public byte[] ComputeDigest()
{
BuildDigestedReferences();
// Check the signature algorithm
if (SignedInfo.SignatureMethod == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreatedKeyFailed"));
}
// See if there is a signature description class defined in the Config file
SignatureDescription signatureDescription = GostCryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_SignatureDescriptionNotCreated"));
}
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
if (hashAlg == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreateHashAlgorithmFailed"));
}
return(GetC14NDigest(hashAlg));
}
internal new void ComputeSignature()
{
var customerSigner = new CustomSigner();
CryptoConfig.AddAlgorithm(typeof(cli_exakvdocsign.RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
var methodInfo = typeof(SignedXml).GetMethod("BuildDigestedReferences",
BindingFlags.Instance | BindingFlags.NonPublic);
methodInfo.Invoke(this, null);
SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
//See if there is a signature description class defined in the Config file
SignatureDescription signatureDescription =
CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
var hashAlg = signatureDescription.CreateDigest();
if (hashAlg == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
var methodInfo2 = typeof(SignedXml).GetMethod("GetC14NDigest", BindingFlags.Instance | BindingFlags.NonPublic);
var hashvalue = (byte[])methodInfo2.Invoke(this, new object[] { hashAlg });
m_signature.SignatureValue = customerSigner.Sign(hashvalue);;
}
public static Boolean Test()
{
Boolean bRes = true;
SecurityElement el = new SecurityElement("whatever");
// el.Text = "<Key>RSA</Key><Digest>SHA1</Digest><Formatter>System.Security.Cryptography.RSAPKCS1SignatureFormatter</Formatter><Deformatter>System.Security.Cryptography.RSAPKCS1SignatureFormatter</Deformatter>";
SecurityElement el_key = new SecurityElement("Key");
el_key.Text = "RSA";
SecurityElement el_digest = new SecurityElement("Digest");
el_digest.Text = "SHA1";
SecurityElement el_form = new SecurityElement("Formatter");
el_form.Text = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
SecurityElement el_deform = new SecurityElement("Deformatter");
el_deform.Text = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
el.AddChild(el_key);
el.AddChild(el_digest);
el.AddChild(el_form);
el.AddChild(el_deform);
SignatureDescription sd_empty = new SignatureDescription();
SignatureDescription sd = new SignatureDescription(el);
Console.WriteLine(sd.CreateDigest());
Console.WriteLine(sd.CreateFormatter(RSA.Create()));
Console.WriteLine(sd.CreateDeformatter(RSA.Create()));
return bRes;
}
private static bool CheckSignedInfo(SignedXml signedXml, AsymmetricAlgorithm key)
{
//Copied from reflected System.Security.Cryptography.Xml.SignedXml
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(signedXml.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SecurityResources.GetString("Cryptography_Xml_SignatureDescriptionNotCreated"));
}
Type type = Type.GetType(signatureDescription.KeyAlgorithm);
Type type2 = key.GetType();
if (type != type2 && !type.IsSubclassOf(type2) && !type2.IsSubclassOf(type))
{
return(false);
}
HashAlgorithm hashAlgorithm = signatureDescription.CreateDigest();
if (hashAlgorithm == null)
{
throw new CryptographicException(SecurityResources.GetString("Cryptography_Xml_CreateHashAlgorithmFailed"));
}
//Except this. The SignedXml class creates and cananicalizes a Signature element without any prefix, rather than using the element from the document provided
byte[] c14NDigest = GetC14NDigest(signedXml, hashAlgorithm);
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(key);
return(asymmetricSignatureDeformatter.VerifySignature(c14NDigest, signedXml.Signature.SignatureValue));
}
public static Boolean Test()
{
Boolean bRes = true;
SecurityElement el = new SecurityElement("whatever");
