private void SignObject(XmlNode nodes, object rps) { SignatureType sign = new SignatureType(); //Grupo: Signature->SignedInfo sign.SignedInfo = new SignedInfoType(); sign.SignedInfo.CanonicalizationMethod = new CanonicalizationMethodType(); // <- Elemento foreach sign.SignedInfo.SignatureMethod = new SignatureMethodType(); // <- Elemento foreach // Grupo: Signature->SignedInfo->Reference sign.SignedInfo.Reference = new ReferenceType[1]; ReferenceType referenceType = new ReferenceType(); // <- Elemento foreach referenceType.DigestMethod = new DigestMethodType(); sign.SignedInfo.Reference[0] = referenceType; // Grupo: Signature->SignedInfo->Reference->Transforms sign.SignedInfo.Reference[0].Transforms = new TransformType[CountElements(nodes, "Transform")]; // <- Elemento foreach //Tag: Signature->SignatureValue sign.SignatureValue = new SignatureValueType(); // <- Elemento foreach //Grupo: Signature->KeyInfo sign.KeyInfo = new KeyInfoType(); X509DataType x509 = new X509DataType(); x509.Items = new object[1]; // <- Elemento foreach x509.ItemsElementName = new ItemsChoiceType1[1] { ItemsChoiceType1.X509Certificate }; sign.KeyInfo.Items = new object[1]; sign.KeyInfo.Items[0] = x509; sign.KeyInfo.ItemsElementName = new ItemsChoiceType2[1] { ItemsChoiceType2.X509Data }; PopulateSignature(sign, referenceType, x509, nodes); SetProperty(rps, "Signature", sign); }
public VerifyResponse ValidateCertificate(X509Certificate2 certificate, bool includeDetails, bool returnReadableCertificateInfo) { if (certificate == null) { throw new ArgumentNullException("certificate", "El valor no puede ser nulo."); } List <XmlElement> optionalInputs = new List <XmlElement>(); ReturnVerificationReport verificationReport = new ReturnVerificationReport(); verificationReport.CheckOptions = new CheckOptionsType(); verificationReport.CheckOptions.CheckCertificateStatus = true; verificationReport.ReportOptions = new ReportOptionsType(); if (includeDetails) { verificationReport.ReportOptions.ReportDetailLevel = "urn:oasis:names:tc:dss:1.0:reportdetail:allDetails"; } else { verificationReport.ReportOptions.ReportDetailLevel = "urn:oasis:names:tc:dss:1.0:reportdetail:noDetails"; } optionalInputs.Add(GetXmlElement(verificationReport)); if (returnReadableCertificateInfo) { optionalInputs.Add(GetXmlElement("<afxp:ReturnReadableCertificateInfo xmlns:afxp=\"urn:afirma:dss:1.0:profile:XSS:schema\"/>")); } X509DataType x509Data = new X509DataType(); x509Data.Items = new object[] { new X509Cert(certificate.GetRawCertData()) }; x509Data.ItemsElementName = new ItemsChoiceType[] { ItemsChoiceType.X509Certificate }; SignatureObject signatureObject = new SignatureObject(); signatureObject.Item = new AnyType() { Any = new XmlElement[] { GetXmlElement(x509Data) } }; VerifyRequest request = BuildRequest(null, signatureObject, optionalInputs.ToArray()); DSSAfirmaVerifyCertificateService ds = new DSSAfirmaVerifyCertificateService(_identity, _serverCert); string result = ds.verify(GetXmlElement(request).OuterXml); VerifyResponse response = DeserializeXml <VerifyResponse>(result); if (!ResultType.Success.Equals(response.Result.ResultMajor)) { throw new AfirmaResultException(response.Result.ResultMajor, response.Result.ResultMinor, response.Result.ResultMessage.Value); } return(response); }
public void xr_X509DataType() { Console.Out.WriteLine("serialization xr_X509DataType"); X509DataType r = new X509DataType(); XmlSerializer xr = new XmlSerializer(typeof(X509DataType)); StringWriter sw = new StringWriter(); xr.Serialize(sw, r); System.Console.Out.WriteLine(sw.ToString()); }
