// According to book ".NET Framework Security" this method // iterates all possible keys then return null protected virtual AsymmetricAlgorithm GetPublicKey() { if (m_signature.KeyInfo == null) { return(null); } if (pkEnumerator == null) { pkEnumerator = m_signature.KeyInfo.GetEnumerator(); } #if SECURITY_DEP if (_x509Enumerator != null) { if (_x509Enumerator.MoveNext()) { X509Certificate cert = (X509Certificate)_x509Enumerator.Current; return(new X509Certificate2(cert.GetRawCertData()).PublicKey.Key); } else { _x509Enumerator = null; } } #endif while (pkEnumerator.MoveNext()) { AsymmetricAlgorithm key = null; KeyInfoClause kic = (KeyInfoClause)pkEnumerator.Current; if (kic is DSAKeyValue) { key = DSA.Create(); } else if (kic is RSAKeyValue) { key = RSA.Create(); } if (key != null) { key.FromXmlString(kic.GetXml().InnerXml); return(key); } #if SECURITY_DEP if (kic is KeyInfoX509Data) { _x509Enumerator = ((KeyInfoX509Data)kic).Certificates.GetEnumerator(); if (_x509Enumerator.MoveNext()) { X509Certificate cert = (X509Certificate)_x509Enumerator.Current; return(new X509Certificate2(cert.GetRawCertData()).PublicKey.Key); } } #endif } return(null); }
public void LoadXml(XmlElement value) { if (value is null) { throw new ArgumentNullException(nameof(value)); } XmlElement keyInfoElement = value; _id = Utils.GetAttribute(keyInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl); if (!Utils.VerifyAttributes(keyInfoElement, "Id")) { throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "KeyInfo"); } XmlNode child = keyInfoElement.FirstChild; while (child != null) { XmlElement elem = child as XmlElement; if (elem != null) { // Create the right type of KeyInfoClause; we use a combination of the namespace and tag name (local name) string kicString = elem.NamespaceURI + " " + elem.LocalName; // Special-case handling for KeyValue -- we have to go one level deeper if (kicString == "http://www.w3.org/2000/09/xmldsig# KeyValue") { if (!Utils.VerifyAttributes(elem, (string[])null)) { throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "KeyInfo/KeyValue"); } XmlNodeList nodeList2 = elem.ChildNodes; foreach (XmlNode node2 in nodeList2) { XmlElement elem2 = node2 as XmlElement; if (elem2 != null) { kicString += "/" + elem2.LocalName; break; } } } KeyInfoClause keyInfoClause = CryptoHelpers.CreateFromName <KeyInfoClause>(kicString); // if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode: if (keyInfoClause == null) { keyInfoClause = new KeyInfoNode(); } // Ask the create clause to fill itself with the corresponding XML keyInfoClause.LoadXml(elem); // Add it to our list of KeyInfoClauses AddClause(keyInfoClause); } child = child.NextSibling; } }
/// <include file='doc\KeyInfo.uex' path='docs/doc[@for="KeyInfo.LoadXml"]/*' /> public void LoadXml(XmlElement value) { // Guard against nulls if (value == null) { throw new ArgumentNullException("value"); } // Validate what we are passed against the DTD XmlElement keyInfoElement = value; if (keyInfoElement.HasAttribute("Id")) { m_strId = keyInfoElement.GetAttribute("Id"); } XmlNodeList nodeList = keyInfoElement.ChildNodes; foreach (XmlNode node in nodeList) { XmlElement elem = node as XmlElement; // We only care about XmlElement nodes here if (elem == null) { continue; } // Create the right type of KeyInfoClause // We use a combination of the namespace and tag name (local name) String kicString = elem.NamespaceURI + " " + elem.LocalName; // Special-case handling for KeyValue -- we have to go one level deeper if (kicString == "http://www.w3.org/2000/09/xmldsig# KeyValue") { XmlNodeList nodeList2 = elem.ChildNodes; foreach (XmlNode node2 in nodeList2) { XmlElement elem2 = node2 as XmlElement; if (elem2 != null) { kicString += "/" + elem2.LocalName; break; } } } KeyInfoClause keyInfoClause = (KeyInfoClause)CryptoConfig.CreateFromName(kicString); // if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode: if (keyInfoClause == null) { keyInfoClause = new KeyInfoNode(); } // Ask the create clause to fill itself with the // corresponding XML keyInfoClause.LoadXml(elem); // Add it to our list of KeyInfoClauses AddClause(keyInfoClause); } }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) { VerifyArguments(sap, externalSignature); List<XmlElement> references = new List<XmlElement>(1); references.Add(GenerateContentReference(sap.GetXmlLocator().GetDocument(), sap, null)); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), null, false); Sign(signature, sap.GetXmlLocator(), externalSignature, references, null, keyInfo); sap.Close(); }
