Exemplo n.º 1
0
		public void DigestValue_LF ()
		{
			XmlDocument doc = CreateSomeXml ("\n");
			XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
			transform.LoadInput (doc);
			Stream s = (Stream) transform.GetOutput ();
			string output = Stream2String (s);
			Assert.AreEqual ("<person>\n  <birthplace>Brussels</birthplace>\n</person>", output, "#1");

			s.Position = 0;

			HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
			byte[] digest = hash.ComputeHash (s);
			Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2");

			X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
			SignedXml signedXml = new SignedXml (doc);
			signedXml.SigningKey = cert.PrivateKey;
			signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

			Reference reference = new Reference ();
			reference.Uri = "";

			XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
			reference.AddTransform (env);
			signedXml.AddReference (reference);

			KeyInfo keyInfo = new KeyInfo ();
			KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
			x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
			x509KeyInfo.AddCertificate (cert);
			keyInfo.AddClause (x509KeyInfo);
			signedXml.KeyInfo = keyInfo;

			signedXml.ComputeSignature ();

			digest = reference.DigestValue;
			Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");

			Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" 
				+ "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
				+ "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
				+ "<Reference URI=\"\">"
				+ "<Transforms>"
				+ "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
				+ "</Transforms>"
				+ "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
				+ "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
				+ "</Reference>"
				+ "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
		}
Exemplo n.º 2
0
		// creates a signed XML document with two certificates in the X509Data 
		// element, with the second being the one that should be used to verify
		// the signature
		static XmlDocument CreateSignedXml (X509Certificate2 cert, string canonicalizationMethod, string lineFeed)
		{
			XmlDocument doc = CreateSomeXml (lineFeed);

			SignedXml signedXml = new SignedXml (doc);
			signedXml.SigningKey = cert.PrivateKey;
			signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod;

			Reference reference = new Reference ();
			reference.Uri = "";

			XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
			reference.AddTransform (env);
			signedXml.AddReference (reference);

			KeyInfo keyInfo = new KeyInfo ();
			KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
			x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
			x509KeyInfo.AddCertificate (cert);
			keyInfo.AddClause (x509KeyInfo);
			signedXml.KeyInfo = keyInfo;

			signedXml.ComputeSignature ();
			XmlElement xmlDigitalSignature = signedXml.GetXml ();

			doc.DocumentElement.AppendChild (doc.ImportNode (xmlDigitalSignature, true));
			return doc;
		}
Exemplo n.º 3
0
		public void AddCertificate_Null ()
		{
			KeyInfoX509Data data = new KeyInfoX509Data ();
			data.AddCertificate (null);
		}
Exemplo n.º 4
0
		public void Complex () 
		{
			KeyInfoX509Data data1 = new KeyInfoX509Data (cert);
			KeyInfoX509Data data2 = new KeyInfoX509Data ();

			XmlElement xel = data1.GetXml ();
			data2.LoadXml (xel);

			Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
			byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
			AssertCrypto.AssertEquals ("Certificate[0]", cert, c);

			// add a second X.509 certificate
			X509Certificate x509 = new X509Certificate (cert2);
			data1.AddCertificate (x509);
			xel = data1.GetXml ();
			data2.LoadXml (xel);
			Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
			c = (data1.Certificates [1] as X509Certificate).GetRawCertData();
			Assert.AreEqual (cert2, c, "Certificate[1]");

			// add properties from a third X.509 certificate
			x509 = new X509Certificate (cert3);
			data1.AddIssuerSerial (x509.GetIssuerName (), x509.GetSerialNumberString ());
			xel = data1.GetXml ();
			data2.LoadXml (xel);
			Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
			// TODO: The type of IssuerSerial isn't documented

			// X509Certificate doesn't export SubjectKeyId so we must improvise
			byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
			data1.AddSubjectKeyId (skid);
			xel = data1.GetXml ();
			data2.LoadXml (xel);
			Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
			Assert.AreEqual (skid, (byte[])data1.SubjectKeyIds[0], "SubjectKeyId");
			data1.AddSubjectName (x509.GetName ());
			xel = data1.GetXml ();
			data2.LoadXml (xel);
			Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
			string s = (string) data1.SubjectNames [0];
			Assert.AreEqual (x509.GetName (), s, "SubjectName");
		}
Exemplo n.º 5
0
		public void WriteContentsTo (
			AddressingVersion addressingVersion,
			XmlDictionaryWriter writer)
		{
			if (writer == null)
				throw new ArgumentNullException ("writer");
#if NET_2_1
			writer.WriteString (Uri.AbsoluteUri);
#else
			if (addressingVersion == AddressingVersion.None)
				writer.WriteString (Uri.AbsoluteUri);
			else {
				writer.WriteStartElement ("Address", addressingVersion.Namespace);
				writer.WriteString (Uri.AbsoluteUri);
				writer.WriteEndElement ();

				if (Headers != null)
					foreach (AddressHeader ah in Headers)
						ah.WriteAddressHeader (writer);

				if (Identity == null)
					return;

				writer.WriteStartElement ("Identity", Constants.WsaIdentityUri);

