/// <remarks>Sólo se implementan las transformadas de canonicalización</remarks> private Stream SignedInfoTransformed() { System.Security.Cryptography.Xml.Transform t = null; switch (signature.SignedInfo.CanonicalizationMethod) { case XmlSignatureConstants.XmlDsigC14NTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigC14NTransform(); break; case XmlSignatureConstants.XmlDsigC14NWithCommentsTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigC14NWithCommentsTransform(); break; case XmlSignatureConstants.XmlDsigExcC14NTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigExcC14NTransform(signature.SignedInfo.InclusiveNamespaces); break; case XmlSignatureConstants.XmlDsigExcC14NWithCommentsTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigExcC14NWithCommentsTransform(); break; default: t = null; break; } if (t == null) { return(null); } XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; XmlElement signatureNode = (XmlElement)envdoc.SelectSingleNode("//*[@Id='" + signature.Id + "']"); if (signatureNode != null) { XmlNamespaceManager xmlnsManager = new XmlNamespaceManager(envdoc.NameTable); xmlnsManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); XmlNode signedInfoNode = signatureNode.SelectSingleNode("ds:SignedInfo", xmlnsManager); doc.LoadXml(signedInfoNode.OuterXml); } else { doc.LoadXml(signature.SignedInfo.GetXml().OuterXml); } var namespaces = GetAllNamespaces(signatureNode); foreach (var item in namespaces) { AddNameSpace(doc, doc.DocumentElement, item.Name, item.Value); } return(ApplyTransform(t, doc)); }
string C14N (string xml) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform (); XmlDocument doc = new XmlDocument (); doc.LoadXml (xml); t.LoadInput (doc); return new StreamReader (t.GetOutput () as Stream).ReadToEnd (); }
/// <summary> /// Выполнить каноникализацию XML-узла /// </summary> /// <param name="node"> /// Узел /// </param> /// <returns> /// Каноникализированный XM-текст /// </returns> public static string Canonicalize(this XmlNode node) { var transform = new XmlDsigExcC14NTransform(); var document = new XmlDocument(); document.LoadXml(node.OuterXml); transform.LoadInput(document); using (var stream = (Stream) transform.GetOutput()) using (var reader = new StreamReader(stream)) { return reader.ReadToEnd(); } }
public static XmlDocument SignDocument(XmlDocument doc) { //////////////// string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256"; string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713"; CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod); X509Certificate2 signingCertificate = GetCertificate(); // /* add the following lines of code after var signingCertificate = GetCertificate();*/ CspParameters cspParams = new CspParameters(24); //cspParams.KeyContainerName = "XML_DISG_RSA_KEY"; RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams); var strKey = signingCertificate.PrivateKey.ToXmlString(true); key.FromXmlString(strKey); /*assign the new key to signer's SigningKey */ //metadataSigner.SigningKey = key; // SignedXml signer = new SignedXml(doc); signer.SigningKey = key;//signingCertificate.PrivateKey; signer.KeyInfo = new KeyInfo(); signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate)); signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod; signer.SignedInfo.SignatureMethod = signatureMethod; XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform(); XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform(); Reference signatureReference = new Reference("#FATCA"); signatureReference.Uri = signatureReferenceURI; signatureReference.AddTransform(envelopeTransform); signatureReference.AddTransform(cn14Transform); signatureReference.DigestMethod = digestMethod; signer.AddReference(signatureReference); signer.ComputeSignature(); XmlElement signatureElement = signer.GetXml(); doc.DocumentElement.AppendChild(signer.GetXml()); return doc; }
private SignatureVerificationResult VerifyAuthenticodeExpectedHash(XmlElement licenseNode) { XmlElement element = licenseNode.SelectSingleNode("r:grant/as:ManifestInformation", this.m_namespaceManager) as XmlElement; if (element == null) { return(SignatureVerificationResult.BadSignatureFormat); } string attribute = element.GetAttribute("Hash"); if (string.IsNullOrEmpty(attribute)) { return(SignatureVerificationResult.BadSignatureFormat); } byte[] lhs = BackwardHexToBytes(attribute); XmlDocument document = new XmlDocument { PreserveWhitespace = true }; XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Parse }; using (TextReader reader = new StringReader(this.m_manifestXml.OuterXml)) { using (XmlReader reader2 = XmlReader.Create(reader, settings, this.m_manifestXml.BaseURI)) { document.Load(reader2); } } XmlElement oldChild = document.SelectSingleNode("//asm:assembly/ds:Signature", this.m_namespaceManager) as XmlElement; oldChild.ParentNode.RemoveChild(oldChild); XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(document); byte[] rhs = null; using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider()) { rhs = provider.ComputeHash(transform.GetOutput() as MemoryStream); } if (!CompareBytes(lhs, rhs)) { return(SignatureVerificationResult.BadDigest); } return(SignatureVerificationResult.Valid); }
private Transform GetC14NMethod() { Transform t = null; if (m_signature.SignedInfo.CanonicalizationMethod.Contains("http://www.w3.org/2001/10/xml-exc-c14n#")) { t = new XmlDsigExcC14NTransform(); } if (t == null) { t = (Transform)CryptoConfig.CreateFromName(m_signature.SignedInfo.CanonicalizationMethod); } if (t == null) { throw new CryptographicException("Unknown Canonicalization Method {0}", m_signature.SignedInfo.CanonicalizationMethod); } return(t); }
public static void SignXmlSoap( this Message message, X509Certificate2 certificate) { XmlDocument signedMessageXml = message.Xml; SmevSignedXml signedXml = new SmevSignedXml(signedMessageXml); signedXml.SigningKey = certificate.PrivateKey; Reference reference = new Reference(); reference.Uri = "#body"; reference.DigestMethod = CryptoPro.Sharpei.Xml.CPSignedXml.XmlDsigGost3411UrlObsolete; XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform(); reference.AddTransform(c14); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = CryptoPro.Sharpei.Xml.CPSignedXml.XmlDsigGost3410UrlObsolete; signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); string xmldsig = @"http://www.w3.org/2000/09/xmldsig#"; string wsse = @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("ds", xmldsig); namespaceManager.AddNamespace("wsse", wsse); signedMessageXml.GetElementsByTagName("Signature", xmldsig)[0].PrependChild( signedMessageXml.ImportNode(xmlDigitalSignature.GetElementsByTagName("SignatureValue", xmldsig)[0], true) ); signedMessageXml.GetElementsByTagName("Signature", xmldsig)[0].PrependChild( signedMessageXml.ImportNode(xmlDigitalSignature.GetElementsByTagName("SignedInfo", xmldsig)[0], true) ); signedMessageXml.GetElementsByTagName("BinarySecurityToken", wsse)[0].InnerText = Convert.ToBase64String(certificate.RawData); }
