void AssertDecryption1 (string filename) { XmlDocument doc = new XmlDocument (); doc.PreserveWhitespace = true; doc.Load (filename); EncryptedXml encxml = new EncryptedXml (doc); RSACryptoServiceProvider rsa = new X509Certificate2 ("Test/System.Security.Cryptography.Xml/sample.pfx", "mono").PrivateKey as RSACryptoServiceProvider; XmlNamespaceManager nm = new XmlNamespaceManager (doc.NameTable); nm.AddNamespace ("s", "http://www.w3.org/2003/05/soap-envelope"); nm.AddNamespace ("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); nm.AddNamespace ("e", EncryptedXml.XmlEncNamespaceUrl); XmlElement el = doc.SelectSingleNode ("/s:Envelope/s:Header/o:Security/e:EncryptedKey", nm) as XmlElement; EncryptedKey ekey = new EncryptedKey (); ekey.LoadXml (el); byte [] key = rsa.Decrypt (ekey.CipherData.CipherValue, true); Rijndael aes = new RijndaelManaged (); aes.Key = key; aes.Mode = CipherMode.CBC; ArrayList al = new ArrayList (); foreach (XmlElement ed in doc.SelectNodes ("//e:EncryptedData", nm)) al.Add (ed); foreach (XmlElement ed in al) { EncryptedData edata = new EncryptedData (); edata.LoadXml (ed); encxml.ReplaceData (ed, encxml.DecryptData (edata, aes)); } }
public void Decrypt(XmlDocument document, X509Certificate2 encryptionCert) { var assertion = document.FindChild(EncryptedAssertion); if (assertion == null) return; // Not encrypted, shame on them. var data = document.EncryptedChild("EncryptedData"); var keyElement = assertion.EncryptedChild("EncryptedKey"); var encryptedData = new EncryptedData(); encryptedData.LoadXml(data); var encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(keyElement); var encryptedXml = new EncryptedXml(document); // Get encryption secret key used by decrypting with the encryption certificate's private key var secretKey = GetSecretKey(encryptedKey, encryptionCert.PrivateKey); // Seed the decryption algorithm with secret key and then decrypt var algorithm = GetSymmetricBlockEncryptionAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm); algorithm.Key = secretKey; var decryptedBytes = encryptedXml.DecryptData(encryptedData, algorithm); // Put decrypted xml elements back into the document in place of the encrypted data encryptedXml.ReplaceData(assertion, decryptedBytes); }
public void LoadXml () { string xml = "<e:EncryptedKey xmlns:e='http://www.w3.org/2001/04/xmlenc#'><e:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'><DigestMethod xmlns='http://www.w3.org/2000/09/xmldsig#' /></e:EncryptionMethod><KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'><o:SecurityTokenReference xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'><o:Reference URI='#uuid-8a013fe7-86f5-4c11-bf78-61674310679f-1' /></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>LSZFpnTv+vyB5iEdIAR2WGSz6MXF9KqONvkKaNhqLuSmhQ6F7xlqLHeoQjS2XoOTXUhkFcKNF/BUzdMSg9pElJX5hlQQqx7OQS9WAH4mSYG0SAn8wt5CStXf5yjQ5quizXJ/2+zgxnuTITwYR/FRi8L+0GLw6BOu8YaLSZyjZg8=</e:CipherValue></e:CipherData><e:ReferenceList><e:DataReference URI='#_1' /><e:DataReference URI='#_6' /></e:ReferenceList></e:EncryptedKey>"; XmlDocument doc = new XmlDocument (); doc.LoadXml (xml); EncryptedKey ek = new EncryptedKey (); ek.LoadXml (doc.DocumentElement); }
