static void Main(string[] args) { foreach (var xml in xmlList) { var xmlDocument = new XmlDocument(); xmlDocument.LoadXml(xml); Console.WriteLine("===> ORIGINAL <===="); Console.WriteLine(xmlDocument.InnerXml); Console.WriteLine("===> C14N <===="); var transformXml = new XmlDsigExcC14NTransform(); transformXml.LoadInput(xmlDocument); var stream = transformXml.GetOutput(typeof(Stream)) as Stream; var reader = new StreamReader(stream); Console.WriteLine(reader.ReadToEnd()); Console.WriteLine("===> C14N#WithComments <===="); transformXml = new XmlDsigExcC14NTransform(true); transformXml.LoadInput(xmlDocument); stream = transformXml.GetOutput(typeof(Stream)) as Stream; reader = new StreamReader(stream); Console.WriteLine(reader.ReadToEnd()); Console.WriteLine(); } }
public static string GetDocument(SignedXmlDocument doc) { Transform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(doc.Document.GetXmlDocument()); return(new StreamReader((MemoryStream)transform.GetOutput()).ReadToEnd()); }
public string CanonicalizeXml(string xml) { var document = new XmlDocument { PreserveWhitespace = false }; document.LoadXml(xml); var nodes = document.SelectNodes("/descendant-or-self::node() | //@* | //namespace::*"); Debug.Assert(nodes != null, "nodes != null"); // // Canonicalize the document. // <node /> expands to <node></node>, attributes are placed into // alphabetical order, etc. // var transform = new XmlDsigExcC14NTransform(); transform.LoadInput(nodes); using (var stream = (MemoryStream)transform.GetOutput(typeof(Stream))) { using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } } }
private object UseXmlDocumentTransform(Type type) { var innerTransform = new XmlDsigExcC14NTransform(); innerTransform.LoadInput(this._inputStream); return(innerTransform.GetOutput(type)); }
public byte[] CanonicalizeUsingClrLibrary(object input) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(_includeComments, _inclusivePrefixes); t.LoadInput(input); MemoryStream s = (MemoryStream)t.GetOutput(typeof(Stream)); return(s.ToArray()); }
string C14N(string xml) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); XmlDocument doc = new XmlDocument(); doc.LoadXml(xml); t.LoadInput(doc); return(new StreamReader(t.GetOutput() as Stream).ReadToEnd()); }
public void StoreMessage(XmlReader reader) { doc.RemoveAll(); doc.AppendChild(doc.ReadNode(reader)); t.LoadInput(doc); MemoryStream s = (MemoryStream)t.GetOutput(); byte [] bytes = s.ToArray(); stream.Write(bytes, 0, bytes.Length); }
/// <summary> /// Add a timestamp to the signature, complaint with the XAdES-T 1.3.1 standard. /// </summary> /// <remarks> /// Requires a Timestamp Provider <see cref="XadesCreator.TimestampProvider"/> /// </remarks> /// <param name="signature">The signature to extend</param> /// <exception cref="ArgumentNullException">When the signature is null</exception> /// <exception cref="InvalidOperationException">When no timestamp provider is set</exception> public void ExtendToXadesT(ref XmlElement signature) { if (signature == null) { throw new ArgumentNullException("signature", "A signature is required"); } if (TimestampProvider == null) { throw new InvalidOperationException("The timestamp provider is required for XAdES-T"); } var timestamp = new XmlDocument(); timestamp.Load(Assembly.GetExecutingAssembly().GetManifestResourceStream("IM.Xades.Resources.Timestamp.xml")); var timestampValue = (XmlElement)timestamp.SelectSingleNode("//xades:EncapsulatedTimeStamp", nsMgr); XmlNode sigValue = signature.SelectSingleNode("./ds:SignatureValue", nsMgr); //Serialize because the C14N overloads wich accepts lists is totaly wrong (it C14N's the document) MemoryStream stream = new MemoryStream(); using (var writer = XmlWriter.Create(stream)) { sigValue.WriteTo(writer); } stream.Seek(0, SeekOrigin.Begin); //Canocalize the signature value XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(stream); var canonicalized = (Stream)transform.GetOutput(typeof(Stream)); //hash the canocalized version SHA256 sha256 = SHA256.Create(); byte[] hashed = sha256.ComputeHash(canonicalized); //Get the timestamp. byte[] timestampHash = TimestampProvider.GetTimestampFromDocumentHash(hashed, "http://www.w3.org/2001/04/xmlenc#sha256"); timestampValue.InnerText = Convert.ToBase64String(timestampHash); var qProps = (XmlElement)signature.SelectSingleNode("./ds:Object/xades:QualifyingProperties", nsMgr); var unsignedProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedProperties", Extra.XadesTools.NS); qProps.AppendChild(unsignedProps); var unsignedSigProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedSignatureProperties", Extra.XadesTools.NS); unsignedProps.AppendChild(unsignedSigProps); var imported = unsignedSigProps.OwnerDocument.ImportNode(timestamp.DocumentElement, true); unsignedSigProps.AppendChild(imported); }