public static void SignSingleEntity( this GisGmp.Message message, X509Certificate2 certificate, XmlNode entityXml) { XmlDocument signingDoc = new XmlDocument(); signingDoc.LoadXml(entityXml.OuterXml); SmevSignedXml signedXml = new SmevSignedXml(signingDoc); signedXml.SigningKey = certificate.PrivateKey; Reference reference = new Reference(); reference.Uri = ""; reference.DigestMethod = CryptoPro.Sharpei.Xml.CPSignedXml.XmlDsigGost3411UrlObsolete; XmlDsigEnvelopedSignatureTransform envelopedSignature = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envelopedSignature); XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform(); reference.AddTransform(c14); KeyInfo ki = new KeyInfo(); ki.AddClause(new KeyInfoX509Data(certificate)); signedXml.KeyInfo = ki; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = CryptoPro.Sharpei.Xml.CPSignedXml.XmlDsigGost3410UrlObsolete; signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); signingDoc.DocumentElement.AppendChild(xmlDigitalSignature); XmlDocumentFragment signedFinalPayment = message.Xml.CreateDocumentFragment(); signedFinalPayment.InnerXml = signingDoc.OuterXml; var documentNode = entityXml.ParentNode; documentNode.RemoveChild(entityXml); documentNode.AppendChild(signedFinalPayment); }
/// <summary> /// Signs an XML Document for a Saml Response /// </summary> /// <param name="xml"></param> /// <param name="cert2"></param> /// <param name="referenceId"></param> /// <returns></returns> public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue) { SamlSignedXml sig = new SamlSignedXml(doc, referenceId); // Add the key to the SignedXml xmlDocument. sig.SigningKey = cert2.PrivateKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = String.Empty; // reference.Uri = "#" + referenceValue; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform(); reference.AddTransform(env); reference.AddTransform(env2); // Add the reference to the SignedXml object. sig.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data keyData = new KeyInfoX509Data(cert2); keyInfo.AddClause(keyData); sig.KeyInfo = keyInfo; // Compute the signature. sig.ComputeSignature(); // Get the XML representation of the signature and save it to an XmlElement object. XmlElement xmlDigitalSignature = sig.GetXml(); return xmlDigitalSignature; }
private static XmlDocument SignSmevRequest(XmlDocument smevRequest, X509Certificate2 signingCertificate) { // Создание подписчика XML-документа var signedXml = new GostSignedXml(smevRequest) { GetIdElementHandler = GetSmevIdElement }; // Установка ключа для создания подписи signedXml.SetSigningCertificate(signingCertificate); // Ссылка на узел, который нужно подписать, с указанием алгоритма хэширования ГОСТ Р 34.11-94 (в соответствии с методическими рекомендациями СМЭВ) var dataReference = new Reference { Uri = "#body", DigestMethod = GostSignedXml.XmlDsigGost3411ObsoleteUrl }; // Метод преобразования, применяемый к данным перед их подписью (в соответствии с методическими рекомендациями СМЭВ) var dataTransform = new XmlDsigExcC14NTransform(); dataReference.AddTransform(dataTransform); // Установка ссылки на узел signedXml.AddReference(dataReference); // Установка алгоритма нормализации узла SignedInfo (в соответствии с методическими рекомендациями СМЭВ) signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // Установка алгоритма подписи ГОСТ Р 34.10-2001 (в соответствии с методическими рекомендациями СМЭВ) signedXml.SignedInfo.SignatureMethod = GostSignedXml.XmlDsigGost3410ObsoleteUrl; // Вычисление подписи signedXml.ComputeSignature(); // Получение XML-представления подписи var signatureXml = signedXml.GetXml(); // Добавление подписи в исходный документ smevRequest.GetElementsByTagName("ds:Signature")[0].PrependChild(smevRequest.ImportNode(signatureXml.GetElementsByTagName("SignatureValue")[0], true)); smevRequest.GetElementsByTagName("ds:Signature")[0].PrependChild(smevRequest.ImportNode(signatureXml.GetElementsByTagName("SignedInfo")[0], true)); smevRequest.GetElementsByTagName("wsse:BinarySecurityToken")[0].InnerText = Convert.ToBase64String(signingCertificate.RawData); return smevRequest; }
void CheckProperties (XmlDsigExcC14NTransform transform) { Type[] input = transform.InputTypes; Assert.IsTrue ((input.Length == 3), "Input #"); // check presence of every supported input types bool istream = false; bool ixmldoc = false; bool ixmlnl = false; foreach (Type t in input) { if (t.ToString () == "System.IO.Stream") istream = true; if (t.ToString () == "System.Xml.XmlDocument") ixmldoc = true; if (t.ToString () == "System.Xml.XmlNodeList") ixmlnl = true; } Assert.IsTrue (istream, "Input Stream"); Assert.IsTrue (ixmldoc, "Input XmlDocument"); Assert.IsTrue (ixmlnl, "Input XmlNodeList"); Type[] output = transform.OutputTypes; Assert.IsTrue ((output.Length == 1), "Output #"); // check presence of every supported output types bool ostream = false; foreach (Type t in output) { if (t.ToString () == "System.IO.Stream") ostream = true; } Assert.IsTrue (ostream, "Output Stream"); }
private void addReferenceButton_Click(object sender, System.EventArgs e) { XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform; Reference reference; reference = new Reference(); reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#gostr3411"; if (this.envelopedSignatureRadioButton.Checked) { if (this.newSignatureCheckBox.Checked) { this.envelopedSignatureXmlDocument = new XmlDocument(); this.documentDataObjectCounter = 1; } this.envelopedSignatureXmlDocument.PreserveWhitespace = true; this.envelopedSignatureXmlDocument.Load(this.envelopingDocumentTextBox.Text); this.xadesSignedXml = new XadesSignedXml(this.envelopedSignatureXmlDocument); reference.Uri = ""; XmlDsigExcC14NTransform xmlDsigC14NTransform = new XmlDsigExcC14NTransform(); reference.AddTransform(xmlDsigC14NTransform); xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(xmlDsigEnvelopedSignatureTransform); } else { if (this.newSignatureCheckBox.Checked) { this.xadesSignedXml = new XadesSignedXml(); this.documentDataObjectCounter = 1; } if (this.includedXmlRadioButton.Checked) { reference.Uri = "#" + this.objectIdPrefixTextBox.Text + this.documentDataObjectCounter.ToString(); reference.Type = SignedXml.XmlDsigNamespaceUrl + "Object"; //Add an object System.Security.Cryptography.Xml.DataObject dataObject = new System.Security.Cryptography.Xml.DataObject(); XmlDocument xmlDocument = new XmlDocument(); xmlDocument.PreserveWhitespace = true; xmlDocument.LoadXml(this.includedXmltextBox.Text); dataObject.Data = xmlDocument.ChildNodes; dataObject.Id = this.objectIdPrefixTextBox.Text + this.documentDataObjectCounter.ToString(); this.xadesSignedXml.AddObject(dataObject); } else { reference.Uri = this.externalDocumentUrlTextBox.Text; if (reference.Uri.EndsWith(".xml") || reference.Uri.EndsWith(".XML")) { reference.AddTransform(new XmlDsigC14NTransform()); } } } this.xadesSignedXml.AddReference(reference); this.documentDataObjectCounter++; this.nextObjectIdSuffixLabel.Text = this.documentDataObjectCounter.ToString(); }
