예제 #1
0
		public void MatchesKeyIdentifierClause ()
		{
			UniqueId id = new UniqueId ();
			X509SecurityToken t = new X509SecurityToken (cert, id.ToString ());
			LocalIdKeyIdentifierClause l =
				new LocalIdKeyIdentifierClause (id.ToString ());
			Assert.IsTrue (t.MatchesKeyIdentifierClause (l), "#1-1");

			l = new LocalIdKeyIdentifierClause ("#" + id.ToString ());
			Assert.IsFalse (t.MatchesKeyIdentifierClause (l), "#1-2");

			X509ThumbprintKeyIdentifierClause h =
				new X509ThumbprintKeyIdentifierClause (cert);
			Assert.IsTrue (t.MatchesKeyIdentifierClause (h), "#2-1");

			h = new X509ThumbprintKeyIdentifierClause (cert2);
			Assert.IsFalse (t.MatchesKeyIdentifierClause (h), "#2-2");

			X509IssuerSerialKeyIdentifierClause i =
				new X509IssuerSerialKeyIdentifierClause (cert);
			Assert.IsTrue (t.MatchesKeyIdentifierClause (i), "#3-1");

			i = new X509IssuerSerialKeyIdentifierClause (cert2);
			Assert.IsFalse (t.MatchesKeyIdentifierClause (i), "#3-2");

			X509RawDataKeyIdentifierClause s =
				new X509RawDataKeyIdentifierClause (cert);
			Assert.IsTrue (t.MatchesKeyIdentifierClause (s), "#4-1");

			s = new X509RawDataKeyIdentifierClause (cert2);
			Assert.IsFalse (t.MatchesKeyIdentifierClause (s), "#4-2");
		}
예제 #2
0
		WrappedKeySecurityToken GetReferent ()
		{
			string id = "referent";
			byte [] key = new byte [32];
			X509SecurityToken token = new X509SecurityToken (cert);
			SecurityKeyIdentifierClause kic =
				new X509ThumbprintKeyIdentifierClause (cert);
			string alg = SecurityAlgorithms.RsaOaepKeyWrap;
			return new WrappedKeySecurityToken (id, key, alg, token,
				new SecurityKeyIdentifier (kic));
		}
		public void Properties ()
		{
			X509ThumbprintKeyIdentifierClause ic =
				new X509ThumbprintKeyIdentifierClause (cert);
			Assert.AreEqual (cert.GetCertHash (), ic.GetX509Thumbprint (), "#1-1");
			Assert.AreEqual (null, ic.ClauseType, "#1-2");

			ic = new X509SecurityToken (cert).CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause> ();
			Assert.AreEqual (cert.GetCertHash (), ic.GetX509Thumbprint (), "#2-1");
			Assert.AreEqual (null, ic.ClauseType, "#2-2");
		}
예제 #4
0
        public override bool MatchesKeyIdentifierClause(
            SecurityKeyIdentifierClause keyIdentifierClause)
        {
            LocalIdKeyIdentifierClause l =
                keyIdentifierClause as LocalIdKeyIdentifierClause;

            if (l != null)
            {
                return(l.LocalId == Id);
            }

            X509ThumbprintKeyIdentifierClause t =
                keyIdentifierClause as X509ThumbprintKeyIdentifierClause;

            if (t != null)
            {
                return(t.Matches(cert));
            }
            X509IssuerSerialKeyIdentifierClause i =
                keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;

            if (i != null)
            {
                return(i.Matches(cert));
            }
            X509SubjectKeyIdentifierClause s =
                keyIdentifierClause as X509SubjectKeyIdentifierClause;

            if (s != null)
            {
                return(s.Matches(cert));
            }
            X509RawDataKeyIdentifierClause r =
                keyIdentifierClause as X509RawDataKeyIdentifierClause;

            if (r != null)
            {
                return(r.Matches(cert));
            }