void AppendNegotiationMessageXml(XmlReader reader, TlsServerSessionInfo tlsInfo) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; reader.MoveToContent(); doc.AppendChild(doc.ReadNode(reader)); t.LoadInput(doc); MemoryStream stream = (MemoryStream)t.GetOutput(); byte [] bytes = stream.ToArray(); tlsInfo.Messages.Write(bytes, 0, bytes.Length); }
/// <summary> /// Выполнить каноникализацию XML-узла /// </summary> /// <param name="node"> /// Узел /// </param> /// <returns> /// Каноникализированный XM-текст /// </returns> public static string Canonicalize(this XmlNode node) { var transform = new XmlDsigExcC14NTransform(); var document = new XmlDocument(); document.LoadXml(node.OuterXml); transform.LoadInput(document); using (var stream = (Stream)transform.GetOutput()) using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } }
public Stream CanonicalizeNode(XmlElement nodeToCanon) { XmlNode node = (XmlNode)nodeToCanon; XmlNodeReader reader = new XmlNodeReader(node); Stream stream = new MemoryStream(); XmlWriter writer = new XmlTextWriter(stream, Encoding.UTF8); writer.WriteNode(reader, false); writer.Flush(); stream.Position = 0; XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(stream); return(transform.GetOutput() as Stream); }
private byte[] GetSignedInfoForVerification(XmlElement si) { XmlDsigExcC14NTransform canon = new XmlDsigExcC14NTransform(false); XmlDocument d = new XmlDocument(); d.AppendChild(d.ImportNode(si, true)); canon.LoadInput(d); byte[] csi; using (MemoryStream ms = new MemoryStream()) { ((Stream)canon.GetOutput()).CopyTo(ms); csi = ms.GetBuffer(); } return(csi); }
public void SimpleNamespacePrefixes() { string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>"; string expected = @"<a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action>"; XmlDocument doc = new XmlDocument(); doc.LoadXml(input); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); t.LoadInput(doc); Stream s = t.GetOutput() as Stream; Assert.Equal(new StreamReader(s, Encoding.UTF8).ReadToEnd(), expected); }
public void PropagatedNamespaces() { XmlDocument doc = new XmlDocument(); doc.AppendChild(doc.CreateElement("foo", "urn:foo")); doc.DocumentElement.AppendChild(doc.CreateElement("bar", "urn:bar")); Assert.AreEqual(String.Empty, doc.DocumentElement.GetAttribute("xmlns:f"), "#1"); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); t.LoadInput(doc); t.PropagatedNamespaces.Add("f", "urn:foo"); t.PropagatedNamespaces.Add("b", "urn:bar"); Stream s = t.GetOutput() as Stream; Assert.AreEqual(new StreamReader(s, Encoding.UTF8).ReadToEnd(), "<f:foo xmlns:f=\"urn:foo\"><b:bar xmlns:b=\"urn:bar\"></b:bar></f:foo>"); Assert.AreEqual("urn:foo", doc.DocumentElement.GetAttribute("xmlns:f"), "#2"); }
public void Test(SignedXmlDocument doc) { Console.WriteLine("================== Certificate Test =================="); var certVipNet = doc.CertificateValue.Value; var result = doc.CertificateValue.Value == Convert.ToBase64String(Certificate.GetRawCertData()); Console.WriteLine("Test done: {0}", result); Console.WriteLine("======================================================"); Console.WriteLine("================ Canonicalization Test ================"); var doc2 = doc.Document.GetXmlDocument(); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); var bodyNode = doc.Body.GetXmlNode(); t.LoadInput(bodyNode); Stream canonicalXmlStream = (MemoryStream)t.GetOutput(typeof(Stream)); var canonicalXml = new StreamReader(canonicalXmlStream).ReadToEnd(); var t2 = new XmlDsigC14NTransform(); t2.LoadInput(doc.Body.GetXmlNode()); Stream canonicalXmlStream2 = (MemoryStream)t2.GetOutput(typeof(Stream)); var canonicalXml2 = new StreamReader(canonicalXmlStream2).ReadToEnd(); Console.WriteLine(canonicalXml == canonicalXml2); Console.WriteLine(canonicalXml); Console.WriteLine("======================================================"); var signedXml = new SignedXml(doc2); var reference = new Reference("#body"); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); Hash hash = new VipNetCrytoProvider().HashData(canonicalXml); Console.WriteLine(hash.Base64); Console.WriteLine(hash.Hex); Console.WriteLine("CorrectHashExample: {0}", CorrectHashExample); Console.WriteLine("CorrectHashExampleHex: {0}", Convert.FromBase64String(CorrectHashExample).ByteArrayToString()); }