private static void SignXmlSec1(EnvConfig envConfig, string templateName, string outputName, AppId appId) { Program.LogAction("signing with xmlsec1: [{0}] => [{1}]", templateName, outputName); // load manifest input xml var docTemplate = new XmlDocument(); docTemplate.Load(templateName); var nsmgr = CreateDefaultXmlNsmgr(docTemplate); // insert publisher identity var pfx = UnlockPfx(File.ReadAllBytes(envConfig.ClickOnce.KeyFile)); var cert = pfx.Certificates.Cast<X509Certificate>().Single(); var publisherName = cert.SubjectName; // as described on http://msdn.microsoft.com/en-us/library/dd996956.aspx var issuerKeyHash = FormatKey(_sha1.ComputeHash(cert.PublicKey)); var publisherIdentity = docTemplate.CreateElement("publisherIdentity", ASMv2_NS); SetOrReplaceAttribute(publisherIdentity, "name", null, publisherName); SetOrReplaceAttribute(publisherIdentity, "issuerKeyHash", null, issuerKeyHash); docTemplate.ChildNodes.OfType<XmlElement>().Last().AppendChild(publisherIdentity); var fusionTemplateName = templateName + ".fusion"; docTemplate.Save(fusionTemplateName); // // Calculate ManifestInformation Hash // ================================== // The Fusion XML engine is always preserving whitespace, therefore we need to // use a specially configured XmlDocument to normalize and sign the Manifest. // byte[] hash; { var fusionDoc = new XmlDocument(); fusionDoc.PreserveWhitespace = true; fusionDoc.Load(fusionTemplateName); var transform = new XmlDsigExcC14NTransform(); transform.LoadInput(fusionDoc); hash = _sha1.ComputeHash((MemoryStream)transform.GetOutput()); } // Load SignatureBlock into DOM var signatureTemplate = LoadXmlFromResource("PrepareEnv.Templates.SignatureBlock.xml"); foreach (XmlNode sigNode in signatureTemplate.DocumentElement.ChildNodes) { var newChild = docTemplate.ImportNode(sigNode, deep: true); docTemplate.DocumentElement.AppendChild(newChild); foreach (XmlNode assemblyId in newChild.SelectNodes("//as:assemblyIdentity", nsmgr)) { // authenticode assemblyIdentity looks like asmv1:assemblyIdentity FillAppId(envConfig, assemblyId, appId); } } // Set ManifestInformation Hash var manifestInfo = docTemplate.SelectSingleNode("//as:ManifestInformation", nsmgr); SetOrReplaceAttribute(manifestInfo, "Hash", null, FormatKey(hash)); // Set AuthenticodePublisher's SubjectName var subjectName = docTemplate.SelectSingleNode("//as:AuthenticodePublisher/as:X509SubjectName", nsmgr); subjectName.InnerText = publisherName; // Sign everything Program.LogDetail("saving to xmlsec1 template: [{0}]", templateName + ".xmlsec1"); docTemplate.Save(templateName + ".xmlsec1"); var pw = _passphrase == null ? string.Empty : string.Format("--pwd \"{0}\"", _passphrase); // resign manifest RelData var relDataArgs = string.Format("--sign {0} {1} {2} --node-xpath \"//*[local-name()='RelData']\" --enabled-key-data rsa,x509 --output \"{3}.reldata\" \"{4}.xmlsec1\"", pw, envConfig.ClickOnce.KeyFile.EndsWith("pfx") ? "--pkcs12" : "--privkey-pem", envConfig.ClickOnce.KeyFile, outputName, templateName); Program.LogDetail("signing reldata to [{0}.reldata]", outputName); var proc = Process.Start(new ProcessStartInfo("xmlsec1", relDataArgs) { UseShellExecute = false }); proc.WaitForExit(); if (proc.ExitCode != 0) { throw new InvalidOperationException(string.Format("xmlsec1 complained about {0}", relDataArgs)); } // resign complete manifest var finalArgs = string.Format("--sign {0} {1} {2} --enabled-key-data rsa,x509 --output \"{3}\" \"{3}.reldata\"", pw, envConfig.ClickOnce.KeyFile.EndsWith("pfx") ? "--pkcs12" : "--privkey-pem", envConfig.ClickOnce.KeyFile, outputName); Program.LogDetail("signing final to : [{0}]", outputName); proc = Process.Start(new ProcessStartInfo("xmlsec1", finalArgs) { UseShellExecute = false }); proc.WaitForExit(); if (proc.ExitCode != 0) { throw new InvalidOperationException(string.Format("xmlsec1 complained about {0}", finalArgs)); } }
void AppendNegotiationMessageXml (XmlReader reader, TlsServerSessionInfo tlsInfo) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform (); XmlDocument doc = new XmlDocument (); doc.PreserveWhitespace = true; reader.MoveToContent (); doc.AppendChild (doc.ReadNode (reader)); t.LoadInput (doc); MemoryStream stream = (MemoryStream) t.GetOutput (); byte [] bytes = stream.ToArray (); tlsInfo.Messages.Write (bytes, 0, bytes.Length); }
public static void Sign(XmlDocument doc) { string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256"; CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod); X509Certificate2 signingCertificate = GetCertificate(); SignedXml signer = new SignedXml(doc); CspParameters cspParams = new CspParameters(24); cspParams.KeyContainerName = "XML_DISG_RSA_KEY"; RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams); var strKey = signingCertificate.PrivateKey.ToXmlString(true); key.FromXmlString(strKey); signer.SigningKey = key; signer.KeyInfo = new KeyInfo(); var x509Data = new KeyInfoX509Data(signingCertificate); //SubjectName var dname = new X500DistinguishedName(signingCertificate.SubjectName); Console.WriteLine("X500DistinguishedName: {0}{1}", dname.Name, Environment.NewLine); x509Data.AddSubjectName(dname.Name); signer.KeyInfo.AddClause(x509Data); signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod; signer.SignedInfo.SignatureMethod = signatureMethod; //XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform(); Transform cn14Transform = new XmlDsigExcC14NTransform(); //Transform cn14Transform = new XmlDsigC14NTransform(); Reference signatureReference = new Reference("#FATCA"); //signatureReference.Uri = signatureReferenceURI; //signatureReference.AddTransform(envelopeTransform); signatureReference.AddTransform(cn14Transform); signatureReference.DigestMethod = digestMethod; signer.AddReference(signatureReference); //signer.AddReference(new Reference("#tag1")); //signer.AddReference(new Reference("#tag3")); signer.ComputeSignature(); XmlElement signatureElement = signer.GetXml(); Console.WriteLine(signatureElement.NamespaceURI); String strDoc = signatureElement.OuterXml; XmlDocument docResult = new XmlDocument(); docResult.LoadXml(strDoc); Console.WriteLine(signatureElement.NamespaceURI); //XmlElement obj = docResult.CreateElement("Object",docResult.FirstChild.NamespaceURI); //obj.SetAttribute("Id", "FACTA"); var xfrag = docResult.CreateDocumentFragment(); xfrag.InnerXml = doc.OuterXml; //xfrag.FirstChild.Attributes.Append(xfrag.C.CreateAttribute("xx")).Value = docResult.NamespaceURI; //obj.AppendChild(xfrag); //docResult.DocumentElement.AppendChild(obj); if (docResult.DocumentElement == null) throw new Exception("docResult.DocumentElement no puede ser NULL"); var node = docResult.DocumentElement.AppendChild(xfrag); //node.FirstChild.Attributes.Append(doc.CreateAttribute("xx")).Value = docResult.NamespaceURI; //doc.DocumentElement.AppendChild(signer.GetXml()); var settings = new XmlWriterSettings(); settings.OmitXmlDeclaration = false; settings.Indent = true; var writer = XmlWriter.Create("output1.xml", settings); docResult.Save(writer); //docResult.Save("output.xml"); Console.WriteLine("Namespace:{0}",docResult.FirstChild.NamespaceURI); //Console.ReadLine(); }
