public void CRL()
{
KeyInfoX509Data data1 = new KeyInfoX509Data();
data1.CRL = x509crl;
XmlElement xel = data1.GetXml();
KeyInfoX509Data data2 = new KeyInfoX509Data();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
Assert.Equal(data1.CRL, data2.CRL);
}
public ActionResult FederationMetadata()
{
X509Certificate cert = CustomSecurityTokenService.GetCertificate();
KeyInfoX509Data kid = new KeyInfoX509Data(cert, X509IncludeOption.WholeChain);
var xml = kid.GetXml();
string theKey = xml.InnerText;
Uri uri = HttpContext.Request.Url;
string adfsRoot = ConfigurationManager.AppSettings["FakeAdfsAt"];
string url = $"{adfsRoot}/FederatedLogin/";
string serviceDisplayName = "FakeADFS";
StringBuilder ret = new StringBuilder();
ret.Append($"<EntityDescriptor ID=\"_F38DBA4E-2F47-458D-BF6F-8A7EFB7C790A\" entityID=\"{url}\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\">");
ret.Append($"<RoleDescriptor xsi:type=\"fed:SecurityTokenServiceType\" protocolSupportEnumeration=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706\" ServiceDisplayName=\"{serviceDisplayName}\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:fed=\"http://docs.oasis-open.org/wsfed/federation/200706\">");
ret.Append($"<KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>{theKey}</X509Certificate></X509Data></KeyInfo></KeyDescriptor>");
ret.Append($"<fed:TokenTypesOffered><fed:TokenType Uri=\"urn:oasis:names:tc:SAML:1.0:assertion\" /></fed:TokenTypesOffered>");
ret.Append($"<fed:PassiveRequestorEndpoint><EndpointReference xmlns=\"http://www.w3.org/2005/08/addressing\"><Address>{url}</Address></EndpointReference></fed:PassiveRequestorEndpoint>");
ret.Append("</RoleDescriptor>");
ret.Append("</EntityDescriptor>");
return(Content(ret.ToString()));
}
public void WriteXml(XmlWriter w)
{
if (data != null)
{
data.GetXml().WriteTo(w);
}
}
static void Test7() //negative LoadXml test
{
try
{
data = new KeyInfoX509Data();
data.LoadXml(data.GetXml());
rv = false;
}
catch (CryptographicException ce)
{
Console.WriteLine(ce.ToString());
rv = true;
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
rv = false;
}
try
{
data = new KeyInfoX509Data();
data.LoadXml(null);
rv = false;
}
catch
{
rv = true;
}
}
public void Complex()
{
KeyInfoX509Data data1 = new KeyInfoX509Data(cert);
KeyInfoX509Data data2 = new KeyInfoX509Data();
XmlElement xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
byte[] c = (data1.Certificates[0] as X509Certificate).GetEncoded();
AssertCrypto.AssertEquals("Certificate[0]", cert, c);
X509Certificate x509 = new X509CertificateParser().ReadCertificate(cert2);
data1.AddCertificate(x509);
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
c = (data1.Certificates[1] as X509Certificate).GetEncoded();
Assert.Equal(cert2, c);
x509 = new X509CertificateParser().ReadCertificate(cert3);
data1.AddIssuerSerial(x509.IssuerDN.ToString(), x509.SerialNumber.ToString());
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
data1.AddSubjectKeyId(skid);
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
Assert.Equal(skid, (byte[])data1.SubjectKeyIds[0]);
data1.AddSubjectName(x509.SubjectDN.ToString());
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
string s = (string)data1.SubjectNames[0];
Assert.Equal(x509.SubjectDN.ToString(), s);
}
public void Complex()
{
KeyInfoX509Data data1 = new KeyInfoX509Data(cert);
KeyInfoX509Data data2 = new KeyInfoX509Data();
XmlElement xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
AssertCrypto.AssertEquals("Certificate[0]", cert, c);
// add a second X.509 certificate
X509Certificate x509 = new X509Certificate(cert2);
data1.AddCertificate(x509);
