio n. 24
        public static String EncryptXML(String xml, SymmetricAlgorithm key = null)
            if (String.IsNullOrEmpty(xml))
                throw new ArgumentNullException("xml");

            if (key == null)
                key = DefaultCryptographyKey;

            var xmlDoc           = default(XmlDocument);
            var element          = default(XmlElement);
            var eXml             = default(EncryptedXml);
            var encryptedElement = default(Byte[]);
            var edElement        = default(EncryptedData);
            var encryptionMethod = string.Empty;

            xmlDoc = new XmlDocument();

            element = xmlDoc.DocumentElement;

            eXml = new EncryptedXml();

            Contract.Assert(element != null, "element != null");
            encryptedElement = eXml.EncryptData(element, key, false);

            edElement = new EncryptedData {
                Type = EncryptedXml.XmlEncElementUrl

            if (key is TripleDES)
                encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
            else if (key is DES)
                encryptionMethod = EncryptedXml.XmlEncDESUrl;
            if (key is Rijndael)
                switch (key.KeySize)
                case 128:
                    encryptionMethod = EncryptedXml.XmlEncAES128Url;

                case 192:
                    encryptionMethod = EncryptedXml.XmlEncAES192Url;

                case 256:
                    encryptionMethod = EncryptedXml.XmlEncAES256Url;
                // Throw an exception if the transform is not in the previous categories
                throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");

            edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);
            // Add the encrypted element data to the
            // EncryptedData object.
            edElement.CipherData.CipherValue = encryptedElement;

            EncryptedXml.ReplaceElement(element, edElement, false);

Esempio n. 25
        public Message SecureMessage()
            secprop = Message.Properties.Security ?? new SecurityMessageProperty();

            SecurityToken encToken =
                secprop.InitiatorToken != null ? secprop.InitiatorToken.SecurityToken : security.EncryptionToken;
            // FIXME: it might be still incorrect.
            SecurityToken signToken =
                Parameters == CounterParameters ? null :
            MessageProtectionOrder protectionOrder =
            SecurityTokenSerializer serializer =
            SecurityBindingElement element =
            SecurityAlgorithmSuite suite = element.DefaultAlgorithmSuite;

// FIXME: remove this hack
            if (!ShouldOutputEncryptedKey)
                encToken = new BinarySecretSecurityToken(secprop.EncryptionKey);

            string      messageId         = "uuid-" + Guid.NewGuid();
            int         identForMessageId = 1;
            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;

            UniqueId relatesTo = RelatesTo;

            if (relatesTo != null)
                msg.Headers.RelatesTo = relatesTo;
            else             // FIXME: probably it is always added when it is stateful ?
                msg.Headers.MessageId = new UniqueId("urn:" + messageId);

            // FIXME: get correct ReplyTo value
            if (Direction == MessageDirection.Input)
                msg.Headers.Add(MessageHeader.CreateHeader("ReplyTo", msg.Version.Addressing.Namespace, EndpointAddress10.FromEndpointAddress(new EndpointAddress(Constants.WsaAnonymousUri))));

            if (MessageTo != null)
                msg.Headers.Add(MessageHeader.CreateHeader("To", msg.Version.Addressing.Namespace, MessageTo.Uri.AbsoluteUri, true));

            // wss:Security
            WSSecurityMessageHeader header =
                new WSSecurityMessageHeader(serializer);

            // 1. [Timestamp]
            if (element.IncludeTimestamp)
                WsuTimestamp timestamp = new WsuTimestamp();
                timestamp.Id      = messageId + "-" + identForMessageId++;
                timestamp.Created = DateTime.Now;
                // FIXME: on service side, use element.LocalServiceSettings.TimestampValidityDuration
                timestamp.Expires = timestamp.Created.Add(element.LocalClientSettings.TimestampValidityDuration);

            XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);

            nsmgr.AddNamespace("s", msg.Version.Envelope.Namespace);
            nsmgr.AddNamespace("o", Constants.WssNamespace);
            nsmgr.AddNamespace("u", Constants.WsuNamespace);
            nsmgr.AddNamespace("o11", Constants.Wss11Namespace);

            /*WrappedKey*/ SecurityToken primaryToken = null;
            DerivedKeySecurityToken      dkeyToken    = null;
            SecurityToken actualToken = null;
            SecurityKeyIdentifierClause actualClause = null;
            Signature sig = null;

            List <DerivedKeySecurityToken> derivedKeys =
                new List <DerivedKeySecurityToken> ();

            SymmetricAlgorithm masterKey = new RijndaelManaged();

            masterKey.KeySize = suite.DefaultSymmetricKeyLength;
            masterKey.Mode    = CipherMode.CBC;
            masterKey.Padding = PaddingMode.ISO10126;
            SymmetricAlgorithm actualKey = masterKey;

            // 2. [Encryption Token]

            // SecurityTokenInclusionMode
            // - Initiator or Recipient
            // - done or notyet. FIXME: not implemented yet
            // It also affects on key reference output

            bool includeEncToken =             // /* FIXME: remove this hack */Parameters is SslSecurityTokenParameters ? false :
                Security.RecipientParameters.InclusionMode, false);
            bool includeSigToken =             // /* FIXME: remove this hack */ Parameters is SslSecurityTokenParameters ? false :
                Security.InitiatorParameters.InclusionMode, false);

            SecurityKeyIdentifierClause encClause = ShouldOutputEncryptedKey ?
                                                    CounterParameters.CallCreateKeyIdentifierClause(encToken, !ShouldOutputEncryptedKey ? SecurityTokenReferenceStyle.Internal : includeEncToken ? Parameters.ReferenceStyle : SecurityTokenReferenceStyle.External) : null;

            MessagePartSpecification sigSpec = SignaturePart;
            MessagePartSpecification encSpec = EncryptionPart;

            // encryption key (possibly also used for signing)
            // FIXME: get correct SymmetricAlgorithm according to the algorithm suite
            if (secprop.EncryptionKey != null)
                actualKey.Key = secprop.EncryptionKey;

// FIXME: remove thid hack
            if (!ShouldOutputEncryptedKey)
                primaryToken = RequestContext.RequestMessage.Properties.Security.ProtectionToken.SecurityToken as WrappedKeySecurityToken;
                primaryToken =
                    // FIXME: remove this hack?
                    encToken is SecurityContextSecurityToken ? encToken :
                    new WrappedKeySecurityToken(messageId + "-" + identForMessageId++,
                                                // security.DefaultKeyWrapAlgorithm,
                                                Parameters.InternalHasAsymmetricKey ?
                                                suite.DefaultAsymmetricKeyWrapAlgorithm :
                                                encClause != null ? new SecurityKeyIdentifier(encClause) : null);

            // If it reuses request's encryption key, do not output.
            if (ShouldOutputEncryptedKey)

            actualToken = primaryToken;

            // FIXME: I doubt it is correct...
            WrappedKeySecurityToken requestEncKey = ShouldOutputEncryptedKey ? null : primaryToken as WrappedKeySecurityToken;

            actualClause = requestEncKey == null ? (SecurityKeyIdentifierClause)
                           new LocalIdKeyIdentifierClause(actualToken.Id, typeof(WrappedKeySecurityToken)) :
                           new InternalEncryptedKeyIdentifierClause(SHA1.Create().ComputeHash(requestEncKey.GetWrappedKey()));