public byte[] ComputeHashValueOfElementList(XmlElement signatureXmlElement, ArrayList elementXpaths) { XmlDocument xmlDocument; XmlNamespaceManager xmlNamespaceManager; XmlNodeList searchXmlNodeList; XmlElement composedXmlElement; XmlDsigExcC14NTransform xmlTransform; Stream canonicalizedStream; //SHA1 sha1Managed; byte[] retVal; xmlDocument = signatureXmlElement.OwnerDocument; composedXmlElement = xmlDocument.CreateElement("ComposedElement", SignedXml.XmlDsigNamespaceUrl); xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable); xmlNamespaceManager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri); foreach (string elementXpath in elementXpaths) { searchXmlNodeList = signatureXmlElement.SelectNodes(elementXpath, xmlNamespaceManager); if (searchXmlNodeList.Count == 0) { throw new CryptographicException("Element " + elementXpath + " not found while calculating hash"); } foreach (XmlNode xmlNode in searchXmlNodeList) { //jbonilla Id attr deprecated //if (((XmlElement)xmlNode).HasAttribute("Id")) //{ // elementIdValues.Add(((XmlElement)xmlNode).Attributes["Id"].Value); // composedXmlElement.AppendChild(xmlNode); //} //else //{ // throw new CryptographicException("Id attribute missing on " + xmlNode.LocalName + " element"); //} composedXmlElement.AppendChild(xmlNode); } } //Initialise the stream to read the node list MemoryStream nodeStream = new MemoryStream(); XmlWriter xw = XmlWriter.Create(nodeStream); composedXmlElement.ChildNodes[0].WriteTo(xw); xw.Flush(); nodeStream.Position = 0; //modificado xmlTransform = new XmlDsigExcC14NTransform(); xmlTransform.LoadInput(nodeStream); canonicalizedStream = (Stream)xmlTransform.GetOutput(typeof(Stream)); //sha1Managed = new SHA1Managed(); //retVal = sha1Managed.ComputeHash(canonicalizedStream); IDigest digest = this.tspSource.GetMessageDigest(); byte[] canonicalizedBytes = Streams.ReadAll(canonicalizedStream); digest.BlockUpdate(canonicalizedBytes, 0, canonicalizedBytes.Length); retVal = DigestUtilities.DoFinal(digest); canonicalizedStream.Close(); return retVal; }
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat) { if (oldFormat) { XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform(); exc.LoadInput(manifestDom); using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) { byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream); if (hash == null) { throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST); } return hash; } } else { // Since the DOM given to us is not guaranteed to be normalized, // we need to normalize it ourselves. Also, we always preserve // white space as Fusion XML engine always preserve white space. XmlDocument normalizedDom = new XmlDocument(); normalizedDom.PreserveWhitespace = true; // Normalize the document using (TextReader stringReader = new StringReader(manifestDom.OuterXml)) { XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Parse; XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI); normalizedDom.Load(reader); } XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform(); exc.LoadInput(normalizedDom); using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) { byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream); if (hash == null) { throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST); } return hash; } } }
private Transform GetC14NMethod () { Transform t = null; if (m_signature.SignedInfo.CanonicalizationMethod.Contains ("http://www.w3.org/2001/10/xml-exc-c14n#")) { t = new XmlDsigExcC14NTransform (); } if (t == null) t = (Transform) CryptoConfig.CreateFromName (m_signature.SignedInfo.CanonicalizationMethod); if (t == null) throw new CryptographicException ("Unknown Canonicalization Method {0}", m_signature.SignedInfo.CanonicalizationMethod); return t; }
public void LoadXml (XmlElement value) { if (value == null) throw new ArgumentNullException ("value"); if ((value.LocalName != XmlSignature.ElementNames.Reference) || (value.NamespaceURI != XmlSignature.NamespaceURI)) throw new CryptographicException (); id = GetAttribute (value, XmlSignature.AttributeNames.Id); uri = GetAttribute (value, XmlSignature.AttributeNames.URI); type = GetAttribute (value, XmlSignature.AttributeNames.Type); // Note: order is important for validations XmlNodeList xnl = value.GetElementsByTagName (XmlSignature.ElementNames.Transform, XmlSignature.NamespaceURI); if ((xnl != null) && (xnl.Count > 0)) { Transform t = null; foreach (XmlNode xn in xnl) { string a = GetAttribute ((XmlElement)xn, XmlSignature.AttributeNames.Algorithm); /* This code is useful for debugging in VS.NET because using CryptoConfig (from MS mscorlib) would throw InvalidCastException because it's Transform would come from MS System.Security.dll not Mono's.*/ switch (a) { case "http://www.w3.org/2000/09/xmldsig#base64": t = new XmlDsigBase64Transform (); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315": t = new XmlDsigC14NTransform (); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments": t = new XmlDsigC14NWithCommentsTransform (); break; case "http://www.w3.org/2000/09/xmldsig#enveloped-signature": t = new XmlDsigEnvelopedSignatureTransform (); break; case "http://www.w3.org/TR/1999/REC-xpath-19991116": t = new XmlDsigXPathTransform (); break; case "http://www.w3.org/TR/1999/REC-xslt-19991116": t = new XmlDsigXsltTransform (); break; case "http://www.w3.org/2002/07/decrypt#XML": t = new XmlDecryptionTransform (); break; case "http://www.w3.org/2001/10/xml-exc-c14n#": t = new XmlDsigExcC14NTransform (); break; default: throw new NotSupportedException (); } if (t == null) t = (Transform) CryptoConfig.CreateFromName (a); if (t == null) throw new CryptographicException ("Unknown transform {0}.", a); if (xn.ChildNodes.Count > 0) { t.LoadInnerXml (xn.ChildNodes); } AddTransform (t); } } // get DigestMethod DigestMethod = XmlSignature.GetAttributeFromElement (value, XmlSignature.AttributeNames.Algorithm, XmlSignature.ElementNames.DigestMethod); // get DigestValue XmlElement dig = XmlSignature.GetChildElement (value, XmlSignature.ElementNames.DigestValue, XmlSignature.NamespaceURI); if (dig != null) DigestValue = Convert.FromBase64String (dig.InnerText); element = value; }
private SignatureVerificationResult VerifyAuthenticodeExpectedHash(XmlElement licenseNode) { XmlElement element = licenseNode.SelectSingleNode("r:grant/as:ManifestInformation", this.m_namespaceManager) as XmlElement; if (element == null) { return SignatureVerificationResult.BadSignatureFormat; } string attribute = element.GetAttribute("Hash"); if (string.IsNullOrEmpty(attribute)) { return SignatureVerificationResult.BadSignatureFormat; } byte[] lhs = BackwardHexToBytes(attribute); XmlDocument document = new XmlDocument { PreserveWhitespace = true }; XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Parse }; using (TextReader reader = new StringReader(this.m_manifestXml.OuterXml)) { using (XmlReader reader2 = XmlReader.Create(reader, settings, this.m_manifestXml.BaseURI)) { document.Load(reader2); } } XmlElement oldChild = document.SelectSingleNode("//asm:assembly/ds:Signature", this.m_namespaceManager) as XmlElement; oldChild.ParentNode.RemoveChild(oldChild); XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(document); byte[] rhs = null; using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider()) { rhs = provider.ComputeHash(transform.GetOutput() as MemoryStream); } if (!CompareBytes(lhs, rhs)) { return SignatureVerificationResult.BadDigest; } return SignatureVerificationResult.Valid; }