// el.Text = "<Key>RSA</Key><Digest>SHA1</Digest><Formatter>System.Security.Cryptography.RSAPKCS1SignatureFormatter</Formatter><Deformatter>System.Security.Cryptography.RSAPKCS1SignatureFormatter</Deformatter>";
SecurityElement el_key = new SecurityElement("Key");
el_key.Text = "RSA";
SecurityElement el_digest = new SecurityElement("Digest");
el_digest.Text = "SHA1";
SecurityElement el_form = new SecurityElement("Formatter");
el_form.Text = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
SecurityElement el_deform = new SecurityElement("Deformatter");
el_deform.Text = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
el.AddChild(el_key);
el.AddChild(el_digest);
el.AddChild(el_form);
el.AddChild(el_deform);
SignatureDescription sd_empty = new SignatureDescription();
SignatureDescription sd = new SignatureDescription(el);
Console.WriteLine(sd.CreateDigest());
Console.WriteLine(sd.CreateFormatter(RSA.Create()));
Console.WriteLine(sd.CreateDeformatter(RSA.Create()));
return(bRes);
}
public override HashAlgorithm GetHashAlgorithmForSignature(string algorithm)
{
if (string.IsNullOrEmpty(algorithm))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(algorithm, System.IdentityModel.SR.GetString("EmptyOrNullArgumentString", new object[] { "algorithm" }));
}
object algorithmFromConfig = CryptoHelper.GetAlgorithmFromConfig(algorithm);
if (algorithmFromConfig != null)
{
SignatureDescription description = algorithmFromConfig as SignatureDescription;
if (description != null)
{
return(description.CreateDigest());
}
HashAlgorithm algorithm2 = algorithmFromConfig as HashAlgorithm;
if (algorithm2 == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("UnsupportedCryptoAlgorithm", new object[] { algorithm })));
}
return(algorithm2);
}
switch (algorithm)
{
case "http://www.w3.org/2000/09/xmldsig#rsa-sha1":
return(CryptoHelper.NewSha1HashAlgorithm());
case "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":
return(CryptoHelper.NewSha256HashAlgorithm());
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("UnsupportedAlgorithmForCryptoOperation", new object[] { algorithm, "GetHashAlgorithmForSignature" })));
}
/// <summary>Gets a cryptographic algorithm that generates a hash for a digital signature.</summary>
/// <param name="algorithm">The hash algorithm.</param>
/// <returns>A <see cref="T:System.Security.Cryptography.HashAlgorithm" /> that generates hashes for digital signatures.</returns>
/// <exception cref="T:System.NotSupportedException">
/// <paramref name="algorithm" /> is not supported. The supported algorithms are <see cref="F:System.Security.Cryptography.Xml.SignedXml.XmlDsigDSAUrl" />, <see cref="F:System.Security.Cryptography.Xml.SignedXml.XmlDsigRSASHA1Url" />, and <see cref="F:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha256Signature" />.</exception>
public override HashAlgorithm GetHashAlgorithmForSignature(string algorithm)
{
if (string.IsNullOrEmpty(algorithm))
{
throw new ArgumentNullException(nameof(algorithm));
}
object algorithmFromConfig = CryptoHelper.GetAlgorithmFromConfig(algorithm);
if (algorithmFromConfig != null)
{
SignatureDescription signatureDescription = algorithmFromConfig as SignatureDescription;
if (signatureDescription != null)
{
return(signatureDescription.CreateDigest());
}
HashAlgorithm hashAlgorithm = algorithmFromConfig as HashAlgorithm;
if (hashAlgorithm != null)
{
return(hashAlgorithm);
}
throw new CryptographicException("UnsupportedAlgorithmForCryptoOperation");
}
if (algorithm == "http://www.w3.org/2000/09/xmldsig#dsa-sha1" || algorithm == "http://www.w3.org/2000/09/xmldsig#rsa-sha1")
{
return(CryptoHelper.NewSha1HashAlgorithm());
}
if (algorithm == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
{
return(CryptoHelper.NewSha256HashAlgorithm());
}
throw new NotSupportedException("UnsupportedCryptoAlgorithm");
}
public static void DSADemo()
{
// Create a digital signature based on RSA encryption.
SignatureDescription rsaSignature = CreateRSAPKCS1Signature();
ShowProperties(rsaSignature);
// Create a digital signature based on DSA encryption.