            // generate derived key if needed
            if (CounterParameters.RequireDerivedKeys)
                RijndaelManaged deriv = new RijndaelManaged();
                deriv.KeySize = suite.DefaultEncryptionKeyDerivationLength;
                deriv.Mode    = CipherMode.CBC;
                deriv.Padding = PaddingMode.ISO10126;
                dkeyToken = new DerivedKeySecurityToken(
                    null,                     // algorithm
                    new InMemorySymmetricSecurityKey(actualKey.Key),
                    null,                     // name
                    null,                     // generation
                    null,                     // offset
                    null,                     // label
                actualToken   = dkeyToken;
                actualKey.Key = ((SymmetricSecurityKey)dkeyToken.SecurityKeys [0]).GetSymmetricKey();
                actualClause  = new LocalIdKeyIdentifierClause(dkeyToken.Id);

            ReferenceList refList = new ReferenceList();

            // When encrypted with DerivedKeyToken, put references
            // immediately after the derived token (not inside the
            // primary token).
            // Similarly, when we do not output EncryptedKey,
            // output ReferenceList in the same way.
            if (CounterParameters.RequireDerivedKeys ||
                ((WrappedKeySecurityToken)primaryToken).ReferenceList = refList;

            // [Signature Confirmation]
            if (security.RequireSignatureConfirmation && secprop.ConfirmedSignatures.Count > 0)
                foreach (string value in secprop.ConfirmedSignatures)
                    header.AddContent(new Wss11SignatureConfirmation(GenerateId(doc), value));

            SupportingTokenInfoCollection tokenInfos =
                Direction == MessageDirection.Input ?
                security.CollectSupportingTokens(GetAction()) :
                new SupportingTokenInfoCollection();                  // empty

            foreach (SupportingTokenInfo tinfo in tokenInfos)

            // populate DOM to sign.
            XPathNavigator nav = doc.CreateNavigator();

            using (XmlWriter w = nav.AppendChild()) {

            XmlElement body    = doc.SelectSingleNode("/s:Envelope/s:Body/*", nsmgr) as XmlElement;
            string     bodyId  = null;
            XmlElement secElem = null;
            Collection <WSSignedXml> endorsedSignatures =
                new Collection <WSSignedXml> ();
            bool signatureProtection = (protectionOrder == MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);

            // Below are o:Security contents that are not signed...
            if (includeSigToken && signToken != null)

            switch (protectionOrder)
            case MessageProtectionOrder.EncryptBeforeSign:
                // FIXME: implement
                throw new NotImplementedException();

            case MessageProtectionOrder.SignBeforeEncrypt:
            case MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature:

                // sign
                // see clause 8 of WS-SecurityPolicy C.2.2
                WSSignedXml sxml = new WSSignedXml(doc);
                SecurityTokenReferenceKeyInfo sigKeyInfo;

                sig = sxml.Signature;
                sig.SignedInfo.CanonicalizationMethod =
                foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/u:Timestamp", nsmgr))
                    CreateReference(sig, elem, elem.GetAttribute("Id", Constants.WsuNamespace));
                foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/o11:SignatureConfirmation", nsmgr))
                    CreateReference(sig, elem, elem.GetAttribute("Id", Constants.WsuNamespace));
                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    if (tinfo.Mode != SecurityTokenAttachmentMode.Endorsing)
                        XmlElement el = sxml.GetIdElement(doc, tinfo.Token.Id);
                        CreateReference(sig, el, el.GetAttribute("Id", Constants.WsuNamespace));
                XmlNodeList nodes = doc.SelectNodes("/s:Envelope/s:Header/*", nsmgr);
                for (int i = 0; i < msg.Headers.Count; i++)
                    MessageHeaderInfo h = msg.Headers [i];
                    if (h.Name == "Security" && h.Namespace == Constants.WssNamespace)
                        secElem = nodes [i] as XmlElement;
                    else if (sigSpec.HeaderTypes.Count == 0 ||
                             sigSpec.HeaderTypes.Contains(new XmlQualifiedName(h.Name, h.Namespace)))
                        string id = GenerateId(doc);
                        h.Id = id;
                        CreateReference(sig, nodes [i] as XmlElement, id);
                if (sigSpec.IsBodyIncluded)
                    bodyId = GenerateId(doc);
                    CreateReference(sig, body.ParentNode as XmlElement, bodyId);

