/// <summary>
/// <p>Creates and returns a new IKeyInfoProvider instance based on the input key.</p>
/// </summary>
/// <exception cref="ProcessRegistryException">if the requested instance cannot be cast to IKeyInfoProvider
/// or if any reflection related exceptions are raised</exception>
/// <exception cref="ArgumentNullException">If key or parameters is null</exception>
/// <exception cref="ArgumentException">If key is empty string</exception>
/// <param name="key">key info provider key (type)</param>
/// <param name="parameters">parameters</param>
/// <returns>instance of IKeyInfoProvider as identified by the key or null if key does not exist in map</returns>
public IKeyInfoProvider GetKeyInfoProviderInstance(string key, IDictionary <string, object> parameters)
{
//Validate key and parameters
ExceptionHelper.ValidateStringNotNullNotEmpty(key, "key");
ExceptionHelper.ValidateNotNull(parameters, "parameters");
//If key does not exist, return null
if (!registeredDefinitionsMap.ContainsKey(key))
{
return(null);
}
try
{
//Get type of class to load, from RegisteredDefinitionsMap
Type typeOfClass = GetTypeOfClass(key);
//Create instance of class by reflection
IKeyInfoProvider ret = (IKeyInfoProvider)Activator.CreateInstance(typeOfClass);
//Set properties of the instance created
SetPropertiesOfInstance(ret, parameters, typeOfClass);
return(ret);
}
catch (Exception ex)
{
throw new ProcessRegistryException("KeyInfoProvider" + UNABLE_CRT_INST_MSG, ex);
}
}
/// <summary>
/// <para>Used to verify the signature produced from the algorithm used by this signer</para>
/// </summary>
/// <param name="canonicalized">The canonicalized string from which to produce the digest from</param>
/// <param name="keyInfoInst">Holds the public key for verification of signature</param>
/// <param name="node">The Signature node from which to extract the Signature value</param>
/// <exception cref="VerificationFailedException">If the signature verification failed
/// i.e. the signatures did not match</exception>
public void Verify(string canonicalized, IKeyInfoProvider keyInfoInst, XmlNode node)
{
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
//Calculate digest of SignedInfoNode.
byte[] digested = sha1.ComputeHash(Encoding.UTF8.GetBytes(canonicalized));
// we use namespace manager since <Signature> has default namespace
XmlNamespaceManager nsMgr = new XmlNamespaceManager(node.OwnerDocument.NameTable);
nsMgr.AddNamespace("ds", DEF_XMLDSIG_NS);
//Verify Sign
XmlNode signedValNode = node.SelectSingleNode("ds:SignatureValue", nsMgr);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
//Import public key parameter
rsa.ImportParameters((RSAParameters)keyInfoInst.PublicKey);
//Verify Sign
if (rsa.VerifyHash(digested, CryptoConfig.MapNameToOID("SHA1"),
Convert.FromBase64String(signedValNode.InnerXml)) == false)
{
throw new VerificationFailedException(SIGN_VERIF_FAILED);
}
}
public void TestGetKeyInfoProviderInstance()
{
IKeyInfoProvider kf = pr.GetKeyInfoProviderInstance("testKeyInfoProvider", emptyDic);
Assert.IsNotNull(kf, "KeyInfoProvider instance is null");
Assert.IsTrue(kf is DummyKeyInfoProvider, "KeyInfoProvider has incorect type");
}
/// <summary>
/// <p>Process the Signature node and verify the digital signatire of the contents.</p>
/// </summary>
/// <exception cref="VerificationException">if something went wrong during verification</exception>
/// <exception cref="VerificationFailedException">if the signature is invalid</exception>
/// <exception cref="ArgumentNullException">If any input parameter is null</exception>
/// <param name="node">xml node with digital signature to be verified</param>
/// <param name="keyInfoProvider">The key information for verifying the signature</param>
///
/// <example>
/// <para>If Signature node to be verified contains all non soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// sm.VerifySignature(node, keyInfoProvider, null);
/// </code>
/// </para>
/// <para>If Signature node to be verified contains soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage);
/// sm.VerifySignature(node, keyInfoProvider, smrl);
/// </code>
/// Here theSoapMessage is the soap message that was signed.
/// </para>
/// For more information see the demo in CS and in test cases.