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
c = (data1.Certificates[1] as X509Certificate).GetRawCertData();
Assert.Equal(cert2, c);
// add properties from a third X.509 certificate
x509 = new X509Certificate(cert3);
data1.AddIssuerSerial(x509.Issuer, x509.GetSerialNumberString());
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
// TODO: The type of IssuerSerial isn't documented
// X509Certificate doesn't export SubjectKeyId so we must improvise
byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
data1.AddSubjectKeyId(skid);
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
Assert.Equal(skid, (byte[])data1.SubjectKeyIds[0]);
data1.AddSubjectName(x509.Subject);
xel = data1.GetXml();
data2.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
string s = (string)data1.SubjectNames[0];
Assert.Equal(x509.Subject, s);
}
public void Constructor_X509Certificate()
{
KeyInfoX509Data data1 = new KeyInfoX509Data();
KeyInfoX509Data data2 = new KeyInfoX509Data(cert);
XmlElement xel = data2.GetXml();
string s = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Certificate>MIIJuTCCCSKgAwIBAgIQIAs1Xs7EsGO33sY0uXA0RDANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYwODIxMDAwMDAwWhcNOTcwODIwMjM1OTU5WjCCAQoxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxFjAUBgNVBAMTDURhdmlkIFQuIEdyYXkxHjAcBgkqhkiG9w0BCQEWD2RhdmlkQGZvcm1hbC5pZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFgQei6w+4//j4HO4y/78SNWr5a8i+L/s+rwRRSqzdECmozUBbZh6Y7/JMd/qPhtEhZ5JESsSJyYPPiJ9v4jI1AgMBAAGjggcIMIIHBDAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogV";
s += "GhlIENvbW1vbiBOYW1lIGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBWZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuIFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRoZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhlIFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBMSU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklDVExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RBVEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJRUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVSQ0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQgV0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENFUlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJhdGUgaW5mb3JtYXRpb24gdmFsaWRhdGVkIApieSB0aGUgSUEuMA0GCSqGSIb3DQEBBAUAA4GBACs9RMcyWa7xX48/h+M+64Ew+KmW2wFCCwTvNwI/1CBhWMRKOjmz+9n4pcReM1oO+pNWL2/WYaKvpQwd4kFl80B1ZoPSWrS3VguODaEzE31Jw7EAaIN/tWbUMjL+i5pa1gFyMV2FkbyTm2VgJcYfvN1pRGLCsm9Gqy8gpW/aSGyc</X509Certificate></X509Data>";
Assert.Equal(s, (data2.GetXml().OuterXml));
data1.LoadXml(xel);
Assert.Equal((data1.GetXml().OuterXml), (data2.GetXml().OuterXml));
X509Certificate x509 = new X509Certificate(cert);
KeyInfoX509Data data3 = new KeyInfoX509Data(x509);
Assert.Equal((data2.GetXml().OuterXml), (data3.GetXml().OuterXml));
}
public void Constructor_Empty()
{
KeyInfoX509Data data = new KeyInfoX509Data();
Assert.Null(data.Certificates);
Assert.Null(data.CRL);
Assert.Null(data.IssuerSerials);
Assert.Null(data.SubjectKeyIds);
Assert.Null(data.SubjectNames);
Assert.Equal(data.GetXml().OuterXml, "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\" />");
}
public string Sign(string xmlDocument, RSA rsaKey)
{
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
var xml = new XmlDocument {
PreserveWhitespace = true
};
xml.LoadXml(xmlDocument);
if (xml.DocumentElement == null)
{
throw new CryptographicException($"The xml you are trying to Sign is invalid. \n {xmlDocument}");
}
var signedXml = new SignedXml(xml)
{
SigningKey = rsaKey
};
//signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