                if (security.DefaultSignatureAlgorithm == SignedXml.XmlDsigHMACSHA1Url)
                    // FIXME: use appropriate hash algorithm
                    sxml.ComputeSignature(new HMACSHA1(actualKey.Key));
                    sigKeyInfo = new SecurityTokenReferenceKeyInfo(actualClause, serializer, doc);
                    SecurityKeyIdentifierClause signClause =
                        CounterParameters.CallCreateKeyIdentifierClause(signToken, includeSigToken ? CounterParameters.ReferenceStyle : SecurityTokenReferenceStyle.External);
                    AsymmetricSecurityKey signKey = (AsymmetricSecurityKey)signToken.ResolveKeyIdentifierClause(signClause);
                    sxml.SigningKey = signKey.GetAsymmetricAlgorithm(security.DefaultSignatureAlgorithm, true);
                    sigKeyInfo = new SecurityTokenReferenceKeyInfo(signClause, serializer, doc);

                sxml.KeyInfo = new KeyInfo();

                if (!signatureProtection)

                // endorse the signature with (signed)endorsing
                // supporting tokens.

                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    switch (tinfo.Mode)
                    case SecurityTokenAttachmentMode.Endorsing:
                    case SecurityTokenAttachmentMode.SignedEndorsing:
                        if (sxml.Signature.Id == null)
                            sig.Id = GenerateId(doc);
                        WSSignedXml ssxml = new WSSignedXml(doc);
                        ssxml.Signature.SignedInfo.CanonicalizationMethod = suite.DefaultCanonicalizationAlgorithm;
                        CreateReference(ssxml.Signature, doc, sig.Id);
                        SecurityToken sst = tinfo.Token;
                        SecurityKey   ssk = sst.SecurityKeys [0];                                     // FIXME: could be different?
                        SecurityKeyIdentifierClause tclause = new LocalIdKeyIdentifierClause(sst.Id); // FIXME: could be different?
                        if (ssk is SymmetricSecurityKey)
                            SymmetricSecurityKey signKey = (SymmetricSecurityKey)ssk;
                            AsymmetricSecurityKey signKey = (AsymmetricSecurityKey)ssk;
                            ssxml.SigningKey = signKey.GetAsymmetricAlgorithm(suite.DefaultAsymmetricSignatureAlgorithm, true);
                        ssxml.KeyInfo.AddClause(new SecurityTokenReferenceKeyInfo(tclause, serializer, doc));
                        if (!signatureProtection)


                // encrypt

                WSEncryptedXml exml = new WSEncryptedXml(doc);

                EncryptedData edata = Encrypt(body, actualKey, actualToken.Id, refList, actualClause, exml, doc);
                EncryptedXml.ReplaceElement(body, edata, false);

                // encrypt signature
                if (signatureProtection)
                    XmlElement sigxml = sig.GetXml();
                    edata = Encrypt(sigxml, actualKey, actualToken.Id, refList, actualClause, exml, doc);

                    foreach (WSSignedXml ssxml in endorsedSignatures)
                        sigxml = ssxml.GetXml();
                        edata  = Encrypt(sigxml, actualKey, actualToken.Id, refList, actualClause, exml, doc);

                    if (security.RequireSignatureConfirmation)
                        Collection <Wss11SignatureConfirmation> confs = header.FindAll <Wss11SignatureConfirmation> ();
                        int count = 0;
                        foreach (XmlElement elem in doc.SelectNodes("/s:Envelope/s:Header/o:Security/o11:SignatureConfirmation", nsmgr))
                            edata = Encrypt(elem, actualKey, confs [count].Id, refList, actualClause, exml, doc);
                            EncryptedXml.ReplaceElement(elem, edata, false);
                            header.Contents.Insert(header.Contents.IndexOf(confs [count]), edata);
                            header.Contents.Remove(confs [count++]);

