public void sect193r1() { string pathKey = ECDSA_path + "sect193r1" + "\\key.pem"; string pathCert = ECDSA_path + "sect193r1" + "\\cert.pem"; PrivateKeyManager key = new PrivateKeyManager(); CertificateX509 cert = new CertificateX509(); key.Load(pathKey); cert.Load(pathCert); string alg = "ES256"; string curve = "sect193r1"; bulkTest_shouldntWork(key, cert, alg, curve); }
private void bulkTestWithKeyInfoID(CertificateX509 certificate, PrivateKeyManager key, string pathSigned) { XmlDSigSigner signer = new XmlDSigSigner(); string pathSignedID = pathSigned + "_id"; for (int c = 0; c < arrayCanonicalization.Length; c++) { /**** TEST FILES ****/ optionsID.DSigSignatureType = dSigType; optionsID.Canonicalization = arrayCanonicalization[c]; optionsID.XmlSchemaPath = xmlIDSchemaPath; bool signedFile = signer.DoSignFileElement(xmlUnsignedIDPathFile, id, key, certificate, Path.Combine(xmlSignedPathRoot, pathSignedID + ".xml"), optionsID); Assert.IsTrue(signedFile); True(signedFile, signer); bool verifyFile = false; optionsID.XmlSchemaPath = ""; KeyInfoType keyInfo = KeyInfoTypeUtils.getKeyInfoType(optionsID.KeyInfoType, error); if (keyInfo != KeyInfoType.NONE) { verifyFile = signer.DoVerifyFile(Path.Combine(xmlSignedPathRoot, pathSignedID + ".xml"), optionsID); } else { verifyFile = signer.DoVerifyFileWithCert(Path.Combine(xmlSignedPathRoot, pathSignedID + ".xml"), certificate, optionsID); } True(verifyFile, signer); /**** TEST STRINGS ****/ optionsID.XmlSchemaPath = xmlIDSchemaPath; string signedString = signer.DoSignElement(xmlUnsignedID, id, key, certificate, optionsID); bool resultSignString = false; optionsID.XmlSchemaPath = ""; if (keyInfo != KeyInfoType.NONE) { resultSignString = signer.DoVerify(signedString, optionsID); } else { resultSignString = signer.DoVerifyWithCert(signedString, certificate, optionsID); } Assert.IsTrue(resultSignString); True(resultSignString, signer); } }
public virtual void SetUp() { signer = new XmlDSigSigner(); path_RSA_sha1_1024 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha1_1024"); //xmlUnsigned = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<Envelope xmlns=\"http://example.org/envelope\">" // + " <Body>" + " Ola mundo" + " </Body>" + "</Envelope>"; //dSigType = "ENVELOPED "; options = new DSigOptions(); pathKey = Path.Combine(path_RSA_sha1_1024, "sha1d_key.pem"); pathCert = Path.Combine(path_RSA_sha1_1024, "sha1_cert.crt"); key = new PrivateKeyManager(); cert = new CertificateX509(); }
public virtual void SetUp() { cert = new CertificateX509(); cert.Load(BASE_PATH + "dummycerts\\RSA_sha256_1024\\sha256_cert.crt"); key = new PrivateKeyManager(); key.Load(BASE_PATH + "dummycerts\\RSA_sha256_1024\\sha256d_key.pem"); signer = new XmlDSigSigner(); options = new DSigOptions(); options.IdentifierAttribute = "Id"; xmlInput = "<envEvento xmlns=\"http://www.portalfiscal.inf.br/nfe\" versao=\"1.00\"><idLote>1</idLote><evento versao=\"1.00\"><infEvento Id=\"ID2102103521011431017000298855005000016601157405784801\"><cOrgao>91</cOrgao><tpAmb>1</tpAmb><CNPJ>31102046000145</CNPJ><chNFe>35210114310170002988550050000166011574057848</chNFe><dhEvento>2021-01-26T11:12:34-03:00</dhEvento><tpEvento>210210</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.00</verEvento><detEvento versao=\"1.00\"><descEvento>Ciencia da Operacao</descEvento></detEvento></infEvento></evento></envEvento>"; xPath = "#ID2102103521011431017000298855005000016601157405784801"; }