var dataObject = new DataObject(Guid.NewGuid().ToString(), "", "", xml.DocumentElement);
signedXml.AddObject(dataObject);
var x509Data = new KeyInfoX509Data();
var x509Certificate2 = new X509Certificate2("NPPAutomationClient.pem");
if (x509Certificate2.SerialNumber == null)
{
throw new CryptographicException("The X509Certificate you are trying to use is invalid. The Serial number is null.");
}
var keyInfo = new KeyInfo();
var keyInfoX509Data = new KeyInfoX509Data();
keyInfoX509Data.AddIssuerSerial(x509Certificate2.Issuer, x509Certificate2.SerialNumber);
keyInfoX509Data.AddCertificate(x509Certificate2);
keyInfo.AddClause(keyInfoX509Data);
keyInfo.LoadXml(x509Data.GetXml());
var reference = new Reference
{
Uri = $"#{dataObject.Id}",
DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"
};
var env = new XmlDsigC14NTransform();
reference.AddTransform(env);
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
//xml.DocumentElement?.AppendChild(xml.ImportNode(xmlDigitalSignature, true));
return(xml.ImportNode(xmlDigitalSignature, true).OuterXml);
}
public void AddSubjectKeyId_Byte_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddSubjectKeyId((byte[])null);
Assert.Null(data.Certificates);
Assert.Null(data.GetCRL());
Assert.Null(data.IssuerSerials);
Assert.Equal(1, data.SubjectKeyIds.Count);
Assert.Null(data.SubjectNames);
Assert.Throws <ArgumentNullException>(() => data.GetXml().OuterXml);
}
static void Test6() //Xml roundtrip
{
int i = 0;
data = new KeyInfoX509Data();
//add certs
data.AddCertificate(TestCert);
data.AddCertificate(EndCert);
//add subject name
data.AddSubjectName(TestCert.SubjectName.Name);
data.AddSubjectName(EndCert.SubjectName.Name);
//add subject keys
data.AddSubjectKeyId(new byte[] { 1, 2, 3, 4, 5, 6 });
data.AddSubjectKeyId(new byte[] { 7, 8, 9, 10, 11, 12 });
//add issuer serials
data.AddIssuerSerial(TestCert.IssuerName.Name, TestCert.SerialNumber);
data.AddIssuerSerial(EndCert.IssuerName.Name, EndCert.SerialNumber);
//add the crl
byte[] b = { 100, 101, 102, 104 };
data.CRL = b;
KeyInfoX509Data rt = new KeyInfoX509Data();
rt.LoadXml(data.GetXml());
for (i = 0; i < rt.CRL.Length; i++)
{
rv = rt.CRL[i] == data.CRL[i];
}
for (i = 0; i < rt.Certificates.Count; i++)
{
rv = rt.Certificates[i].ToString() == data.Certificates[i].ToString();
}
for (i = 0; i < rt.SubjectKeyIds.Count; i++)
{
rv = rt.SubjectKeyIds[i].ToString() == data.SubjectKeyIds[i].ToString();
}
for (i = 0; i < rt.SubjectNames.Count; i++)
{
rv = rt.SubjectNames[i].ToString() == data.SubjectNames[i].ToString();
}
}
public void AddSubjectKeyId_Byte_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddSubjectKeyId((byte[])null);
Assert.Null(data.Certificates);
Assert.Null(data.CRL);
Assert.Null(data.IssuerSerials);
Assert.Equal(1, data.SubjectKeyIds.Count);
Assert.Null(data.SubjectNames);
//Comment from https://github.com/peterwurzinger
//TODO: This is senseless, since GetXml() will call Convert.ToBase64String(null), what will throw an exception not related to the Crypto-XML-API
//Assert.Equal("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\" />", data.GetXml ().OuterXml); // May throw an exception
Assert.Throws <ArgumentNullException>(() => data.GetXml().OuterXml);
}
public override XmlElement GetXml()
{
XmlElement element = m_doc.CreateElement("wsse", "SecurityTokenReference", CustomSignedXml.xmlOasisWSSSecurityExtUrl);
XmlAttribute idAttrib = m_doc.CreateAttribute("wsu", "Id", CustomSignedXml.xmlOasisWSSSecurityUtilUrl);
idAttrib.Value = m_id;
element.Attributes.Append(idAttrib);
// Get the Key Info, that should be inside STR