                // encrypt Encrypted supporting tokens
                foreach (SupportingTokenInfo tinfo in tokenInfos)
                    if (tinfo.Mode == SecurityTokenAttachmentMode.SignedEncrypted)
                        XmlElement el = exml.GetIdElement(doc, tinfo.Token.Id);
                        tinfo.Encrypted = Encrypt(el, actualKey, actualToken.Id, refList, actualClause, exml, doc);
                        EncryptedXml.ReplaceElement(el, tinfo.Encrypted, false);
                        header.Contents.Insert(header.Contents.IndexOf(tinfo.Token), tinfo.Encrypted);

            Message ret = Message.CreateMessage(msg.Version, msg.Headers.Action, new XmlNodeReader(doc.SelectSingleNode("/s:Envelope/s:Body/*", nsmgr) as XmlElement));

            ret.Properties.Security = (SecurityMessageProperty)secprop.CreateCopy();
            ret.Properties.Security.EncryptionKey = masterKey.Key;
            ret.BodyId = bodyId;

            // FIXME: can we support TransportToken here?
            if (element is AsymmetricSecurityBindingElement)
                ret.Properties.Security.InitiatorToken = new SecurityTokenSpecification(encToken, null);                  // FIXME: second argument
                ret.Properties.Security.InitiatorToken = new SecurityTokenSpecification(signToken, null);                 // FIXME: second argument
                ret.Properties.Security.ProtectionToken = new SecurityTokenSpecification(primaryToken, null);


            // Header contents are:
            //	- Timestamp
            //	- SignatureConfirmation if required
            //	- EncryptionToken if included
            //	- derived key token for EncryptionToken
            //	- ReferenceList for encrypted items
            //	- signed supporting tokens
            //	- signed endorsing supporting tokens
            //	(i.e. Signed/SignedEncrypted/SignedEndorsing)
            //	- Signature Token if different from enc token.
            //	- derived key token for sig token if different
            //	- Signature for:
            //		- Timestamp
            //		- supporting tokens (regardless of
            //		  its inclusion)
            //		- message parts in SignedParts
            //		- SignatureToken if TokenProtection
            //		  (regardless of its inclusion)
            //	- Signatures for the main signature (above),
            //	  for every endorsing token and signed
            //	  endorsing token.

//MessageBuffer zzz = ret.CreateBufferedCopy (100000);
//ret = zzz.CreateMessage ();
//Console.WriteLine (zzz.CreateMessage ());
Esempio n. 26
    /// <summary>
    /// XML数据加密
    /// </summary>
    /// <param name="xmlDocument">XML 文档的实例</param>
    /// <param name="nodeName">需要加密的 XML 节点名字</param>
    /// <param name="key">密钥</param>
    public void Encrypt(XmlDocument xmlDocument, string nodeName)
        // 检查参数
        if (xmlDocument == null)
            throw new ArgumentNullException("xmlDocument");

        if (nodeName == null || nodeName.Length == 0)
            throw new ArgumentNullException("nodeName");

        if (mKey == null)
            throw new ArgumentNullException("mKey");

        // 在XmlDocument找到指定的元素对象,并创建一个新的XmlElemnt对象。
        XmlElement elementToEncrypt = xmlDocument.GetElementsByTagName(nodeName)[0] as XmlElement;

        // 如果元素不能被发现,抛出一个XmlException。
        if (elementToEncrypt == null)
            throw new XmlException("指定的元素不能被发现");

        // 创建一个新的实例的EncryptedXml类和使用它来加密XmlElement和对称密钥
        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, mKey, false);

        // 构造一个EncryptedData对象并填充所需的加密信息。
        EncryptedData edElement = new EncryptedData();