SignatureDescription dsaSignature = CreateDSASignature();
ShowProperties(dsaSignature);
// Create a HashAlgorithm using the digest algorithm of the signature.
HashAlgorithm hashAlgorithm = dsaSignature.CreateDigest();
Console.WriteLine("\nHash algorithm for the DigestAlgorithm property:" + " " + hashAlgorithm.ToString());
// Create an AsymmetricSignatureFormatter instance using the DSA key.
DSA dsa = DSA.Create();
AsymmetricSignatureFormatter asymmetricFormatter = CreateDSAFormatter(dsa);
// Create an AsymmetricSignatureDeformatter instance using the
// DSA key.
AsymmetricSignatureDeformatter asymmetricDeformatter = CreateDSADeformatter(dsa);
Console.WriteLine("This sample completed successfully; " + "press Enter to exit.");
Console.ReadLine();
}
private bool CheckSignedInfo(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
SignedXmlDebugLog.LogBeginCheckSignedInfo(this, this.m_signature.SignedInfo);
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(this.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_SignatureDescriptionNotCreated"));
}
Type c = Type.GetType(signatureDescription.KeyAlgorithm);
Type type = key.GetType();
if (((c != type) && !c.IsSubclassOf(type)) && !type.IsSubclassOf(c))
{
return(false);
}
HashAlgorithm hash = signatureDescription.CreateDigest();
if (hash == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreateHashAlgorithmFailed"));
}
byte[] actualHashValue = this.GetC14NDigest(hash);
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(key);
SignedXmlDebugLog.LogVerifySignedInfo(this, key, signatureDescription, hash, asymmetricSignatureDeformatter, actualHashValue, this.m_signature.SignatureValue);
return(asymmetricSignatureDeformatter.VerifySignature(actualHashValue, this.m_signature.SignatureValue));
}
private async Task <bool> CheckSignedInfo()
{
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hashAlgorithm = signatureDescription.CreateDigest();
if (hashAlgorithm == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
//byte[] hashval = GetC14NDigest(hashAlgorithm);
var methodInfo2 = typeof(SignedXml).GetMethod("GetC14NDigest", BindingFlags.Instance | BindingFlags.NonPublic);
var hashvalue = (byte[])methodInfo2.Invoke(this, new object[] { hashAlgorithm });
var result = await keyClient.VerifyAsync(keyvaultUri, keyIdentifier, keyVersion,
Microsoft.Azure.KeyVault.WebKey.JsonWebKeySignatureAlgorithm.RS256, hashvalue, m_signature.SignatureValue);
return((bool)result.Value);
}
internal new void ComputeSignature()
{
// BuildDigestedReferences();
var methodInfo = typeof(SignedXml).GetMethod("BuildDigestedReferences",
BindingFlags.Instance | BindingFlags.NonPublic);
methodInfo.Invoke(this, null);
SignedInfo.SignatureMethod = XmlDsigRSASHA256Url;
// See if there is a signature description class defined in the Config file
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
if (hashAlg == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
// byte[] hashvalue = GetC14NDigest(hashAlg);
var methodInfo2 = typeof(SignedXml).GetMethod("GetC14NDigest", BindingFlags.Instance | BindingFlags.NonPublic);
var hashvalue = (byte[])methodInfo2.Invoke(this, new object[] { hashAlg });
m_signature.SignatureValue = CreateSignature(hashvalue).GetAwaiter().GetResult();
}
public void ComputeSignature()
{
SignedXmlDebugLog.LogBeginSignatureComputation(this, _context);
BuildDigestedReferences();
// Load the key
AsymmetricAlgorithm key = SigningKey;
if (key == null)
{
throw new CryptographicException(SR.Cryptography_Xml_LoadKeyFailed);
}
// Check the signature algorithm associated with the key so that we can accordingly set the signature method
if (SignedInfo.SignatureMethod == null)
{
if (key is DSA)
{
SignedInfo.SignatureMethod = XmlDsigDSAUrl;
}
else if (key is RSA)
{
// Default to RSA-SHA256
if (SignedInfo.SignatureMethod == null)
{
SignedInfo.SignatureMethod = XmlDsigRSASHA256Url;
}
}
else
{
throw new CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed);
}
}
// See if there is a signature description class defined in the Config file
SignatureDescription signatureDescription = CryptoHelpers.CreateFromName <SignatureDescription>(SignedInfo.SignatureMethod);
if (signatureDescription == null)
{
throw new CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);
}
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
if (hashAlg == null)
{
throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
}
// Updates the HashAlgorithm's state for signing with the signature formatter below.