public void LoadXml(XmlElement value) { if (value == null) { throw new ArgumentNullException("value"); } XmlElement element = value; this.m_id = System.Security.Cryptography.Xml.Utils.GetAttribute(element, "Id", "http://www.w3.org/2000/09/xmldsig#"); for (XmlNode node = element.FirstChild; node != null; node = node.NextSibling) { XmlElement element2 = node as XmlElement; if (element2 != null) { string name = element2.NamespaceURI + " " + element2.LocalName; if (name == "http://www.w3.org/2000/09/xmldsig# KeyValue") { foreach (XmlNode node2 in element2.ChildNodes) { XmlElement element3 = node2 as XmlElement; if (element3 != null) { name = name + "/" + element3.LocalName; break; } } } KeyInfoClause clause = (KeyInfoClause)CryptoConfig.CreateFromName(name); if (clause == null) { clause = new KeyInfoNode(); } clause.LoadXml(element2); this.AddClause(clause); } } }
/// <summary> /// Initializes a new instance of the <see cref="X509CertificateCredentials"/> class. /// </summary> /// <remarks>The X509Certificate2 argument should have private key in order to sign the message.</remarks> /// <param name="certificate">The X509Certificate2 object.</param> public X509CertificateCredentials(X509Certificate2 certificate) : base(null, true) { EwsUtilities.ValidateParam(certificate, "certificate"); if (!certificate.HasPrivateKey) { throw new ServiceValidationException(Strings.CertificateHasNoPrivateKey); } this.certificate = certificate; string certId = WSSecurityUtilityIdSignedXml.GetUniqueId(); this.SecurityToken = string.Format( X509CertificateCredentials.BinarySecurityTokenFormat, certId, Convert.ToBase64String(this.certificate.GetRawCertData())); SafeXmlDocument doc = new SafeXmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(string.Format(X509CertificateCredentials.KeyInfoClauseFormat, certId)); this.keyInfoClause = new KeyInfoNode(doc.DocumentElement); }
private Legacy.KeyInfoEncryptedKey EncryptKey(byte[] key, RSA encryptionKey, string method, Legacy.KeyInfoClause encryptionKeyInfoClause) { var encryptionKeyInfo = new Legacy.KeyInfo(); encryptionKeyInfo.AddClause(encryptionKeyInfoClause); var cipherValue = Legacy.EncryptedXml.EncryptKey(key, encryptionKey, true); var encryptedKey = new Legacy.EncryptedKey { CipherData = new Legacy.CipherData { CipherValue = cipherValue }, EncryptionMethod = new Legacy.EncryptionMethod(method), KeyInfo = encryptionKeyInfo }; return(new Legacy.KeyInfoEncryptedKey { EncryptedKey = encryptedKey }); }
private static void Sign(XmlElement signature, IXmlLocator xmlLocator, IExternalSignature externalSignature, List<XmlElement> references, XmlElement dsObject, KeyInfoClause keyInfo) { XmlDocument originalDoc = xmlLocator.GetDocument(); if (signature == null) throw new InvalidOperationException(); XmlElement signedInfo = originalDoc.CreateElement("SignedInfo", SecurityConstants.XMLDSIG_URI); signature.AppendChild(signedInfo); XmlElement canonicalizationMethod = originalDoc.CreateElement("CanonicalizationMethod", SecurityConstants.XMLDSIG_URI); canonicalizationMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_C14N); signedInfo.AppendChild(canonicalizationMethod); XmlElement signatureMethod = originalDoc.CreateElement("SignatureMethod", SecurityConstants.XMLDSIG_URI); if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA)) signatureMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_RSA_SHA1); else