public void XadesT()
{
X509Certificate2 sign;
using (var readers = new Readers(ReaderScope.User))
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
var target = (EidCard)readers.ListCards().Where(c => c is EidCard).FirstOrDefault();
Assert.True(target != null, "No eid inserted, please insert (test) eid");
target.Open();
store.Open(OpenFlags.ReadOnly);
sign = store.Certificates.Find(X509FindType.FindByThumbprint, target.SignCert.Thumbprint, false)[0];
}
var document = new XmlDocument();
document.PreserveWhitespace = true;
document.Load(@"data\basic.xml");
var xsigner = new XadesCreator(sign, true);
xsigner.TimestampProvider = new Rfc3161TimestampProvider();
var xades = xsigner.CreateXadesT(document, "_1");
document.DocumentElement.AppendChild(xades);
// Output for reading
MemoryStream stream = new MemoryStream();
using (var writer = XmlWriter.Create(stream))
{
document.WriteTo(writer);
}
stream.Seek(0, SeekOrigin.Begin);
var signed = new XmlDocument();
signed.PreserveWhitespace = true;
signed.Load(stream);
var xerifier = new XadesVerifier();
var info = xerifier.Verify(signed, (XmlElement)XadesTools.FindXadesProperties(signed)[0]);
Assert.NotNull(info);
Assert.NotNull(info.Certificate);
Assert.Equal(sign, info.Certificate);
Assert.Equal(XadesForm.XadesBes, info.Form);
Assert.NotNull(info.Time);
Assert.True((DateTimeOffset.Now - info.Time.Value) < new TimeSpan(0, 5, 0));
}
public void RoundTestXadesTViaFedict()
{
var xigner = new XadesCreator(sign, true, extraCerts);
xigner.TimestampProvider = new Rfc3161TimestampProvider();
xigner.DataTransforms.Add(new XmlDsigBase64Transform());
xigner.DataTransforms.Add(new OptionalDeflateTransform());
var xades = xigner.CreateXadesT(document, "_D4840C96-8212-491C-9CD9-B7144C1AD450");
//Output for debugging
var xml = new StringBuilder();
var writerSettings = new XmlWriterSettings
{
Indent = true
};
using (var writer = XmlWriter.Create(xml, writerSettings))
{
xades.WriteTo(writer);
}
System.Console.WriteLine(xml.ToString());
//Output for reading
MemoryStream stream = new MemoryStream();
using (var writer = XmlWriter.Create(stream))
{
xades.WriteTo(writer);
}
stream.Seek(0, SeekOrigin.Begin);
var xades2 = new XmlDocument();
xades2.PreserveWhitespace = true;
xades2.Load(stream);
var xerifier = new XadesVerifier();
var info = xerifier.Verify(document, (XmlElement)XadesTools.FindXadesProperties(xades2)[0]);
Assert.NotNull(info);
Assert.NotNull(info.Certificate);
Assert.Equal(sign, info.Certificate);
Assert.Equal(XadesForm.XadesBes | XadesForm.XadesT, info.Form);
Assert.NotNull(info.Time);
Assert.True((DateTimeOffset.Now - info.Time.Value) < new TimeSpan(0, 5, 0));
Assert.Empty(info.ManifestResult);
}
public void RountTestXadesTFullDoc()
{
var xigner = new XadesCreator(sign, true, extraCerts);
xigner.TimestampProvider = new EHealthTimestampProvider(tsa);
var xades = xigner.CreateXadesT(document);
var xml = new StringBuilder();
var writerSettings = new XmlWriterSettings
{
Indent = true
};
using (var writer = XmlWriter.Create(xml, writerSettings))
{
xades.WriteTo(writer);
}
System.Console.WriteLine(xml.ToString());
MemoryStream stream = new MemoryStream();
using (var writer = XmlWriter.Create(stream))
{
xades.WriteTo(writer);
}
stream.Seek(0, SeekOrigin.Begin);
var xades2 = new XmlDocument();
xades2.PreserveWhitespace = true;
xades2.Load(stream);
var xerifier = new XadesVerifier();
var info = xerifier.Verify(document, (XmlElement)XadesTools.FindXadesProperties(xades2)[0]);
Assert.NotNull(info);
Assert.NotNull(info.Certificate);
Assert.Equal(sign, info.Certificate);
Assert.Equal(XadesForm.XadesBes | XadesForm.XadesT, info.Form);
Assert.NotNull(info.Time);
Assert.True((DateTimeOffset.Now - info.Time.Value) < new TimeSpan(0, 5, 0));
Assert.Empty(info.ManifestResult);
}
private void DoTest(GenericAsyncClient client, TimeStampAuthorityClient tsaClient)
{
//Create common input with info about the requestor, must match SAML
CommonInputType commonInput = new CommonInputType();
commonInput.InputReference = "TADM1234567890";
commonInput.Request = new RequestType();
commonInput.Request.IsTest = true;
commonInput.Origin = new OrigineType();
commonInput.Origin.Package = new PackageType();
commonInput.Origin.Package.Name = "eH-I Test";
commonInput.Origin.Package.License = new LicenseType();
commonInput.Origin.Package.License.Username = "******"; //provide you own license
commonInput.Origin.Package.License.Password = "******"; //provide your own password
commonInput.Origin.SiteID = "01"; //CareNet Gateway ID.