XmlElement key509 = m_keyX509Data.GetXml(); // It may be good that we were able to use GetXml(doc)
XmlDsigDocument.SetPrefix(XmlDsigDocument.XmlDsigNamespacePrefix, key509);
XmlElement x509DataElement = m_doc.CreateElement(XmlDsigDocument.XmlDsigNamespacePrefix, "X509Data", SignedXml.XmlDsigNamespaceUrl);
x509DataElement.InnerXml = key509.InnerXml;
element.AppendChild(x509DataElement);
return(element);
}
public void ImportX509Data()
{
string simple = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Certificate>MIIJuTCCCSKgAwIBAgIQIAs1Xs7EsGO33sY0uXA0RDANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYwODIxMDAwMDAwWhcNOTcwODIwMjM1OTU5WjCCAQoxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxFjAUBgNVBAMTDURhdmlkIFQuIEdyYXkxHjAcBgkqhkiG9w0BCQEWD2RhdmlkQGZvcm1hbC5pZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFgQei6w+4//j4HO4y/78SNWr5a8i+L/s+rwRRSqzdECmozUBbZh6Y7/JMd/qPhtEhZ5JESsSJyYPPiJ9v4jI1AgMBAAGjggcIMIIHBDAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogV";
simple += "GhlIENvbW1vbiBOYW1lIGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBWZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuIFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRoZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhlIFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBMSU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklDVExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RBVEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJRUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVSQ0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQgV0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENFUlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJhdGUgaW5mb3JtYXRpb24gdmFsaWRhdGVkIApieSB0aGUgSUEuMA0GCSqGSIb3DQEBBAUAA4GBACs9RMcyWa7xX48/h+M+64Ew+KmW2wFCCwTvNwI/1CBhWMRKOjmz+9n4pcReM1oO+pNWL2/WYaKvpQwd4kFl80B1ZoPSWrS3VguODaEzE31Jw7EAaIN/tWbUMjL+i5pa1gFyMV2FkbyTm2VgJcYfvN1pRGLCsm9Gqy8gpW/aSGyc</X509Certificate></X509Data>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(simple);
KeyInfoX509Data data1 = new KeyInfoX509Data();
data1.LoadXml(doc.DocumentElement);
// verify that proper XML is generated (equals to original)
string s = (data1.GetXml().OuterXml);
Assert.Equal(simple, s);
// verify that property is parsed correctly
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
Assert.Equal(cert, c);
string complex = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509IssuerSerial><X509IssuerName>C=US, O=U.S. Government, OU=DoD, CN=Armed Forces Root</X509IssuerName><X509SerialNumber>03</X509SerialNumber></X509IssuerSerial><X509SKI>3q3A3g==</X509SKI><X509SubjectName>C=US, O=U.S. Government, OU=DoD, CN=Armed Forces Root</X509SubjectName><X509Certificate>MIIJuTCCCSKgAwIBAgIQIAs1Xs7EsGO33sY0uXA0RDANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYwODIxMDAwMDAwWhcNOTcwODIwMjM1OTU5WjCCAQoxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxFjAUBgNVBAMTDURhdmlkIFQuIEdyYXkxHjAcBgkqhkiG9w0BCQEWD2RhdmlkQGZvcm1hbC5pZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFgQei6w+4//j4HO4y/78SNWr5a8i+L/s+rwRRSqzdECmozUBbZh6Y7/JMd/qPhtEhZ5JESsSJyYPPiJ9v4jI1AgMBAAGjggcIMIIHBDAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELq";
complex += "AOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogVGhlIENvbW1vbiBOYW1lIGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBWZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuIFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRoZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhlIFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBMSU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklDVExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RBVEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJRUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVSQ0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQgV0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENFUlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJhdGUgaW5mb3JtYXRpb24gdmF";