internal static XmlDocument GetPlainAsertion(SecurityTokenResolver securityTokenResolver, XmlElement el) { var encryptedDataElement = GetElement(HttpRedirectBindingConstants.EncryptedData, Saml20Constants.Xenc, el); var encryptedData = new System.Security.Cryptography.Xml.EncryptedData(); encryptedData.LoadXml(encryptedDataElement); var encryptedKey = new System.Security.Cryptography.Xml.EncryptedKey(); var encryptedKeyElement = GetElement(HttpRedirectBindingConstants.EncryptedKey, Saml20Constants.Xenc, el); encryptedKey.LoadXml(encryptedKeyElement); var securityKeyIdentifier = new SecurityKeyIdentifier(); foreach (KeyInfoX509Data v in encryptedKey.KeyInfo) { foreach (X509Certificate2 cert in v.Certificates) { var cl = new X509RawDataKeyIdentifierClause(cert); securityKeyIdentifier.Add(cl); } } var clause = new EncryptedKeyIdentifierClause(encryptedKey.CipherData.CipherValue, encryptedKey.EncryptionMethod.KeyAlgorithm, securityKeyIdentifier); SecurityKey key; var success = securityTokenResolver.TryResolveSecurityKey(clause, out key); if (!success) { throw new InvalidOperationException("Cannot locate security key"); } SymmetricSecurityKey symmetricSecurityKey = key as SymmetricSecurityKey; if (symmetricSecurityKey == null) { throw new InvalidOperationException("Key must be symmentric key"); } SymmetricAlgorithm symmetricAlgorithm = symmetricSecurityKey.GetSymmetricAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm); var encryptedXml = new System.Security.Cryptography.Xml.EncryptedXml(); var plaintext = encryptedXml.DecryptData(encryptedData, symmetricAlgorithm); var assertion = new XmlDocument { PreserveWhitespace = true }; assertion.Load(new StringReader(Encoding.UTF8.GetString(plaintext))); return(assertion); }
// default behaviour is to look for keys defined by an EncryptedKey clause // either directly or through a KeyInfoRetrievalMethod, and key names in the key mapping public virtual SymmetricAlgorithm GetDecryptionKey(EncryptedData encryptedData, string symmetricAlgorithmUri) { if (encryptedData is null) { throw new ArgumentNullException(nameof(encryptedData)); } if (encryptedData.KeyInfo == null) { return(null); } IEnumerator keyInfoEnum = encryptedData.KeyInfo.GetEnumerator(); KeyInfoRetrievalMethod kiRetrievalMethod; KeyInfoName kiName; KeyInfoEncryptedKey kiEncKey; EncryptedKey ek = null; while (keyInfoEnum.MoveNext()) { kiName = keyInfoEnum.Current as KeyInfoName; if (kiName != null) { // Get the decryption key from the key mapping string keyName = kiName.Value; if ((SymmetricAlgorithm)_keyNameMapping[keyName] != null) { return((SymmetricAlgorithm)_keyNameMapping[keyName]); } // try to get it from a CarriedKeyName XmlNamespaceManager nsm = new XmlNamespaceManager(_document.NameTable); nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl); XmlNodeList encryptedKeyList = _document.SelectNodes("//enc:EncryptedKey", nsm); if (encryptedKeyList != null) { foreach (XmlNode encryptedKeyNode in encryptedKeyList) { XmlElement encryptedKeyElement = encryptedKeyNode as XmlElement; EncryptedKey ek1 = new EncryptedKey(); ek1.LoadXml(encryptedKeyElement); if (ek1.CarriedKeyName == keyName && ek1.Recipient == Recipient) { ek = ek1; break; } } } break; } kiRetrievalMethod = keyInfoEnum.Current as KeyInfoRetrievalMethod; if (kiRetrievalMethod != null) { string idref = Utils.ExtractIdFromLocalUri(kiRetrievalMethod.Uri); ek = new EncryptedKey(); ek.LoadXml(GetIdElement(_document, idref)); break; } kiEncKey = keyInfoEnum.Current as KeyInfoEncryptedKey; if (kiEncKey != null) { ek = kiEncKey.EncryptedKey; break; } } // if we have an EncryptedKey, decrypt to get the symmetric key if (ek != null) { // now process the EncryptedKey, loop recursively // If the Uri is not provided by the application, try to get it from the EncryptionMethod if (symmetricAlgorithmUri == null) { if (encryptedData.EncryptionMethod == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm); } symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm; } byte[] key = DecryptEncryptedKey(ek); if (key == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingDecryptionKey); } SymmetricAlgorithm symAlg = CryptoHelpers.CreateFromName <SymmetricAlgorithm>(symmetricAlgorithmUri); if (symAlg == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm); } symAlg.Key = key; return(symAlg); } return(null); }
