public void getRecipient(byte[] encodedEnvelopedCms)
{
_not_applied_certs = new HashSet <string>();
// Prepare object in which to decode and decrypt.
EnvelopedCms envelopedCms = new EnvelopedCms();
// Decode the message.
envelopedCms.Decode(encodedEnvelopedCms);
RecipientInfoCollection recips = envelopedCms.RecipientInfos;
foreach (RecipientInfo info in recips)
{
X509IssuerSerial serial = (X509IssuerSerial)info.RecipientIdentifier.Value;
X509Certificate2Collection found_certs = FindCerts(serial.SerialNumber.ToString());
if (found_certs.Count == 0)
{
_not_applied_certs.Add(serial.SerialNumber.ToString());
}
applied_certs.AddRange(found_certs);
}
applied_certs = removeDuplicates(applied_certs);
}
public static void ReuseEnvelopeCmsEncodeThenDecode()
{
// Test ability to encrypt, encode and decode all in one EnvelopedCms instance.
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
EnvelopedCms ecms = new EnvelopedCms(contentInfo);
using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
{
CmsRecipient cmsRecipient = new CmsRecipient(cert);
ecms.Encrypt(cmsRecipient);
}
byte[] encodedMessage = ecms.Encode();
ecms.Decode(encodedMessage);
RecipientInfoCollection recipients = ecms.RecipientInfos;
Assert.Equal(1, recipients.Count);
RecipientInfo recipientInfo = recipients[0];
KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo;
Assert.NotNull(recipientInfo);
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is X509IssuerSerial);
X509IssuerSerial xis = (X509IssuerSerial)value;
Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName);
Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber);
}
public void T1_ValidSignature()
{
byte[] data = GetData("SignedValidSignaturesTest1.eml");
SignedCms cms = new SignedCms();
cms.Decode(data);
Assert.IsTrue(CheckHash(cms), "CheckHash");
Assert.IsTrue(CheckSignature(cms), "CheckSignature");
X509Certificate2 ee = GetCertificate("ValidCertificatePathTest1EE.crt");
// certificates aren't in any particuliar order
Assert.IsTrue(cms.Certificates.Contains(ee), "EE");
Assert.IsTrue(cms.Certificates.Contains(GoodCACert), "GoodCACert");
Assert.IsFalse(cms.Detached, "Detached");
Assert.AreEqual(1, cms.Version, "Version");
Assert.AreEqual("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
Assert.AreEqual("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-3B-20-63-68-61-72-73-65-74-3D-69-73-6F-2D-38-38-35-39-2D-31-0D-0A-43-6F-6E-74-65-6E-74-2D-54-72-61-6E-73-66-65-72-2D-45-6E-63-6F-64-69-6E-67-3A-20-37-62-69-74-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E", BitConverter.ToString(cms.ContentInfo.Content), "ContentInfo.Content");
Assert.AreEqual(1, cms.SignerInfos.Count, "SignerInfos.Count");
Assert.AreEqual(ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
Assert.AreEqual(0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
Assert.AreEqual("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
Assert.AreEqual(0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
X509IssuerSerial xis = (X509IssuerSerial)cms.SignerInfos[0].SignerIdentifier.Value;
Assert.AreEqual("CN=Good CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
Assert.AreEqual("01", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
Assert.AreEqual(0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
Assert.AreEqual(1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");
}
public IEnumerable <X509Certificate2> FindCertificates(RecipientInfoCollection recipients, StoreLocation storeLocation, StoreName storeName)
{
if (recipients == null)
{
throw new ArgumentNullException(nameof(recipients));
}
X509Store x509Store = new X509Store(storeName, storeLocation);
try
{
x509Store.Open(OpenFlags.ReadOnly);
foreach (RecipientInfo recipientInfo in recipients)
{
if (recipientInfo.RecipientIdentifier.Value is X509IssuerSerial)
{
X509IssuerSerial recipientCertificateIssuerSerial = (X509IssuerSerial)recipientInfo.RecipientIdentifier.Value;
string issuerName = recipientCertificateIssuerSerial.IssuerName;
string serialNumber = recipientCertificateIssuerSerial.SerialNumber;
X509Certificate2Collection matchingCertificates = x509Store.Certificates.Find(X509FindType.FindByIssuerDistinguishedName, (object)issuerName, false).Find(X509FindType.FindBySerialNumber, (object)serialNumber, false);
foreach (X509Certificate2 x509Certificate2 in matchingCertificates)
{
if ((_allowNonValidCertificates || x509Certificate2.Verify()) && x509Certificate2.HasPrivateKey)
{
yield return(x509Certificate2);
}
}
}
}
}
finally
{
x509Store.Close();
}
}
public static void AddSignerWithNegativeSerial()
{
const string expectedSerial = "FD319CB1514B06AF49E00522277E43C8";
ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 });
SignedCms cms = new SignedCms(contentInfo, false);
using (X509Certificate2 cert = Certificates.NegativeSerialNumber.TryGetCertificateWithPrivateKey())
{
Assert.Equal(expectedSerial, cert.SerialNumber);
CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert);
signer.IncludeOption = X509IncludeOption.EndCertOnly;
cms.ComputeSignature(signer);
}
SignerInfoCollection signers = cms.SignerInfos;
