Exemplo n.º 1
0
 public void Add(Transform transform)
 {
     if (transform != null)
     {
         this.m_transforms.Add(transform);
     }
 }
Exemplo n.º 2
0
        /// <remarks>Sólo se implementan las transformadas de canonicalización</remarks>

        private Stream SignedInfoTransformed()
        {
            System.Security.Cryptography.Xml.Transform t = null;
            switch (signature.SignedInfo.CanonicalizationMethod)
            {
            case XmlSignatureConstants.XmlDsigC14NTransformUrl:
                t = new System.Security.Cryptography.Xml.XmlDsigC14NTransform();
                break;

            case XmlSignatureConstants.XmlDsigC14NWithCommentsTransformUrl:
                t = new System.Security.Cryptography.Xml.XmlDsigC14NWithCommentsTransform();
                break;

            case XmlSignatureConstants.XmlDsigExcC14NTransformUrl:
                t = new System.Security.Cryptography.Xml.XmlDsigExcC14NTransform(signature.SignedInfo.InclusiveNamespaces);
                break;

            case XmlSignatureConstants.XmlDsigExcC14NWithCommentsTransformUrl:
                t = new System.Security.Cryptography.Xml.XmlDsigExcC14NWithCommentsTransform();
                break;

            default:
                t = null;
                break;
            }
            if (t == null)
            {
                return(null);
            }

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;

            XmlElement signatureNode = (XmlElement)envdoc.SelectSingleNode("//*[@Id='" + signature.Id + "']");

            if (signatureNode != null)
            {
                XmlNamespaceManager xmlnsManager = new XmlNamespaceManager(envdoc.NameTable);
                xmlnsManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

                XmlNode signedInfoNode = signatureNode.SelectSingleNode("ds:SignedInfo", xmlnsManager);

                doc.LoadXml(signedInfoNode.OuterXml);
            }
            else
            {
                doc.LoadXml(signature.SignedInfo.GetXml().OuterXml);
            }

            var namespaces = GetAllNamespaces(signatureNode);

            foreach (var item in namespaces)
            {
                AddNameSpace(doc, doc.DocumentElement, item.Name, item.Value);
            }

            return(ApplyTransform(t, doc));
        }
Exemplo n.º 3
0
 public void AddTransform(Transform transform)
 {
     if (transform == null)
     {
         throw new ArgumentNullException("transform");
     }
     transform.Reference = this;
     this.TransformChain.Add(transform);
 }
Exemplo n.º 4
0
        private Stream ApplyTransform(System.Security.Cryptography.Xml.Transform t, XmlDocument doc)
        {
            byte[] buffer = System.Text.Encoding.UTF8.GetBytes(doc.OuterXml);

            using (MemoryStream ms = new MemoryStream(buffer))
            {
                t.LoadInput(ms);
                return((MemoryStream)t.GetOutput(typeof(Stream)));
            }
        }
Exemplo n.º 5
0
 public static byte[] ApplyTransform(XmlElement element, System.Security.Cryptography.Xml.Transform transform)
 {
     byte[] bytes = Encoding.UTF8.GetBytes(element.OuterXml);
     using (MemoryStream obj = new MemoryStream(bytes))
     {
         transform.LoadInput(obj);
         using (MemoryStream memoryStream = (MemoryStream)transform.GetOutput(typeof(Stream)))
         {
             return(memoryStream.ToArray());
         }
     }
 }
Exemplo n.º 6
0
 internal static void LogBeginCanonicalization(SignedXml signedXml, Transform canonicalizationTransform)
 {
     if (InformationLoggingEnabled)
     {
         string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_BeginCanonicalization"), new object[] { canonicalizationTransform.Algorithm, canonicalizationTransform.GetType().Name });
         WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.BeginCanonicalization, data);
     }
     if (VerboseLoggingEnabled)
     {
         string str2 = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_CanonicalizationSettings"), new object[] { canonicalizationTransform.Resolver.GetType(), canonicalizationTransform.BaseURI });
         WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.BeginCanonicalization, str2);
     }
 }
Exemplo n.º 7
0
 private Stream ApplyTransform(System.Security.Cryptography.Xml.Transform t, Stream s)
 {
     try
     {
         t.LoadInput(s);
         s = (Stream)t.GetOutput();
     }
     catch (Exception e)
     {
         string temp = e.ToString();
     }
     return(s);
 }
Exemplo n.º 8
0
        /// <summary>
        /// Obtiene el valor canonicalizado de los elementos especificados en elementXpaths
        /// </summary>
        /// <param name="xadesSignedXml"></param>
        /// <param name="elementXpaths"></param>
        /// <returns></returns>
        public static byte[] ComputeValueOfElementList(XadesSignedXml xadesSignedXml, ArrayList elementXpaths,
                                                       System.Security.Cryptography.Xml.Transform transform)
        {
            XmlDocument         xmlDocument;
            XmlNamespaceManager xmlNamespaceManager;
            XmlNodeList         searchXmlNodeList;