public override void LoadXml(XmlElement value) { m_encryptedKey = new EncryptedKey(); m_encryptedKey.LoadXml(value); }
public override void LoadXml(XmlElement value) { EncryptedKey = new EncryptedKey(); EncryptedKey.LoadXml(value); }
// Try to decrypt the EncryptedKey given the key mapping public virtual byte[] DecryptEncryptedKey (EncryptedKey encryptedKey) { if (encryptedKey == null) throw new ArgumentNullException("encryptedKey"); if (encryptedKey.KeyInfo == null) return null; IEnumerator keyInfoEnum = encryptedKey.KeyInfo.GetEnumerator(); KeyInfoName kiName; KeyInfoX509Data kiX509Data; KeyInfoRetrievalMethod kiRetrievalMethod; KeyInfoEncryptedKey kiEncKey; EncryptedKey ek = null; bool fOAEP = false; while (keyInfoEnum.MoveNext()) { kiName = keyInfoEnum.Current as KeyInfoName; if (kiName != null) { // Get the decryption key from the key mapping string keyName = kiName.Value; Object kek = m_keyNameMapping[keyName]; if (kek != null) { // kek is either a SymmetricAlgorithm or an RSA key, otherwise, we wouldn't be able to insert it in the hash table if (kek is SymmetricAlgorithm) return EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, (SymmetricAlgorithm) kek); // kek is an RSA key: get fOAEP from the algorithm, default to false fOAEP = (encryptedKey.EncryptionMethod != null && encryptedKey.EncryptionMethod.KeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl); return EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, (RSA) kek, fOAEP); } break; } kiX509Data = keyInfoEnum.Current as KeyInfoX509Data; if (kiX509Data != null) { X509Certificate2Collection collection = Utils.BuildBagOfCerts(kiX509Data, CertUsageType.Decryption); foreach (X509Certificate2 certificate in collection) { RSA privateKey = certificate.PrivateKey as RSA; if (privateKey != null) { fOAEP = (encryptedKey.EncryptionMethod != null && encryptedKey.EncryptionMethod.KeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl); return EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, privateKey, fOAEP); } } break; } kiRetrievalMethod = keyInfoEnum.Current as KeyInfoRetrievalMethod; if (kiRetrievalMethod != null) { string idref = Utils.ExtractIdFromLocalUri(kiRetrievalMethod.Uri); ek = new EncryptedKey(); ek.LoadXml(GetIdElement(m_document, idref)); try { //Following checks if XML dsig processing is in loop and within the limit defined by machine // admin or developer. Once the recursion depth crosses the defined limit it will throw exception. m_xmlDsigSearchDepthCounter++; if (IsOverXmlDsigRecursionLimit()) { //Throw exception once recursion limit is hit. throw new CryptoSignedXmlRecursionException(); } else { return DecryptEncryptedKey(ek); } } finally { m_xmlDsigSearchDepthCounter--; } } kiEncKey = keyInfoEnum.Current as KeyInfoEncryptedKey; if (kiEncKey != null) { ek = kiEncKey.EncryptedKey; // recursively process EncryptedKey elements byte[] encryptionKey = DecryptEncryptedKey(ek); if (encryptionKey != null) { // this is a symmetric algorithm for sure SymmetricAlgorithm symAlg = (SymmetricAlgorithm) CryptoConfig.CreateFromName(encryptedKey.EncryptionMethod.KeyAlgorithm); symAlg.Key = encryptionKey; return EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, symAlg); } } } return null; }