public virtual void LoadXml (XmlElement value) { if (value == null) throw new ArgumentNullException ("value"); else { Uri = null; TransformChain = new TransformChain (); foreach (XmlNode n in value.ChildNodes) { if (n is XmlWhitespace) continue; switch (n.LocalName) { case XmlEncryption.ElementNames.Transforms: foreach (XmlNode xn in ((XmlElement) n).GetElementsByTagName (XmlSignature.ElementNames.Transform, XmlSignature.NamespaceURI)) { Transform t = null; switch (((XmlElement) xn).Attributes [XmlSignature.AttributeNames.Algorithm].Value) { case XmlSignature.AlgorithmNamespaces.XmlDsigBase64Transform: t = new XmlDsigBase64Transform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigC14NTransform: t = new XmlDsigC14NTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigC14NWithCommentsTransform: t = new XmlDsigC14NWithCommentsTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigEnvelopedSignatureTransform: t = new XmlDsigEnvelopedSignatureTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigXPathTransform: t = new XmlDsigXPathTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigXsltTransform: t = new XmlDsigXsltTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigExcC14NTransform: t = new XmlDsigExcC14NTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDsigExcC14NWithCommentsTransform: t = new XmlDsigExcC14NWithCommentsTransform (); break; case XmlSignature.AlgorithmNamespaces.XmlDecryptionTransform: t = new XmlDecryptionTransform (); break; default: continue; } t.LoadInnerXml (((XmlElement) xn).ChildNodes); TransformChain.Add (t); } break; } } if (value.HasAttribute (XmlEncryption.AttributeNames.URI)) Uri = value.Attributes [XmlEncryption.AttributeNames.URI].Value; } }
private static void SignDocument(X509Certificate2 cert, XmlDocument doc) { //Create reference to #MsgBody which is the ID of the SOAP Body (only signing the Body) Reference reference = new Reference("#MsgBody"); //Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); //Create a signedXML object from doc, add reference and private key, then generate the signature SignedXml signedXML = new SignedXml(doc); signedXML.AddReference(reference); RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey; signedXML.SigningKey = rsaKey; // Changes done to support SHA2 - START =================== var cn14Transform = new XmlDsigExcC14NTransform(); string referenceDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; reference.AddTransform(cn14Transform); reference.DigestMethod = referenceDigestMethod; signedXML.AddReference(reference); KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("RSA-SHA256"); // Changes done to support SHA2 - END =================== // Compute the signature. signedXML.ComputeSignature(); // Get the XML representation of the signature and add to the SOAP Header XmlElement xmlDigitalSignature = signedXML.GetXml(); doc.DocumentElement.FirstChild.FirstChild.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); // Add KeyInfo Node with reference to the X509 cert XmlDocument keyInfo = new XmlDocument(); keyInfo.LoadXml("<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://schemas.xmlsoap.org/ws/2002/04/secext\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://schemas.xmlsoap.org/ws/2002/04/secext\"><wsse:Reference URI=\"#X509Token\"/></SecurityTokenReference></ds:KeyInfo></root>"); doc.DocumentElement.FirstChild.FirstChild.LastChild.AppendChild(doc.ImportNode(keyInfo.FirstChild.FirstChild, true)); //Add The Base64 representation of the X509 cert to BinarySecurityToken Node //X509SecurityToken token = new X509SecurityToken(cert); doc.DocumentElement.FirstChild.LastChild.InnerText = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.None); }
public void LoadXml(XmlElement value) { if (value == null) { throw new ArgumentNullException("value"); } if ((value.LocalName != XmlSignature.ElementNames.Reference) || (value.NamespaceURI != XmlSignature.NamespaceURI)) { throw new CryptographicException(); } id = GetAttribute(value, XmlSignature.AttributeNames.Id); uri = GetAttribute(value, XmlSignature.AttributeNames.URI); type = GetAttribute(value, XmlSignature.AttributeNames.Type); // Note: order is important for validations XmlNodeList xnl = value.GetElementsByTagName(XmlSignature.ElementNames.Transform, XmlSignature.NamespaceURI); if ((xnl != null) && (xnl.Count > 0)) { Transform t = null; foreach (XmlNode xn in xnl) { string a = GetAttribute((XmlElement)xn, XmlSignature.AttributeNames.Algorithm); /* This code is useful for debugging in VS.NET because using CryptoConfig * (from MS mscorlib) would throw InvalidCastException because it's * Transform would come from MS System.Security.dll not Mono's.*/ switch (a) { case "http://www.w3.org/2000/09/xmldsig#base64": t = new XmlDsigBase64Transform(); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315": t = new XmlDsigC14NTransform(); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments": t = new XmlDsigC14NWithCommentsTransform(); break; case "http://www.w3.org/2000/09/xmldsig#enveloped-signature": t = new XmlDsigEnvelopedSignatureTransform(); break; case "http://www.w3.org/TR/1999/REC-xpath-19991116": t = new XmlDsigXPathTransform(); break; case "http://www.w3.org/TR/1999/REC-xslt-19991116": t = new XmlDsigXsltTransform(); break; case "http://www.w3.org/2002/07/decrypt#XML": t = new XmlDecryptionTransform(); break; case "http://www.w3.org/2001/10/xml-exc-c14n#": t = new XmlDsigExcC14NTransform(); break; default: throw new NotSupportedException(); } if (t == null) { t = (Transform)CryptoConfig.CreateFromName(a); } if (t == null) { throw new CryptographicException("Unknown transform {0}.", a); } if (xn.ChildNodes.Count > 0) { t.LoadInnerXml(xn.ChildNodes); } AddTransform(t); } } // get DigestMethod DigestMethod = XmlSignature.GetAttributeFromElement(value, XmlSignature.AttributeNames.Algorithm, XmlSignature.ElementNames.DigestMethod); // get DigestValue XmlElement dig = XmlSignature.GetChildElement(value, XmlSignature.ElementNames.DigestValue, XmlSignature.NamespaceURI); if (dig != null) { DigestValue = Convert.FromBase64String(dig.InnerText); } element = value; }
public void Types () { Type [] input = transform.InputTypes; input [0] = null; input [1] = null; input [2] = null; // property does not return a clone foreach (Type t in transform.InputTypes) { Assert.IsNull (t); } // it's not a static array XmlDsigExcC14NTransform t2 = new XmlDsigExcC14NTransform (); foreach (Type t in t2.InputTypes) { Assert.IsNotNull (t); } }