commonInput.Origin.CareProvider = new CareProviderType();
commonInput.Origin.CareProvider.Nihii = new NihiiType();
commonInput.Origin.CareProvider.Nihii.Quality = "hospital";
commonInput.Origin.CareProvider.Nihii.Value = "71022212000";
commonInput.Origin.CareProvider.Organization = new IdType();
commonInput.Origin.CareProvider.Organization.Nihii = commonInput.Origin.CareProvider.Nihii;
//create blob value
Stream raw = new MemoryStream(Encoding.ASCII.GetBytes(RandomString(1024*1024))); //you might use a file instead
MemoryStream deflated = new MemoryStream();
DeflateStream deflater = new DeflateStream(deflated, CompressionMode.Compress, true);
raw.CopyTo(deflater);
deflater.Flush();
deflater.Close();
//create blob
Blob blob = new Blob();
blob.MessageName = "ADM";
blob.Id = "_" + Guid.NewGuid().ToString();
blob.ContentType = "text/plain";
blob.Value = deflated.ToArray();
//Create Xml with the blob inside it to sign.
XmlDocument signDoc;
using(MemoryStream signDocStream = new MemoryStream()) {
XmlWriter signDocWriter = XmlWriter.Create(signDocStream);
signDocWriter.WriteStartElement("root");
XmlSerializer serializer = new XmlSerializer(typeof(Blob), new XmlRootAttribute("Detail"));
serializer.Serialize(signDocWriter, blob);
signDocWriter.WriteEndElement();
signDocWriter.Flush();
signDocStream.Seek(0, SeekOrigin.Begin);
signDoc = new XmlDocument();
signDoc.PreserveWhitespace = true;
signDoc.Load(signDocStream);
}
//create the xades-t
var xigner = new XadesCreator(sign);
xigner.TimestampProvider = new EHealthTimestampProvider(tsaClient);
xigner.DataTransforms.Add(new XmlDsigBase64Transform());
xigner.DataTransforms.Add(new OptionalDeflateTransform());
XmlElement xades = xigner.CreateXadesT(signDoc, blob.Id);
//conver the xades-t to byte array
MemoryStream xadesSteam = new MemoryStream();
using (var writer = XmlWriter.Create(xadesSteam))
{
xades.WriteTo(writer);
}
//Create the Base64 structure
base64Binary xadesParam = new base64Binary();
xadesParam.contentType = "text/xml";
xadesParam.Value = xadesSteam.ToArray();
//Send the message
Thread.Sleep(1000); //sleep to let the eID recover :(
TAck nipAck = client.post(commonInput, blob, xadesParam);
//check if the messages was correctly send
Assert.AreEqual("urn:nip:tack:result:major:success", nipAck.ResultMajor);
//Get any waiting responses
MsgQuery msgQuery = new MsgQuery();
msgQuery.Max = 1; //best to specify to avoid quota exceeds or memory issues
msgQuery.Include = true;
Query tackQuery = new Query();
tackQuery.Max = 10; //best to specify, but since they are smaller we can handle more
tackQuery.Include = true;
//Get the messages & tACK
Thread.Sleep(1000); //sleep to let the eID recover :(
Responses rsp = client.get(commonInput.Origin, msgQuery, tackQuery);
//Collect the hash values of the messages & the tack
//Should be a list of bytes arrays, but WCF isn't that smart so you need to do the encoding (base64, sperated by spaces)
StringBuilder msgHashValues = new StringBuilder();
if (rsp.MsgResponse != null)
{
foreach (MsgResponse msgRsp in rsp.MsgResponse)
{
//Parse the xades, and rework it to a doc that contains the detail & xades.