public virtual byte[] DecryptEncryptedKey(EncryptedKey encryptedKey) { if (encryptedKey == null) { throw new ArgumentNullException("encryptedKey"); } if (encryptedKey.KeyInfo != null) { IEnumerator enumerator = encryptedKey.KeyInfo.GetEnumerator(); EncryptedKey key2 = null; bool useOAEP = false; while (enumerator.MoveNext()) { KeyInfoName current = enumerator.Current as KeyInfoName; if (current != null) { string str = current.Value; object obj2 = this.m_keyNameMapping[str]; if (obj2 != null) { if (obj2 is SymmetricAlgorithm) { return DecryptKey(encryptedKey.CipherData.CipherValue, (SymmetricAlgorithm) obj2); } useOAEP = (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); return DecryptKey(encryptedKey.CipherData.CipherValue, (RSA) obj2, useOAEP); } break; } KeyInfoX509Data data = enumerator.Current as KeyInfoX509Data; if (data != null) { X509Certificate2Enumerator enumerator2 = System.Security.Cryptography.Xml.Utils.BuildBagOfCerts(data, CertUsageType.Decryption).GetEnumerator(); while (enumerator2.MoveNext()) { RSA privateKey = enumerator2.Current.PrivateKey as RSA; if (privateKey != null) { useOAEP = (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); return DecryptKey(encryptedKey.CipherData.CipherValue, privateKey, useOAEP); } } break; } KeyInfoRetrievalMethod method = enumerator.Current as KeyInfoRetrievalMethod; if (method != null) { string idValue = System.Security.Cryptography.Xml.Utils.ExtractIdFromLocalUri(method.Uri); key2 = new EncryptedKey(); key2.LoadXml(this.GetIdElement(this.m_document, idValue)); return this.DecryptEncryptedKey(key2); } KeyInfoEncryptedKey key = enumerator.Current as KeyInfoEncryptedKey; if (key != null) { key2 = key.EncryptedKey; byte[] buffer = this.DecryptEncryptedKey(key2); if (buffer != null) { SymmetricAlgorithm symmetricAlgorithm = (SymmetricAlgorithm) CryptoConfig.CreateFromName(encryptedKey.EncryptionMethod.KeyAlgorithm); symmetricAlgorithm.Key = buffer; return DecryptKey(encryptedKey.CipherData.CipherValue, symmetricAlgorithm); } } } } return null; }
private SymmetricAlgorithm DecryptEncryptedKeyClass(EncryptedKey encryptedKey, string symmetricAlgorithmUri) { if (encryptedKey == null) { throw ExceptionUtility.ArgumentNull("encryptedKey"); } SymmetricAlgorithm decryptionKey = null; if (encryptedKey.KeyInfo != null) { foreach (var keyInfo in encryptedKey.KeyInfo) { // Извлечение ключа по имени if (keyInfo is KeyInfoName) { var keyName = ((KeyInfoName)keyInfo).Value; var keyAlgorithm = KeyNameMapping[keyName]; if (keyAlgorithm != null) { if (keyAlgorithm is SymmetricAlgorithm) { decryptionKey = DecryptKeyClass(encryptedKey.CipherData.CipherValue, (SymmetricAlgorithm)keyAlgorithm, symmetricAlgorithmUri, encryptedKey.EncryptionMethod.KeyAlgorithm); } else if (keyAlgorithm is RSA) { var useOaep = (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == XmlEncRSAOAEPUrl); decryptionKey = DecryptKeyClass(encryptedKey.CipherData.CipherValue, (RSA)keyAlgorithm, useOaep, symmetricAlgorithmUri); } else if (keyAlgorithm is Gost3410AsymmetricAlgorithmBase) { decryptionKey = DecryptKeyClass(encryptedKey.CipherData.CipherValue, (Gost3410AsymmetricAlgorithmBase)keyAlgorithm); } } break; } // Извлечение ключа из сертификата if (keyInfo is KeyInfoX509Data) { var certificates = GostXmlUtils.BuildBagOfCertsDecryption((KeyInfoX509Data)keyInfo); foreach (var certificate in certificates) { var privateKey = certificate.GetPrivateKeyAlgorithm(); if (privateKey is RSA) { var useOaep = (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == XmlEncRSAOAEPUrl); decryptionKey = DecryptKeyClass(encryptedKey.CipherData.CipherValue, (RSA)privateKey, useOaep, symmetricAlgorithmUri); } else if (privateKey is Gost3410AsymmetricAlgorithmBase) { decryptionKey = DecryptKeyClass(encryptedKey.CipherData.CipherValue, (Gost3410AsymmetricAlgorithmBase)privateKey); } } break; } // Извлечение ключа по ссылке if (keyInfo is KeyInfoRetrievalMethod) { var idValue = GostXmlUtils.ExtractIdFromLocalUri(((KeyInfoRetrievalMethod)keyInfo).Uri); var idElement = GetIdElement(Document, idValue); if (idElement != null) { var secondEncryptedKey = new EncryptedKey(); secondEncryptedKey.LoadXml(idElement); decryptionKey = DecryptEncryptedKeyClass(secondEncryptedKey, symmetricAlgorithmUri); } break; } // Ключ в готовом виде if (keyInfo is KeyInfoEncryptedKey) { var secondEncryptedKey = ((KeyInfoEncryptedKey)keyInfo).EncryptedKey; var symmetricAlgorithm = DecryptEncryptedKeyClass(secondEncryptedKey, symmetricAlgorithmUri); if (symmetricAlgorithm != null) { decryptionKey = DecryptKeyClass(encryptedKey.CipherData.CipherValue, symmetricAlgorithm, symmetricAlgorithmUri, encryptedKey.EncryptionMethod.KeyAlgorithm); } break; } } } return decryptionKey; }
// default behaviour is to look for keys defined by an EncryptedKey clause // either directly or through a KeyInfoRetrievalMethod, and key names in the key mapping public virtual SymmetricAlgorithm GetDecryptionKey (EncryptedData encryptedData, string symmetricAlgorithmUri) { if (encryptedData == null) throw new ArgumentNullException("encryptedData"); if (encryptedData.KeyInfo == null) return null; IEnumerator keyInfoEnum = encryptedData.KeyInfo.GetEnumerator(); KeyInfoRetrievalMethod kiRetrievalMethod; KeyInfoName kiName; KeyInfoEncryptedKey kiEncKey; EncryptedKey ek = null; while (keyInfoEnum.MoveNext()) { kiName = keyInfoEnum.Current as KeyInfoName; if (kiName != null) { // Get the decryption key from the key mapping string keyName = kiName.Value; if ((SymmetricAlgorithm) m_keyNameMapping[keyName] != null) return (SymmetricAlgorithm) m_keyNameMapping[keyName]; // try to get it from a CarriedKeyName XmlNamespaceManager nsm = new XmlNamespaceManager(m_document.NameTable); nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl); XmlNodeList encryptedKeyList = m_document.SelectNodes("//enc:EncryptedKey", nsm); if (encryptedKeyList != null) { foreach (XmlNode encryptedKeyNode in encryptedKeyList) { XmlElement encryptedKeyElement = encryptedKeyNode as XmlElement; EncryptedKey ek1 = new EncryptedKey(); ek1.LoadXml(encryptedKeyElement); if (ek1.CarriedKeyName == keyName && ek1.Recipient == this.Recipient) { ek = ek1; break; } } } break; } kiRetrievalMethod = keyInfoEnum.Current as KeyInfoRetrievalMethod; if (kiRetrievalMethod != null) { string idref = Utils.ExtractIdFromLocalUri(kiRetrievalMethod.Uri); ek = new EncryptedKey(); ek.LoadXml(GetIdElement(m_document, idref)); break; } kiEncKey = keyInfoEnum.Current as KeyInfoEncryptedKey; if (kiEncKey != null) { ek = kiEncKey.EncryptedKey; break; } } // if we have an EncryptedKey, decrypt to get the symmetric key if (ek != null) { // now process the EncryptedKey, loop recursively // If the Uri is not provided by the application, try to get it from the EncryptionMethod if (symmetricAlgorithmUri == null) { if (encryptedData.EncryptionMethod == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingAlgorithm")); symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm; } byte[] key = DecryptEncryptedKey(ek); if (key == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingDecryptionKey")); SymmetricAlgorithm symAlg = (SymmetricAlgorithm) CryptoConfig.CreateFromName(symmetricAlgorithmUri); symAlg.Key = key; return symAlg; } return null; }
// Try to decrypt the EncryptedKey given the key mapping public virtual byte[] DecryptEncryptedKey(EncryptedKey encryptedKey) { if (encryptedKey is null) { throw new ArgumentNullException(nameof(encryptedKey)); } if (encryptedKey.KeyInfo == null) { return(null); } IEnumerator keyInfoEnum = encryptedKey.KeyInfo.GetEnumerator(); KeyInfoName kiName; KeyInfoX509Data kiX509Data; KeyInfoRetrievalMethod kiRetrievalMethod; KeyInfoEncryptedKey kiEncKey; EncryptedKey ek; bool fOAEP; while (keyInfoEnum.MoveNext()) { kiName = keyInfoEnum.Current as KeyInfoName; if (kiName != null) { // Get the decryption key from the key mapping string keyName = kiName.Value; object kek = _keyNameMapping[keyName]; if (kek != null) { if (encryptedKey.CipherData == null || encryptedKey.CipherData.CipherValue == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm); } // kek is either a SymmetricAlgorithm or an RSA key, otherwise, we wouldn't be able to insert it in the hash table if (kek is SymmetricAlgorithm) { return(EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, (SymmetricAlgorithm)kek)); } // kek is an RSA key: get fOAEP from the algorithm, default to false fOAEP = (encryptedKey.EncryptionMethod != null && encryptedKey.EncryptionMethod.KeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl); return(EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, (RSA)kek, fOAEP)); } break; } kiX509Data = keyInfoEnum.Current as KeyInfoX509Data; if (kiX509Data != null) { X509Certificate2Collection collection = Utils.BuildBagOfCerts(kiX509Data, CertUsageType.Decryption); foreach (X509Certificate2 certificate in collection) { using (RSA privateKey = certificate.GetRSAPrivateKey()) { if (privateKey != null) { if (encryptedKey.CipherData == null || encryptedKey.CipherData.CipherValue == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm); } fOAEP = (encryptedKey.EncryptionMethod != null && encryptedKey.EncryptionMethod.KeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl); return(EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, privateKey, fOAEP)); } } } break; } kiRetrievalMethod = keyInfoEnum.Current as KeyInfoRetrievalMethod; if (kiRetrievalMethod != null) { string idref = Utils.ExtractIdFromLocalUri(kiRetrievalMethod.Uri); ek = new EncryptedKey(); ek.LoadXml(GetIdElement(_document, idref)); try { //Following checks if XML dsig processing is in loop and within the limit defined by machine // admin or developer. Once the recursion depth crosses the defined limit it will throw exception. _xmlDsigSearchDepthCounter++; if (IsOverXmlDsigRecursionLimit()) { //Throw exception once recursion limit is hit. throw new CryptoSignedXmlRecursionException(); } else { return(DecryptEncryptedKey(ek)); } } finally { _xmlDsigSearchDepthCounter--; } } kiEncKey = keyInfoEnum.Current as KeyInfoEncryptedKey; if (kiEncKey != null) { ek = kiEncKey.EncryptedKey; // recursively process EncryptedKey elements byte[] encryptionKey = DecryptEncryptedKey(ek); if (encryptionKey != null) { // this is a symmetric algorithm for sure SymmetricAlgorithm symAlg = CryptoHelpers.CreateFromName <SymmetricAlgorithm>(encryptedKey.EncryptionMethod.KeyAlgorithm); if (symAlg == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm); } symAlg.Key = encryptionKey; if (encryptedKey.CipherData == null || encryptedKey.CipherData.CipherValue == null) { throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm); } symAlg.Key = encryptionKey; return(EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, symAlg)); } } } return(null); }
public override SymmetricAlgorithm GetDecryptionKey(EncryptedData encryptedData, string symmetricAlgorithmUri) { if (encryptedData == null) { throw ExceptionUtility.ArgumentNull("encryptedData"); } SymmetricAlgorithm decryptionKey = null; if (encryptedData.KeyInfo != null) { EncryptedKey encryptedKey = null; foreach (var keyInfo in encryptedData.KeyInfo) { // Извлечение ключа по имени if (keyInfo is KeyInfoName) { var keyName = ((KeyInfoName)keyInfo).Value; var keyAlgorithm = KeyNameMapping[keyName]; if (keyAlgorithm == null) { var nsManager = new XmlNamespaceManager(Document.NameTable); nsManager.AddNamespace("enc", XmlEncNamespaceUrl); var encryptedKeyNodes = Document.SelectNodes("//enc:EncryptedKey", nsManager); if (encryptedKeyNodes != null) { foreach (XmlElement encryptedKeyNode in encryptedKeyNodes) { var currentEncryptedKey = new