public void DigestValue_LF ()
{
XmlDocument doc = CreateSomeXml ("\n");
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
transform.LoadInput (doc);
Stream s = (Stream) transform.GetOutput ();
string output = Stream2String (s);
Assert.AreEqual ("<person>\n <birthplace>Brussels</birthplace>\n</person>", output, "#1");
s.Position = 0;
HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
byte[] digest = hash.ComputeHash (s);
Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2");
X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
SignedXml signedXml = new SignedXml (doc);
signedXml.SigningKey = cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference ();
reference.Uri = "";
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
reference.AddTransform (env);
signedXml.AddReference (reference);
KeyInfo keyInfo = new KeyInfo ();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
x509KeyInfo.AddCertificate (cert);
keyInfo.AddClause (x509KeyInfo);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature ();
digest = reference.DigestValue;
Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");
Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"
+ "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
+ "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
+ "<Reference URI=\"\">"
+ "<Transforms>"
+ "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
+ "</Transforms>"
+ "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
+ "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
+ "</Reference>"
+ "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
}
// creates a signed XML document with two certificates in the X509Data
// element, with the second being the one that should be used to verify
// the signature
static XmlDocument CreateSignedXml (X509Certificate2 cert, string canonicalizationMethod, string lineFeed)
{
XmlDocument doc = CreateSomeXml (lineFeed);
SignedXml signedXml = new SignedXml (doc);
signedXml.SigningKey = cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod;
Reference reference = new Reference ();
reference.Uri = "";
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
reference.AddTransform (env);
signedXml.AddReference (reference);
KeyInfo keyInfo = new KeyInfo ();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
x509KeyInfo.AddCertificate (cert);
keyInfo.AddClause (x509KeyInfo);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature ();
XmlElement xmlDigitalSignature = signedXml.GetXml ();
doc.DocumentElement.AppendChild (doc.ImportNode (xmlDigitalSignature, true));
return doc;
}
public void AddCertificate_Null ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
data.AddCertificate (null);
}
public void Complex ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data (cert);
KeyInfoX509Data data2 = new KeyInfoX509Data ();
XmlElement xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
AssertCrypto.AssertEquals ("Certificate[0]", cert, c);
// add a second X.509 certificate
X509Certificate x509 = new X509Certificate (cert2);
data1.AddCertificate (x509);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
c = (data1.Certificates [1] as X509Certificate).GetRawCertData();
Assert.AreEqual (cert2, c, "Certificate[1]");
// add properties from a third X.509 certificate
x509 = new X509Certificate (cert3);
data1.AddIssuerSerial (x509.GetIssuerName (), x509.GetSerialNumberString ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
// TODO: The type of IssuerSerial isn't documented
// X509Certificate doesn't export SubjectKeyId so we must improvise
byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
data1.AddSubjectKeyId (skid);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
Assert.AreEqual (skid, (byte[])data1.SubjectKeyIds[0], "SubjectKeyId");
data1.AddSubjectName (x509.GetName ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
string s = (string) data1.SubjectNames [0];
Assert.AreEqual (x509.GetName (), s, "SubjectName");
}
public void WriteContentsTo (
AddressingVersion addressingVersion,
XmlDictionaryWriter writer)
{
if (writer == null)
throw new ArgumentNullException ("writer");
#if NET_2_1
writer.WriteString (Uri.AbsoluteUri);
#else
if (addressingVersion == AddressingVersion.None)
writer.WriteString (Uri.AbsoluteUri);
else {
writer.WriteStartElement ("Address", addressingVersion.Namespace);
writer.WriteString (Uri.AbsoluteUri);
writer.WriteEndElement ();
if (Headers != null)
foreach (AddressHeader ah in Headers)
ah.WriteAddressHeader (writer);
if (Identity == null)
return;
writer.WriteStartElement ("Identity", Constants.WsaIdentityUri);
X509CertificateEndpointIdentity x509 =
Identity as X509CertificateEndpointIdentity;
if (x509 != null) {
KeyInfo ki = new KeyInfo ();
KeyInfoX509Data x = new KeyInfoX509Data ();
foreach (X509Certificate2 cert in x509.Certificates)
x.AddCertificate (cert);
ki.AddClause (x);
ki.GetXml ().WriteTo (writer);
} else {
DataContractSerializer ds = new DataContractSerializer (Identity.IdentityClaim.GetType ());
ds.WriteObject (writer, Identity.IdentityClaim);
}
writer.WriteEndElement ();
}
#endif
}
void IXmlSerializable.WriteXml (XmlWriter writer)
{
if (writer == null)
throw new ArgumentNullException ("writer");
writer.WriteStartElement ("Address", Constants.WsaNamespace);
writer.WriteString (address.Uri.AbsoluteUri);
writer.WriteEndElement ();
if (address.Identity == null)
return;
if (address.Headers != null)
foreach (AddressHeader ah in address.Headers)
ah.WriteAddressHeader (writer);
writer.WriteStartElement ("Identity", Constants.WsaIdentityUri);
#if !NET_2_1
X509CertificateEndpointIdentity x509 =
address.Identity as X509CertificateEndpointIdentity;
if (x509 != null) {
KeyInfo ki = new KeyInfo ();
KeyInfoX509Data x = new KeyInfoX509Data ();
foreach (X509Certificate2 cert in x509.Certificates)
x.AddCertificate (cert);
ki.AddClause (x);
ki.GetXml ().WriteTo (writer);
} else {
DataContractSerializer ds = new DataContractSerializer (address.Identity.IdentityClaim.GetType ());
ds.WriteObject (writer, address.Identity.IdentityClaim);
}
#endif
writer.WriteEndElement ();
}
public void AddCertificate_Null_GetXml ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
data.AddCertificate (null);
XmlElement empty = data.GetXml ();
}
// Creates a KeyInfo from the supplied X.509 certificate
private static KeyInfo CreateKeyInfo(X509Certificate2 x509Certificate)
{
KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data();
keyInfoX509Data.AddCertificate(x509Certificate);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoX509Data);
return keyInfo;
}
private void AddCertificateInfoToSignature(XadesSignedXml xadesSignedXml, SignatureParameters parameters)
{
var key = parameters.SigningCertificate.GetPublicKey();
if (key is RsaKeyParameters)
{
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
RSAParameters RSAKeyInfo = new RSAParameters();
//Set RSAKeyInfo to the public key values.
RSAKeyInfo.Modulus = ((RsaKeyParameters)key).Modulus.ToByteArray();
RSAKeyInfo.Exponent = ((RsaKeyParameters)key).Exponent.ToByteArray();
rsaKey.ImportParameters(RSAKeyInfo);
xadesSignedXml.SigningKey = rsaKey;
KeyInfo keyInfo = new KeyInfo();
// ETSI TS 103 171 V2.1.1
// 6.2.1 Placement of the signing certificate
// "b) In order to facilitate path-building, generators should include in the same ds:KeyInfo/X509Data element as
// in note a) all certificates not available to verifiers that can be used during path building."
//keyInfo.AddClause(new KeyInfoX509Data(this.certificate));
{
KeyInfoX509Data x509Data = new KeyInfoX509Data();
foreach (X509Certificate cert in parameters.CertificateChain)
{
x509Data.AddCertificate(DotNetUtilities.ToX509Certificate2(cert));
//TODO jbonilla validar más de uno?
//break;
}
keyInfo.AddClause(x509Data);
}
keyInfo.AddClause(new RSAKeyValue(rsaKey));
xadesSignedXml.KeyInfo = keyInfo;
}
else
{
throw new ArgumentException("Only allowed RsaKeyParameters", "key");
}
}