private void bulkTestWithKeyInfoXPath(CertificateX509 certificate, PrivateKeyManager key, string pathSigned) { #if NETCORE //******Net Core no tiene habilitado usar la transform xpath******// Assert.IsTrue(true); #else XmlDSigSigner signer = new XmlDSigSigner(); string pathSignedXPath = pathSigned + "_xPAth"; for (int c = 0; c < arrayCanonicalization.Length; c++) { /**** TEST FILES ****/ optionsXPath.DSigSignatureType = dSigType; optionsXPath.Canonicalization = arrayCanonicalization[c]; bool signedFile = signer.DoSignFileElement(xmlUnsignedXPathFile, xPath, key, certificate, Path.Combine(xmlSignedPathRoot, pathSignedXPath + ".xml"), optionsXPath); Assert.IsTrue(signedFile); True(signedFile, signer); bool verifyFile = false; KeyInfoType keyInfo = KeyInfoTypeUtils.getKeyInfoType(optionsXPath.KeyInfoType, error); if (keyInfo != KeyInfoType.NONE) { verifyFile = signer.DoVerifyFile(Path.Combine(xmlSignedPathRoot, pathSignedXPath + ".xml"), optionsXPath); } else { verifyFile = signer.DoVerifyFileWithCert(Path.Combine(xmlSignedPathRoot, pathSignedXPath + ".xml"), certificate, optionsXPath); } //True(verifyFile, signer); /**** TEST STRINGS ****/ string signedString = signer.DoSignElement(xmlUnsignedXPath, xPath, key, certificate, optionsXPath); bool resultSignString = false; if (keyInfo != KeyInfoType.NONE) { resultSignString = signer.DoVerify(signedString, optionsXPath); } else { resultSignString = signer.DoVerifyWithCert(signedString, certificate, optionsXPath); } //True(resultSignString, signer); } #endif }
public void prime192v2() { string pathKey = Path.Combine(ECDSA_path, "prime192v2", "key.pem"); string pathCert = Path.Combine(ECDSA_path, "prime192v2", "cert.pem"); PrivateKeyManager key = new PrivateKeyManager(); CertificateX509 cert = new CertificateX509(); key.Load(pathKey); cert.Load(pathCert); string alg = "ES256"; string curve = "prime192v2"; #if NETCORE bulkTest_shouldntWork(key, cert, alg, curve); #else bulkTest_shouldWork(key, cert, alg, curve); #endif }
private void bulkTest(string pathCert, string pathKey, string pathSigned, bool ispkcs12, bool encrypted) { for (int k = 0; k < arrayKeyInfoType.Length; k++) { options.KeyInfoType = arrayKeyInfoType[k]; optionsXPath.KeyInfoType = arrayKeyInfoType[k]; optionsID.KeyInfoType = arrayKeyInfoType[k]; CertificateX509 cert = new CertificateX509(); if (ispkcs12) { cert.LoadPKCS12(pathCert, alias, password); } else { cert.Load(pathCert); } PrivateKeyManager key = new PrivateKeyManager(); if (ispkcs12) { key.LoadPKCS12(pathKey, alias, password); } else { key.Load(pathKey); } /*if (ispkcs12) * { * key.LoadPKCS12(pathKey, alias, password); * } * else if(encrypted) * { * key.LoadEncrypted(pathKey, password); * }else * { * key.Load(pathKey); * }*/ bulkTestWithKeyInfo(cert, key, pathSigned); bulkTestWithKeyInfoXPath(cert, key, pathSigned); bulkTestWithKeyInfoID(cert, key, pathSigned); } }
/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/ private bool doSignFilePKCS12(string xmlFilePath, PrivateKeyManager key, CertificateX509 certificate, string dSigType, string canonicalizationType, string outputPath, string keyInfoType, string xmlSchemaPath) { if (TransformsWrapperUtils.getTransformsWrapper(dSigType, this.error) != TransformsWrapper.ENVELOPED) { error.setError("DS009", "Not implemented DSigType"); return(false); } if (!SignatureUtils.validateExtensionXML(xmlFilePath)) { this.error.setError("DS010", "Not XML file"); return(false); } if (!certificate.Inicialized) { this.error.setError("DS011", "Certificate not loaded"); return(false); } if (SecurityUtils.compareStrings(certificate.getPublicKeyAlgorithm(), "ECDSA")) { this.error.setError("DS004", "XML signature with ECDSA keys is not implemented on Net Framework"); return(false); } XmlDocument xmlDoc = SignatureUtils.documentFromFile(xmlFilePath, xmlSchemaPath, this.error); if (this.HasError()) { return(false); } string result = Sign(xmlDoc, key, certificate, dSigType, canonicalizationType, keyInfoType, "", ""); if (result == null || SecurityUtils.compareStrings("", result)) { this.error.setError("DS012", "Error generating signature"); return(false); } else { // string prefix = "<?xml version=”1.0″ encoding=”UTF-8″ ?>".Trim(); string prefix = ""; return(SignatureUtils.writeToFile(result, outputPath, prefix, this.error)); } }