// The return value is not needed.
GetC14NDigest(hashAlg);
AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter(key);
SignedXmlDebugLog.LogSigning(this, key, signatureDescription, hashAlg, asymmetricSignatureFormatter);
m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
}
/// <summary>
///
/// </summary>
/// <param name="prefix"></param>
public void ComputeSignature(string prefix)
{
this.BuildDigestedReferences();
SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
HashAlgorithm hash = description.CreateDigest();
GetDigest(hash, prefix);
this.m_signature.SignatureValue = description.CreateFormatter(this.SigningKey).CreateSignature(hash);
}
void ComputeHash(out AsymmetricAlgorithm privateKey, out SignatureDescription description, out HashAlgorithm hash)
{
privateKey = this.Certificate.PrivateKey;
description = CryptoConfig.CreateFromName(this.SHA1SignatureName) as SignatureDescription;
if (description == null)
{
throw new CompactSignatureSecurityException(string.Format(
CultureInfo.CurrentCulture,
"Error creating SignatureDescription from the signature name {0}",
this.SHA1SignatureName));
}
hash = description.CreateDigest();
if (hash == null)
{
throw new CompactSignatureSecurityException(string.Format(
CultureInfo.CurrentCulture,
"Error creating HashAlgorithm from the signature name {0}",
this.SHA1SignatureName));
}
HashStream hashStream = this.TakeHashStream(hash);
// Create the references
StringBuilder sb = new StringBuilder();
if (!String.IsNullOrEmpty(this.InclusivePrefixesList))
{
for (int i = 0; i < this.references.Count; i++)
{
sb.Append(string.Format(SignatureProcessor.ExtendedSignatureReferenceWithPrefixes,
this.references[i].Id,
this.InclusivePrefixesList,
Convert.ToBase64String(this.references[i].Digest)));
}
}
else
{
for (int i = 0; i < this.references.Count; i++)
{
sb.Append(string.Format(SignatureProcessor.ExtendedSignatureReferenceNoPrefixes,
this.references[i].Id,
Convert.ToBase64String(this.references[i].Digest)));
}
}
string expandedSignature = string.Format(
ExpandedSignatureScheleton,
// Replace the references
sb.ToString());
byte[] bytes = Encoding.UTF8.GetBytes(expandedSignature);
hashStream.Write(bytes, 0, bytes.Length);
hashStream.FlushHash();
}
public void ComputeSignature()
{
SignedXmlDebugLog.LogBeginSignatureComputation(this, m_context);
BuildDigestedReferences();
// Load the key
AsymmetricAlgorithm key = SigningKey;
if (key == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_LoadKeyFailed"));
}
// Check the signature algorithm associated with the key so that we can accordingly set the signature method
if (SignedInfo.SignatureMethod == null)
{
if (key is DSA)
{
SignedInfo.SignatureMethod = XmlDsigDSAUrl;
}
else if (key is RSA)
{
// Default to RSA-SHA1
if (SignedInfo.SignatureMethod == null)
{
SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
}
}
else
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreatedKeyFailed"));
}
}
// See if there is a signature description class defined in the Config file
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_SignatureDescriptionNotCreated"));
}
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
if (hashAlg == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreateHashAlgorithmFailed"));
}
byte[] hashvalue = GetC14NDigest(hashAlg);
AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter(key);
SignedXmlDebugLog.LogSigning(this, key, signatureDescription, hashAlg, asymmetricSignatureFormatter);
m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
}
internal static HashAlgorithm CreateHashForAsymmetricSignature(string signatureMethod)
{
object algorithmObject = CryptoAlgorithms.GetAlgorithmFromConfig(signatureMethod);
if (algorithmObject != null)
{
HashAlgorithm hashAlgorithm;
SignatureDescription signatureDescription = algorithmObject as SignatureDescription;
if (signatureDescription != null)
{
hashAlgorithm = signatureDescription.CreateDigest();
if (hashAlgorithm != null)
{
return(hashAlgorithm);
}
}
hashAlgorithm = algorithmObject as HashAlgorithm;
if (hashAlgorithm != null)