private void VerifyGivenDigest(Verification v, XmlElement si) { StringBuilder sb = new StringBuilder(); XmlWriterSettings settings = new XmlWriterSettings { Indent = false, CloseOutput = true, Encoding = Encoding.UTF8, NewLineChars = "\n" }; XmlWriter xw = XmlWriter.Create(sb, settings); fragmentExtractor.Transform(XmlReader.Create(new StringReader(v.GetParentPrescription().OuterXml)), null, xw); XmlDocument fragments = new XmlDocument(); fragments.LoadXml(sb.ToString()); XmlDsigExcC14NTransform canon = new XmlDsigExcC14NTransform(false); canon.LoadInput(fragments); StreamReader sr = new StreamReader((Stream)canon.GetOutput()); string xf = sr.ReadToEnd(); byte[] fragmentHash; if (v.HasSHA256Hash) { fragmentHash = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(xf)); } else { fragmentHash = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(xf)); } string fh64 = Convert.ToBase64String(fragmentHash); XmlNodeList nl = si.GetElementsByTagName("DigestValue", "http://www.w3.org/2000/09/xmldsig#"); if (nl.Count == 0) { throw new Exception("DigestValue element not found"); } string c = ((XmlElement)nl.Item(0)).InnerText; if (!c.Equals(fh64)) { throw new Exception("Digest match failure"); } }
public static string GetDigestValue_SHA1(string XML, string URI = "infNFe") { XmlDocument docSource = new XmlDocument(); docSource.PreserveWhitespace = false; docSource.LoadXml(XML); var serializer = new XmlDsigExcC14NTransform(); string toBeCanonicalized = docSource.GetElementsByTagName(URI).Item(0).OuterXml; XmlDocument docCanonicalized = new XmlDocument(); docCanonicalized.LoadXml(toBeCanonicalized); serializer.LoadInput(docCanonicalized); string c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd(); var HashAlg = SHA1.Create(); byte[] hash = HashAlg.ComputeHash(Encoding.UTF8.GetBytes(c14n)); var stHash = Convert.ToBase64String(hash); return(stHash); }
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat) { if (oldFormat) { XmlDsigExcC14NTransform excC14Ntransform = new XmlDsigExcC14NTransform(); excC14Ntransform.LoadInput((object)manifestDom); using (SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider()) { byte[] hash = cryptoServiceProvider.ComputeHash((Stream)(excC14Ntransform.GetOutput() as MemoryStream)); if (hash == null) { throw new CryptographicException(-2146869232); } return(hash); } } else { XmlDocument xmlDocument = new XmlDocument(); xmlDocument.PreserveWhitespace = true; using (TextReader input = (TextReader) new StringReader(manifestDom.OuterXml)) { XmlReader reader = XmlReader.Create(input, new XmlReaderSettings() { DtdProcessing = DtdProcessing.Parse }, manifestDom.BaseURI); xmlDocument.Load(reader); } XmlDsigExcC14NTransform excC14Ntransform = new XmlDsigExcC14NTransform(); excC14Ntransform.LoadInput((object)xmlDocument); using (SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider()) { byte[] hash = cryptoServiceProvider.ComputeHash((Stream)(excC14Ntransform.GetOutput() as MemoryStream)); if (hash == null) { throw new CryptographicException(-2146869232); } return(hash); } } }
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat) { if (oldFormat) { XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(manifestDom); using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider()) { byte[] buffer = provider.ComputeHash(transform.GetOutput() as MemoryStream); if (buffer == null) { throw new CryptographicException(-2146869232); } return(buffer); } } XmlDocument document = new XmlDocument { PreserveWhitespace = true }; using (TextReader reader = new StringReader(manifestDom.OuterXml)) { XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Parse }; XmlReader reader2 = XmlReader.Create(reader, settings, manifestDom.BaseURI); document.Load(reader2); } XmlDsigExcC14NTransform transform2 = new XmlDsigExcC14NTransform(); transform2.LoadInput(document); using (SHA1CryptoServiceProvider provider2 = new SHA1CryptoServiceProvider()) { byte[] buffer2 = provider2.ComputeHash(transform2.GetOutput() as MemoryStream); if (buffer2 == null) { throw new CryptographicException(-2146869232); } return(buffer2); } }