public bool DoVerifyWithCert(string xmlSigned, CertificateX509 certificate, DSigOptions options) { this.error.cleanError(); if (!certificate.Inicialized) { this.error.setError("DS003", "Certificate not loaded"); return(false); } if (SecurityUtils.compareStrings(certificate.getPublicKeyAlgorithm(), "ECDSA")) { this.error.setError("DS004", "XML signature with ECDSA keys is not implemented on Net Framework"); return(false); } XmlDocument xmlDoc = SignatureUtils.documentFromString(xmlSigned, options.XmlSchemaPath, this.error); if (this.HasError()) { return(false); } return(verify(xmlDoc, certificate, options.IdentifierAttribute)); }
public bool DoVerifyFileWithCert(string xmlFilePath, CertificateX509 certificate, DSigOptions options) { this.error.cleanError(); if (!certificate.Inicialized) { this.error.setError("DS005", "Certificate not loaded"); } if (SecurityUtils.compareStrings(certificate.getPublicKeyAlgorithm(), "ECDSA")) { this.error.setError("DS006", "XML signature with ECDSA keys is not implemented on Net Framework"); return(false); } if (!SignatureUtils.validateExtensionXML(xmlFilePath)) { this.error.setError("DS007", "The file is not an xml file"); return(false); } XmlDocument xmlDoc = SignatureUtils.documentFromFile(xmlFilePath, options.XmlSchemaPath, this.error); return(verify(xmlDoc, certificate, options.IdentifierAttribute)); }
public void TestSignBase64() { CertificateX509 newCert = new CertificateX509(); bool loaded = newCert.FromBase64(base64); Assert.IsTrue(loaded); True(loaded, newCert); PrivateKeyManager key = new PrivateKeyManager(); bool privateLoaded = key.Load(pathKey); Assert.IsTrue(privateLoaded); True(privateLoaded, key); XmlDSigSigner signer = new XmlDSigSigner(); bool result = signer.DoSignFile(xmlUnsignedPath, key, newCert, xmlSignedPathRoot + pathSigned, options); Assert.IsTrue(result); True(result, signer); bool verify = signer.DoVerifyFile(xmlSignedPathRoot + pathSigned, options); Assert.IsTrue(verify); True(verify, signer); }
public bool DoVerify(CertificateX509 cert, string plainText, string signature) { /******** INPUT VERIFICATION - BEGIN ********/ if (cert == null) { error.setError("AE009", "Certificate cannot be null"); return(false); } if (plainText == null || plainText.Length == 0 || SecurityUtils.compareStrings("", plainText)) { error.setError("AE010", "The plainText value to verify cannot be empty"); return(false); } if (signature == null || signature.Length == 0 || SecurityUtils.compareStrings("", signature)) { error.setError("AE011", "The signature value to verify cannot be empty"); return(false); } /******** INPUT VERIFICATION - END ********/ EncodingUtil eu = new EncodingUtil(); byte[] inputText = eu.getBytes(plainText); if (eu.HasError()) { this.error = eu.GetError(); return(false); } bool result = false; using (Stream inputStream = new MemoryStream(inputText)) { result = Verify(cert, inputStream, signature); } return(result); }
/******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ public bool DoSignFile(string xmlFilePath, PrivateKeyManager key, CertificateX509 certificate, string outputPath, DSigOptions options) { this.error.cleanError(); return(doSignFilePKCS12(xmlFilePath, key, certificate, options.DSigSignatureType, options.Canonicalization, outputPath, options.KeyInfoType, options.XmlSchemaPath)); }
public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string encryptedInput) { if (this.HasError()) { return(""); } return(DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, encryptedInput)); }