static FLMRequiredExtensionsType BuildFlmRequiredExtention(X509Certificate2 x509Certificate2) { FLMRequiredExtensionsType flmRequiredExtention = new FLMRequiredExtensionsType(); flmRequiredExtention.FacilityInfo = new FLMRequiredExtensionsTypeFacilityInfo(); flmRequiredExtention.FacilityInfo.AnnotationText = new UserTextType(); flmRequiredExtention.FacilityInfo.AnnotationText.language = "en-us"; flmRequiredExtention.FacilityInfo.AnnotationText.Value = "Example Facility List Message"; flmRequiredExtention.FacilityInfo.FacilityName = new UserTextType(); flmRequiredExtention.FacilityInfo.FacilityName.Value = "urn:x-facilityID:dcipllc.com:000000"; flmRequiredExtention.FacilityInfo.UTCOffset = new UTCOffsetType(); flmRequiredExtention.FacilityInfo.UTCOffset.Offset = "-05:00"; flmRequiredExtention.SecurityDeviceList = new SecurityDeviceListType(); CombinedType securityDevice = new CombinedType(); securityDevice.KeyInfo = new KeyInfoType(); securityDevice.KeyInfo.ItemsElementName = new ItemsChoiceType3[2]; securityDevice.KeyInfo.ItemsElementName[0] = ItemsChoiceType3.KeyName; securityDevice.KeyInfo.ItemsElementName[1] = ItemsChoiceType3.X509Data; securityDevice.KeyInfo.Items = new object[2]; securityDevice.KeyInfo.Items[0] = x509Certificate2.IssuerName.Name; X509DataType x509Data = new X509DataType(); x509Data.ItemsElementName = new ItemsChoiceType1[1]; x509Data.ItemsElementName[0] = ItemsChoiceType1.X509Certificate; x509Data.Items = new object[1]; x509Data.Items[0] = x509Certificate2.RawData; securityDevice.KeyInfo.Items[1] = x509Data; securityDevice.DeviceDescription = new deviceDescriptionType(); securityDevice.DeviceDescription.DeviceIdentifier = new deviceIdentifierPolyType(); securityDevice.DeviceDescription.DeviceIdentifier.idtype = new deviceIdentifierPolyTypeIdtype(); securityDevice.DeviceDescription.DeviceIdentifier.idtype = deviceIdentifierPolyTypeIdtype.DeviceUID; securityDevice.DeviceDescription.DeviceIdentifier.Value = "urn:uid:" + Guid.Empty; securityDevice.DeviceDescription.DeviceTypeID = new deviceTypeType(); securityDevice.DeviceDescription.DeviceTypeID.scope = "http://www.dcipllc.com/schemas/430-7/2009/FLM#deviceTypes"; securityDevice.DeviceDescription.DeviceTypeID.Value = "SMS"; securityDevice.DeviceDescription.DeviceSerial = "000000"; securityDevice.DeviceDescription.ManufacturerName = "Doremi"; securityDevice.DeviceDescription.ModelNumber = "DCP0000"; securityDevice.DeviceDescription.DeviceComment = new UserTextType(); securityDevice.DeviceDescription.DeviceComment.Value = "Not a Real Device"; flmRequiredExtention.SecurityDeviceList.Items = new CertOnlyType[1]; flmRequiredExtention.SecurityDeviceList.Items[0] = securityDevice; return(flmRequiredExtention); }
private void PopulateSignature(SignatureType sign, ReferenceType referenceType, X509DataType x509, XmlNode nodes) { int transformCount = 0; foreach (XmlNode item in nodes.ChildNodes) { if (item.Name.Equals("CanonicalizationMethod")) { sign.SignedInfo.CanonicalizationMethod.Algorithm = item.Attributes["Algorithm"].Value; } if (item.Name.Equals("SignatureMethod")) { sign.SignedInfo.SignatureMethod.Algorithm = item.Attributes["Algorithm"].Value; } if (item.Name.Equals("Reference")) { referenceType.URI = item.Attributes["URI"].Value; } if (item.Name.Equals("Transform")) { TransformType transformType = new TransformType(); transformType.Algorithm = item.Attributes["Algorithm"].Value; sign.SignedInfo.Reference[0].Transforms[transformCount] = transformType; transformCount += 1; } if (item.Name.Equals("DigestMethod")) { referenceType.DigestMethod.Algorithm = item.Attributes["Algorithm"].Value; } if (item.Name.Equals("DigestValue")) { referenceType.DigestValue = GetBytes(item.InnerText); } if (item.Name.Equals("SignatureValue")) { sign.SignatureValue.Value = GetBytes(item.InnerText); } if (item.Name.Equals("X509Certificate")) { x509.Items[0] = GetBytes(item.InnerText); } if (item.HasChildNodes) { PopulateSignature(sign, referenceType, x509, item); } } }