private byte[] CanonicalizeSignedInfo(XmlNode signatureElement) { var signedInfoNode = signatureElement.SelectSingleNode("ds:SignedInfo", Manager); var reader = new XmlNodeReader(signedInfoNode); var stream = UnistreamReuse.Create(); var writer = new XmlTextWriter(stream, Encoding.UTF8); writer.WriteNode(reader, false); writer.Flush(); stream.Position = 0; var transform = new XmlDsigExcC14NTransform(); transform.LoadInput(stream); stream.Release(); var signedInfoStream = (Stream)transform.GetOutput(); var signedBytes = new byte[signedInfoStream.Length]; signedInfoStream.Read(signedBytes, 0, signedBytes.Length); return(signedBytes); }
public void PropagatedNamespaces() { XmlDocument doc = new XmlDocument(); doc.AppendChild(doc.CreateElement("foo", "urn:foo")); doc.DocumentElement.AppendChild(doc.CreateElement("bar", "urn:bar")); Assert.Equal(String.Empty, doc.DocumentElement.GetAttribute("xmlns:f")); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); t.LoadInput(doc); t.PropagatedNamespaces.Add("f", "urn:foo"); t.PropagatedNamespaces.Add("b", "urn:bar"); using (Stream s = t.GetOutput() as Stream) using (StreamReader streamReader = new StreamReader(s, Encoding.UTF8)) { string result = streamReader.ReadToEnd(); Assert.Equal(result, "<foo xmlns=\"urn:foo\"><bar xmlns=\"urn:bar\"></bar></foo>"); Assert.Equal("urn:foo", doc.DocumentElement.NamespaceURI); } }
public bool C14NExc() { try { XmlDocument document = new XmlDocument { PreserveWhitespace = false }; document.LoadXml(this.XMLContent); MemoryStream output = new MemoryStream(); XmlWriter w = XmlWriter.Create(output); document.WriteTo(w); w.Flush(); output.Position = 0L; XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(output); this.XMLCanonicalizerResult = ((MemoryStream)transform.GetOutput(typeof(Stream))).ToArray(); return(true); } catch (Exception) { return(false); } }
public SoapSignature BuildSignatureWithEid(SoapEnvelope soapEnvelope, string pin, IBeIdCardConnector connector) { if (soapEnvelope == null) { throw new ArgumentNullException(nameof(soapEnvelope)); } if (string.IsNullOrWhiteSpace(pin)) { throw new ArgumentNullException(nameof(pin)); } if (connector == null) { throw new ArgumentNullException(nameof(connector)); } var serializer = new SoapMessageSerializer(); // Serialize into XML. var xmlDocument = serializer.Serialize(soapEnvelope); string xml = null; using (var strWriter = new StringWriter()) { using (var xmlTextWriter = XmlWriter.Create(strWriter)) { xmlDocument.WriteTo(xmlTextWriter); xmlTextWriter.Flush(); xml = strWriter.GetStringBuilder().ToString(); } } var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable); // 1. Construct the SignedInfo. nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsu, Common.Saml.Constants.XmlNamespaces.Wsu); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.SoapEnv, Common.Saml.Constants.XmlNamespaces.SoapEnvelope); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds); var bodyTokenNode = xmlDocument.SelectSingleNode($"//{Common.Saml.Constants.XmlPrefixes.SoapEnv}:Body", nsmgr); var timeStampNode = xmlDocument.SelectSingleNode($"//{Common.Saml.Constants.XmlPrefixes.Wsu}:Timestamp", nsmgr); var binaryTokenNode = xmlDocument.SelectSingleNode($"//{Common.Saml.Constants.XmlPrefixes.Wsse}:BinarySecurityToken", nsmgr); var timeStampId = timeStampNode.Attributes[$"{Common.Saml.Constants.XmlPrefixes.Wsu}:Id"].Value; var binaryTokenId = binaryTokenNode.Attributes[$"{Common.Saml.Constants.XmlPrefixes.Wsu}:Id"].Value; var bodyTokenId = bodyTokenNode.Attributes[$"{Common.Saml.Constants.XmlPrefixes.Wsu}:Id"].Value; var signatureNode = Canonilize(xml, new[] { timeStampId, binaryTokenId, bodyTokenId }); var c14Serializer = new XmlDsigExcC14NTransform(); // 2. Compute the signature value. var c14Doc = new XmlDocument(); c14Doc.LoadXml(signatureNode.FirstChild.OuterXml); c14Serializer.LoadInput(c14Doc); var c14n = new StreamReader((Stream)c14Serializer.GetOutput(typeof(Stream))).ReadToEnd(); var signedInfoPayload = Encoding.UTF8.GetBytes(c14n); var b64 = Convert.ToBase64String(signedInfoPayload); byte[] hashResult = null; using (var sha = new SHA1CryptoServiceProvider()) { hashResult = sha.ComputeHash(signedInfoPayload); } var b64Hash = Convert.ToBase64String(hashResult); byte[] signatureValue = null; // 3. Construct the result. var certificate = connector.GetAuthenticateCertificate(); var applicationName = "medikit"; var digestAlgo = BeIDDigest.Sha1; var fileType = FileType.NonRepudiationCertificate; var requireSecureReader = false; signatureValue = connector.SignWithNoneRepudationCertificate(hashResult, digestAlgo, requireSecureReader, applicationName, pin); var signatureValueB64 = Convert.ToBase64String(signatureValue); var soapKeyInfo = new SoapKeyInfo(GenerateId("KI"), GenerateId("STR"), $"#{binaryTokenId}"); var result = new SoapSignature(GenerateId("SIG"), signatureValueB64, soapKeyInfo); var referenceNodes = signatureNode.SelectNodes($"//{Common.Saml.Constants.XmlPrefixes.Ds}:Reference", nsmgr); foreach (XmlNode referenceNode in referenceNodes) { var uri = referenceNode.Attributes["URI"].Value; var digestValueNode = referenceNode.SelectSingleNode($"{Common.Saml.Constants.XmlPrefixes.Ds}:DigestValue", nsmgr); result.References.Add(new SoapReference(uri, digestValueNode.InnerText)); } return(result); }
