/// <summary> /// <p>Creates and returns a new IKeyInfoProvider instance based on the input key.</p> /// </summary> /// <exception cref="ProcessRegistryException">if the requested instance cannot be cast to IKeyInfoProvider /// or if any reflection related exceptions are raised</exception> /// <exception cref="ArgumentNullException">If key or parameters is null</exception> /// <exception cref="ArgumentException">If key is empty string</exception> /// <param name="key">key info provider key (type)</param> /// <param name="parameters">parameters</param> /// <returns>instance of IKeyInfoProvider as identified by the key or null if key does not exist in map</returns> public IKeyInfoProvider GetKeyInfoProviderInstance(string key, IDictionary <string, object> parameters) { //Validate key and parameters ExceptionHelper.ValidateStringNotNullNotEmpty(key, "key"); ExceptionHelper.ValidateNotNull(parameters, "parameters"); //If key does not exist, return null if (!registeredDefinitionsMap.ContainsKey(key)) { return(null); } try { //Get type of class to load, from RegisteredDefinitionsMap Type typeOfClass = GetTypeOfClass(key); //Create instance of class by reflection IKeyInfoProvider ret = (IKeyInfoProvider)Activator.CreateInstance(typeOfClass); //Set properties of the instance created SetPropertiesOfInstance(ret, parameters, typeOfClass); return(ret); } catch (Exception ex) { throw new ProcessRegistryException("KeyInfoProvider" + UNABLE_CRT_INST_MSG, ex); } }
/// <summary> /// <para>Used to verify the signature produced from the algorithm used by this signer</para> /// </summary> /// <param name="canonicalized">The canonicalized string from which to produce the digest from</param> /// <param name="keyInfoInst">Holds the public key for verification of signature</param> /// <param name="node">The Signature node from which to extract the Signature value</param> /// <exception cref="VerificationFailedException">If the signature verification failed /// i.e. the signatures did not match</exception> public void Verify(string canonicalized, IKeyInfoProvider keyInfoInst, XmlNode node) { SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); //Calculate digest of SignedInfoNode. byte[] digested = sha1.ComputeHash(Encoding.UTF8.GetBytes(canonicalized)); // we use namespace manager since <Signature> has default namespace XmlNamespaceManager nsMgr = new XmlNamespaceManager(node.OwnerDocument.NameTable); nsMgr.AddNamespace("ds", DEF_XMLDSIG_NS); //Verify Sign XmlNode signedValNode = node.SelectSingleNode("ds:SignatureValue", nsMgr); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); //Import public key parameter rsa.ImportParameters((RSAParameters)keyInfoInst.PublicKey); //Verify Sign if (rsa.VerifyHash(digested, CryptoConfig.MapNameToOID("SHA1"), Convert.FromBase64String(signedValNode.InnerXml)) == false) { throw new VerificationFailedException(SIGN_VERIF_FAILED); } }
public void TestGetKeyInfoProviderInstance() { IKeyInfoProvider kf = pr.GetKeyInfoProviderInstance("testKeyInfoProvider", emptyDic); Assert.IsNotNull(kf, "KeyInfoProvider instance is null"); Assert.IsTrue(kf is DummyKeyInfoProvider, "KeyInfoProvider has incorect type"); }
/// <summary> /// <p>Process the Signature node and verify the digital signatire of the contents.</p> /// </summary> /// <exception cref="VerificationException">if something went wrong during verification</exception> /// <exception cref="VerificationFailedException">if the signature is invalid</exception> /// <exception cref="ArgumentNullException">If any input parameter is null</exception> /// <param name="node">xml node with digital signature to be verified</param> /// <param name="keyInfoProvider">The key information for verifying the signature</param> /// /// <example> /// <para>If Signature node to be verified contains all non soap references /// <code> /// SignatureManager sm = new SignatureManager(); /// sm.VerifySignature(node, keyInfoProvider, null); /// </code> /// </para> /// <para>If Signature node to be verified contains soap references /// <code> /// SignatureManager sm = new SignatureManager(); /// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage); /// sm.VerifySignature(node, keyInfoProvider, smrl); /// </code> /// Here theSoapMessage is the soap message that was signed. /// </para> /// For more information see the demo in CS and in test cases. /// </example> public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider) { //Validate not null ExceptionHelper.ValidateNotNull(node, "node"); ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider"); try { // we use namespace manager since <Signature> has default namespace XmlNamespaceManager nsMgr = new XmlNamespaceManager(node.OwnerDocument.NameTable); nsMgr.AddNamespace("ds", DEF_XMLDSIG_NS); //Get SignedInfo node XmlNode signedInfoNode = node.SelectSingleNode("ds:SignedInfo", nsMgr); //Get CanonicalizationNode XmlNode canonNode = signedInfoNode.SelectSingleNode("ds:CanonicalizationMethod", nsMgr); string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value; //Get