/// </example>
public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider)
{
//Validate not null
ExceptionHelper.ValidateNotNull(node, "node");
ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider");
try
{
// we use namespace manager since <Signature> has default namespace
XmlNamespaceManager nsMgr = new XmlNamespaceManager(node.OwnerDocument.NameTable);
nsMgr.AddNamespace("ds", DEF_XMLDSIG_NS);
//Get SignedInfo node
XmlNode signedInfoNode = node.SelectSingleNode("ds:SignedInfo", nsMgr);
//Get CanonicalizationNode
XmlNode canonNode = signedInfoNode.SelectSingleNode("ds:CanonicalizationMethod", nsMgr);
string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Canonicalization instance
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Get Signing Algo
XmlNode signAlgoNode = node.SelectSingleNode("ds:SignedInfo/ds:SignatureMethod", nsMgr);
string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Signer instance using the Signature mEthos Algorithm attribute value
ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic);
//Get keyInfoProvider instance
IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key,
keyInfoProvider.Params);
//Verify the sign
signer.Verify(canonicalized, keyInfoProviderInst, node);
//Now proceed to check all references
XmlNodeList list = node.SelectNodes("ds:SignedInfo/ds:Reference", nsMgr);
VerifyReferences(list, null);
}
catch (VerificationFailedException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new VerificationException(VERIF_EXCP_MSG, ex);
}
}
/// <summary>
/// <p>Process the Signature node and verify the digital signatire of the contents.</p>
/// </summary>
/// <exception cref="VerificationException">if something went wrong during verification</exception>
/// <exception cref="VerificationFailedException">if the signature is invalid</exception>
/// <exception cref="ArgumentNullException">If any input parameter is null</exception>
/// <param name="node">xml node with digital signature to be verified</param>
/// <param name="keyInfoProvider">The key information for verifying the signature</param>
/// <param name="soapRefLoader">SoapMessageRefernceLoader instance if the Signature was used on a
/// SoapMessage. Should not be null incase of verification of soapMessage.
/// Can be null if verification is of a web reference.
/// </param>
///
/// <example>
/// <para>If Signature node to be verified contains all non soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// sm.VerifySignature(node, keyInfoProvider, null);
/// </code>
/// </para>
/// <para>If Signature node to be verified contains soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage);
/// sm.VerifySignature(node, keyInfoProvider, smrl);
/// </code>
/// Here theSoapMessage is the soap message that was signed.
/// </para>
/// For more information see the demo in CS and in test cases.
/// </example>
public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider, IReferenceLoader soapRefLoader)
{
//Validate not null
ExceptionHelper.ValidateNotNull(node, "node");
ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider");
try
{
//Get SignedInfo node
XmlNode signedInfoNode = node.SelectSingleNode("SignedInfo");
//Get CanonicalizationNode
XmlNode canonNode = signedInfoNode.SelectSingleNode("CanonicalizationMethod");
string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Canonicalization instance
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Get Signing Algo
XmlNode signAlgoNode = node.SelectSingleNode("SignedInfo/SignatureMethod");
string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Signer instance using the Signature mEthos Algorithm attribute value
ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic);
//Get keyInfoProvider instance
IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key,
keyInfoProvider.Params);
//Verify the sign
signer.Verify(canonicalized, keyInfoProviderInst, node);
//Now proceed to check all references
XmlNodeList list = node.SelectNodes("SignedInfo/Reference");
VerifyReferences(list, soapRefLoader);
}
catch (VerificationFailedException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new VerificationException(VERIF_EXCP_MSG, ex);
}
}
/// <summary>
/// <para>Used to verify the signature produced from the algorithm used by this signer</para>
/// </summary>
/// <param name="canonicalized">The canonicalized string from which to produce the digest from</param>
/// <param name="keyInfoInst">Holds the public key for verification of signature</param>
/// <param name="node">The Signature node from which to extract the Signature value</param>
/// <exception cref="VerificationFailedException">If the signature verification failed
/// i.e. the signatures did not match</exception>
public void Verify(string canonicalized, IKeyInfoProvider keyInfoInst, XmlNode node)
{
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
//Calculate digest of SignedInfoNode.
byte[] digested = sha1.ComputeHash(UnicodeEncoding.Unicode.GetBytes(canonicalized));
//Verify Sign
XmlNode signedValNode = node.SelectSingleNode("SignatureValue");
DSACryptoServiceProvider dsa = new DSACryptoServiceProvider();
//Import public key parameter
dsa.ImportParameters((DSAParameters)keyInfoInst.PublicKey);
//Verify Sign
if (dsa.VerifySignature(digested, Convert.FromBase64String(signedValNode.InnerXml)) == false)
{
throw new VerificationFailedException(SIGN_VERIF_FAILED);
}
}