public void WhenAuthenticateUserWithSamlTokenThenNoExceptionIsThrown() { string outerXml; XmlDocument xmlDocument; SoapEnvelope soapEnvelope; var beIdCardConnector = new BeIdCardConnector(); var context = beIdCardConnector.EstablishContext(); var readers = beIdCardConnector.GetReaders(); var connection = beIdCardConnector.Connect(readers.First()); var ehealthSamlTokenRequestBuilder = new EhealthSamlTokenRequestBuilder(); // 1. Construct SAML token. var certificate = beIdCardConnector.GetAuthenticateCertificate(); var tlvParser = new TlvParser(); var identityPayload = beIdCardConnector.GetIdentity(); var addressPayload = beIdCardConnector.GetAddress(); var identity = tlvParser.Parse <Identity>(identityPayload); var address = tlvParser.Parse <Address>(addressPayload); ehealthSamlTokenRequestBuilder.New(certificate).SetIdentity(identity); soapEnvelope = ehealthSamlTokenRequestBuilder.Build(); var signSamlToken = new SignSamlToken(); // 2. Build signature. var signatureNode = signSamlToken.BuildSignatureWithEid(soapEnvelope, "0726", beIdCardConnector); soapEnvelope.Header.Security.Signature = signatureNode; var soapSerializer = new SoapMessageSerializer(); // 3. Serialize the request. xmlDocument = soapSerializer.Serialize(soapEnvelope); outerXml = xmlDocument.OuterXml; beIdCardConnector.Dispose(); var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse); var signatureValue = xmlDocument.SelectSingleNode("//ds:SignatureValue", nsmgr).InnerText; // 5. Check signature value. var binarySecurityToken = xmlDocument.SelectSingleNode("//wsse:BinarySecurityToken", nsmgr).InnerText; var signedInfo = xmlDocument.SelectSingleNode("//ds:SignedInfo", nsmgr).OuterXml; var serializer = new XmlDsigExcC14NTransform(); var doc = new XmlDocument(); doc.LoadXml(signedInfo); serializer.LoadInput(doc); var c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd(); var signedInfoPayload = Encoding.UTF8.GetBytes(c14n); var b64 = Convert.ToBase64String(signedInfoPayload); byte[] hashResult = null; using (var sha = new SHA1CryptoServiceProvider()) { hashResult = sha.ComputeHash(signedInfoPayload); } var b64Hash = Convert.ToBase64String(hashResult); var signature = System.Convert.FromBase64String(signatureValue); var x509Certificate = new X509Certificate2(Convert.FromBase64String(binarySecurityToken)); var publicKey = x509Certificate.GetRSAPublicKey(); var isSignatureCorrect = publicKey.VerifyHash(hashResult, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); Assert.True(isSignatureCorrect); }
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat, bool useSha256) { if (oldFormat) { XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform(); exc.LoadInput(manifestDom); if (useSha256) { using (SHA256CryptoServiceProvider sha2 = new SHA256CryptoServiceProvider()) { byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream); if (hash == null) { throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST); } return(hash); } } else { using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) { byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream); if (hash == null) { throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST); } return(hash); } } } else { #endif // Since the DOM given to us is not guaranteed to be normalized, // we need to normalize it ourselves. Also, we always preserve // white space as Fusion XML engine always preserve white space. XmlDocument normalizedDom = new XmlDocument(); normalizedDom.PreserveWhitespace = true; // Normalize the document using (TextReader stringReader = new StringReader(manifestDom.OuterXml)) { XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Parse; XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI); normalizedDom.Load(reader); } XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform(); exc.LoadInput(normalizedDom); if (useSha256) { using (SHA256CryptoServiceProvider sha2 = new SHA256CryptoServiceProvider()) { byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream); if (hash == null) { throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST); } return(hash); } } else { using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) { byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream); if (hash == null) { throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST); } return(hash); } } #if (true) // BUGBUG: Remove before RTM when old format support is no longer needed. } #endif }