{
return(hashAlgorithm);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.CustomCryptoAlgorithmIsNotValidAsymmetricSignature, signatureMethod)));
}
switch (signatureMethod)
{
case SecurityAlgorithms.RsaSha1Signature:
case SecurityAlgorithms.DsaSha1Signature:
if (SecurityUtilsEx.RequiresFipsCompliance)
{
return(new SHA1CryptoServiceProvider());
}
else
{
return(new SHA1Managed());
}
case SecurityAlgorithms.RsaSha256Signature:
if (SecurityUtilsEx.RequiresFipsCompliance)
{
return(new SHA256CryptoServiceProvider());
}
else
{
return(new SHA256Managed());
}
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.UnsupportedCryptoAlgorithm, signatureMethod)));
}
}
public void ComputeSignature(string prefix)
{
this.BuildDigestedReferences();
AsymmetricAlgorithm signingKey = this.SigningKey;
if (signingKey == null)
{
throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
// SignatureMethodが未設定で、SigningKeyの種類によるデフォルト値を設定
if (signingKey is DSA)
{
// "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
this.SignedInfo.SignatureMethod = XmlDsigDSAUrl;
}
else if (signingKey is RSA)
{
// "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
this.SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
// "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
//this.SignedInfo.SignatureMethod = XmlDsigRSASHA256Url;
// "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
//this.SignedInfo.SignatureMethod = XmlDsigRSASHA384Url;
// "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
//this.SignedInfo.SignatureMethod = XmlDsigRSASHA512Url;
}
else
{
throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
}
}
SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
if (description == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hash = description.CreateDigest();
if (hash == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
this.GetC14NDigest(hash, prefix);
this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
this.prefix = prefix;
}
[PlatformSpecific(TestPlatforms.Windows)] // Operation is not supported on Unix
public void Digest()
{
bool rightClass = false;
SignatureDescription sig = new SignatureDescription();
// null hash
AssertExtensions.Throws <ArgumentNullException>("name", () => sig.CreateDigest());
foreach (string name in new[] { "SHA1", "MD5", "SHA256", "SHA384", "SHA512" })
{
sig.DigestAlgorithm = name;
using (HashAlgorithm hash = sig.CreateDigest())
{
Assert.NotNull(hash);
rightClass = hash.ToString().IndexOf(sig.DigestAlgorithm) > 0;
Assert.True(rightClass, $"CreateDigest({name})");
}
}
sig.DigestAlgorithm = "bad";
Assert.Null(sig.CreateDigest());
}
public void Digest()
{
bool rightClass = false;
HashAlgorithm hash = null;
// null hash
try
{
hash = sig.CreateDigest();
Fail("Expected ArgumentNullException but got none");
}
catch (ArgumentNullException)
{
// this is what we expect
}
catch (Exception e)
{
Fail("Expected ArgumentNullException but got: " + e.ToString());
}
sig.DigestAlgorithm = "SHA1";
hash = sig.CreateDigest();
AssertNotNull("CreateDigest(SHA1)", hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert("CreateDigest(SHA1)", rightClass);
sig.DigestAlgorithm = "MD5";
hash = sig.CreateDigest();
AssertNotNull("CreateDigest(MD5)", hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert("CreateDigest(MD5)", rightClass);
sig.DigestAlgorithm = "SHA256";
hash = sig.CreateDigest();
AssertNotNull("CreateDigest(SHA256)", hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert("CreateDigest(SHA256)", rightClass);
sig.DigestAlgorithm = "SHA384";
hash = sig.CreateDigest();
AssertNotNull("CreateDigest(SHA384)", hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert("CreateDigest(SHA384)", rightClass);
sig.DigestAlgorithm = "SHA512";
hash = sig.CreateDigest();
AssertNotNull("CreateDigest(SHA512)", hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert("CreateDigest(SHA512)", rightClass);
sig.DigestAlgorithm = "bad";
hash = sig.CreateDigest();
AssertNull("CreateDigest(bad)", hash);
}
public void ComputeSignature(string prefix)
{