            return(false);
        }
예제 #5
0
		void WriteX509ThumbprintKeyIdentifierClause (
			XmlWriter w, X509ThumbprintKeyIdentifierClause ic)
		{
			w.WriteStartElement ("o", "SecurityTokenReference", Constants.WssNamespace);
			w.WriteStartElement ("o", "KeyIdentifier", Constants.WssNamespace);
			w.WriteAttributeString ("ValueType", Constants.WssKeyIdentifierX509Thumbptint);
			if (EmitBspRequiredAttributes)
				w.WriteAttributeString ("EncodingType", Constants.WssBase64BinaryEncodingType);
			w.WriteString (Convert.ToBase64String (ic.GetX509Thumbprint ()));
			w.WriteEndElement ();
			w.WriteEndElement ();
		}
예제 #6
0
		public void X509WrappingToken1 ()
		{
			byte [] bytes = new byte [32];
			X509SecurityToken xt = new X509SecurityToken (cert);
			SecurityKeyIdentifierClause kic =
				new X509ThumbprintKeyIdentifierClause (cert);
			string alg = SecurityAlgorithms.RsaOaepKeyWrap;
			WrappedKeySecurityToken token = new WrappedKeySecurityToken ("urn:gyabo",
				bytes, alg, xt,
				new SecurityKeyIdentifier (kic));
			Assert.AreEqual ("urn:gyabo", token.Id, "#1");
			Assert.AreEqual (alg, token.WrappingAlgorithm, "#3");
			Assert.AreEqual (xt, token.WrappingToken, "#4");
			Assert.AreEqual (1, token.WrappingTokenReference.Count, "#5");
			Assert.AreEqual (1, token.SecurityKeys.Count, "#6");
			Assert.IsTrue (token.SecurityKeys [0] is InMemorySymmetricSecurityKey, "#7");
			Assert.AreEqual (bytes, new X509AsymmetricSecurityKey (cert).DecryptKey (token.WrappingAlgorithm, token.GetWrappedKey ()), "#8");
			// wrapped keys cannot be compared, due to the nature of rsa-oaep.
			// Assert.AreEqual (new X509AsymmetricSecurityKey (cert).EncryptKey (token.WrappingAlgorithm, bytes), token.GetWrappedKey (), "#9-1");
			// Assert.AreEqual (token.GetWrappedKey (), new WrappedKeySecurityToken ("urn:gyabo",
			//	bytes, alg, xt,
			//	new SecurityKeyIdentifier (kic)).GetWrappedKey (), "#9");
		}
예제 #7
0
		public void BinarySecretTokenForAsymmetricKeyWrap ()
		{
			byte [] bytes = new byte [32];
			SecurityToken wt = new BinarySecretSecurityToken (bytes);
			SecurityKeyIdentifierClause kic =
				new X509ThumbprintKeyIdentifierClause (cert);
			new WrappedKeySecurityToken ("urn:gyabo",
				bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
				new SecurityKeyIdentifier (kic));
		}
예제 #8
0
		public void X509TokenForSymmetricKeyWrap ()
		{
			byte [] bytes = new byte [32];
			SecurityToken wt = new X509SecurityToken (cert);
			SecurityKeyIdentifierClause kic =
				new X509ThumbprintKeyIdentifierClause (cert);
			new WrappedKeySecurityToken ("urn:gyabo",
				bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
				new SecurityKeyIdentifier (kic));
		}
예제 #9
0
		public void UserNameToken () // it does not support any encryption operation.
		{
			byte [] bytes = new byte [32];
			SecurityToken wt = new UserNameSecurityToken ("eno", "enopass");
			SecurityKeyIdentifierClause kic =
				new X509ThumbprintKeyIdentifierClause (cert);
			new WrappedKeySecurityToken ("urn:gyabo",
				bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
				new SecurityKeyIdentifier (kic));
		}
        /// <summary>
        /// Verifies the signature.
        /// </summary>
        /// <param name="xml">The XML.</param>
        /// <returns>The issuer certificate</returns>
        protected virtual X509Certificate2 VerifySignature(XElement xml)
        {
            Contract.Requires(xml != null);
            Contract.Ensures(Contract.Result<X509Certificate2>() != null);

            if ((Configuration == null) || (Configuration.IssuerTokenResolver == null))
            {
                throw new SecurityTokenException("No issuer token resolver configured");
            }

            var xmlElement = xml.ToXmlElement();
            var signedXml = new SignedXml(xmlElement);
            
            // find signature
            XmlNodeList nodeList = xmlElement.GetElementsByTagName("Signature");