public byte[] ComputeHashValueOfElementList(XmlElement signatureXmlElement, ArrayList elementXpaths) { XmlDocument xmlDocument; XmlNamespaceManager xmlNamespaceManager; XmlNodeList searchXmlNodeList; XmlElement composedXmlElement; XmlDsigExcC14NTransform xmlTransform; Stream canonicalizedStream; //SHA1 sha1Managed; byte[] retVal; xmlDocument = signatureXmlElement.OwnerDocument; composedXmlElement = xmlDocument.CreateElement("ComposedElement", SignedXml.XmlDsigNamespaceUrl); xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable); xmlNamespaceManager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri); foreach (string elementXpath in elementXpaths) { searchXmlNodeList = signatureXmlElement.SelectNodes(elementXpath, xmlNamespaceManager); if (searchXmlNodeList.Count == 0) { throw new CryptographicException("Element " + elementXpath + " not found while calculating hash"); } foreach (XmlNode xmlNode in searchXmlNodeList) { //jbonilla Id attr deprecated //if (((XmlElement)xmlNode).HasAttribute("Id")) //{ // elementIdValues.Add(((XmlElement)xmlNode).Attributes["Id"].Value); // composedXmlElement.AppendChild(xmlNode); //} //else //{ // throw new CryptographicException("Id attribute missing on " + xmlNode.LocalName + " element"); //} composedXmlElement.AppendChild(xmlNode); } } //Initialise the stream to read the node list MemoryStream nodeStream = new MemoryStream(); XmlWriter xw = XmlWriter.Create(nodeStream); composedXmlElement.ChildNodes[0].WriteTo(xw); xw.Flush(); nodeStream.Position = 0; //modificado xmlTransform = new XmlDsigExcC14NTransform(); xmlTransform.LoadInput(nodeStream); canonicalizedStream = (Stream)xmlTransform.GetOutput(typeof(Stream)); //sha1Managed = new SHA1Managed(); //retVal = sha1Managed.ComputeHash(canonicalizedStream); IDigest digest = this.tspSource.GetMessageDigest(); byte[] canonicalizedBytes = Streams.ReadAll(canonicalizedStream); digest.BlockUpdate(canonicalizedBytes, 0, canonicalizedBytes.Length); retVal = DigestUtilities.DoFinal(digest); canonicalizedStream.Close(); return(retVal); }
private static void CheckXmlWellFormed(XmlDocument xmlDocument) { if (xmlDocument == null) { throw new ArgumentNullException(nameof(xmlDocument)); } var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds); nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse); var signatureNode = xmlDocument.SelectSingleNode("//ds:SignatureValue", nsmgr); if (signatureNode == null) { // TODO: Throw an exception. } var binarySecurityTokenNode = xmlDocument.SelectSingleNode("//wsse:BinarySecurityToken", nsmgr); if (binarySecurityTokenNode == null) { // TODO: Throw an exception. } var signedInfoNode = xmlDocument.SelectSingleNode("//ds:SignedInfo", nsmgr); if (signedInfoNode == null) { // TODO : Throw an exception. } var serializer = new XmlDsigExcC14NTransform(); var doc = new XmlDocument(); doc.LoadXml(signedInfoNode.OuterXml); serializer.LoadInput(doc); var c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd(); var signedInfoPayload = Encoding.UTF8.GetBytes(c14n); var b64 = Convert.ToBase64String(signedInfoPayload); byte[] hashResult = null; using (var sha = new SHA1CryptoServiceProvider()) { hashResult = sha.ComputeHash(signedInfoPayload); } var b64Hash = Convert.ToBase64String(hashResult); var signature = System.Convert.FromBase64String(signatureNode.InnerText); var x509Certificate = new X509Certificate2(Convert.FromBase64String(binarySecurityTokenNode.InnerText)); var publicKey = x509Certificate.GetRSAPublicKey(); var isSignatureCorrect = publicKey.VerifyHash(hashResult, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); if (!isSignatureCorrect) { // TODO: Throw an exception. } // TODO: CHECK THE DATE. }