this.BuildDigestedReferences();
AsymmetricAlgorithm signingKey = this.SigningKey;
if (signingKey == null)
{
throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
if (!(signingKey is DSA))
{
if (!(signingKey is RSA))
{
throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
}
}
else
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
}
}
SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
if (description == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hash = description.CreateDigest();
if (hash == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
this.GetC14NDigest(hash, prefix);
this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
}
public Saml2Signer(X509Certificate2 certificate, string signatureAlgorithm)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(SignatureAlgorithm));
}
Certificate = certificate;
SignatureAlgorithm = signatureAlgorithm;
SignatureDescription = (SignatureDescription)CryptoConfig.CreateFromName(SignatureAlgorithm);
HashAlgorithm = SignatureDescription.CreateDigest();
}
public void ComputeSignature()
{
DigestReferences();
if (key == null)
{
throw new CryptographicException(SR.Cryptography_Xml_LoadKeyFailed);
}
// Check the signature algorithm associated with the key so that we can accordingly set the signature method
if (SignedInfo.SignatureMethod == null)
{
if (key is DSA)
{
SignedInfo.SignatureMethod = XmlDsigDSAUrl;
}
else if (key is RSA)
{
// Default to RSA-SHA1
SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
}
else
{
throw new CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed);
}
}
// See if there is a signature description class defined in the Config file
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);
}
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
if (hashAlg == null)
{
throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
}
byte[] hashvalue = hashAlg.ComputeHash(SignedInfoTransformed());
AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter(key);
m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
}
public void ComputeSignature()
{
SignedXmlDebugLog.LogBeginSignatureComputation(this, this.m_context);
this.BuildDigestedReferences();
AsymmetricAlgorithm signingKey = this.SigningKey;
if (signingKey == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_LoadKeyFailed"));
}
if (this.SignedInfo.SignatureMethod == null)
{
if (!(signingKey is DSA))
{
if (!(signingKey is RSA))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreatedKeyFailed"));
}
if (this.SignedInfo.SignatureMethod == null)
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
}
}
else
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
}
}
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_SignatureDescriptionNotCreated"));
}
HashAlgorithm hash = signatureDescription.CreateDigest();
if (hash == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreateHashAlgorithmFailed"));
}
this.GetC14NDigest(hash);
AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter(signingKey);
SignedXmlDebugLog.LogSigning(this, signingKey, signatureDescription, hash, asymmetricSignatureFormatter);
this.m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature(hash);
}
private bool CheckSignedInfo(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo);
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_SignatureDescriptionNotCreated"));
}
// Let's see if the key corresponds with the SignatureMethod
Type ta = Type.GetType(signatureDescription.KeyAlgorithm);
Type tb = key.GetType();
if ((ta != tb) && !ta.IsSubclassOf(tb) && !tb.IsSubclassOf(ta))
{
// Signature method key mismatch
return(false);
}
HashAlgorithm hashAlgorithm = signatureDescription.CreateDigest();
if (hashAlgorithm == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreateHashAlgorithmFailed"));
}
byte[] hashval = GetC14NDigest(hashAlgorithm);
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(key);
SignedXmlDebugLog.LogVerifySignedInfo(this,
key,
signatureDescription,
hashAlgorithm,
asymmetricSignatureDeformatter,
hashval,
m_signature.SignatureValue);