XmlDocument verifyDoc;
using (MemoryStream verifyDocStream = new MemoryStream())
{
//Create new doc with element root
XmlWriter verifyDocWriter = XmlWriter.Create(verifyDocStream);
verifyDocWriter.WriteStartElement("root", "urn:dummy");
//Add blob (detail)
XmlSerializer serializer = new XmlSerializer(typeof(Blob), "urn:be:cin:types:v1");
serializer.Serialize(verifyDocWriter, msgRsp.Detail);
//Add xades-T
XmlDocument xadesDoc = new XmlDocument();
xadesDoc.PreserveWhitespace = true;
xadesDoc.Load(new MemoryStream(msgRsp.Xadest.Value));
xadesDoc.DocumentElement.WriteTo(verifyDocWriter);
verifyDocWriter.WriteEndElement();
verifyDocWriter.Flush();
//Reload the result
verifyDocStream.Seek(0, SeekOrigin.Begin);
verifyDoc = new XmlDocument();
verifyDoc.PreserveWhitespace = true;
verifyDoc.Load(verifyDocStream);
//Validate the doc
XmlElement prop = (XmlElement) XadesTools.FindXadesProperties(verifyDoc.DocumentElement)[0];
XadesVerifier verifier = new XadesVerifier();
verifier.RevocationMode = X509RevocationMode.NoCheck; //only for testing
verifier.TrustedTsaCerts.Add(tsaTrust);
SignatureInfo info = verifier.Verify(verifyDoc, prop);
//check info (time & certificate) to your own rules.
}
if (msgHashValues.Length != 0) msgHashValues.Append(" ");
msgHashValues.Append(Convert.ToBase64String(msgRsp.Detail.HashValue));
}
}
List<String> resend = new List<string>();
StringBuilder tackContents = new StringBuilder();
if (rsp.TAckResponse != null)
{
foreach (TAckResponse tackRsp in rsp.TAckResponse)
{
//Parse the xades, and rework it to a doc that contains the detail & xades.
XmlDocument verifyDoc;
using (MemoryStream verifyDocStream = new MemoryStream())
{
//Create new doc with element root
XmlWriter verifyDocWriter = XmlWriter.Create(verifyDocStream);
verifyDocWriter.WriteStartElement("root", "urn:dummy");
//Add blob (detail)
XmlSerializer serializer = new XmlSerializer(typeof(TAck), "urn:be:cin:nip:async:generic");
serializer.Serialize(verifyDocWriter, tackRsp.TAck);
//Add xades-T
XmlDocument xadesDoc = new XmlDocument();
xadesDoc.PreserveWhitespace = true;
xadesDoc.Load(new MemoryStream(tackRsp.Xadest.Value));
xadesDoc.DocumentElement.WriteTo(verifyDocWriter);
verifyDocWriter.WriteEndElement();
verifyDocWriter.Flush();
//Reload the result
verifyDocStream.Seek(0, SeekOrigin.Begin);
verifyDoc = new XmlDocument();
verifyDoc.PreserveWhitespace = true;
verifyDoc.Load(verifyDocStream);
//Validate the doc
XmlElement prop = (XmlElement)XadesTools.FindXadesProperties(verifyDoc.DocumentElement)[0];
XadesVerifier verifier = new XadesVerifier();
verifier.RevocationMode = X509RevocationMode.NoCheck; //only for testing
verifier.TrustedTsaCerts.Add(tsaTrust);
SignatureInfo info = verifier.Verify(verifyDoc, prop);
//check info (time & certificate) to your own rules.
}
//send failed, resend later.
if ("urn:nip:tack:result:major:success" != tackRsp.TAck.ResultMajor)
{
resend.Add(tackRsp.TAck.AppliesTo);
}
if (tackContents.Length != 0) tackContents.Append(" ");
tackContents.Append(Convert.ToBase64String(tackRsp.TAck.Value)); //the content of the tAck is already a hash...