public static void TestC14NInclusivePrefixes() { TestCase tc = TestConfigHelper.GetTest("TestC14NInclusivePrefixes"); int count = 0; foreach (var input in tc.Inputs) { count++; string rwTypeStr = input.Arguments[0].Value; ReaderWriterFactory.ReaderWriterType rwType = (ReaderWriterFactory.ReaderWriterType)Enum.Parse(typeof(ReaderWriterFactory.ReaderWriterType), rwTypeStr, true); Encoding encoding = Encoding.GetEncoding(input.Arguments[1].Value); bool mustSupportV14N = input.Arguments[2].Value.ToLower() == "true"; MemoryStream ms = new MemoryStream(); XmlWriter w = ReaderWriterFactory.CreateXmlWriter(rwType, ms, encoding); XmlDictionaryWriter writer = w as XmlDictionaryWriter; if (writer == null) { writer = XmlDictionaryWriter.CreateDictionaryWriter(w); } if (!writer.CanCanonicalize) { Assert.False(mustSupportV14N, string.Format("Error, writer {0},{1} should support C14N, but it doesn't!", rwTypeStr, encoding.ToString())); continue; } string myDefaultNamespace = "http://mynamespace"; string myNamespace1 = "http://mynamespace1"; string myNamespace2 = "http://mynamespace2"; string myNamespace3 = "http://mynamespace3"; string myNamespace4 = "http://mynamespace4"; writer.WriteStartElement("Root"); writer.WriteXmlnsAttribute("p1", myNamespace1); writer.WriteAttributeString("p1", "a", null, "b"); writer.WriteStartElement("", "Element1", myDefaultNamespace); writer.WriteAttributeString("p3", "c", myNamespace3, "d"); writer.WriteStartElement("Element2"); MemoryStream canonicalStream = new MemoryStream(); writer.StartCanonicalization(canonicalStream, false, new string[] { "p3", "p2", "p1", "" }); writer.WriteStartElement("pre", "Element3", myNamespace2); writer.WriteAttributeString("pre2", "attrName", myNamespace4, "attrValue"); writer.WriteStartElement("Element4", ""); writer.WriteStartAttribute("attr1"); writer.WriteQualifiedName("foo", myNamespace1); writer.WriteEndAttribute(); writer.WriteStartAttribute("attr2"); writer.WriteQualifiedName("bar", myNamespace3); writer.WriteEndAttribute(); writer.WriteString("Hello world"); writer.WriteEndElement(); // Element4 writer.WriteEndElement(); // pre:Element3 writer.EndCanonicalization(); writer.WriteEndElement(); // Element2 writer.WriteEndElement(); // Element1 writer.WriteEndElement(); // Root writer.Flush(); byte[] canonicalDoc = canonicalStream.ToArray(); byte[] fullDoc = ms.ToArray(); writer.Close(); // Finished creating the document XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.InclusiveNamespacesPrefixList = "p3 p2 p1 #default"; transform.LoadInput(new MemoryStream(canonicalDoc)); Stream transformedOutput = transform.GetOutput(typeof(Stream)) as Stream; byte[] outputFromSecurity = StreamToByteArray(transformedOutput); //Finished creating the doc from the security class Helper.DumpToFile(fullDoc); Helper.DumpToFile(canonicalDoc); Helper.DumpToFile(outputFromSecurity); Assert.True(Enumerable.SequenceEqual(outputFromSecurity, canonicalDoc), $"TestC14NInclusivePrefixes test variation #{count} failed"); } }
public static void ReaderWriter_C14N_DifferentReadersWriters() { int count = 0; var params1 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup1"); var params2 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup2"); var params3 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup3"); var params4 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup4"); Transform transform; MemoryStream canonicalStream; MemoryStream ms; Stream transformedOutput; byte[] outputFromSecurity; byte[] outputFromIndigo; //TestC14NInMultipleWriters foreach (var input in params1.Inputs) { foreach (var input2 in params2.Inputs) { foreach (var input3 in params3.Inputs) { count++; string rwTypeStr = input.Arguments[0].Value; ReaderWriterFactory.ReaderWriterType rwType = (ReaderWriterFactory.ReaderWriterType)Enum.Parse(typeof(ReaderWriterFactory.ReaderWriterType), rwTypeStr, true); Encoding encoding = Encoding.GetEncoding((string)input.Arguments[1].Value); string sampleXmlFileName = input2.Arguments[0].Value; bool mustSupportV14N = input.Arguments[2].Value == "true"; string baselineFileName = input2.Arguments[1].Value; bool testWithComments = input3.Arguments[0].Value == "true"; XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; if (testWithComments) { transform = new XmlDsigExcC14NWithCommentsTransform(); } else { transform = new XmlDsigExcC14NTransform(); } xmlDoc.Load(baselineFileName); transform.LoadInput(xmlDoc); transformedOutput = transform.GetOutput(typeof(Stream)) as Stream; outputFromSecurity = StreamToByteArray(transformedOutput); byte[] sampleXmlFileBytes = File.ReadAllBytes(sampleXmlFileName); ms = new MemoryStream(); XmlWriter w = ReaderWriterFactory.CreateXmlWriter(rwType, ms, encoding); canonicalStream = new MemoryStream(); XmlDictionaryWriter