return(asymmetricSignatureDeformatter.VerifySignature(hashval, m_signature.SignatureValue));
}
private bool CheckSignedInfo(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo);
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignatureMethod) as SignatureDescription;
if (signatureDescription == null)
{
throw new CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);
}
// Let's see if the key corresponds with the SignatureMethod
Type ta = Type.GetType(signatureDescription.KeyAlgorithm);
if (!IsKeyTheCorrectAlgorithm(key, ta))
{
return(false);
}
HashAlgorithm hashAlgorithm = signatureDescription.CreateDigest();
if (hashAlgorithm == null)
{
throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
}
byte[] hashval = GetC14NDigest(hashAlgorithm);
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(key);
SignedXmlDebugLog.LogVerifySignedInfo(this,
key,
signatureDescription,
hashAlgorithm,
asymmetricSignatureDeformatter,
hashval,
m_signature.SignatureValue);
return(asymmetricSignatureDeformatter.VerifySignature(hashval, m_signature.SignatureValue));
}
public void ComputeSignature(string prefix)
{
BuildDigestedReferences();
AsymmetricAlgorithm signingKey = SigningKey;
if (signingKey == null)
{
throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
}
if (SignedInfo.SignatureMethod == null)
{
if (!(signingKey is DSA))
{
if (!(signingKey is RSA))
{
throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
}
if (SignedInfo.SignatureMethod == null)
{
SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
}
}
else
{
SignedInfo.SignatureMethod = XmlDsigDSAUrl;
}
}
SignatureDescription description = CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription;
if (description == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hash = description.CreateDigest();
if (hash == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
GetC14NDigest(hash, prefix);
m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
}
internal static HashAlgorithm CreateHashForAsymmetricSignature(string signatureMethod)
{
object algorithmFromConfig = System.IdentityModel.CryptoHelper.GetAlgorithmFromConfig(signatureMethod);
if (algorithmFromConfig != null)
{
HashAlgorithm algorithm;
SignatureDescription description = algorithmFromConfig as SignatureDescription;
if (description != null)
{
algorithm = description.CreateDigest();
if (algorithm != null)
{
return(algorithm);
}
}
algorithm = algorithmFromConfig as HashAlgorithm;
if (algorithm == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("CustomCryptoAlgorithmIsNotValidAsymmetricSignature", new object[] { signatureMethod })));
}
return(algorithm);
}
switch (signatureMethod)
{
case "http://www.w3.org/2000/09/xmldsig#rsa-sha1":
case "http://www.w3.org/2000/09/xmldsig#dsa-sha1":
if (System.ServiceModel.Security.SecurityUtils.RequiresFipsCompliance)
{
return(new SHA1CryptoServiceProvider());
}
return(new SHA1Managed());
case "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":
if (System.ServiceModel.Security.SecurityUtils.RequiresFipsCompliance)
{
return(new SHA256CryptoServiceProvider());
}
return(new SHA256Managed());
}
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsupportedCryptoAlgorithm", new object[] { signatureMethod })));
}
[PlatformSpecific(TestPlatforms.Windows)] // Operation is not supported on Unix
public void Digest()
{
bool rightClass = false;
HashAlgorithm hash = null;
SignatureDescription sig = new SignatureDescription();
// null hash
AssertExtensions.Throws <ArgumentNullException>("name", () => hash = sig.CreateDigest());
sig.DigestAlgorithm = "SHA1";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA1)");
sig.DigestAlgorithm = "MD5";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(MD5)");
sig.DigestAlgorithm = "SHA256";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA256)");
sig.DigestAlgorithm = "SHA384";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA384)");
sig.DigestAlgorithm = "SHA512";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA512)");
sig.DigestAlgorithm = "bad";