}
}
//Confirm the received messages & tack
Thread.Sleep(1000); //sleep to let the eID recover :(
client.confirm(commonInput.Origin, msgHashValues.ToString(), tackContents.ToString());
//We should not have anything to resend
Assert.AreEqual(0, resend.Count);
}
private void DoTest(GenericAsyncClient client, TimeStampAuthorityClient tsaClient)
{
//Create common input with info about the requestor, must match SAML
CommonInputType commonInput = new CommonInputType();
commonInput.InputReference = "TADM1234567890";
commonInput.Request = new RequestType();
commonInput.Request.IsTest = true;
commonInput.Origin = new OrigineType();
commonInput.Origin.Package = new PackageType();
commonInput.Origin.Package.Name = "eH-I Test";
commonInput.Origin.Package.License = new LicenseType();
commonInput.Origin.Package.License.Username = "******"; //provide you own license
commonInput.Origin.Package.License.Password = "******"; //provide your own password
commonInput.Origin.SiteID = "01"; //CareNet Gateway ID.
commonInput.Origin.CareProvider = new CareProviderType();
commonInput.Origin.CareProvider.Nihii = new NihiiType();
commonInput.Origin.CareProvider.Nihii.Quality = "hospital";
commonInput.Origin.CareProvider.Nihii.Value = "71022212000";
commonInput.Origin.CareProvider.Organization = new IdType();
commonInput.Origin.CareProvider.Organization.Nihii = commonInput.Origin.CareProvider.Nihii;
//create blob value
Stream raw = new MemoryStream(Encoding.ASCII.GetBytes(RandomString(1024 * 1024))); //you might use a file instead
MemoryStream deflated = new MemoryStream();
DeflateStream deflater = new DeflateStream(deflated, CompressionMode.Compress, true);
raw.CopyTo(deflater);
deflater.Flush();
deflater.Close();
//create blob
Blob blob = new Blob();
blob.MessageName = "ADM";
blob.Id = "_" + Guid.NewGuid().ToString();
blob.ContentType = "text/plain";
blob.Value = deflated.ToArray();
//Create Xml with the blob inside it to sign.
XmlDocument signDoc;
using (MemoryStream signDocStream = new MemoryStream()) {
XmlWriter signDocWriter = XmlWriter.Create(signDocStream);
signDocWriter.WriteStartElement("root");
XmlSerializer serializer = new XmlSerializer(typeof(Blob), new XmlRootAttribute("Detail"));
serializer.Serialize(signDocWriter, blob);
signDocWriter.WriteEndElement();
signDocWriter.Flush();
signDocStream.Seek(0, SeekOrigin.Begin);
signDoc = new XmlDocument();
signDoc.PreserveWhitespace = true;
signDoc.Load(signDocStream);
}
//create the xades-t
var xigner = new XadesCreator(sign);
xigner.TimestampProvider = new EHealthTimestampProvider(tsaClient);
xigner.DataTransforms.Add(new XmlDsigBase64Transform());
xigner.DataTransforms.Add(new OptionalDeflateTransform());
XmlElement xades = xigner.CreateXadesT(signDoc, blob.Id);
//conver the xades-t to byte array
MemoryStream xadesSteam = new MemoryStream();
using (var writer = XmlWriter.Create(xadesSteam))
{
xades.WriteTo(writer);
}
//Create the Base64 structure
base64Binary xadesParam = new base64Binary();
xadesParam.contentType = "text/xml";
xadesParam.Value = xadesSteam.ToArray();
//Send the message
Thread.Sleep(1000); //sleep to let the eID recover :(
TAck nipAck = client.post(commonInput, blob, xadesParam);
//check if the messages was correctly send
Assert.AreEqual("urn:nip:tack:result:major:success", nipAck.ResultMajor);
//Get any waiting responses
MsgQuery msgQuery = new MsgQuery();
msgQuery.Max = 1; //best to specify to avoid quota exceeds or memory issues
msgQuery.Include = true;
Query tackQuery = new Query();
tackQuery.Max = 10; //best to specify, but since they are smaller we can handle more
tackQuery.Include = true;
//Get the messages & tACK
Thread.Sleep(1000); //sleep to let the eID recover :(
Responses rsp = client.get(commonInput.Origin, msgQuery, tackQuery);
//Collect the hash values of the messages & the tack
//Should be a list of bytes arrays, but WCF isn't that smart so you need to do the encoding (base64, sperated by spaces)
StringBuilder msgHashValues = new StringBuilder();
if (rsp.MsgResponse != null)
{
foreach (MsgResponse msgRsp in rsp.MsgResponse)
{
//Parse the xades, and rework it to a doc that contains the detail & xades.