dicWriter = w as XmlDictionaryWriter; if (dicWriter == null) { dicWriter = XmlDictionaryWriter.CreateDictionaryWriter(w); } if (!dicWriter.CanCanonicalize) { Assert.False(mustSupportV14N, "Error, writer should support C14N, but it doesn't!"); continue; } dicWriter.WriteStartElement("MyRoot"); dicWriter.StartCanonicalization(canonicalStream, testWithComments, null); FileStream fs = File.OpenRead(sampleXmlFileName); XmlReader webdataReader = XmlReader.Create(fs); CopyXmlToWriter(webdataReader, dicWriter); dicWriter.EndCanonicalization(); dicWriter.WriteEndElement(); dicWriter.Flush(); webdataReader.Close(); fs.Close(); outputFromIndigo = canonicalStream.ToArray(); Helper.DumpToFile(outputFromSecurity); Helper.DumpToFile(outputFromIndigo); Assert.True(Enumerable.SequenceEqual(outputFromSecurity, outputFromIndigo), $"ReaderWriter_C14N_DifferentReadersWriters test variation #{count} failed"); } } } //TestC14NInReader foreach (var input in params4.Inputs) { count++; string sampleXmlFileName = input.Arguments[3].Value; string rwTypeStr = input.Arguments[0].Value; ReaderWriterFactory.ReaderWriterType rwType = (ReaderWriterFactory.ReaderWriterType)Enum.Parse(typeof(ReaderWriterFactory.ReaderWriterType), rwTypeStr, true); Encoding encoding = Encoding.GetEncoding((string)input.Arguments[1].Value); bool mustSupportV14N = input.Arguments[2].Value == "true"; string baselineFileName = "ReaderWriter_C14N_BaselineXML_OnlyLF.xml"; XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; transform = new XmlDsigExcC14NTransform(); xmlDoc.Load(baselineFileName); transform.LoadInput(xmlDoc); transformedOutput = transform.GetOutput(typeof(Stream)) as Stream; outputFromSecurity = StreamToByteArray(transformedOutput); byte[] sampleXmlFileBytes = File.ReadAllBytes(sampleXmlFileName); XmlReader r = ReaderWriterFactory.CreateXmlReader(rwType, sampleXmlFileBytes, encoding); XmlDictionaryReader dicReader = r as XmlDictionaryReader; if (dicReader == null) { dicReader = XmlDictionaryReader.CreateDictionaryReader(r); } canonicalStream = new MemoryStream(); if (!dicReader.CanCanonicalize) { Assert.False(mustSupportV14N, "Error, reader should support C14N, but it doesn't!"); continue; } dicReader.StartCanonicalization(canonicalStream, false, null); canonicalStream.Position = 0; string str = new StreamReader(canonicalStream).ReadToEnd(); canonicalStream.Position = 0; while (dicReader.Read()) { ; // simply read it all into the C14N writer } dicReader.EndCanonicalization(); dicReader.Close(); outputFromIndigo = canonicalStream.ToArray(); Helper.DumpToFile(outputFromSecurity); Helper.DumpToFile(outputFromIndigo); Assert.True(Enumerable.SequenceEqual(outputFromSecurity, outputFromIndigo), $"ReaderWriter_C14N_DifferentReadersWriters test variation #{count} failed"); } //TestC14NWriterWithManyAttributes int numberOfAttributes = 1000; int seed = (int)DateTime.Now.Ticks; Random rndGen = new Random(seed); StringBuilder sb = new StringBuilder(); sb.Append("<Root><Element"); int prefixIndex = 0; for (int i = 0; i < numberOfAttributes; i++) { string namespaceUri = null; string prefix = null; if ((rndGen.Next() % 5) == 0) { prefix = "p" + (prefixIndex++); namespaceUri = "http://namespace_" + i; } string localName = "attr" + i; string value = "attrValue" + i; if (prefix == null) { sb.Append($" {localName}=\"{value}\""); } else { sb.Append($" {prefix}:{localName}=\"{2}\" xmlns:{value}=\"{namespaceUri}\""); } } sb.Append(">Hello world</Element></Root>"); string xmlString = sb.ToString(); XmlDocument doc = new XmlDocument(); doc.LoadXml(xmlString); ms = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(ms); canonicalStream = new MemoryStream(); writer.StartCanonicalization(canonicalStream, false, null); doc.WriteTo(writer); writer.Flush(); writer.EndCanonicalization(); outputFromIndigo = canonicalStream.ToArray(); byte[] nonCanonicalOutput = ms.ToArray(); XmlDsigExcC14NTransform transform2 = new XmlDsigExcC14NTransform(); transform2.LoadInput(doc); transformedOutput = transform2.GetOutput(typeof(Stream)) as Stream; outputFromSecurity = StreamToByteArray(transformedOutput); Helper.DumpToFile(outputFromSecurity); Helper.DumpToFile(outputFromIndigo); Helper.DumpToFile(nonCanonicalOutput); Assert.True(Enumerable.SequenceEqual(outputFromSecurity, outputFromIndigo), $"ReaderWriter_C14N_DifferentReadersWriters test variation #{count} failed"); count++; Assert.Equal(params1.Inputs.Count * params2.Inputs.Count * params3.Inputs.Count + params4.Inputs.Count + 1, count); }