        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // 创建一个EncryptionMethod元素,以便接收方知道这算法用于解密。
        // 确定什么样的算法被使用和供应适当的URL到EncryptionMethod元素。
        string encryptionMethod = null;

        if (mKey is Rijndael)
            switch (mKey.KeySize)
            case 128:
                encryptionMethod = EncryptedXml.XmlEncAES128Url;

            case 192:
                encryptionMethod = EncryptedXml.XmlEncAES192Url;

            case 256:
                encryptionMethod = EncryptedXml.XmlEncAES256Url;

                throw new CryptographicException("此算法只支持16位, 24位, 32位的密钥");
            // 如果变换不是在前面的类别,抛出一个异常
            throw new CryptographicException("指定的算法不支持XML加密");

        edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

        // 添加加密元素数据到EncryptedData对象。
        edElement.CipherData.CipherValue = encryptedElement;

        // 从原始XmlDocument对象与EncryptedData元素替换元素。
        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
Esempio n. 27
        public void RoundtripSample1()
            using (StringWriter sw = new StringWriter())
                // Encryption
                    XmlDocument doc = new XmlDocument();
                    doc.PreserveWhitespace = true;
                    doc.LoadXml("<root>  <child>sample</child>   </root>");

                    XmlElement body = doc.DocumentElement;

                    using (Aes aes = Aes.Create())
                        aes.Mode    = CipherMode.CBC;
                        aes.KeySize = 256;
                        aes.IV      = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw==");
                        aes.Key     = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
                        aes.Padding = PaddingMode.Zeros;

                        EncryptedXml  exml      = new EncryptedXml();
                        byte[]        encrypted = exml.EncryptData(body, aes, false);
                        EncryptedData edata     = new EncryptedData();
                        edata.Type             = EncryptedXml.XmlEncElementUrl;
                        edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
                        EncryptedKey ekey = new EncryptedKey();
                        // omit key encryption, here for testing
                        byte[] encKeyBytes = aes.Key;
                        ekey.CipherData       = new CipherData(encKeyBytes);
                        ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
                        DataReference dr = new DataReference();
                        dr.Uri = "_0";
                        edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
                        ekey.KeyInfo.AddClause(new RSAKeyValue(RSA.Create()));
                        edata.CipherData.CipherValue = encrypted;
                        EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false);
                        doc.Save(new XmlTextWriter(sw));

                // Decryption
                    using (Aes aes = Aes.Create())
                        aes.Mode    = CipherMode.CBC;
                        aes.KeySize = 256;
                        aes.Key     = Convert.FromBase64String(
                        aes.Padding = PaddingMode.Zeros;

                        XmlDocument doc = new XmlDocument();
                        doc.PreserveWhitespace = true;
                        EncryptedXml  encxml = new EncryptedXml(doc);
                        EncryptedData edata  = new EncryptedData();
                        encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes));
Esempio n. 28
        /// <summary>
        /// Retrieves a certificate from the Personal Certificate Store in Windows.
        /// </summary>
        /// <param name="sujetoCertificado"></param>
        /// <returns></returns>
        static void Encriptar(ref XmlDocument document, string elementoParaEncriptar, X509Certificate2 certificadopublico, ref XmlElement securityNode)
            RSACryptoServiceProvider rsaAlgorithm = (RSACryptoServiceProvider)certificadopublico.PublicKey.Key; //llave publica usada para encriptar.

            //Ahora creamos un BinarySecurityToken que será el certificado x509 de la clave pública
            //se usa para que el receptor sepa qué certificado se usó para encriptar.
            XmlElement binarySecurityTokenNode = document.CreateElement("wsse", "BinarySecurityToken", "");