complex += "saWRhdGVkIApieSB0aGUgSUEuMA0GCSqGSIb3DQEBBAUAA4GBACs9RMcyWa7xX48/h+M+64Ew+KmW2wFCCwTvNwI/1CBhWMRKOjmz+9n4pcReM1oO+pNWL2/WYaKvpQwd4kFl80B1ZoPSWrS3VguODaEzE31Jw7EAaIN/tWbUMjL+i5pa1gFyMV2FkbyTm2VgJcYfvN1pRGLCsm9Gqy8gpW/aSGyc</X509Certificate><X509Certificate>MIICHTCCAYYCARQwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCQ0ExHzAdBgNVBAMTFktleXdpdG5lc3MgQ2FuYWRhIEluYy4xKDAmBgorBgEEASoCCwIBExhrZXl3aXRuZXNzQGtleXdpdG5lc3MuY2EwHhcNOTYwNTA3MDAwMDAwWhcNOTkwNTA3MDAwMDAwWjBYMQswCQYDVQQGEwJDQTEfMB0GA1UEAxMWS2V5d2l0bmVzcyBDYW5hZGEgSW5jLjEoMCYGCisGAQQBKgILAgETGGtleXdpdG5lc3NAa2V5d2l0bmVzcy5jYTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAzSP6KuHtmPTp0JM+13qAAkzMwQKvXLYff/pXQm8w0SDFtSEHQCyphsLzZISuPYUu7YW9VLAYKO9q+BvnCxYfkyVPx/iOw7nKmIQOVdAv73h3xXIoX2C/GSvRcqK32D/glzRaAb0EnMh4Rc2TjRXydhARq7hbLp5S3YE+nGTIKZMCAQMwDQYJKoZIhvcNAQEEBQADgYEAMho1ur9DJ9a01Lh25eObTWzAhsl3NbprFi0TRkqwMlOhW1rpmeIMhogXTg3+gqxOR+/7/zms7jXI+lI3CkmtWa3iiqkcxl8f+G9zfs2gMegMvvVN2bKrihK2MHhoEXwN8UlNo/2y6f8d8JH6VIX/M5Dowb+km6RiRr1hElmYQYk=</X509Certificate></X509Data>";
doc.LoadXml(complex);
KeyInfoX509Data data2 = new KeyInfoX509Data();
data2.LoadXml(doc.DocumentElement);
s = (data2.GetXml().OuterXml);
Assert.Equal(complex, s);
string crl = "<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509CRL>HoIBBTByAgEBMAsGCSqGSIb3DQEBBTBRMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxGjAYBgNVBAMTEUFybWVkIEZvcmNlcyBSb290Fw0wMjEwMTExMzEyNTBaMAsGCSqGSIb3DQEBBQOBgQB9otEZbQ8Py+SjvuA2CvNMm6/mT/bjr89V88bbq0wWMqpzrczcMjNg34vMk7VPauxwU6/PBw+gzWasAFfGXF0hsb0wiY53jdRpfsA2ftLYIHEIgNLLdIvYQhcEmYCkUnAuwOOMC/95t0V33MXPQ5iRffEB91PXxlE18InMwf/iiQ==</X509CRL></X509Data>";
doc.LoadXml(crl);
KeyInfoX509Data data3 = new KeyInfoX509Data();
data3.LoadXml(doc.DocumentElement);
s = (data3.GetXml().OuterXml);
Assert.Equal(crl, s);
}
public void Constructor_X509Certificate_X509IncludeOptionBad()
{
KeyInfoX509Data data = new KeyInfoX509Data(new X509Certificate(cert), (X509IncludeOption)Int32.MinValue);
Assert.Null(data.Certificates);
Assert.Null(data.CRL);
Assert.Null(data.IssuerSerials);
Assert.Null(data.SubjectKeyIds);
Assert.Null(data.SubjectNames);
Assert.Equal("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\" />", data.GetXml().OuterXml);
}
public void AddSubjectName_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddSubjectName(null);
Assert.IsNull(data.Certificates, "Certificates");
Assert.IsNull(data.CRL, "Certificates");
Assert.IsNull(data.IssuerSerials, "IssuerSerials");
Assert.IsNull(data.SubjectKeyIds, "SubjectKeyIds");
Assert.AreEqual(1, data.SubjectNames.Count, "SubjectNames");
Assert.IsNull(data.SubjectNames[0], "SubjectNames[0]");
Assert.AreEqual("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509SubjectName></X509SubjectName></X509Data>", data.GetXml().OuterXml, "XML");
}
public void Serialize(XmlWriter writer,
X509Certificate2 signingKey,
string id,
string issuerName,
string samlUrl,
string wsFedUrl)
{
if (writer == null)
{
throw new ArgumentNullException(nameof(writer));
}
if (string.IsNullOrWhiteSpace(id))
{
throw new ArgumentNullException(nameof(id));
}
if (string.IsNullOrWhiteSpace(issuerName))
{
throw new ArgumentNullException(nameof(issuerName));
}
if (string.IsNullOrWhiteSpace(samlUrl))
{
throw new ArgumentNullException(nameof(samlUrl));
}