Assert.Equal(1, signers.Count);
SignerInfo signerInfo = signers[0];
Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, signerInfo.SignerIdentifier.Type);
X509IssuerSerial issuerSerial = (X509IssuerSerial)signerInfo.SignerIdentifier.Value;
Assert.Equal(expectedSerial, issuerSerial.SerialNumber);
Assert.NotNull(signerInfo.Certificate);
// Assert.NoThrow
cms.CheckSignature(true);
}
public UniversalSubjectIdentifier(CRYPTOAPI_BLOB issuer, CRYPTOAPI_BLOB serialNumber)
{
var allZeroSerial = IsBlobAllZero(serialNumber);
if (allZeroSerial)
{
var x500Name = LocalBufferSafeHandle.Zero;
var flags = EncodingType.PKCS_7_ASN_ENCODING | EncodingType.X509_ASN_ENCODING;
uint size = 0;
if (Crypt32.CryptDecodeObjectEx(flags, (IntPtr)7, issuer.pbData, issuer.cbData, CryptDecodeFlags.CRYPT_DECODE_ALLOC_FLAG, IntPtr.Zero, out x500Name, ref size))
{
using (x500Name)
{
var info = Marshal.PtrToStructure <CERT_NAME_INFO>(x500Name.DangerousGetHandle());
for (var i = 0L; i < info.cRDN; i++)
{
var rdn = Marshal.PtrToStructure <CERT_RDN>(new IntPtr(info.rgRDN.ToInt64() + i * Marshal.SizeOf <CERT_RDN>()));
for (var j = 0; j < rdn.cRDNAttr; j++)
{
var attribute = Marshal.PtrToStructure <CERT_RDN_ATTR>(new IntPtr(rdn.rgRDNAttr.ToInt64() + j * Marshal.SizeOf <CERT_RDN_ATTR>()));
if (attribute.pszObjId == KnownOids.KeyId)
{
Type = SubjectIdentifierType.SubjectKeyIdentifier;
var ski = new byte[attribute.Value.cbData];
Marshal.Copy(attribute.Value.pbData, ski, 0, ski.Length);
Value = HashHelpers.HexEncodeBigEndian(ski);
return;
}
}
}
}
}
}
unsafe
{
var result = Crypt32.CertNameToStr(EncodingType.PKCS_7_ASN_ENCODING | EncodingType.X509_ASN_ENCODING, new IntPtr(&issuer), CertNameStrType.CERT_X500_NAME_STR | CertNameStrType.CERT_NAME_STR_REVERSE_FLAG, null, 0);
if (result <= 1)
{
throw new InvalidOperationException();
}
var builder = new StringBuilder((int)result);
var final = Crypt32.CertNameToStr(EncodingType.PKCS_7_ASN_ENCODING | EncodingType.X509_ASN_ENCODING, new IntPtr(&issuer), CertNameStrType.CERT_X500_NAME_STR | CertNameStrType.CERT_NAME_STR_REVERSE_FLAG, builder, result);
if (final <= 1)
{
throw new InvalidOperationException();
}
var serial = new byte[serialNumber.cbData];
Marshal.Copy(serialNumber.pbData, serial, 0, serial.Length);
var issuerSerial = new X509IssuerSerial();
issuerSerial.IssuerName = builder.ToString();
issuerSerial.SerialNumber = HashHelpers.HexEncodeBigEndian(serial);
Value = issuerSerial;
Type = SubjectIdentifierType.IssuerAndSerialNumber;
}
}
public void IssuerAndSerialNumber()
{
SubjectIdentifier si = GetSubjectIdentifier(issuerAndSerialNumberSignature);
Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, si.Type, "SignerIdentifier.Type");
Assert.IsTrue((si.Value.GetType() == typeof(X509IssuerSerial)), "SignerIdentifier.Value");
X509IssuerSerial xis = (X509IssuerSerial)si.Value;
Assert.AreEqual("CN=Motus Technologies inc.(test)", xis.IssuerName, "X509IssuerSerial.IssuerName");
Assert.AreEqual("91C44B0DB7D81084422671B397B50097", xis.SerialNumber, "X509IssuerSerial.SerialNumber");
}
public static void TestKeyAgreeRecipientIdValue_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is X509IssuerSerial);
X509IssuerSerial xis = (X509IssuerSerial)value;
Assert.Equal("CN=\"Managed PKCS#7 Test Root Authority\"", xis.IssuerName);
Assert.Equal("0AE59B0CB8119F8942EDA74163413A02", xis.SerialNumber);
}
public static void TestKeyTransRecipientIdValue_FixedValue()
{
KeyTransRecipientInfo recipient = FixedValueKeyTrans1();
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is X509IssuerSerial);
X509IssuerSerial xis = (X509IssuerSerial)value;
Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName);
Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber);
}
protected X509Certificate2 FindCertificate(X509IssuerSerial issuerSerial, X509Certificate2Collection certificateCollection)
{
var byDN = certificateCollection.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
if (byDN.Count < 1)
{
return(null);
}
var bySerial = byDN.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
if (bySerial.Count != 1)
{
return(null);
}
return(bySerial[0]);
}
public static SubjectIdentifier ToSubjectIdentifier(this CERT_ID certId)
{
switch (certId.dwIdChoice)
{
case CertIdChoice.CERT_ID_ISSUER_SERIAL_NUMBER:
{
const int dwStrType = (int)(CertNameStrTypeAndFlags.CERT_X500_NAME_STR | CertNameStrTypeAndFlags.CERT_NAME_STR_REVERSE_FLAG);
string issuer;
unsafe
{
DATA_BLOB *dataBlobPtr = &certId.u.IssuerSerialNumber.Issuer;
int nc = Interop.Crypt32.CertNameToStr((int)MsgEncodingType.All, dataBlobPtr, dwStrType, null, 0);
if (nc <= 1) // The API actually return 1 when it fails; which is not what the documentation says.
{
throw Interop.CPError.GetLastWin32Error().ToCryptographicException();
}
Span <byte> name = nc <= 256 ? stackalloc byte[nc * sizeof_wchar_t] : new byte[nc * sizeof_wchar_t];
fixed(byte *namePtr = name)
{
nc = Interop.Crypt32.CertNameToStr((int)MsgEncodingType.All, dataBlobPtr, dwStrType, (char *)namePtr, nc);
if (nc <= 1) // The API actually return 1 when it fails; which is not what the documentation says.