				X509CertificateEndpointIdentity x509 =
					Identity as X509CertificateEndpointIdentity;
				if (x509 != null) {
					KeyInfo ki = new KeyInfo ();
					KeyInfoX509Data x = new KeyInfoX509Data ();
					foreach (X509Certificate2 cert in x509.Certificates)
						x.AddCertificate (cert);
					ki.AddClause (x);
					ki.GetXml ().WriteTo (writer);
				} else {
					DataContractSerializer ds = new DataContractSerializer (Identity.IdentityClaim.GetType ());
					ds.WriteObject (writer, Identity.IdentityClaim);
				}
				writer.WriteEndElement ();
			}
#endif
		}
		void IXmlSerializable.WriteXml (XmlWriter writer)
		{
			if (writer == null)
				throw new ArgumentNullException ("writer");
			writer.WriteStartElement ("Address", Constants.WsaNamespace);
			writer.WriteString (address.Uri.AbsoluteUri);
			writer.WriteEndElement ();

			if (address.Identity == null)
				return;

			if (address.Headers != null)
				foreach (AddressHeader ah in address.Headers)
					ah.WriteAddressHeader (writer);

			writer.WriteStartElement ("Identity", Constants.WsaIdentityUri);
#if !NET_2_1
			X509CertificateEndpointIdentity x509 =
				address.Identity as X509CertificateEndpointIdentity;
			if (x509 != null) {
				KeyInfo ki = new KeyInfo ();
				KeyInfoX509Data x = new KeyInfoX509Data ();
				foreach (X509Certificate2 cert in x509.Certificates)
					x.AddCertificate (cert);
				ki.AddClause (x);
				ki.GetXml ().WriteTo (writer);
			} else {
				DataContractSerializer ds = new DataContractSerializer (address.Identity.IdentityClaim.GetType ());
				ds.WriteObject (writer, address.Identity.IdentityClaim);
			}
#endif
			writer.WriteEndElement ();
		}
		public void AddCertificate_Null_GetXml ()
		{
			KeyInfoX509Data data = new KeyInfoX509Data ();
			data.AddCertificate (null);
			XmlElement empty = data.GetXml ();
		}
Exemplo n.º 8
0
        // Creates a KeyInfo from the supplied X.509 certificate
        private static KeyInfo CreateKeyInfo(X509Certificate2 x509Certificate)
        {
            KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data();
            keyInfoX509Data.AddCertificate(x509Certificate);

            KeyInfo keyInfo = new KeyInfo();
            keyInfo.AddClause(keyInfoX509Data);

            return keyInfo;
        }
Exemplo n.º 9
0
        private void AddCertificateInfoToSignature(XadesSignedXml xadesSignedXml, SignatureParameters parameters)
        {
            var key = parameters.SigningCertificate.GetPublicKey();

            if (key is RsaKeyParameters)
            {
                RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
                RSAParameters RSAKeyInfo = new RSAParameters();

                //Set RSAKeyInfo to the public key values. 
                RSAKeyInfo.Modulus = ((RsaKeyParameters)key).Modulus.ToByteArray();
                RSAKeyInfo.Exponent = ((RsaKeyParameters)key).Exponent.ToByteArray();

                rsaKey.ImportParameters(RSAKeyInfo);

                xadesSignedXml.SigningKey = rsaKey;

                KeyInfo keyInfo = new KeyInfo();

                // ETSI TS 103 171 V2.1.1
                // 6.2.1 Placement of the signing certificate
                // "b) In order to facilitate path-building, generators should include in the same ds:KeyInfo/X509Data element as 
                // in note a) all certificates not available to verifiers that can be used during path building."
                //keyInfo.AddClause(new KeyInfoX509Data(this.certificate));
                {
                    KeyInfoX509Data x509Data = new KeyInfoX509Data();
                    foreach (X509Certificate cert in parameters.CertificateChain)
                    {
                        x509Data.AddCertificate(DotNetUtilities.ToX509Certificate2(cert));
                        //TODO jbonilla validar más de uno?
                        //break;
                    }
                    keyInfo.AddClause(x509Data);
                }

                keyInfo.AddClause(new RSAKeyValue(rsaKey));

                xadesSignedXml.KeyInfo = keyInfo;
            }
            else
            {
                throw new ArgumentException("Only allowed RsaKeyParameters", "key");
            }
        }