hash = sig.CreateDigest();
Assert.Null(hash);
}
internal static HashAlgorithm CreateHashForAsymmetricSignature(string signatureMethod)
{
object algorithmObject = CryptoAlgorithms.GetAlgorithmFromConfig(signatureMethod);
if (algorithmObject != null)
{
HashAlgorithm hashAlgorithm;
SignatureDescription signatureDescription = algorithmObject as SignatureDescription;
if (signatureDescription != null)
{
hashAlgorithm = signatureDescription.CreateDigest();
if (hashAlgorithm != null)
{
return(hashAlgorithm);
}
}
hashAlgorithm = algorithmObject as HashAlgorithm;
if (hashAlgorithm != null)
{
return(hashAlgorithm);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.CustomCryptoAlgorithmIsNotValidAsymmetricSignature, signatureMethod)));
}
switch (signatureMethod)
{
case SecurityAlgorithms.RsaSha1Signature:
case SecurityAlgorithms.DsaSha1Signature:
return(SHA1.Create());
case SecurityAlgorithms.RsaSha256Signature:
return(SHA256.Create());
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.Format(SR.UnsupportedCryptoAlgorithm, signatureMethod)));
}
}
public override HashAlgorithm GetHashAlgorithmForSignature(string algorithm)
{
if (string.IsNullOrEmpty(algorithm))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(algorithm, SR.GetString(SR.EmptyOrNullArgumentString, "algorithm"));
}
object algorithmObject = CryptoHelper.GetAlgorithmFromConfig(algorithm);
if (algorithmObject != null)
{
SignatureDescription description = algorithmObject as SignatureDescription;
if (description != null)
{
return(description.CreateDigest());
}
HashAlgorithm hashAlgorithm = algorithmObject as HashAlgorithm;
if (hashAlgorithm != null)
{
return(hashAlgorithm);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.UnsupportedAlgorithmForCryptoOperation,
algorithm, "CreateDigest")));
}
switch (algorithm)
{
case SignedXml.XmlDsigDSAUrl:
case SignedXml.XmlDsigRSASHA1Url:
return(CryptoHelper.NewSha1HashAlgorithm());
case SecurityAlgorithms.RsaSha256Signature:
return(CryptoHelper.NewSha256HashAlgorithm());
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedCryptoAlgorithm, algorithm)));
}
}
void RSASignatureDescriptionCore(string name, string expectedDigestAlgorithm, string expectedSelectedDigestAlgorithm)
{
// internal class - we cannot create one without CryptoConfig
SignatureDescription sd = (SignatureDescription)CryptoConfig.CreateFromName(name);
Assert.AreEqual(expectedDigestAlgorithm, sd.DigestAlgorithm);
Assert.AreEqual("System.Security.Cryptography.RSAPKCS1SignatureDeformatter", sd.DeformatterAlgorithm);
Assert.AreEqual("System.Security.Cryptography.RSAPKCS1SignatureFormatter", sd.FormatterAlgorithm);
Assert.AreEqual("System.Security.Cryptography.RSA", sd.KeyAlgorithm);
HashAlgorithm hash = sd.CreateDigest();
Assert.AreEqual(expectedSelectedDigestAlgorithm, hash.ToString());
Assert.AreEqual("System.Security.Cryptography.RSA", sd.KeyAlgorithm);
AsymmetricSignatureDeformatter asd = sd.CreateDeformatter(rsa);
Assert.AreEqual("System.Security.Cryptography.RSAPKCS1SignatureDeformatter", asd.ToString());
AsymmetricSignatureFormatter asf = sd.CreateFormatter(rsa);
Assert.AreEqual("System.Security.Cryptography.RSAPKCS1SignatureFormatter", asf.ToString());
}
public void Digest()
{
bool rightClass = false;
HashAlgorithm hash = null;
SignatureDescription sig = new SignatureDescription();
// null hash
Assert.Throws<ArgumentNullException>("name", () => hash = sig.CreateDigest());
sig.DigestAlgorithm = "SHA1";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA1)");
sig.DigestAlgorithm = "MD5";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(MD5)");
sig.DigestAlgorithm = "SHA256";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA256)");
sig.DigestAlgorithm = "SHA384";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA384)");
sig.DigestAlgorithm = "SHA512";
hash = sig.CreateDigest();
Assert.NotNull(hash);
rightClass = (hash.ToString().IndexOf(sig.DigestAlgorithm) > 0);
Assert.True(rightClass, "CreateDigest(SHA512)");
sig.DigestAlgorithm = "bad";
hash = sig.CreateDigest();
Assert.Null(hash);
}