private void SignObject(XmlDocument doc, object rps) { XmlNodeList nodes = doc.GetElementsByTagName("Signature"); if (nodes.Count > 0) { SignatureType sign = new SignatureType(); //Grupo: Signature->SignedInfo sign.SignedInfo = new SignedInfoType(); sign.SignedInfo.CanonicalizationMethod = new CanonicalizationMethodType(); sign.SignedInfo.CanonicalizationMethod.Algorithm = doc.GetElementsByTagName("CanonicalizationMethod")[0].Attributes[0].Value; // Tag: CanonicalizationMethod sign.SignedInfo.SignatureMethod = new SignatureMethodType(); sign.SignedInfo.SignatureMethod.Algorithm = doc.GetElementsByTagName("SignatureMethod")[0].Attributes[0].Value; // Tag: SignatureMethod // Grupo: Signature->SignedInfo->Reference sign.SignedInfo.Reference = new ReferenceType[1]; ReferenceType teste = new ReferenceType(); teste.URI = doc.GetElementsByTagName("Reference")[0].Attributes[0].Value; teste.DigestMethod = new DigestMethodType(); teste.DigestMethod.Algorithm = doc.GetElementsByTagName("DigestMethod")[0].Attributes[0].Value; teste.DigestValue = GetBytes(doc.GetElementsByTagName("DigestValue")[0].InnerText); sign.SignedInfo.Reference[0] = teste; // Grupo: Signature->SignedInfo->Reference->Transforms XmlNodeList transforms = doc.GetElementsByTagName("Transform"); sign.SignedInfo.Reference[0].Transforms = new TransformType[transforms.Count]; int run = 0; foreach (XmlNode item in transforms) { TransformType qq = new TransformType(); qq.Algorithm = item.Attributes[0].Value; sign.SignedInfo.Reference[0].Transforms[run] = qq; run += 1; } //Tag: Signature->SignatureValue sign.SignatureValue = new SignatureValueType(); sign.SignatureValue.Value = GetBytes(doc.GetElementsByTagName("SignatureValue")[0].InnerText); //Grupo: Signature->KeyInfo sign.KeyInfo = new KeyInfoType(); X509DataType x509 = new X509DataType(); x509.Items = new object[1]; x509.Items[0] = GetBytes(doc.GetElementsByTagName("X509Certificate")[0].InnerText); x509.ItemsElementName = new ItemsChoiceType1[1] { ItemsChoiceType1.X509Certificate }; sign.KeyInfo.Items = new object[1]; sign.KeyInfo.Items[0] = x509; sign.KeyInfo.ItemsElementName = new ItemsChoiceType2[1] { ItemsChoiceType2.X509Data }; SetProperty(rps, "Signature", sign); } }
/* * Validation */ private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain, bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls, RevocationValuesType revocationValues, TimeStampToken timeStampToken, EncapsulatedPKIDataType[] attributeCertificates) { // setup the client setupClient(); // validate ValidateRequestType validateRequest = new ValidateRequestType(); QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType(); KeyInfoType keyInfo = new KeyInfoType(); X509DataType x509Data = new X509DataType(); x509Data.Items = new object[certificateChain.Count]; x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count]; int idx = 0; foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain) { x509Data.Items[idx] = certificate.GetEncoded(); x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate; idx++; } keyInfo.Items = new object[] { x509Data }; keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data }; queryKeyBinding.KeyInfo = keyInfo; validateRequest.QueryKeyBinding = queryKeyBinding; /* * Set optional trust domain */ if (null != trustDomain) { UseKeyWithType useKeyWith = new UseKeyWithType(); useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI; useKeyWith.Identifier = trustDomain; queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith }; } /* * Add timestamp token for TSA validation */ if (null != timeStampToken) { addTimeStampToken(validateRequest, timeStampToken); } /* * Add attribute certificates */ if (null != attributeCertificates) { addAttributeCertificates(validateRequest, attributeCertificates); } /* * Set if used revocation data should be returned or not */ if (returnRevocationData) { validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI }; } /* * Historical validation, add the revocation data to the request */ if (!validationDate.Equals(DateTime.MinValue)) { TimeInstantType timeInstant = new TimeInstantType(); timeInstant.Time = validationDate; queryKeyBinding.TimeInstant = timeInstant; addRevocationData(validateRequest, ocspResponses, crls, revocationValues); } /* * Validate */ ValidateResultType validateResult = client.Validate(validateRequest); /* * Check result */ checkResponse(validateResult); /* * Set the optionally requested revocation data */ if (returnRevocationData) { foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension) { if (messageExtension is RevocationDataMessageExtensionType) { this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues; } } if (null == this.revocationValues) { throw new RevocationDataNotFoundException(); } } /* * Store reason URIs */ foreach (KeyBindingType keyBinding in validateResult.KeyBinding) { if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue)) { return; } foreach (string reason in keyBinding.Status.InvalidReason) { this.invalidReasonURIs.AddLast(reason); } throw new ValidationFailedException(this.invalidReasonURIs); } }
/* * Validation */ private void validate(List <Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain, bool returnRevocationData, DateTime validationDate, List <OcspResp> ocspResponses, List <X509Crl> crls, RevocationValuesType revocationValues, TimeStampToken timeStampToken, EncapsulatedPKIDataType[] attributeCertificates) { // setup the client setupClient(); // validate ValidateRequestType validateRequest = new ValidateRequestType(); QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType(); KeyInfoType keyInfo = new KeyInfoType(); X509DataType x509Data = new X509DataType(); x509Data.Items = new object[certificateChain.Count]; x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count]; int idx = 0; foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain) { x509Data.Items[idx] = certificate.GetEncoded(); x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate; idx++; } keyInfo.Items = new object[] { x509Data }; keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data }; queryKeyBinding.KeyInfo = keyInfo; validateRequest.QueryKeyBinding = queryKeyBinding; /* * Set optional trust domain */ if (null != trustDomain) { UseKeyWithType useKeyWith = new UseKeyWithType(); useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI; useKeyWith.Identifier = trustDomain; queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith }; } /* * Add timestamp token for TSA validation */ if (null != timeStampToken) { addTimeStampToken(validateRequest, timeStampToken); } /* * Add attribute certificates */ if (null != attributeCertificates) { addAttributeCertificates(validateRequest, attributeCertificates); } /* * Set if used revocation data should be returned or not */ if (returnRevocationData) { validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI }; } /* * Historical validation, add the revocation data to the request */ if (!validationDate.Equals(DateTime.MinValue)) { TimeInstantType timeInstant = new TimeInstantType(); timeInstant.Time = validationDate; queryKeyBinding.TimeInstant = timeInstant; addRevocationData(validateRequest, ocspResponses, crls, revocationValues); } /* * Validate */ ValidateResultType validateResult = client.Validate(validateRequest); /* * Check result */ checkResponse(validateResult); /* * Set the optionally requested revocation data */ if (returnRevocationData) { foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension) { if (messageExtension is RevocationDataMessageExtensionType) { this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues; } } if (null == this.revocationValues) { throw new RevocationDataNotFoundException(); } } /* * Store reason URIs */ foreach (KeyBindingType keyBinding in validateResult.KeyBinding) { if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue)) { return; } foreach (string reason in keyBinding.Status.InvalidReason) { this.invalidReasonURIs.AddLast(reason); } throw new ValidationFailedException(this.invalidReasonURIs); } }