public void SimpleNamespacePrefixes () { string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>"; string expected = @"<a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action>"; XmlDocument doc = new XmlDocument (); doc.LoadXml (input); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform (); t.LoadInput (doc); Stream s = t.GetOutput () as Stream; Assert.AreEqual (new StreamReader (s, Encoding.UTF8).ReadToEnd (), expected); }
/// <summary> /// Signs the document given as an argument. /// </summary> private static void SignDocument(XmlDocument doc) { SignedXml signedXml = new SignedXml(doc); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // TODO Dynamically dig out the correct ID attribute from the XmlDocument. Reference reference = new Reference("#_b8977dc86cda41493fba68b32ae9291d"); // Assert.That(reference.Uri == string.Empty); XmlDsigEnvelopedSignatureTransform envelope = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envelope); // NOTE: C14n may require the following list of namespace prefixes. Seems to work without it, though. //List<string> prefixes = new List<string>(); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2000/09/xmldsig#")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema-instance")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("urn:oasis:names:tc:SAML:2.0:assertion")); //XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(string.Join(" ", prefixes.ToArray()).Trim()); XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(); reference.AddTransform(C14NTransformer); signedXml.AddReference(reference); // Add the key to the signature, so the assertion can be verified by itself. signedXml.KeyInfo = new KeyInfo(); // Use RSA key for signing. //{ // CspParameters parameters = new CspParameters(); // parameters.KeyContainerName = "XML_DSIG_RSA_KEY"; // RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(parameters); // signedXml.SigningKey = rsaKey; // signedXml.KeyInfo.AddClause(new RSAKeyValue(rsaKey)); //} // Use X509 Certificate for signing. { X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); Assert.That(cert.HasPrivateKey); signedXml.SigningKey = cert.PrivateKey; signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert,X509IncludeOption.EndCertOnly)); } // Information on the these and other "key info clause" types can be found at: // ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.NETDEVFX.v20.en/CPref18/html/T_System_Security_Cryptography_Xml_KeyInfoClause_DerivedTypes.htm // Do it! signedXml.ComputeSignature(); XmlNodeList nodes = doc.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION); Assert.That(nodes.Count == 1); XmlNode node = nodes[0]; doc.DocumentElement.InsertAfter(doc.ImportNode(signedXml.GetXml(), true), node); }
/// <summary> /// Signs the specified xml document with the certificate found in /// the local machine matching the provided friendly name and /// referring to the specified target reference ID. /// </summary> /// <param name="certFriendlyName"> /// Friendly Name of the X509Certificate to be retrieved /// from the LocalMachine keystore and used to sign the xml document. /// Be sure to have appropriate permissions set on the keystore. /// </param> /// <param name="xmlDoc"> /// XML document to be signed. /// </param> /// <param name="targetReferenceId"> /// Reference element that will be specified as signed. /// </param> /// <param name="includePublicKey"> /// Flag to determine whether to include the public key in the /// signed xml. /// </param> /// <param name="serviceProviderInstance"> /// ServiceProvider instance for retreaving Signature transform /// and canonicalization method /// </param> public static void SignXml(string certFriendlyName, IXPathNavigable xmlDoc, string targetReferenceId, bool includePublicKey, ServiceProvider serviceProviderInstance) { if (string.IsNullOrEmpty(certFriendlyName)) { throw new Saml2Exception(Resources.SignedXmlInvalidCertFriendlyName); } if (xmlDoc == null) { throw new Saml2Exception(Resources.SignedXmlInvalidXml); } if (string.IsNullOrEmpty(targetReferenceId)) { throw new Saml2Exception(Resources.SignedXmlInvalidTargetRefId); } X509Certificate2 cert = FedletCertificateFactory.GetCertificateByFriendlyName(certFriendlyName); if (cert == null) { throw new Saml2Exception(Resources.SignedXmlCertNotFound); } XmlDocument xml = (XmlDocument)xmlDoc; SignedXml signedXml = new SignedXml(xml); signedXml.SigningKey = cert.PrivateKey; if (includePublicKey) { KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; } Reference reference = new Reference(); reference.Uri = "#" + targetReferenceId; //Read the transform type and canonicalization method from sp-extended.xml string transformType = serviceProviderInstance.SignatureTransformMethod; string canonicalizationMethodType = serviceProviderInstance.CanonicalizationMethod; Transform sigTransform; //Implement the gathered data switch(transformType){ case "XmlDsigExcC14NTransform": sigTransform = new XmlDsigExcC14NTransform(); break; case "XmlDsigExcC14NWithCommentsTransform": sigTransform = new XmlDsigExcC14NWithCommentsTransform(); break; default: sigTransform = new XmlDsigEnvelopedSignatureTransform(); break; } if (canonicalizationMethodType != null && (canonicalizationMethodType == SignedXml.XmlDsigExcC14NTransformUrl || canonicalizationMethodType == SignedXml.XmlDsigExcC14NWithCommentsTransformUrl)) { signedXml.Signature.SignedInfo.CanonicalizationMethod = canonicalizationMethodType; } reference.AddTransform(sigTransform); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlSignature = signedXml.GetXml(); XmlNamespaceManager nsMgr = new XmlNamespaceManager(xml.NameTable); nsMgr.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsMgr.AddNamespace("saml", Saml2Constants.NamespaceSamlAssertion); nsMgr.AddNamespace("samlp", Saml2Constants.NamespaceSamlProtocol); XmlNode issuerNode = xml.DocumentElement.SelectSingleNode("saml:Issuer", nsMgr); if (issuerNode != null) { xml.DocumentElement.InsertAfter(xmlSignature, issuerNode); } else { // Insert as a child to the target reference id XmlNode targetNode = xml.DocumentElement.SelectSingleNode("//*[@ID='" + targetReferenceId + "']", nsMgr); targetNode.PrependChild(xmlSignature); } }
private string SignAuthN(string authNXml, string requestId, X509Certificate2 requestSigningCert) { if (string.IsNullOrEmpty(authNXml)) throw new ArgumentNullException("authNXml"); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.LoadXml(authNXml); SignedXml signedXml = new SignedXml(xmlDoc); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(requestSigningCert)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)requestSigningCert.PrivateKey; signedXml.SigningKey = rsaKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = "#" + requestId; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigExcC14NTransform c16n = new XmlDsigExcC14NTransform(); c16n.InclusiveNamespacesPrefixList = "#default samlp saml ds xs xsi"; reference.AddTransform(c16n); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.InsertAfter(xmlDoc.ImportNode(xmlDigitalSignature, true), xmlDoc.DocumentElement.FirstChild); //signature to be second node after saml:Issuer return xmlDoc.OuterXml; }