{
throw Interop.CPError.GetLastWin32Error().ToCryptographicException();
}
issuer = System.Text.Encoding.UTF32.GetString(name.Slice(0, (nc - 1) * sizeof_wchar_t).ToArray());
}
}
byte[] serial = certId.u.IssuerSerialNumber.SerialNumber.ToByteArray();
X509IssuerSerial issuerSerial = new X509IssuerSerial(issuer, serial.ToSerialString());
return(new SubjectIdentifier(SubjectIdentifierType.IssuerAndSerialNumber, issuerSerial));
}
case CertIdChoice.CERT_ID_KEY_IDENTIFIER:
{
byte[] ski = certId.u.KeyId.ToByteArray();
return(new SubjectIdentifier(SubjectIdentifierType.SubjectKeyIdentifier, ski.ToSkiString()));
}
default:
throw new CryptographicException(SR.Format(SR.Cryptography_Cms_Invalid_Subject_Identifier_Type, certId.dwIdChoice));
}
}
public void IssuerAndSerialNumber()
{
KeyTransRecipientInfo ktri = GetKeyTransRecipientInfo(issuerAndSerialNumber);
Assert.AreEqual("CA-4B-97-9C-AB-79-C6-DF-6A-27-C7-24-C4-5E-3B-31-AD-BC-25-E6-38-5E-79-26-0E-68-46-1D-21-81-38-92-EC-CB-7C-91-D6-09-38-91-CE-50-5B-70-31-B0-9F-FC-E2-EE-45-BC-4B-F8-9A-D9-EE-E7-4A-3D-CD-8D-FF-10-AB-C8-19-05-54-5E-40-7A-BE-2B-D7-22-97-F3-23-AF-50-F5-EB-43-06-C3-FB-17-CA-BD-AD-28-D8-10-0F-61-CE-F8-25-70-F6-C8-1E-7F-82-E5-94-EB-11-BF-B8-6F-EE-79-CD-63-DD-59-8D-25-0E-78-55-CE-21-BA-13-6B", BitConverter.ToString(ktri.EncryptedKey), "EncryptedKey");
Assert.AreEqual(0, ktri.KeyEncryptionAlgorithm.KeyLength, "KeyEncryptionAlgorithm.KeyLength");
Assert.AreEqual("RSA", ktri.KeyEncryptionAlgorithm.Oid.FriendlyName, "KeyEncryptionAlgorithm.Oid.FriendlyName");
Assert.AreEqual("1.2.840.113549.1.1.1", ktri.KeyEncryptionAlgorithm.Oid.Value, "KeyEncryptionAlgorithm.Oid.Value");
Assert.AreEqual(0, ktri.KeyEncryptionAlgorithm.Parameters.Length, "KeyEncryptionAlgorithm.Parameters");
Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, ktri.RecipientIdentifier.Type, "RecipientIdentifier.Type");
X509IssuerSerial xis = (X509IssuerSerial)ktri.RecipientIdentifier.Value;
Assert.AreEqual("CN=Motus Technologies inc.(test)", xis.IssuerName, "RecipientIdentifier.Value.IssuerName");
Assert.AreEqual("91C44B0DB7D81084422671B397B50097", xis.SerialNumber, "RecipientIdentifier.Value.SerialNumber");
Assert.AreEqual(RecipientInfoType.KeyTransport, ktri.Type, "Type");
Assert.AreEqual(0, ktri.Version, "Version");
}
public void EncryptToNegativeSerialNumber()
{
CertLoader negativeSerial = Certificates.NegativeSerialNumber;
const string expectedSerial = "FD319CB1514B06AF49E00522277E43C8";
byte[] content = { 1, 2, 3 };
ContentInfo contentInfo = new ContentInfo(content);
EnvelopedCms cms = new EnvelopedCms(contentInfo);
using (X509Certificate2 cert = negativeSerial.GetCertificate())
{
Assert.Equal(expectedSerial, cert.SerialNumber);
CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert);
cms.Encrypt(recipient);
}
EnvelopedCms cms2 = new EnvelopedCms();
cms2.Decode(cms.Encode());
RecipientInfoCollection recipients = cms2.RecipientInfos;
Assert.Equal(1, recipients.Count);
RecipientInfo recipientInfo = recipients[0];
Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, recipientInfo.RecipientIdentifier.Type);
X509IssuerSerial issuerSerial = (X509IssuerSerial)recipientInfo.RecipientIdentifier.Value;
Assert.Equal(expectedSerial, issuerSerial.SerialNumber);
using (X509Certificate2 cert = negativeSerial.TryGetCertificateWithPrivateKey())
{
Assert.Equal(expectedSerial, cert.SerialNumber);
cms2.Decrypt(new X509Certificate2Collection(cert));
}
Assert.Equal(content, cms2.ContentInfo.Content);
}
public static void ReuseEnvelopeCmsDecodeThenEncode()
{
byte[] encodedMessage =
("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
+ "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e"
+ "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c"
+ "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4"
+ "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d"
+ "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
{
CmsRecipient cmsRecipient = new CmsRecipient(cert);
ecms.Encrypt(cmsRecipient);
}
encodedMessage = ecms.Encode();
ecms.Decode(encodedMessage);
RecipientInfoCollection recipients = ecms.RecipientInfos;
Assert.Equal(1, recipients.Count);
RecipientInfo recipientInfo = recipients[0];
KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo;
Assert.NotNull(recipientInfo);
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is X509IssuerSerial);
X509IssuerSerial xis = (X509IssuerSerial)value;
Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName);
Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber);
}
public static void PostDecrypt_RecipientInfos()
{
byte[] expectedContent = { 6, 3, 128, 33, 44 };
EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent));
ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate()));
byte[] encodedMessage =
("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
+ "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067"
+ "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380"
+ "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac"
+ "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d"
+ "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray();