Canonicalization instance ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic); string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml); //Get Signing Algo XmlNode signAlgoNode = node.SelectSingleNode("ds:SignedInfo/ds:SignatureMethod", nsMgr); string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value; //Get Signer instance using the Signature mEthos Algorithm attribute value ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic); //Get keyInfoProvider instance IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key, keyInfoProvider.Params); //Verify the sign signer.Verify(canonicalized, keyInfoProviderInst, node); //Now proceed to check all references XmlNodeList list = node.SelectNodes("ds:SignedInfo/ds:Reference", nsMgr); VerifyReferences(list, null); } catch (VerificationFailedException ex) { throw ex; } catch (Exception ex) { throw new VerificationException(VERIF_EXCP_MSG, ex); } }
/// <summary> /// <p>Process the Signature node and verify the digital signatire of the contents.</p> /// </summary> /// <exception cref="VerificationException">if something went wrong during verification</exception> /// <exception cref="VerificationFailedException">if the signature is invalid</exception> /// <exception cref="ArgumentNullException">If any input parameter is null</exception> /// <param name="node">xml node with digital signature to be verified</param> /// <param name="keyInfoProvider">The key information for verifying the signature</param> /// <param name="soapRefLoader">SoapMessageRefernceLoader instance if the Signature was used on a /// SoapMessage. Should not be null incase of verification of soapMessage. /// Can be null if verification is of a web reference. /// </param> /// /// <example> /// <para>If Signature node to be verified contains all non soap references /// <code> /// SignatureManager sm = new SignatureManager(); /// sm.VerifySignature(node, keyInfoProvider, null); /// </code> /// </para> /// <para>If Signature node to be verified contains soap references /// <code> /// SignatureManager sm = new SignatureManager(); /// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage); /// sm.VerifySignature(node, keyInfoProvider, smrl); /// </code> /// Here theSoapMessage is the soap message that was signed. /// </para> /// For more information see the demo in CS and in test cases. /// </example> public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider, IReferenceLoader soapRefLoader) { //Validate not null ExceptionHelper.ValidateNotNull(node, "node"); ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider"); try { //Get SignedInfo node XmlNode signedInfoNode = node.SelectSingleNode("SignedInfo"); //Get CanonicalizationNode XmlNode canonNode = signedInfoNode.SelectSingleNode("CanonicalizationMethod"); string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value; //Get Canonicalization instance ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic); string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml); //Get Signing Algo XmlNode signAlgoNode = node.SelectSingleNode("SignedInfo/SignatureMethod"); string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value; //Get Signer instance using the Signature mEthos Algorithm attribute value ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic); //Get keyInfoProvider instance IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key, keyInfoProvider.Params); //Verify the sign signer.Verify(canonicalized, keyInfoProviderInst, node); //Now proceed to check all references XmlNodeList list = node.SelectNodes("SignedInfo/Reference"); VerifyReferences(list, soapRefLoader); } catch (VerificationFailedException ex) { throw ex; } catch (Exception ex) { throw new VerificationException(VERIF_EXCP_MSG, ex); } }
/// <summary> /// <para>Used to verify the signature produced from the algorithm used by this signer</para> /// </summary> /// <param name="canonicalized">The canonicalized string from which to produce the digest from</param> /// <param name="keyInfoInst">Holds the public key for verification of signature</param> /// <param name="node">The Signature node from which to extract the Signature value</param> /// <exception cref="VerificationFailedException">If the signature verification failed /// i.e. the signatures did not match</exception> public void Verify(string canonicalized, IKeyInfoProvider keyInfoInst, XmlNode node) { SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); //Calculate digest of SignedInfoNode. byte[] digested = sha1.ComputeHash(UnicodeEncoding.Unicode.GetBytes(canonicalized)); //Verify Sign XmlNode signedValNode = node.SelectSingleNode("SignatureValue"); DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(); //Import public key parameter dsa.ImportParameters((DSAParameters)keyInfoInst.PublicKey); //Verify Sign if (dsa.VerifySignature(digested, Convert.FromBase64String(signedValNode.InnerXml)) == false) { throw new VerificationFailedException(SIGN_VERIF_FAILED); } }