public virtual void LoadXml(XmlElement value) { if (value == null) { throw new ArgumentNullException("value"); } else { Uri = null; TransformChain = new TransformChain(); foreach (XmlNode n in value.ChildNodes) { if (n is XmlWhitespace) { continue; } switch (n.LocalName) { case XmlEncryption.ElementNames.Transforms: foreach (XmlNode xn in ((XmlElement)n).GetElementsByTagName(XmlSignature.ElementNames.Transform, XmlSignature.NamespaceURI)) { Transform t = null; switch (((XmlElement)xn).Attributes [XmlSignature.AttributeNames.Algorithm].Value) { case XmlSignature.AlgorithmNamespaces.XmlDsigBase64Transform: t = new XmlDsigBase64Transform(); break; case XmlSignature.AlgorithmNamespaces.XmlDsigC14NTransform: t = new XmlDsigC14NTransform(); break; case XmlSignature.AlgorithmNamespaces.XmlDsigC14NWithCommentsTransform: t = new XmlDsigC14NWithCommentsTransform(); break; case XmlSignature.AlgorithmNamespaces.XmlDsigEnvelopedSignatureTransform: t = new XmlDsigEnvelopedSignatureTransform(); break; case XmlSignature.AlgorithmNamespaces.XmlDsigXPathTransform: t = new XmlDsigXPathTransform(); break; case XmlSignature.AlgorithmNamespaces.XmlDsigXsltTransform: t = new XmlDsigXsltTransform(); break; #if NET_2_0 case XmlSignature.AlgorithmNamespaces.XmlDsigExcC14NTransform: t = new XmlDsigExcC14NTransform(); break; case XmlSignature.AlgorithmNamespaces.XmlDsigExcC14NWithCommentsTransform: t = new XmlDsigExcC14NWithCommentsTransform(); break; case XmlSignature.AlgorithmNamespaces.XmlDecryptionTransform: t = new XmlDecryptionTransform(); break; #endif default: continue; } t.LoadInnerXml(((XmlElement)xn).ChildNodes); TransformChain.Add(t); } break; } } if (value.HasAttribute(XmlEncryption.AttributeNames.URI)) { Uri = value.Attributes [XmlEncryption.AttributeNames.URI].Value; } } }
/// <summary> /// Signs a XML file (enveloping signature) using a digital certificate /// </summary> /// <param name="xml">The XML data to sign represented as byte array</param> /// <param name="certFile">The certificate file to use for signing</param> /// <param name="certPassword">The certificate password</param> /// <param name="signWithSha256">Sign the document using SHA-256</param> /// <returns>The signed data represented as byte array</returns> private static byte[] SignEnvelopingXml(byte[] xml, string certFile, string certPassword, bool signWithSha256) { if (xml == null || xml.Length == 0) { // invalid XML array throw new Exception("Nothing to sign!"); } // load certificate X509Certificate2 certificate = LoadSigningCertificate(certFile, certPassword, signWithSha256); if (!certificate.HasPrivateKey) { // invalid certificate throw new Exception("Specified certificate not suitable for signing!"); } using (MemoryStream stream = new MemoryStream(xml)) { // go to the beginning of the stream stream.Flush(); stream.Position = 0; // create new XmlDocument from stream XmlDocument doc = new XmlDocument() { PreserveWhitespace = true }; doc.Load(stream); // craete transform (for canonicalization method & reference) XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); // create new SignedXml from XmlDocument SignedXml signed = GenerateSignedXml(doc, certificate, signWithSha256); signed.SignedInfo.CanonicalizationMethod = transform.Algorithm; // get nodes (use XPath to include FATCA declaration) XmlNodeList nodes = doc.DocumentElement.SelectNodes("/*"); // define data object DataObject dataObject = new DataObject() { Data = nodes, Id = "FATCA" }; // add the data we are signing as a sub-element (object) of the signature element signed.AddObject(dataObject); // create reference Reference reference = new Reference(string.Format("#{0}", dataObject.Id)); reference.AddTransform(transform); if (signWithSha256) { // SHA-256 digest reference.DigestMethod = RSAPKCS1SHA256SignatureDescription.ReferenceDigestMethod; } // add reference to document signed.AddReference(reference); // include KeyInfo object & compute signature signed.KeyInfo = CreateKeyInfoFromCertificate(certificate); signed.ComputeSignature(); // get signature XmlElement xmlDigitalSignature = signed.GetXml(); // XML declaration string xmlDeclaration = string.Empty; if (doc.FirstChild is XmlDeclaration) { // include declaration xmlDeclaration = doc.FirstChild.OuterXml; } // return signature as byte array return Encoding.UTF8.GetBytes(string.Concat(xmlDeclaration, xmlDigitalSignature.OuterXml)); } }
public void PropagatedNamespaces () { XmlDocument doc = new XmlDocument (); doc.AppendChild (doc.CreateElement ("foo", "urn:foo")); doc.DocumentElement.AppendChild (doc.CreateElement ("bar", "urn:bar")); Assert.AreEqual (String.Empty, doc.DocumentElement.GetAttribute ("xmlns:f"), "#1"); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform (); t.LoadInput (doc); t.PropagatedNamespaces.Add ("f", "urn:foo"); t.PropagatedNamespaces.Add ("b", "urn:bar"); Stream s = t.GetOutput () as Stream; Assert.AreEqual (new StreamReader (s, Encoding.UTF8).ReadToEnd (), "<f:foo xmlns:f=\"urn:foo\"><b:bar xmlns:b=\"urn:bar\"></b:bar></f:foo>"); Assert.AreEqual ("urn:foo", doc.DocumentElement.GetAttribute ("xmlns:f"), "#2"); }
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat) { if (oldFormat) { XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(manifestDom); using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider()) { byte[] buffer = provider.ComputeHash(transform.GetOutput() as MemoryStream); if (buffer == null) { throw new CryptographicException(-2146869232); } return buffer; } } XmlDocument document = new XmlDocument { PreserveWhitespace = true }; using (TextReader reader = new StringReader(manifestDom.OuterXml)) { XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Parse }; XmlReader reader2 = XmlReader.Create(reader, settings, manifestDom.BaseURI); document.Load(reader2); } XmlDsigExcC14NTransform transform2 = new XmlDsigExcC14NTransform(); transform2.LoadInput(document); using (SHA1CryptoServiceProvider provider2 = new SHA1CryptoServiceProvider()) { byte[] buffer2 = provider2.ComputeHash(transform2.GetOutput() as MemoryStream); if (buffer2 == null) { throw new CryptographicException(-2146869232); } return buffer2; } }