            //El atributo EncodingType dice cómo el Token está codificado, en este caso, Base64Binary.
            binarySecurityTokenNode.SetAttribute("EncodingType", "");
            //El atributo ValueType indica qué es el BinarySecurityToken, en este caso un Certificado X509v3.
            binarySecurityTokenNode.SetAttribute("ValueType", "");

            binarySecurityTokenNode.SetAttribute("Id", "", XmlElementsIds.PublicKeyBinarySecurityTokenUri);
            XmlAttribute attribute = binarySecurityTokenNode.GetAttributeNode("Id");

            attribute.Prefix = "wsu";
            binarySecurityTokenNode.InnerText = Convert.ToBase64String(certificadopublico.GetRawCertData());

            //Creamos una llave simétrica la cuál servirá para codificar la información. //AES-128-CBC
            AesManaged algoritmosimetrico = new AesManaged()
                Padding = PaddingMode.ISO10126,
                KeySize = 128,
                Mode    = CipherMode.CBC,

            System.Security.Cryptography.Xml.EncryptedKey encryptedKey = new System.Security.Cryptography.Xml.EncryptedKey();
            encryptedKey.EncryptionMethod = new System.Security.Cryptography.Xml.EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl);
            encryptedKey.AddReference(new DataReference("#ED-31"));
            SecurityTokenReference securityTokenReference = new SecurityTokenReference();

            securityTokenReference.Reference = XmlElementsIds.PublicKeyBinarySecurityTokenUri;
            securityTokenReference.ValueType = "";
            KeyInfo ekkeyInfo = new KeyInfo();

            ekkeyInfo.AddClause(new KeyInfoNode(securityTokenReference.GetXml()));
            encryptedKey.KeyInfo    = ekkeyInfo;
            encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(algoritmosimetrico.Key, rsaAlgorithm, true));

            securityNode.PrependChild(document.ImportNode(encryptedKey.GetXml(), true));

            //Crear un XmlElement a través del nombre del Tag que se encuentra en el documento Xml especificado.
            XmlElement elementoParaEncriptarXML = document.GetElementsByTagName(elementoParaEncriptar)[0] as XmlElement;

            //Creamos una instancia de la clase EncryptedXml y usarla para encriptar
            //el XmlElement: elementoParaEncriptarXML; usando la llave simétrica que acabamos de
            EncryptedXml xmlEncriptado = new EncryptedXml();

            //Encriptamos el Body (elementoParaEncriptarXML) usando el algoritmo simétrico AES-128-CBC y lo dejamos ahí.
            byte[] elementoEncriptado = xmlEncriptado.EncryptData(elementoParaEncriptarXML, algoritmosimetrico, false);

            //Ahora creamos una instancia de la clase EncryptedData que representa
            //un elemento <EncryptedData> en el documento XML.
            System.Security.Cryptography.Xml.EncryptedData encryptedData = new System.Security.Cryptography.Xml.EncryptedData()
                Type = EncryptedXml.XmlEncElementContentUrl,
                Id   = "ED-31",

                //Le asignamos otra propiedad a este elemento <EncryptedData> que es un EncryptionMethod
                //para que el receptor sepa que algoritmo usar para descifrar
                EncryptionMethod = new System.Security.Cryptography.Xml.EncryptionMethod(EncryptedXml.XmlEncAES128Url) //Aes-128-cbc o Rjindael.
            encryptedData.CipherData = new CipherData(elementoEncriptado);

            /* Para descencriptar: Funciona, es para testear si puedo desencriptar los datos.
             * var lmao= xmlEncriptado.DecryptData(encryptedData, algoritmosimetrico);
             * var decrypted = Encoding.UTF8.GetString(lmao);

            //Reemplazamos el elemento quotationCarGenericRq sin encriptar del documento XML con el elemento <EncryptedData> (que contiene el Body y sus contenidos encriptados) básicamente.
            //totalmente lleno.
            EncryptedXml.ReplaceElement(elementoParaEncriptarXML, encryptedData, false);
Esempio n. 29
        public void EncrypyXmlElement(XmlDocument doc, string elementName)
            // Check the arguments.
            if (doc == null)
                throw new ArgumentNullException("Doc");

            if (elementName == null)
                throw new ArgumentNullException("ElementToEncrypt");