private bool DoVerify(string token, string expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options, bool verifyClaims, bool verifyRegClaims) { this.error.cleanError(); if (options.HasError()) { this.error = options.GetError(); return(false); } JWTAlgorithm expectedJWTAlgorithm = JWTAlgorithmUtils.getJWTAlgorithm(expectedAlgorithm, this.error); if (this.HasError()) { return(false); } /***Hack to support 1024 RSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS256"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS512"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS384"] = 1024; /***Hack to support 1024 RSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken jwtToken = new JwtSecurityToken(token); if (isRevoqued(jwtToken, options)) { return(false); } if (verifyRegClaims) { if (!validateRegisteredClaims(jwtToken, options)) { return(false); } } if (verifyClaims) { if (!verifyPrivateClaims(jwtToken, privateClaims, options) || !VerifyHeader(jwtToken, options)) { return(false); } } //if validates all registered claims and it is not on revocation list TokenValidationParameters parms = new TokenValidationParameters(); parms.ValidateLifetime = false; parms.ValidateAudience = false; parms.ValidateIssuer = false; parms.ValidateActor = false; JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm_forVerification(jwtToken.Header.Alg, this.error); if (this.HasError()) { return(false); } if (JWTAlgorithmUtils.getJWTAlgorithm(jwtToken.Header.Alg, this.error) != expectedJWTAlgorithm || this.HasError()) { this.error.setError("JW008", "Expected algorithm does not match token algorithm"); return(false); } SecurityKey genericKey = null; if (JWTAlgorithmUtils.isPrivate(alg)) { CertificateX509 cert = options.GetCertificate(); if (cert.HasError()) { this.error = cert.GetError(); return(false); } if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "RSA")) { try { genericKey = new RsaSecurityKey((RSA)cert.getPublicKeyJWT()); } catch (Exception) { this.error = cert.GetError(); return(false); } } else if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "ECDSA")) { try { genericKey = new ECDsaSecurityKey((ECDsa)cert.getPublicKeyJWT()); } catch (Exception) { this.error = cert.GetError(); return(false); } } else { this.error.setError("JW013", "Not recognized key algorithm"); return(false); } } else { SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret()); genericKey = symKey; } genericKey.KeyId = "256"; SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error); parms.IssuerSigningKey = genericKey; SecurityToken validatedToken; try { handler.ValidateToken(token, parms, out validatedToken); } catch (Exception e) { this.error.setError("JW004", e.Message); return(false); } return(true); }
private string Sign(XmlDocument xmlInput, PrivateKeyManager key, CertificateX509 certificate, string dSigType, string canonicalizationType, string keyInfoType, string xpath, string id) { bool flag = inicializeInstanceVariables(key, certificate); if (!flag) { return(""); } SignatureElementType signatureElementType; if (!SecurityUtils.compareStrings(xpath, "")) { if (xpath[0] == '#') { signatureElementType = SignatureElementType.id; if (id == null || SecurityUtils.compareStrings(id, "")) { this.error.setError("DS021", "identifier attribute name missing"); return(""); } } else { signatureElementType = SignatureElementType.path; } } else { signatureElementType = SignatureElementType.document; } /***WHITESPACES***/ xmlInput.PreserveWhitespace = true; CanonicalizerWrapper canon = CanonicalizerWrapperUtils.getCanonicalizerWrapper(canonicalizationType, this.error); CanonicalizerWrapper canonW = CanonicalizerWrapperUtils.getCanonicalizerWrapper(canonicalizationType, this.error); if (this.HasError()) { return(""); } Reference reference = new Reference(); XmlNode parentNode; SignedXml signedXml; switch (signatureElementType) { case SignatureElementType.path: XmlNode pathNode = SignatureUtils.getNodeFromPath(xmlInput, xpath, this.error); XmlElement pathElement = pathNode as XmlElement; if (this.HasError() || pathElement == null) { return(""); } parentNode = pathNode.ParentNode; signedXml = new SignedXml(pathElement); XmlDsigXPathTransform XPathTransform = CreateXPathTransform(xpath); reference.Uri = pathNode.NamespaceURI; reference.AddTransform(XPathTransform); break; case SignatureElementType.id: XmlNode idNode = SignatureUtils.getNodeFromID(xmlInput, id, xpath, this.error); XmlElement idElement = idNode as XmlElement; if (this.HasError() || idElement == null) { return(""); } reference.Uri = xpath; signedXml = new SignedXml(idElement); parentNode = idNode.ParentNode; break; default: signedXml = new SignedXml(xmlInput); parentNode = xmlInput.DocumentElement; reference.Uri = ""; break; } signedXml.SigningKey = this.privateKey; signedXml.SignedInfo.CanonicalizationMethod = CanonicalizerWrapperUtils.getCanonicalizationMethodAlorithm(canonW, this.error); if (this.HasError()) { return(""); } XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); addCanonTransform(reference, canonW); signedXml.AddReference(reference); KeyInfo keyInfo = createKeyInfo(certificate, keyInfoType); if (keyInfo != null) { signedXml.KeyInfo = keyInfo; } try { signedXml.ComputeSignature(); } catch (Exception) { this.error.setError("DS023", "Error on signing"); return(""); } XmlElement xmlDigitalSignature = null; try { xmlDigitalSignature = signedXml.GetXml(); } catch (Exception) { this.error.setError("DS028", "Error at signing"); return(""); } parentNode.AppendChild(xmlDigitalSignature); // xmlInput.DocumentElement.AppendChild(xmlInput.ImportNode(xmlDigitalSignature, true)); return(SignatureUtils.XMLDocumentToString(xmlInput, this.error)); }
private string doSignElementPKCS12(string xmlInput, string xPath, PrivateKeyManager key, CertificateX509 certificate, string dSigType, string canonicalizationType, string keyInfoType, string xmlSchemaPath, string id) { if (TransformsWrapperUtils.getTransformsWrapper(dSigType, this.error) != TransformsWrapper.ENVELOPED) { error.setError("DS017", "Not implemented DSigType"); return(""); } if (!certificate.Inicialized) { this.error.setError("DS018", "Certificate not loaded"); return(""); } if (SecurityUtils.compareStrings(certificate.getPublicKeyAlgorithm(), "ECDSA")) { this.error.setError("DS004", "XML signature with ECDSA keys is not implemented on Net Framework"); return(""); } XmlDocument xmlDoc = SignatureUtils.documentFromString(xmlInput, xmlSchemaPath, this.error); if (this.HasError()) { return(""); } return(Sign(xmlDoc, key, certificate, dSigType, canonicalizationType, keyInfoType, xPath, id)); }
private void bulkTest(PrivateKeyManager key, CertificateX509 cert, string hashAlgorithm) { bulkTestText(key, cert, hashAlgorithm); bulkTestFile(key, cert, hashAlgorithm); }
/********EXTERNAL OBJECT PUBLIC METHODS - END ********/ /// <summary> /// Encrypts the string encoded plain text /// </summary> /// <param name="asymmetricEncryptionAlgorithm">string AsymmetricEncryptionAlgorithm enum, algorithm name</param> /// <param name="hashAlgorithm">string HashAlgorithm enum, algorithm name</param> /// <param name="asymmetricEncryptionPadding">string AsymmetricEncryptionPadding enum, padding name</param> /// <param name="keyPath">string path to key/certificate</param> /// <param name="isPrivate">boolean true if key is private, false if it is public</param> /// <param name="alias">string keystore/certificate pkcs12 