EncryptedKey(); currentEncryptedKey.LoadXml(encryptedKeyNode); if ((currentEncryptedKey.CarriedKeyName == keyName) && (currentEncryptedKey.Recipient == Recipient)) { encryptedKey = currentEncryptedKey; break; } } } } else { decryptionKey = (SymmetricAlgorithm)keyAlgorithm; } break; } // Извлечение ключа по ссылке if (keyInfo is KeyInfoRetrievalMethod) { var idValue = GostXmlUtils.ExtractIdFromLocalUri(((KeyInfoRetrievalMethod)keyInfo).Uri); var idElement = GetIdElement(Document, idValue); if (idElement != null) { encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(idElement); } break; } // Ключ в готовом виде if (keyInfo is KeyInfoEncryptedKey) { encryptedKey = ((KeyInfoEncryptedKey)keyInfo).EncryptedKey; break; } } if (decryptionKey == null && encryptedKey != null) { if (symmetricAlgorithmUri == null) { if (encryptedData.EncryptionMethod == null) { throw ExceptionUtility.CryptographicException(Resources.XmlMissingAlgorithm); } symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm; } decryptionKey = DecryptEncryptedKeyClass(encryptedKey, symmetricAlgorithmUri); } } return decryptionKey; }
WrappedKeySecurityToken ReadWrappedKeySecurityTokenCore ( XmlReader reader, SecurityTokenResolver tokenResolver) { if (tokenResolver == null) throw new ArgumentNullException ("tokenResolver"); EncryptedKey ek = new EncryptedKey (); ek.LoadXml (new XmlDocument ().ReadNode (reader) as XmlElement); SecurityKeyIdentifier ki = new SecurityKeyIdentifier (); foreach (KeyInfoClause kic in ek.KeyInfo) ki.Add (ReadKeyIdentifierClause (new XmlNodeReader (kic.GetXml ()))); SecurityToken token = tokenResolver.ResolveToken (ki); string alg = ek.EncryptionMethod.KeyAlgorithm; foreach (SecurityKey skey in token.SecurityKeys) if (skey.IsSupportedAlgorithm (alg)) { byte [] key = skey.DecryptKey (alg, ek.CipherData.CipherValue); WrappedKeySecurityToken wk = new WrappedKeySecurityToken (ek.Id, key, alg, token, ki); // FIXME: This should not be required. wk.SetWrappedKey (ek.CipherData.CipherValue); wk.ReferenceList = ek.ReferenceList; return wk; } throw new InvalidOperationException (String.Format ("Cannot resolve security key with the resolved SecurityToken specified by the key identifier in the EncryptedKey XML. The key identifier is: {0}", ki)); }
/// <summary> /// Extracts the key from a <EncryptedKey> element. /// </summary> /// <param name="encryptedKeyElement">The encrypted key element.</param> /// <param name="keyAlgorithm">The key algorithm.</param> /// <returns>The <see cref="SymmetricAlgorithm"/>.</returns> private SymmetricAlgorithm ToSymmetricKey(XmlElement encryptedKeyElement, string keyAlgorithm) { var encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(encryptedKeyElement); var useOaep = UseOaepDefault; if (encryptedKey.EncryptionMethod != null) { useOaep = encryptedKey.EncryptionMethod.KeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl; } if (encryptedKey.CipherData.CipherValue != null) { var key = GetKeyInstance(keyAlgorithm); key.Key = EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, TransportKey, useOaep); return key; } throw new NotImplementedException("Unable to decode CipherData of type \"CipherReference\"."); }