ecms.Decode(encodedMessage);
using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
{
if (cer == null)
{
return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
}
X509Certificate2Collection extraStore = new X509Certificate2Collection(cer);
RecipientInfoCollection col1 = ecms.RecipientInfos;
ecms.Decrypt(col1[0], extraStore);
// Make sure we can still RecipientInfos after a Decrypt()
RecipientInfoCollection col2 = ecms.RecipientInfos;
Assert.Equal(col1.Count, col2.Count);
RecipientInfo r1 = col1[0];
RecipientInfo r2 = col2[0];
X509IssuerSerial is1 = (X509IssuerSerial)(r1.RecipientIdentifier.Value);
X509IssuerSerial is2 = (X509IssuerSerial)(r2.RecipientIdentifier.Value);
Assert.Equal(is1.IssuerName, is2.IssuerName);
Assert.Equal(is1.SerialNumber, is2.SerialNumber);
}
}
public static string Sign(XmlDocument document, byte[] pkcs12Data, string passwordPkcs12)
{
using var certificate = new X509Certificate2(pkcs12Data, passwordPkcs12);
try
{
var rsa = certificate.GetRSAPrivateKey();
var signedXml = new SignedXml(document)
{
SigningKey = rsa
};
var env = new XmlDsigEnvelopedSignatureTransform();
var reference = new Reference
{
Uri = string.Empty
};
reference.AddTransform(env);
var keyInfo = new KeyInfo();
var kdata = new KeyInfoX509Data(certificate);
var xserial = new X509IssuerSerial
{
IssuerName = certificate.Issuer,
SerialNumber = certificate.SerialNumber
};
kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber);
keyInfo.AddClause(kdata);
signedXml.KeyInfo = keyInfo;
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
var xmlNodo = xmlDigitalSignature as XmlNode;
document.DocumentElement.AppendChild(document.ImportNode(xmlNodo, true));
return(document.OuterXml);
}
finally
{
certificate.Dispose();
}
}
public void RemoveCounterSignature(SignerInfo counterSignerInfo)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
if (counterSignerInfo == null)
{
throw new ArgumentNullException("counterSignerInfo");
}
foreach (CryptographicAttributeObject cryptographicAttributeObject in this.UnsignedAttributes)
{
if (string.Compare(cryptographicAttributeObject.Oid.Value, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0)
{
for (int childIndex = 0; childIndex < cryptographicAttributeObject.Values.Count; ++childIndex)
{
SignerInfo signerInfo = new SignerInfo(this.m_signedCms, this.m_parentSignerInfo, cryptographicAttributeObject.Values[childIndex].RawData);
if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber)
{
X509IssuerSerial x509IssuerSerial1 = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value;
X509IssuerSerial x509IssuerSerial2 = (X509IssuerSerial)signerInfo.SignerIdentifier.Value;
if (string.Compare(x509IssuerSerial1.IssuerName, x509IssuerSerial2.IssuerName, StringComparison.OrdinalIgnoreCase) == 0 && string.Compare(x509IssuerSerial1.SerialNumber, x509IssuerSerial2.SerialNumber, StringComparison.OrdinalIgnoreCase) == 0)
{
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex);
return;
}
}
else if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && string.Compare(counterSignerInfo.SignerIdentifier.Value as string, signerInfo.SignerIdentifier.Value as string, StringComparison.OrdinalIgnoreCase) == 0)
{
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex);
return;
}
}
}
}
throw new CryptographicException(-2146889714);
}
internal static unsafe X509IssuerSerial DecodeIssuerSerial(CAPI.CERT_ISSUER_SERIAL_NUMBER pIssuerAndSerial)
{
SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle;
uint csz = CAPI.CAPISafe.CertNameToStrW(65537U, new IntPtr((void *)&pIssuerAndSerial.Issuer), 33554435U, invalidHandle, 0U);
if (csz <= 1U)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
SafeLocalAllocHandle psz = CAPI.LocalAlloc(0U, new IntPtr((long)(2U * csz)));
if (CAPI.CAPISafe.CertNameToStrW(65537U, new IntPtr((void *)&pIssuerAndSerial.Issuer), 33554435U, psz, csz) <= 1U)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
X509IssuerSerial x509IssuerSerial = new X509IssuerSerial();
x509IssuerSerial.IssuerName = Marshal.PtrToStringUni(psz.DangerousGetHandle());
byte[] numArray = new byte[(IntPtr)pIssuerAndSerial.SerialNumber.cbData];
Marshal.Copy(pIssuerAndSerial.SerialNumber.pbData, numArray, 0, numArray.Length);
x509IssuerSerial.SerialNumber = X509Utils.EncodeHexStringFromInt(numArray);
psz.Dispose();
return(x509IssuerSerial);
}
static DCinemaSecurityMessageType BuildDCinemaSecurityMessage(X509Certificate2 x509Certificate2)
{
DCinemaSecurityMessageType dCinemaSecurityMessageType = new DCinemaSecurityMessageType();
dCinemaSecurityMessageType.AuthenticatedPublic = new AuthenticatedPublicType();
dCinemaSecurityMessageType.AuthenticatedPublic.Id = "AuthenticatedPublic.Id." + Guid.NewGuid().ToString();
dCinemaSecurityMessageType.AuthenticatedPublic.MessageId = "urn:uuid:" + Guid.NewGuid().ToString();
dCinemaSecurityMessageType.AuthenticatedPublic.MessageType = "http://www.smpte-ra.org/schemas/430-3/2006/ETM";
dCinemaSecurityMessageType.AuthenticatedPublic.AnnotationText = new UserText();
dCinemaSecurityMessageType.AuthenticatedPublic.AnnotationText.Value = "Empty Extra-Theatre Message";