XmlDocument verifyDoc;
using (MemoryStream verifyDocStream = new MemoryStream())
{
//Create new doc with element root
XmlWriter verifyDocWriter = XmlWriter.Create(verifyDocStream);
verifyDocWriter.WriteStartElement("root", "urn:dummy");
//Add blob (detail)
XmlSerializer serializer = new XmlSerializer(typeof(Blob), "urn:be:cin:types:v1");
serializer.Serialize(verifyDocWriter, msgRsp.Detail);
//Add xades-T
XmlDocument xadesDoc = new XmlDocument();
xadesDoc.PreserveWhitespace = true;
xadesDoc.Load(new MemoryStream(msgRsp.Xadest.Value));
xadesDoc.DocumentElement.WriteTo(verifyDocWriter);
verifyDocWriter.WriteEndElement();
verifyDocWriter.Flush();
//Reload the result
verifyDocStream.Seek(0, SeekOrigin.Begin);
verifyDoc = new XmlDocument();
verifyDoc.PreserveWhitespace = true;
verifyDoc.Load(verifyDocStream);
//Validate the doc
XmlElement prop = (XmlElement)XadesTools.FindXadesProperties(verifyDoc.DocumentElement)[0];
XadesVerifier verifier = new XadesVerifier();
verifier.RevocationMode = X509RevocationMode.NoCheck; //only for testing
verifier.TrustedTsaCerts.Add(tsaTrust);
SignatureInfo info = verifier.Verify(verifyDoc, prop);
//check info (time & certificate) to your own rules.
}
if (msgHashValues.Length != 0)
{
msgHashValues.Append(" ");
}
msgHashValues.Append(Convert.ToBase64String(msgRsp.Detail.HashValue));
}
}
List <String> resend = new List <string>();
StringBuilder tackContents = new StringBuilder();
if (rsp.TAckResponse != null)
{
foreach (TAckResponse tackRsp in rsp.TAckResponse)
{
//Parse the xades, and rework it to a doc that contains the detail & xades.
XmlDocument verifyDoc;
using (MemoryStream verifyDocStream = new MemoryStream())
{
//Create new doc with element root
XmlWriter verifyDocWriter = XmlWriter.Create(verifyDocStream);
verifyDocWriter.WriteStartElement("root", "urn:dummy");
//Add blob (detail)
XmlSerializer serializer = new XmlSerializer(typeof(TAck), "urn:be:cin:nip:async:generic");
serializer.Serialize(verifyDocWriter, tackRsp.TAck);
//Add xades-T
XmlDocument xadesDoc = new XmlDocument();
xadesDoc.PreserveWhitespace = true;
xadesDoc.Load(new MemoryStream(tackRsp.Xadest.Value));
xadesDoc.DocumentElement.WriteTo(verifyDocWriter);
verifyDocWriter.WriteEndElement();
verifyDocWriter.Flush();
//Reload the result
verifyDocStream.Seek(0, SeekOrigin.Begin);
verifyDoc = new XmlDocument();
verifyDoc.PreserveWhitespace = true;
verifyDoc.Load(verifyDocStream);
//Validate the doc
XmlElement prop = (XmlElement)XadesTools.FindXadesProperties(verifyDoc.DocumentElement)[0];
XadesVerifier verifier = new XadesVerifier();
verifier.RevocationMode = X509RevocationMode.NoCheck; //only for testing
verifier.TrustedTsaCerts.Add(tsaTrust);
SignatureInfo info = verifier.Verify(verifyDoc, prop);
//check info (time & certificate) to your own rules.
}
//send failed, resend later.
if ("urn:nip:tack:result:major:success" != tackRsp.TAck.ResultMajor)
{
resend.Add(tackRsp.TAck.AppliesTo);
}
if (tackContents.Length != 0)
{
tackContents.Append(" ");
}
tackContents.Append(Convert.ToBase64String(tackRsp.TAck.Value)); //the content of the tAck is already a hash...
}
}
//Confirm the received messages & tack
Thread.Sleep(1000); //sleep to let the eID recover :(
client.confirm(commonInput.Origin, msgHashValues.ToString(), tackContents.ToString());
//We should not have anything to resend
Assert.AreEqual(0, resend.Count);
}