public void ReadWrappedKeySecurityTokenImplCheck () { SecurityTokenResolver tokenResolver = GetResolver (new X509SecurityToken (cert)); XmlReader reader = XmlReader.Create (new StringReader (wrapped_key1)); WSSecurityTokenSerializer serializer = WSSecurityTokenSerializer.DefaultInstance; EncryptedKey ek = new EncryptedKey (); ek.LoadXml (new XmlDocument ().ReadNode (reader) as XmlElement); SecurityKeyIdentifier ki = new SecurityKeyIdentifier (); foreach (KeyInfoClause kic in ek.KeyInfo) ki.Add (serializer.ReadKeyIdentifierClause (new XmlNodeReader (kic.GetXml ()))); SecurityToken token = tokenResolver.ResolveToken (ki); string alg = ek.EncryptionMethod.KeyAlgorithm; SecurityKey skey = token.SecurityKeys [0]; Assert.IsTrue (skey is X509AsymmetricSecurityKey, "#1"); Assert.IsTrue (skey.IsSupportedAlgorithm (alg), "#2"); Assert.AreEqual ( EncryptedXml.DecryptKey (ek.CipherData.CipherValue, cert.PrivateKey as RSA, true), skey.DecryptKey (alg, ek.CipherData.CipherValue), "#3"); byte [] key = skey.DecryptKey (alg, ek.CipherData.CipherValue); WrappedKeySecurityToken wk = new WrappedKeySecurityToken (ek.Id, key, alg, token, ki); Assert.AreEqual ( EncryptedXml.DecryptKey (ek.CipherData.CipherValue, cert.PrivateKey as RSA, true), skey.DecryptKey (alg, wk.GetWrappedKey ()), "#4"); }
/// <summary> /// Extracts the key from a <EncryptedKey> element. /// </summary> /// <param name="encryptedKeyElement"></param> /// <param name="keyAlgorithm"></param> /// <returns></returns> private SymmetricAlgorithm ToSymmetricKey(XmlElement encryptedKeyElement, string keyAlgorithm) { EncryptedKey encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(encryptedKeyElement); bool useOAEP = USE_OAEP_DEFAULT; if (encryptedKey.EncryptionMethod != null) { if (encryptedKey.EncryptionMethod.KeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl) useOAEP = true; else useOAEP = false; } if (encryptedKey.CipherData.CipherValue != null) { SymmetricAlgorithm key = GetKeyInstance(keyAlgorithm); key.Key = EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, TransportKey, useOAEP); return key; } throw new NotImplementedException("Unable to decode CipherData of type \"CipherReference\"."); }
public virtual SymmetricAlgorithm GetDecryptionKey(EncryptedData encryptedData, string symmetricAlgorithmUri) { if (encryptedData == null) { throw new ArgumentNullException("encryptedData"); } if (encryptedData.KeyInfo == null) { return null; } IEnumerator enumerator = encryptedData.KeyInfo.GetEnumerator(); EncryptedKey encryptedKey = null; while (enumerator.MoveNext()) { KeyInfoName current = enumerator.Current as KeyInfoName; if (current != null) { string str = current.Value; if (((SymmetricAlgorithm) this.m_keyNameMapping[str]) != null) { return (SymmetricAlgorithm) this.m_keyNameMapping[str]; } XmlNamespaceManager nsmgr = new XmlNamespaceManager(this.m_document.NameTable); nsmgr.AddNamespace("enc", "http://www.w3.org/2001/04/xmlenc#"); XmlNodeList list = this.m_document.SelectNodes("//enc:EncryptedKey", nsmgr); if (list != null) { foreach (XmlNode node in list) { XmlElement element = node as XmlElement; EncryptedKey key3 = new EncryptedKey(); key3.LoadXml(element); if ((key3.CarriedKeyName == str) && (key3.Recipient == this.Recipient)) { encryptedKey = key3; break; } } } break; } KeyInfoRetrievalMethod method = enumerator.Current as KeyInfoRetrievalMethod; if (method != null) { string idValue = System.Security.Cryptography.Xml.Utils.ExtractIdFromLocalUri(method.Uri); encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(this.GetIdElement(this.m_document, idValue)); break; } KeyInfoEncryptedKey key = enumerator.Current as KeyInfoEncryptedKey; if (key != null) { encryptedKey = key.EncryptedKey; break; } } if (encryptedKey == null) { return null; } if (symmetricAlgorithmUri == null) { if (encryptedData.EncryptionMethod == null) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingAlgorithm")); } symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm; } byte[] buffer = this.DecryptEncryptedKey(encryptedKey); if (buffer == null) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingDecryptionKey")); } SymmetricAlgorithm algorithm = (SymmetricAlgorithm) CryptoConfig.CreateFromName(symmetricAlgorithmUri); algorithm.Key = buffer; return algorithm; }