if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.DSA)) signatureMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_DSA_SHA1); signedInfo.AppendChild(signatureMethod); foreach (XmlElement reference in references) signedInfo.AppendChild(reference); //if append Signature to original document upper - reference digest will be incorrect. originalDoc.DocumentElement.AppendChild(signature); XmlElement signedInfoDigest = (XmlElement)signedInfo.CloneNode(true); NormalizeNamespaces(signedInfo.CreateNavigator(), signedInfoDigest.CreateNavigator()); XmlDocument signedInfoDoc = new XmlDocument(originalDoc.NameTable); signedInfoDoc.LoadXml(signedInfoDigest.OuterXml); byte[] byteRange = CalculateC14nByteRange(signedInfoDoc); //Sign with ExternalSignature String valueBase64 = Convert.ToBase64String(externalSignature.Sign(byteRange)); XmlElement signatureValue = originalDoc.CreateElement("SignatureValue", SecurityConstants.XMLDSIG_URI); signatureValue.AppendChild(originalDoc.CreateTextNode(valueBase64)); signature.AppendChild(signatureValue); if(keyInfo != null) { XmlElement keyInfoElement = originalDoc.CreateElement("KeyInfo", SecurityConstants.XMLDSIG_URI); keyInfoElement.AppendChild(originalDoc.ImportNode(keyInfo.GetXml(), true)); signature.AppendChild(keyInfoElement); } if (dsObject != null) signature.AppendChild(dsObject); xmlLocator.SetDocument(originalDoc); }
// // public constructors // public void AddClause(KeyInfoClause clause) { m_KeyInfoClauses.Add(clause); }
// // public constructors // public void AddClause(KeyInfoClause clause) { _keyInfoClauses.Add(clause); }
public void AddClause(KeyInfoClause clause) { Info.Add(clause); }
public void LoadXml(XmlElement value) { if (value == null) { throw new ArgumentNullException("value"); } Id = value.Attributes ["Id"] != null?value.GetAttribute("Id") : null; if ((value.LocalName == XmlSignature.ElementNames.KeyInfo) && (value.NamespaceURI == XmlSignature.NamespaceURI)) { foreach (XmlNode n in value.ChildNodes) { if (n.NodeType != XmlNodeType.Element) { continue; } KeyInfoClause kic = null; switch (n.LocalName) { case XmlSignature.ElementNames.KeyValue: XmlNodeList xnl = n.ChildNodes; if (xnl.Count > 0) { // we must now treat the whitespace ! foreach (XmlNode m in xnl) { switch (m.LocalName) { case XmlSignature.ElementNames.DSAKeyValue: kic = (KeyInfoClause) new DSAKeyValue(); break; case XmlSignature.ElementNames.RSAKeyValue: kic = (KeyInfoClause) new RSAKeyValue(); break; } } } break; case XmlSignature.ElementNames.KeyName: kic = (KeyInfoClause) new KeyInfoName(); break; case XmlSignature.ElementNames.RetrievalMethod: kic = (KeyInfoClause) new KeyInfoRetrievalMethod(); break; case XmlSignature.ElementNames.X509Data: kic = (KeyInfoClause) new KeyInfoX509Data(); break; case XmlSignature.ElementNames.RSAKeyValue: kic = (KeyInfoClause) new RSAKeyValue(); break; #if NET_2_0 case XmlSignature.ElementNames.EncryptedKey: kic = (KeyInfoClause) new KeyInfoEncryptedKey(); break; #endif default: kic = (KeyInfoClause) new KeyInfoNode(); break; } if (kic != null) { kic.LoadXml((XmlElement)n); AddClause(kic); } } } // No check is performed on MS.NET... }
/// <summary> /// Attempts to retrieve an asymmetric key from the KeyInfoClause given as parameter. /// </summary> /// <param name="keyInfoClause">The key info clause.</param> /// <returns>null if the key could not be found.</returns> public static AsymmetricAlgorithm ExtractKey(KeyInfoClause keyInfoClause) { if (keyInfoClause is RSAKeyValue) { var key = (RSAKeyValue)keyInfoClause; return key.Key; } if (keyInfoClause is KeyInfoX509Data) { var cert = GetCertificateFromKeyInfo((KeyInfoX509Data)keyInfoClause); return cert != null ? cert.PublicKey.Key : null; } if (keyInfoClause is DSAKeyValue) { var key = (DSAKeyValue)keyInfoClause; return key.Key; } return null; }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) { throw new NotImplementedException("Xml signatures are not supported yet"); }
public void AddClause(KeyInfoClause clause) { this.m_KeyInfoClauses.Add(clause); }
public void AddClause (KeyInfoClause clause) { Info.Add (clause); }