dCinemaSecurityMessageType.AuthenticatedPublic.AnnotationText.language = "en-us";
dCinemaSecurityMessageType.AuthenticatedPublic.IssueDate = DateTime.Now;
X509IssuerSerial issuerSerial = new X509IssuerSerial();
issuerSerial.IssuerName = x509Certificate2.IssuerName.Name;
issuerSerial.SerialNumber = x509Certificate2.SerialNumber;
dCinemaSecurityMessageType.AuthenticatedPublic.Signer = issuerSerial;
dCinemaSecurityMessageType.AuthenticatedPrivate = new AuthenticatedPrivateType();
dCinemaSecurityMessageType.AuthenticatedPrivate.Id = "AuthenticatedPrivate.Id." + Guid.NewGuid().ToString();
return(dCinemaSecurityMessageType);
}
static void Main(string[] args)
{
X509Certificate2 x509Certificate2 = GetCertificate("990B25F50DC7E2B548BE75AFED579448");
//X509Certificate2 x509Certificate2 = GetCertificate("0efb7eebdcda4f64a718db3ff908b085");
//X509Certificate2 x509Certificate2 = GetCertificate("2E0A6058EA90DB8C46D1FD3513A877F8");
DCinemaSecurityMessageType extraTheatreMessage = new DCinemaSecurityMessageType();
XmlSerializer xmlSerializer = new XmlSerializer(extraTheatreMessage.GetType());
extraTheatreMessage.AuthenticatedPublic = new AuthenticatedPublicType();
extraTheatreMessage.AuthenticatedPublic.Id = "AuthenticatedPublic.Id." + Guid.NewGuid().ToString();
extraTheatreMessage.AuthenticatedPublic.MessageId = "urn:uuid:" + Guid.NewGuid().ToString();
extraTheatreMessage.AuthenticatedPublic.MessageType = "http://www.smpte-ra.org/schemas/430-3/2006/ETM";
extraTheatreMessage.AuthenticatedPublic.AnnotationText = new UserText();
extraTheatreMessage.AuthenticatedPublic.AnnotationText.Value = "Empty Extra-Theatre Message";
extraTheatreMessage.AuthenticatedPublic.AnnotationText.language = "en-us";
extraTheatreMessage.AuthenticatedPublic.IssueDate = DateTime.Now;
X509IssuerSerial issuerSerial = new X509IssuerSerial();
issuerSerial.IssuerName = x509Certificate2.IssuerName.Name;
issuerSerial.SerialNumber = x509Certificate2.SerialNumber;
extraTheatreMessage.AuthenticatedPublic.Signer = issuerSerial;
extraTheatreMessage.AuthenticatedPrivate = new AuthenticatedPrivateType();
extraTheatreMessage.AuthenticatedPrivate.Id = "AuthenticatedPrivate.Id." + Guid.NewGuid().ToString();
#region Build the signature elements
SignedXml signedXml = null;
try
{
signedXml = new SignedXml();
signedXml.SigningKey = x509Certificate2.PrivateKey;
//signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/ 2001/04/xmldsig-more#rsasha256";
//signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
StringWriter stringWriter = new StringWriter();
xmlSerializer.Serialize(stringWriter, extraTheatreMessage);
string serializedXML = stringWriter.ToString();
#region Build the AuthenticatedPublic DataObject & Reference
string xmlAuthenticatedPublic = GetCleanElement(serializedXML, "AuthenticatedPublic");
XmlDocument docAuthenticatedPublic = new XmlDocument();
docAuthenticatedPublic.LoadXml(xmlAuthenticatedPublic.ToString());
//XmlAttribute attrAuthenticatedPublic = docAuthenticatedPublic.CreateAttribute("xmlns");
//attrAuthenticatedPublic.Value = "http://www.smpte-ra.org/schemas/430-3/2006/ETM";
//docAuthenticatedPublic.DocumentElement.Attributes.Append(attrAuthenticatedPublic);
DataObject dataObjectAuthenticatedPublic = new DataObject("AuthenticatedPublic", "", "", docAuthenticatedPublic.DocumentElement);
//DataObject dataObjectAuthenticatedPublic = new DataObject();
dataObjectAuthenticatedPublic.Data = docAuthenticatedPublic.ChildNodes;
dataObjectAuthenticatedPublic.Id = "AuthenticatedPublic";
signedXml.AddObject(dataObjectAuthenticatedPublic);
Reference referenceAuthenticatedPublic = new Reference();
referenceAuthenticatedPublic.Uri = "#AuthenticatedPublic";
referenceAuthenticatedPublic.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
signedXml.AddReference(referenceAuthenticatedPublic);
#endregion
#region Build the AuthenticatedPublic DataObject & Reference
string xmlAuthenticatedPrivate = GetCleanElement(serializedXML, "AuthenticatedPrivate");
XmlDocument docAuthenticatedPrivate = new XmlDocument();
docAuthenticatedPrivate.LoadXml(xmlAuthenticatedPrivate.ToString());
//XmlAttribute attrAuthenticatedPrivate = docAuthenticatedPrivate.CreateAttribute("xmlns");
//attrAuthenticatedPrivate.Value = "http://www.smpte-ra.org/schemas/430-3/2006/FLM";
//docAuthenticatedPrivate.DocumentElement.Attributes.Append(attrAuthenticatedPrivate);
DataObject dataObjectAuthenticatedPrivate = new DataObject("AuthenticatedPrivate", "", "", docAuthenticatedPrivate.DocumentElement);
//DataObject dataObjectAuthenticatedPrivate = new DataObject("AuthenticatedPrivate", "", "", docAuthenticatedPrivate.DocumentElement);
//dataObjectAuthenticatedPrivate.Data = docAuthenticatedPrivate.ChildNodes;
//dataObjectAuthenticatedPrivate.Id = "AuthenticatedPrivate";
signedXml.AddObject(dataObjectAuthenticatedPrivate);
Reference referenceAuthenticatedPrivate = new Reference();
referenceAuthenticatedPrivate.Uri = "#AuthenticatedPrivate";
referenceAuthenticatedPrivate.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
// Add the reference to the message.