if (string.IsNullOrWhiteSpace(wsFedUrl))
{
throw new ArgumentNullException(nameof(wsFedUrl));
}
var keyInfo = new KeyInfoX509Data(signingKey);
keyInfo.AddIssuerSerial(signingKey.IssuerName.Name, signingKey.SerialNumber);
keyInfo.AddSubjectName(signingKey.SubjectName.Name);
var keyInfoXml = keyInfo.GetXml().OuterXml;
writer.WriteStartElement("EntityDescriptor", Saml20Namespace);
writer.WriteAttributeString("ID", id);
writer.WriteAttributeString("entityID", issuerName);
//IDPSSODescriptor
writer.WriteStartElement("IDPSSODescriptor", Saml20Namespace);
writer.WriteAttributeString("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");
//KeyDescriptor
writer.WriteStartElement("KeyDescriptor", Saml20Namespace);
writer.WriteAttributeString("use", "signing");
writer.WriteStartElement("KeyInfo", XmlDSigNamespace);
writer.WriteRaw(keyInfoXml);
writer.WriteEndElement();
writer.WriteEndElement();
//SingleLogoutService
writer.WriteStartElement("SingleLogoutService", Saml20Namespace);
writer.WriteAttributeString("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.WriteAttributeString("Location", samlUrl);
writer.WriteEndElement();
//SingleSignOnService
writer.WriteStartElement("SingleSignOnService", Saml20Namespace);
writer.WriteAttributeString("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.WriteAttributeString("Location", samlUrl);
writer.WriteEndElement();
writer.WriteEndElement();
//RoleDescriptor
WriteRoleDescriptor(writer, issuerName, wsFedUrl, keyInfoXml, "SecurityTokenServiceType");
//RoleDescriptor
WriteRoleDescriptor(writer, issuerName, wsFedUrl, keyInfoXml, "ApplicationServiceType");
writer.WriteEndElement();
}
static void Test6() //Xml roundtrip
{
int i = 0 ;
data = new KeyInfoX509Data() ;
//add certs
data.AddCertificate( TestCert ) ;
data.AddCertificate( EndCert ) ;
//add subject name
data.AddSubjectName( TestCert.SubjectName.Name ) ;
data.AddSubjectName( EndCert.SubjectName.Name ) ;
//add subject keys
data.AddSubjectKeyId( new byte[]{1,2,3,4,5,6} ) ;
data.AddSubjectKeyId( new byte[]{7,8,9,10,11,12} ) ;
//add issuer serials
data.AddIssuerSerial( TestCert.IssuerName.Name , TestCert.SerialNumber ) ;
data.AddIssuerSerial( EndCert.IssuerName.Name , EndCert.SerialNumber ) ;
//add the crl
byte[] b = { 100, 101 , 102 , 104 } ;
data.CRL = b ;
KeyInfoX509Data rt = new KeyInfoX509Data() ;
rt.LoadXml( data.GetXml() ) ;
for( i = 0 ; i < rt.CRL.Length ; i++ )
{
rv = rt.CRL[i] == data.CRL[i] ;
}
for( i = 0 ; i < rt.Certificates.Count ; i++ )
{
rv = rt.Certificates[i].ToString() == data.Certificates[i].ToString() ;
}
for( i = 0 ; i < rt.SubjectKeyIds.Count ; i++ )
{
rv = rt.SubjectKeyIds[i].ToString() == data.SubjectKeyIds[i].ToString() ;
}
for( i = 0 ; i < rt.SubjectNames.Count ; i++ )
{
rv = rt.SubjectNames[i].ToString() == data.SubjectNames[i].ToString() ;
}
}
static void Test7() //negative LoadXml test
{
try
{
data = new KeyInfoX509Data() ;
data.LoadXml( data.GetXml() ) ;
rv = false ;
}
catch( CryptographicException ce )
{
Console.WriteLine( ce.ToString() ) ;
rv = true ;
}
catch( Exception e )
{
Console.WriteLine( e.ToString() ) ;
rv = false ;
}
try
{
data = new KeyInfoX509Data() ;
data.LoadXml( null ) ;
rv = false ;
}
catch
{
rv = true ;
}
}
public void AddSubjectName_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddSubjectName(null);
Assert.Null(data.Certificates);
Assert.Null(data.CRL);
Assert.Null(data.IssuerSerials);
Assert.Null(data.SubjectKeyIds);
Assert.Equal(1, data.SubjectNames.Count);
Assert.Null(data.SubjectNames[0]);
Assert.Equal("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509SubjectName></X509SubjectName></X509Data>", data.GetXml().OuterXml);
}