private SignatureVerificationResult VerifyAuthenticodeExpectedHash(XmlElement licenseNode) { Debug.Assert(licenseNode != null, "licenseNode != null"); // Get the expected hash value from the signature XmlElement manifestInformation = licenseNode.SelectSingleNode("r:grant/as:ManifestInformation", m_namespaceManager) as XmlElement; if (manifestInformation == null) { return(SignatureVerificationResult.BadSignatureFormat); } string expectedHashString = manifestInformation.GetAttribute("Hash"); if (String.IsNullOrEmpty(expectedHashString)) { return(SignatureVerificationResult.BadSignatureFormat); } // The expected hash value is stored in backward order, so we cannot use a standard hex to bytes // routine to decode it. byte[] expectedHash = BackwardHexToBytes(expectedHashString); // Make a normalized copy of the manifest without the strong name signature attached XmlDocument normalizedManifest = new XmlDocument(); normalizedManifest.PreserveWhitespace = true; XmlReaderSettings normalizationSettings = new XmlReaderSettings(); normalizationSettings.DtdProcessing = DtdProcessing.Parse; using (TextReader manifestReader = new StringReader(m_manifestXml.OuterXml)) using (XmlReader xmlReader = XmlReader.Create(manifestReader, normalizationSettings, m_manifestXml.BaseURI)) { normalizedManifest.Load(xmlReader); } XmlElement signatureNode = normalizedManifest.SelectSingleNode("//asm:assembly/ds:Signature", m_namespaceManager) as XmlElement; Debug.Assert(signatureNode != null, "signatureNode != null"); signatureNode.ParentNode.RemoveChild(signatureNode); // calculate the hash value of the manifest XmlDsigExcC14NTransform canonicalizedXml = new XmlDsigExcC14NTransform(); canonicalizedXml.LoadInput(normalizedManifest); byte[] actualHash = null; using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) { actualHash = sha1.ComputeHash(canonicalizedXml.GetOutput() as MemoryStream); } if (!CompareBytes(expectedHash, actualHash)) { return(SignatureVerificationResult.BadDigest); } return(SignatureVerificationResult.Valid); }
private static XmlDocument SignXml() { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.Load(".\\certificates\\samlRequestTemplate.xml"); X509Certificate2 certificate = CertificateHelper.GetCertificate(".\\certificates\\HuaweiCA.p12", "Pr0d1234"); //AsymmetricAlgorithm key = certificate.PrivateKey; AsymmetricAlgorithm key = certificate.PrivateKey; XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable); ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); ns.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); XmlElement issuerNode = (XmlElement)xmlDoc.DocumentElement.SelectSingleNode("saml:Issuer", ns); SignedXml signedXml = new SignedXml(xmlDoc.DocumentElement); signedXml.SigningKey = key; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; KeyInfo keyInfo = new KeyInfo(); //XmlDocument keyDoc = new XmlDocument(); //keyDoc.LoadXml(certificate.PublicKey.Key.ToXmlString(false)); //keyInfo.LoadXml(keyDoc.DocumentElement); keyInfo.AddClause(new KeyInfoX509Data(certificate)); signedXml.KeyInfo = keyInfo; string refId = xmlDoc.DocumentElement.GetAttribute("ID"); Reference reference = new Reference(); reference.Uri = "#" + refId; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform(); env2.InclusiveNamespacesPrefixList = "#default code ds kind rw saml samlp typens"; reference.AddTransform(env2); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.InsertAfter(xmlDoc.ImportNode(xmlDigitalSignature, true), issuerNode); //xmlDoc.NameTable.Add("samlp"); //XmlElement nameIDPolicyElem = xmlDoc.CreateElement("samlp", "NameIDPolicy", "urn:oasis:names:tc:SAML:2.0:protocol"); //nameIDPolicyElem.SetAttribute("AllowCreate", "False"); //xmlDoc.DocumentElement.AppendChild(nameIDPolicyElem); xmlDoc.Save("samleRequestCSharp.xml"); return xmlDoc; }
public void DigestValue_LF () { XmlDocument doc = CreateSomeXml ("\n"); XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform (); transform.LoadInput (doc); Stream s = (Stream) transform.GetOutput (); string output = Stream2String (s); Assert.AreEqual ("<person>\n <birthplace>Brussels</birthplace>\n</person>", output, "#1"); s.Position = 0; HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider"); byte[] digest = hash.ComputeHash (s); Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2"); X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono"); SignedXml signedXml = new SignedXml (doc); signedXml.SigningKey = cert.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; Reference reference = new Reference (); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform (); reference.AddTransform (env); signedXml.AddReference (reference); KeyInfo keyInfo = new KeyInfo (); KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data (); x509KeyInfo.AddCertificate (new X509Certificate2 (_cert)); x509KeyInfo.AddCertificate (cert); keyInfo.AddClause (x509KeyInfo); signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature (); digest = reference.DigestValue; Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3"); Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" + "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" + "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" + "<Reference URI=\"\">" + "<Transforms>" + "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" + "</Transforms>" + "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" + "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>" + "</Reference>" + "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4"); }
/// <summary> /// Verify the hash of the manifest without any signature attached is what the Authenticode /// signature expects it to be /// </summary> private SignatureVerificationResult VerifyAuthenticodeExpectedHash(XmlElement licenseNode) { Debug.Assert(licenseNode != null, "licenseNode != null"); // Get the expected hash value from the signature XmlElement manifestInformation = licenseNode.SelectSingleNode("r:grant/as:ManifestInformation", m_namespaceManager) as XmlElement; if (manifestInformation == null) return SignatureVerificationResult.BadSignatureFormat; string expectedHashString = manifestInformation.GetAttribute("Hash"); if (String.IsNullOrEmpty(expectedHashString)) { return SignatureVerificationResult.BadSignatureFormat; } // The expected hash value is stored in backward order, so we cannot use a standard hex to bytes // routine to decode it. byte[] expectedHash = BackwardHexToBytes(expectedHashString); // Make a normalized copy of the manifest without the strong name signature attached XmlDocument normalizedManifest = new XmlDocument(); normalizedManifest.PreserveWhitespace = true; XmlReaderSettings normalizationSettings = new XmlReaderSettings(); normalizationSettings.DtdProcessing = DtdProcessing.Parse; using (TextReader manifestReader = new StringReader(m_manifestXml.OuterXml)) using (XmlReader xmlReader = XmlReader.Create(manifestReader, normalizationSettings, m_manifestXml.BaseURI)) { normalizedManifest.Load(xmlReader); } XmlElement signatureNode = normalizedManifest.SelectSingleNode("//asm:assembly/ds:Signature", m_namespaceManager) as XmlElement; Debug.Assert(signatureNode != null, "signatureNode != null"); signatureNode.ParentNode.RemoveChild(signatureNode); // calculate the hash value of the manifest XmlDsigExcC14NTransform canonicalizedXml = new XmlDsigExcC14NTransform(); canonicalizedXml.LoadInput(normalizedManifest); byte[] actualHash = null; using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) { actualHash = sha1.ComputeHash(canonicalizedXml.GetOutput() as MemoryStream); } if (!CompareBytes(expectedHash, actualHash)) { return SignatureVerificationResult.BadDigest; } return SignatureVerificationResult.Valid; }