            // throw an exception if no signature was found.
            if (nodeList.Count <= 0)
            {
                throw new CryptographicException("Verification failed: No Signature was found in the document.");
            }

            // throw an exception if more than one signature was found.
            if (nodeList.Count > 1)
            {
                throw new CryptographicException("Verification failed: More that one signature was found for the document.");
            }

            // load the <signature> node.  
            signedXml.LoadXml((XmlElement)nodeList[0]);

            // resolve the issuer certificate
            byte[] thumbprint = Convert.FromBase64String(GetIssuerThumbprint(signedXml));
            var identifier = new X509ThumbprintKeyIdentifierClause(thumbprint);
            var issuerKey = Configuration.IssuerTokenResolver.ResolveToken(identifier) as X509SecurityToken;

            // check the signature
            if (!signedXml.CheckSignature(issuerKey.Certificate, true))
            {
                throw new CryptographicException("Signature verification failed");
            }

            if (issuerKey.Certificate != null)
            {
                return issuerKey.Certificate;
            }
            else
            {
                throw new CryptographicException("No issuer certificate found");
            }
        }
예제 #11
0
		public void WriteX509ThumbprintKeyIdentifierClause3 ()
		{
			// EmitBspRequiredAttributes
			StringWriter sw = new StringWriter ();
			X509ThumbprintKeyIdentifierClause ic = new X509ThumbprintKeyIdentifierClause (cert);
			using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
				new WSSecurityTokenSerializer (true).WriteKeyIdentifierClause (w, ic);
			}
			Assert.AreEqual ("<o:SecurityTokenReference xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><o:KeyIdentifier ValueType=\"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1\" EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">GQ3YHlGQhDF1bvMixHliX4uLjlY=</o:KeyIdentifier></o:SecurityTokenReference>", sw.ToString ());
		}
예제 #12
0
		public void WriteX509ThumbprintKeyIdentifierClause1 ()
		{
			StringWriter sw = new StringWriter ();
			X509ThumbprintKeyIdentifierClause ic = new X509ThumbprintKeyIdentifierClause (cert);
			using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
				WSSecurityTokenSerializer.DefaultInstance.WriteKeyIdentifierClause (w, ic);
			}
			Assert.AreEqual ("<o:SecurityTokenReference xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><o:KeyIdentifier ValueType=\"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1\">GQ3YHlGQhDF1bvMixHliX4uLjlY=</o:KeyIdentifier></o:SecurityTokenReference>", sw.ToString ());
		}
        /// <summary>
        /// Resolves the given SecurityKeyIdentifierClause to a SecurityToken.
        /// </summary>
        /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param>
        /// <param name="token">The resolved SecurityToken.</param>
        /// <returns>True if successfully resolved.</returns>
        /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception>
        protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token)
        {
            if (keyIdentifierClause == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause");
            }

            token = null;
            X509Store store = null;
            X509Certificate2Collection certs = null;

            try
            {
                store = new X509Store(this.storeName, this.storeLocation);
                store.Open(OpenFlags.ReadOnly);
                certs = store.Certificates;
                foreach (X509Certificate2 cert in certs)
                {
                    X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause;
                    if (thumbprintKeyIdentifierClause != null && thumbprintKeyIdentifierClause.Matches(cert))
                    {
                        token = new X509SecurityToken(cert);
                        return(true);
                    }

                    X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause;
                    if (issuerSerialKeyIdentifierClause != null && issuerSerialKeyIdentifierClause.Matches(cert))
                    {
                        token = new X509SecurityToken(cert);
                        return(true);
                    }

                    X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause;
                    if (subjectKeyIdentifierClause != null && subjectKeyIdentifierClause.Matches(cert))
                    {
                        token = new X509SecurityToken(cert);
                        return(true);
                    }

                    X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause;
                    if (rawDataKeyIdentifierClause != null && rawDataKeyIdentifierClause.Matches(cert))
                    {
                        token = new X509SecurityToken(cert);
                        return(true);
                    }
                }
            }
            finally
            {
                if (certs != null)
                {
                    for (int i = 0; i < certs.Count; i++)
                    {
                        certs[i].Reset();
                    }
                }

                if (store != null)
                {
                    store.Close();
                }
            }

            return(false);
        }