            SymmetricAlgorithm algorithm = _rijndaelManaged;

            algorithm.Padding = PaddingMode.Zeros;

            // Find the specified element in the XmlDocument
            // object and create a new XmlElemnt object.
            var elementToEncrypt = doc.GetElementsByTagName(elementName)[0] as XmlElement;

            // Throw an XmlException if the element was not found.
            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");

            // Create a new instance of the EncryptedXml class
            // and use it to encrypt the XmlElement with the
            // symmetric key.

            var encryptedXml = new EncryptedXml();

            encryptedXml.Padding = PaddingMode.Zeros;

            var encryptedElement = encryptedXml.EncryptData(elementToEncrypt, algorithm, false);
            // Construct an EncryptedData object and populate
            // it with the desired encryption information.

            var element = new EncryptedData();

            element.Type = EncryptedXml.XmlEncElementUrl;

            // Create an EncryptionMethod element so that the receiver knows which algorithm to use
            // for decryption. Determine what kind of algorithm is being used and supply the
            // appropriate URL to the EncryptionMethod element.
            string encryptionMethod = null;

            if (algorithm is TripleDES)
                encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
            else if (algorithm is DES)
                encryptionMethod = EncryptedXml.XmlEncDESUrl;

            if (algorithm is Rijndael)
                switch (algorithm.KeySize)
                case 128:
                    encryptionMethod = EncryptedXml.XmlEncAES128Url;

                case 192:
                    encryptionMethod = EncryptedXml.XmlEncAES192Url;

                case 256:
                    encryptionMethod = EncryptedXml.XmlEncAES256Url;
                // Throw an exception if the transform is not in the previous categories
                throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");

            element.EncryptionMethod = new EncryptionMethod(encryptionMethod);

            // Add the encrypted element data to the EncryptedData object.
            element.CipherData.CipherValue = encryptedElement;

            // Replace the element from the original XmlDocument
            // object with the EncryptedData element.
            EncryptedXml.ReplaceElement(elementToEncrypt, element, false);
Esempio n. 30
        public static void Encrypt(XmlDocument doc)
            SymmetricAlgorithm symAlgo = new RijndaelManaged();

            byte[]             salt   = Encoding.ASCII.GetBytes("This is my salt");
            Rfc2898DeriveBytes theKey = new Rfc2898DeriveBytes("myclass", salt);

            symAlgo.Key = theKey.GetBytes(symAlgo.KeySize / 8);
            symAlgo.IV  = theKey.GetBytes(symAlgo.BlockSize / 8);
            if (doc == null)
                throw new ArgumentNullException("Doc");
            if (symAlgo == null)
                throw new ArgumentNullException("Alg");
            XmlElement elementToEncrypt = doc.DocumentElement;

            if (elementToEncrypt == null)
                throw new XmlException("The specified element was not found");
            EncryptedXml eXml = new EncryptedXml();

            byte[]        encryptedElement = eXml.EncryptData(elementToEncrypt, symAlgo, false);
            EncryptedData edElement        = new EncryptedData();

            edElement.Type = EncryptedXml.XmlEncElementUrl;
            string encryptionMethod = null;

            if (symAlgo is TripleDES)
                encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
            else if (symAlgo is DES)
                encryptionMethod = EncryptedXml.XmlEncDESUrl;
            if (symAlgo is Rijndael)
                switch (symAlgo.KeySize)
                case 128:
                    encryptionMethod = EncryptedXml.XmlEncAES128Url;

                case 192:
                    encryptionMethod = EncryptedXml.XmlEncAES192Url;

                case 256:
                    encryptionMethod = EncryptedXml.XmlEncAES256Url;

                    // do the defalut action
                throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");
            edElement.EncryptionMethod       = new EncryptionMethod(encryptionMethod);
            edElement.CipherData.CipherValue = encryptedElement;
            EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);