signedXml.AddReference(referenceAuthenticatedPrivate);
#endregion
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(x509Certificate2, X509IncludeOption.WholeChain));
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
XmlElement singedElement = signedXml.GetXml();
XmlSerializer signedSerializer = new XmlSerializer(singedElement.GetType());
StreamWriter signedWriter = new StreamWriter("D:\\signedSerializer.Test.xml");
signedSerializer.Serialize(signedWriter, singedElement);
signedWriter.Close();
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
}
#endregion
#region Fill in the signature element
extraTheatreMessage.Signature = signedXml.Signature.GetXml();
#endregion
xmlSerializer.Serialize(Console.Out, extraTheatreMessage);
Console.WriteLine("\r\n");
TextWriter WriteFileStream = new StreamWriter(@"\Source_SMPTE\Output\ExtraTheatreMessage.xml");
xmlSerializer.Serialize(WriteFileStream, extraTheatreMessage);
WriteFileStream.Close();
ServiceExtraTheatreMessageClient client = new ServiceExtraTheatreMessageClient();
string response = client.ETM(extraTheatreMessage);
DCinemaSecurityMessageType existingETM = new DCinemaSecurityMessageType();
TextReader readFileStream = new StreamReader(@"\Source_SMPTE\Input\DCinemaSecurityMessageType_AMC.xml");
existingETM = (DCinemaSecurityMessageType)xmlSerializer.Deserialize(readFileStream);
readFileStream.Close();
existingETM.AuthenticatedPrivate = new AuthenticatedPrivateType();
existingETM.Signature = signedXml.Signature.GetXml();
WriteFileStream = new StreamWriter(@"\Source_SMPTE\Output\Read_ExtraTheatreMessage.xml");
xmlSerializer.Serialize(WriteFileStream, existingETM);
WriteFileStream.Close();
response = client.ETM(existingETM);
}
/// <summary>
/// Sign an XML document and save in a file
/// </summary>
/// <param name="xmlData">XML document</param>
/// <param name="SignedFileName">Output filename</param>
/// <param name="cert">The cert.</param>
/// <param name="cspParam">The CSP parameter.</param>
/// <exception cref="System.ArgumentNullException">
/// xmlData
/// or
/// SignedFileName
/// </exception>
public static void SignXml(XDocument xmlData, string SignedFileName, X509Certificate cert, CspParameters cspParam)
{
if (null == xmlData)
{
throw new ArgumentNullException("xmlData");
}
if (null == SignedFileName)
{
throw new ArgumentNullException("SignedFileName");
}
// Convert the cert into system format
Sys.X509Certificate2 sysCert = new Sys.X509Certificate2(cert.GetEncoded());
// Create a new XML document.
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(xmlData.CreateReader());
// Remove old signature if there is one
XmlNodeList nodeList = doc.GetElementsByTagName("Signature");
if (nodeList.Count > 0)
{
XmlNode xmlNode = nodeList[0];
// Remove the signature node
xmlNode.RemoveAll();
doc.DocumentElement.RemoveChild(xmlNode);
}
if (cspParam != null) // RSA/DSA signing key
{
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(doc);
// Create a reference element for the signature.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Create a KeyInfo element.
KeyInfo keyInfo = new KeyInfo();
// Create KeyInfoX509Data subelement and configure
// Load the certificate into the KeyInfoX509Data subelement
KeyInfoX509Data kdata = new KeyInfoX509Data(sysCert);
// Create an X509IssuerSerial element and add it to the
// KeyInfoX509Data.
X509IssuerSerial xserial = new X509IssuerSerial();
xserial.IssuerName = sysCert.IssuerName.Name;
xserial.SerialNumber = sysCert.SerialNumber;
kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber);
// Add the KeyInfoX509Data subelement to the KeyInfo element
keyInfo.AddClause(kdata);
// Add the KeyInfo element to the SignedXml object.
signedXml.KeyInfo = keyInfo;
// Compute the signature
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParam))
{
// Set the key to sign the Xml document
signedXml.SigningKey = rsa;
// Compute the signature.
signedXml.ComputeSignature();
}
// Get the XML representation of the signature
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
// Get rid of the <?xml version.. in the document (it is added by the writer?)
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
}
// Save the signed XML document to the specified file.
using (XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)))
{
doc.WriteTo(xmltw);
xmltw.Flush();
xmltw.Close();
}
}
public void parsePKCS7(byte[] pkcs7stream, TreeNode node)
{
byte[] data = pkcs7stream;
try
{
EnvelopedCms envData = new EnvelopedCms();
envData.Decode(data);
TreeNode pkcs = node;
String str;
str = "Encryption Algorithm";
txtBox.AppendText(str + "\n");
TreeNode encAlgo = pkcs.Nodes.Add(str);
str = " Name=" + envData.ContentEncryptionAlgorithm.Oid.FriendlyName + " / OID=" + envData.ContentEncryptionAlgorithm.Oid.Value;
txtBox.AppendText(str + "\n");
TreeNode encName = pkcs.Nodes.Add(str.Trim());
str = " Key length=" + envData.ContentEncryptionAlgorithm.KeyLength + " bit";
txtBox.AppendText(str + "\n\n");
TreeNode encKey = pkcs.Nodes.Add(str.Trim());
str = "Number of recipients " + envData.RecipientInfos.Count;
txtBox.AppendText(str + "\n");
TreeNode numRecp = node.Nodes.Add(str);