format alias</param> /// <param name="password">Srting keysore/certificate pkcs12 format alias</param> /// <param name="plainText">string to encrypt</param> /// <returns>string Base64 encrypted plainText text</returns> private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string plainText) { this.error.cleanError(); HashAlgorithm hash = HashAlgorithmUtils.getHashAlgorithm(hashAlgorithm, this.error); AsymmetricEncryptionPadding padding = AsymmetricEncryptionPaddingUtils.getAsymmetricEncryptionPadding(asymmetricEncryptionPadding, this.error); if (this.error.existsError()) { return(""); } string asymmetricEncryptionAlgorithm = ""; AsymmetricKeyParameter asymKey = null; if (isPrivate) { PrivateKeyManager keyMan = (PrivateKeyManager)key; if (!keyMan.HasPrivateKey || keyMan.HasError()) { this.error = keyMan.GetError(); return(""); } asymmetricEncryptionAlgorithm = keyMan.getPrivateKeyAlgorithm(); asymKey = keyMan.getPrivateKeyParameterForEncryption(); if (keyMan.HasError()) { this.error = keyMan.GetError(); return(""); } } else { CertificateX509 cert = (CertificateX509)key; if (!cert.Inicialized || cert.HasError()) { this.error = cert.GetError(); return(""); } asymmetricEncryptionAlgorithm = cert.getPublicKeyAlgorithm(); asymKey = cert.getPublicKeyParameterForEncryption(); if (cert.HasError()) { this.error = cert.GetError(); return(""); } } AsymmetricEncryptionAlgorithm algorithm = AsymmetricEncryptionAlgorithmUtils .getAsymmetricEncryptionAlgorithm(asymmetricEncryptionAlgorithm, this.error); try { return(doEncrypt(algorithm, hash, padding, asymKey, plainText)); } catch (InvalidCipherTextException) { this.error.setError("AE036", "Algoritmo inválido" + algorithm); return(""); } }
public string DoSign(string xmlInput, PrivateKeyManager key, CertificateX509 certificate, DSigOptions options) { this.error.cleanError(); return(doSignPKCS12(xmlInput, key, certificate, options.DSigSignatureType, options.Canonicalization, options.KeyInfoType, options.XmlSchemaPath)); }
public string DoSignElement(string xmlInput, string xPath, PrivateKeyManager key, CertificateX509 certificate, DSigOptions options) { this.error.cleanError(); return(doSignElementPKCS12(xmlInput, xPath, key, certificate, options.DSigSignatureType, options.Canonicalization, options.KeyInfoType, options.XmlSchemaPath, options.IdentifierAttribute)); }
private bool Verify(Certificate certificate, Stream input, string signature) { CertificateX509 cert = (CertificateX509)certificate; if (cert.HasError()) { this.error = cert.GetError(); return(false); } string hashAlgorithm = ""; if (SecurityUtils.compareStrings(cert.getPublicKeyHash(), "ECDSA")) { hashAlgorithm = "SHA1"; } else { hashAlgorithm = cert.getPublicKeyHash(); } AsymmetricSigningAlgorithm asymmetricSigningAlgorithm = AsymmetricSigningAlgorithmUtils .GetAsymmetricSigningAlgorithm(cert.getPublicKeyAlgorithm(), this.error); if (this.HasError()) { return(false); } ISigner signer = AsymmetricSigningAlgorithmUtils.GetSigner(asymmetricSigningAlgorithm, GetHash(hashAlgorithm), this.error); if (this.HasError()) { return(false); } SetUpSigner(signer, input, cert.getPublicKeyParameterForSigning(), false); if (this.HasError()) { return(false); } byte[] signatureBytes = null; try { signatureBytes = Base64.Decode(signature); } catch (Exception e) { error.setError("AE019", e.Message); return(false); } if (signatureBytes == null || signatureBytes.Length == 0) { this.error.setError("AE020", "Error reading signature"); return(false); } bool result = false; try { result = signer.VerifySignature(signatureBytes); } catch (Exception e) { error.setError("AE021", e.Message); return(false); } return(result); }
public void SetCertificate(CertificateX509 cert) { this.certificate = cert; }