int num = 1;
foreach (RecipientInfo r in envData.RecipientInfos)
{
txtBox.AppendText("=================\n");
TreeNode rec = numRecp.Nodes.Add("Recipient Nr: " + num++);
str = " Encrypted key=" + BitConverter.ToString(r.EncryptedKey) + " (" + r.EncryptedKey.Length + " bytes)";
txtBox.AppendText(str + "\n");
TreeNode n = rec.Nodes.Add(str.Trim());
str = " Encryption alg=" + r.KeyEncryptionAlgorithm.Oid.FriendlyName + ", OID=" + r.KeyEncryptionAlgorithm.Oid.Value;
txtBox.AppendText(str + "\n");
n = rec.Nodes.Add(str.Trim());
str = " RecipientIdentifier.Type=" + r.RecipientIdentifier.Type;
txtBox.AppendText(str + "\n");
n = rec.Nodes.Add(str.Trim());
switch (r.RecipientIdentifier.Type)
{
case SubjectIdentifierType.IssuerAndSerialNumber:
X509IssuerSerial xi =
(X509IssuerSerial)r.RecipientIdentifier.Value;
str = " Issuer=" + xi.IssuerName;
txtBox.AppendText(str + "\n");
rec.Nodes.Add(str.Trim());
str = " SerialNumber=" + xi.SerialNumber + " (hex)";
txtBox.AppendText(str + "\n");
rec.Nodes.Add(str.Trim());
bool found = false;
foreach (X509Certificate2 c in certs.Values)
{
if (c.SerialNumber.ToLower() == xi.SerialNumber.ToLower())
{
str = " Certificate Details=" + printCertDetails(c);
txtBox.AppendText(str + "\n");
rec.Nodes.Add(str.Trim());
found = true;
}
}
if (!found)
{
str = " Certificate Details=<could not be identified in AD>";
txtBox.AppendText(str + "\n");
rec.Nodes.Add(str.Trim());
}
break;
case SubjectIdentifierType.NoSignature:
str = " No signature";
txtBox.AppendText(str + "\n");
rec.Nodes.Add(str.Trim());
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
case SubjectIdentifierType.Unknown:
str = " SubjectKeyInfo=" + r.RecipientIdentifier.Value + "(no X.509 tag)";
txtBox.AppendText(str + "\n");
rec.Nodes.Add(str.Trim());
break;
}
}
txtBox.AppendText("\n");
str = "Attached certificates " + envData.Certificates.Count;
txtBox.AppendText(str + "\n");
TreeNode a = node.Nodes.Add(str);
foreach (X509Certificate2 cert in envData.Certificates)
{
str = " Subject=" + cert.SubjectName;
txtBox.AppendText(str + "\n");
TreeNode n = a.Nodes.Add(str);
}
txtBox.AppendText("\n");
str = "Unprotected Attributes " + envData.UnprotectedAttributes.Count;
txtBox.AppendText(str + "\n");
TreeNode u = node.Nodes.Add(str);
foreach (CryptographicAttributeObject obj in
envData.UnprotectedAttributes)
{
str = obj.Oid.FriendlyName;
txtBox.AppendText(str + " ");
TreeNode unprot = u.Nodes.Add(str);
}
txtBox.AppendText("\n");
}
catch (Exception ex)
{
txtBox.AppendText(ex.Message);
}
finally
{
// reader.Close();
}
}
public void parsePKCS7(byte[] pkcs7stream, TreeNode node)
{
/*FileStream encFile = new FileStream(
* @"e:\sba-eda-smime.p7m",
* FileMode.Open
* );
* BinaryReader reader = new BinaryReader(encFile);
*
* byte[] data = new byte[encFile.Length];
* reader.Read(data, 0, Convert.ToInt32(encFile.Length));
* reader.Close();
* TextReader tr = new StreamReader("e:\\ese-smime.p7m");
* String str = tr.ReadToEnd();
* data = Convert.FromBase64String(str);
*/
byte[] data = pkcs7stream;
try
{
EnvelopedCms envData = new EnvelopedCms();
envData.Decode(data);
TreeNode pkcs = node;
String str;
str = "Encryption Algorithm";
txtBox.AppendText(str + "\n");
TreeNode encAlgo = pkcs.Nodes.Add(str);
str = " Name=" + envData.ContentEncryptionAlgorithm.Oid.FriendlyName + " / OID=" + envData.ContentEncryptionAlgorithm.Oid.Value;
txtBox.AppendText(str + "\n");
TreeNode encName = pkcs.Nodes.Add(str.Trim());
str = " Key length=" + envData.ContentEncryptionAlgorithm.KeyLength + " bit";
txtBox.AppendText(str + "\n\n");
TreeNode encKey = pkcs.Nodes.Add(str.Trim());
str = "Number of recipients " + envData.RecipientInfos.Count;
txtBox.AppendText(str + "\n");
TreeNode numRecp = node.Nodes.Add(str);
int num = 1;
foreach (RecipientInfo r in envData.RecipientInfos)
{
txtBox.AppendText("=================\n");
TreeNode rec = numRecp.Nodes.Add("Recipient Nr: " + num++);
str = " Encrypted key=" + BitConverter.ToString(r.EncryptedKey) + " (" + r.EncryptedKey.Length + " bytes)";
txtBox.AppendText(str + "\n");
TreeNode n = rec.Nodes.Add(str.Trim());
str = " Encryption alg=" + r.KeyEncryptionAlgorithm.Oid.FriendlyName + ", OID=" + r.KeyEncryptionAlgorithm.Oid.Value;
txtBox.AppendText(str + "\n");
n = rec.Nodes.Add(str.Trim());
if (r.RecipientIdentifier.Type ==
SubjectIdentifierType.IssuerAndSerialNumber)
{
X509IssuerSerial xi =
(X509IssuerSerial)r.RecipientIdentifier.Value;
str = " Issuer=" + xi.IssuerName;
txtBox.AppendText(str + "\n");
TreeNode i = rec.Nodes.Add(str.Trim());
str = " SerialNumber=" + xi.SerialNumber + " (hex) / " + int.Parse(xi.SerialNumber, System.Globalization.NumberStyles.HexNumber) + " (dec)";
txtBox.AppendText(str + "\n");
TreeNode s = rec.Nodes.Add(str.Trim());
}
else
{
str = " SubjectKeyInfo=" + r.RecipientIdentifier.Value + "(no X.509 tag)";
txtBox.AppendText(str + "\n");
TreeNode s = rec.Nodes.Add(str.Trim());
}
}
txtBox.AppendText("\n");
str = "Attached certificates " + envData.Certificates.Count;
txtBox.AppendText(str + "\n");
TreeNode a = node.Nodes.Add(str);
foreach (X509Certificate2 cert in envData.Certificates)
{
str = " Subject=" + cert.SubjectName;
txtBox.AppendText(str + "\n");
TreeNode n = a.Nodes.Add(str);
}
txtBox.AppendText("\n");
str = "Unprotected Attributes " + envData.UnprotectedAttributes.Count;
txtBox.AppendText(str + "\n");
TreeNode u = node.Nodes.Add(str);
foreach (CryptographicAttributeObject obj in
envData.UnprotectedAttributes)
{
str = obj.Oid.FriendlyName;
txtBox.AppendText(str + " ");
TreeNode unprot = u.Nodes.Add(str);
}
txtBox.AppendText("\n");
}
catch (Exception ex)
{
txtBox.AppendText(ex.ToString());
}
finally
{
// reader.Close();
}
}
SecurityKeyIdentifierClause ReadSecurityTokenReference(XmlReader reader)
{
reader.ReadStartElement();
reader.MoveToContent();
if (reader.NamespaceURI == SignedXml.XmlDsigNamespaceUrl)
{
KeyInfoX509Data x509 = new KeyInfoX509Data();
x509.LoadXml(new XmlDocument().ReadNode(reader) as XmlElement);
if (x509.IssuerSerials.Count == 0)
{
throw new XmlException("'X509IssuerSerial' element is expected inside 'X509Data' element");
}
X509IssuerSerial s = (X509IssuerSerial)x509.IssuerSerials [0];
reader.MoveToContent();
reader.ReadEndElement();
return(new X509IssuerSerialKeyIdentifierClause(s.IssuerName, s.SerialNumber));
}
if (reader.NamespaceURI != Constants.WssNamespace)
{
throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI));
}
switch (reader.LocalName)
{
case "Reference":
Type ownerType = null;
// FIXME: there could be more token types.
if (reader.MoveToAttribute("ValueType"))
{
switch (reader.Value)
{
case Constants.WSSEncryptedKeyToken:
ownerType = typeof(WrappedKeySecurityToken);
break;
case Constants.WSSX509Token:
ownerType = typeof(X509SecurityToken);
break;
case Constants.WsscContextToken:
ownerType = typeof(SecurityContextSecurityToken);
break;
default:
throw new XmlException(String.Format("Unexpected ValueType in 'Reference' element: '{0}'", reader.Value));
}
}
reader.MoveToElement();
string uri = reader.GetAttribute("URI");
if (String.IsNullOrEmpty(uri))
{
uri = "#";
}
SecurityKeyIdentifierClause ic = null;
if (ownerType == typeof(SecurityContextSecurityToken) && uri [0] != '#')
{
// FIXME: Generation?
ic = new SecurityContextKeyIdentifierClause(new UniqueId(uri));
}
else
{
ic = new LocalIdKeyIdentifierClause(uri.Substring(1), ownerType);
}
reader.Skip();
reader.MoveToContent();
reader.ReadEndElement();
return(ic);
case "KeyIdentifier":
string valueType = reader.GetAttribute("ValueType");
string value = reader.ReadElementContentAsString();
reader.MoveToContent();
reader.ReadEndElement(); // consume </Reference>
switch (valueType)
{
case Constants.WssKeyIdentifierX509Thumbptint:
return(new X509ThumbprintKeyIdentifierClause(Convert.FromBase64String(value)));
case Constants.WssKeyIdentifierEncryptedKey:
return(new InternalEncryptedKeyIdentifierClause(Convert.FromBase64String(value)));
case Constants.WssKeyIdentifierSamlAssertion:
return(new SamlAssertionKeyIdentifierClause(value));
default:
// It is kinda weird but it throws XmlException here ...
throw new XmlException(String.Format("KeyIdentifier type '{0}' is not supported in WSSecurityTokenSerializer.", valueType));
}
default:
throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI));
}
}
/// <summary>
/// Read XML from a stream, sign it and save in a file
/// </summary>
/// <param name="xmlData">Input XML stream</param>
/// <param name="SignedFileName">Output filename</param>
public void SignXml(Stream xmlData, string SignedFileName, X509Certificate2 cert)
{
if (null == xmlData)
{
throw new ArgumentNullException("xmlData");
}
if (null == SignedFileName)
{
throw new ArgumentNullException("SignedFileName");
}
// Create a new XML document.
XmlDocument doc = new XmlDocument();
// Format the document to ignore white spaces.
//doc.PreserveWhitespace = false;
doc.PreserveWhitespace = true;
// Reset the stream pointer to 0
xmlData.Position = 0;
doc.Load(xmlData);
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(doc);
// Set the key to signed the Xml document
signedXml.SigningKey = cert.PrivateKey;
// Create a reference element for the signature.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Create a KeyInfo element.
KeyInfo keyInfo = new KeyInfo();
// Create KeyInfoX509Data subelement and configure
// Load the certificate into the KeyInfoX509Data subelement
KeyInfoX509Data kdata = new KeyInfoX509Data(cert);
// Create an X509IssuerSerial element and add it to the
// KeyInfoX509Data.
X509IssuerSerial xserial = new X509IssuerSerial();
xserial.IssuerName = cert.IssuerName.ToString();
xserial.SerialNumber = cert.SerialNumber;
kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber);
// Add the KeyInfoX509Data subelement to the KeyInfo element
keyInfo.AddClause(kdata);
// Add the KeyInfo element to the SignedXml object.
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
// Get rid of the <?xml version.. in the document (it is added by the writer?)
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
// Save the signed XML document to the specified file.
XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false));
using (xmltw)
{
doc.WriteTo(xmltw);
xmltw.Close();
}
LogManager.Log(LOG_FILE.DRCA_BL, "DigitalSignatureManager.SignXML(): created file " + SignedFileName);
}