            var signatureXmlElement = xadesSignedXml.GetSignatureElement();
            var namespaces          = xadesSignedXml.GetAllNamespaces(signatureXmlElement);

            xmlDocument         = signatureXmlElement.OwnerDocument;
            xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable);
            xmlNamespaceManager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
            xmlNamespaceManager.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri);

            using (MemoryStream msResult = new MemoryStream())
            {
                foreach (string elementXpath in elementXpaths)
                {
                    searchXmlNodeList = signatureXmlElement.SelectNodes(elementXpath, xmlNamespaceManager);

                    if (searchXmlNodeList.Count == 0)
                    {
                        throw new CryptographicException("Element " + elementXpath + " not found while calculating hash");
                    }

                    foreach (XmlNode xmlNode in searchXmlNodeList)
                    {
                        XmlElement clonedElement = (XmlElement)xmlNode.Clone();

                        clonedElement.SetAttribute("xmlns:" + XadesSignedXml.XmlDSigPrefix, XadesSignedXml.XmlDsigNamespaceUrl);

                        foreach (var attr in namespaces)
                        {
                            clonedElement.SetAttribute(attr.Name, attr.Value);
                        }

                        byte[] canonicalizedElement = ApplyTransform(clonedElement, transform);
                        msResult.Write(canonicalizedElement, 0, canonicalizedElement.Length);
                    }
                }

                return(msResult.ToArray());
            }
        }
Exemplo n.º 9
0
		private Stream ApplyTransform (Transform t, XmlDocument input) 
		{
			// These transformer modify input document, which should
			// not affect to the input itself.
			if (t is XmlDsigXPathTransform 
				|| t is XmlDsigEnvelopedSignatureTransform
				|| t is XmlDecryptionTransform
			)
				input = (XmlDocument) input.Clone ();

			t.LoadInput (input);

			if (t is XmlDsigEnvelopedSignatureTransform)
				// It returns XmlDocument for XmlDocument input.
				return CanonicalizeOutput (t.GetOutput ());

			object obj = t.GetOutput ();
			if (obj is Stream)
				return (Stream) obj;
			else if (obj is XmlDocument) {
				MemoryStream ms = new MemoryStream ();
				XmlTextWriter xtw = new XmlTextWriter (ms, Encoding.UTF8);
				((XmlDocument) obj).WriteTo (xtw);

				xtw.Flush ();

				// Rewind to the start of the stream
				ms.Position = 0;
				return ms;
			}
			else if (obj == null) {
				throw new NotImplementedException ("This should not occur. Transform is " + t + ".");
			}
			else {
				// e.g. XmlDsigXPathTransform returns XmlNodeList
				return CanonicalizeOutput (obj);
			}
		}
Exemplo n.º 10
0
		public void AddTransform (Transform transform) 
		{
			chain.Add (transform);
		}
Exemplo n.º 11
0
        /// <summary>
        ///     Log the canonicalized data
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signing or verification</param>
        /// <param name="canonicalizationTransform">transform canonicalizing the input</param>
        internal static void LogCanonicalizedOutput(SignedXml signedXml, Transform canonicalizationTransform) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(canonicalizationTransform != null, "canonicalizationTransform != null");

            if (VerboseLoggingEnabled) {
                using (StreamReader reader = new StreamReader(canonicalizationTransform.GetOutput(typeof(Stream)) as Stream)) {
                    string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                      SecurityResources.GetResourceString("Log_CanonicalizedOutput"),
                                                      reader.ReadToEnd());
                    WriteLine(signedXml,
                              TraceEventType.Verbose,
                              SignedXmlDebugEvent.CanonicalizedData,
                              logMessage);
                }
            }
        }
Exemplo n.º 12
0
        /// <summary>
        ///     Log that canonicalization has begun on input data
        /// </summary>
        /// <param name="signedXml">SignedXml object doing the signing or verification</param>
        /// <param name="canonicalizationTransform">transform canonicalizing the input</param>
        internal static void LogBeginCanonicalization(SignedXml signedXml, Transform canonicalizationTransform) {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(canonicalizationTransform != null, "canonicalizationTransform != null");

            if (InformationLoggingEnabled) {
                string logMessage = String.Format(CultureInfo.InvariantCulture,
                                                  SecurityResources.GetResourceString("Log_BeginCanonicalization"),
                                                  canonicalizationTransform.Algorithm,
                                                  canonicalizationTransform.GetType().Name);
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.BeginCanonicalization,
                          logMessage);
            }

            if (VerboseLoggingEnabled) {
                string canonicalizationSettings = String.Format(CultureInfo.InvariantCulture,
                                                                SecurityResources.GetResourceString("Log_CanonicalizationSettings"),
                                                                canonicalizationTransform.Resolver.GetType(),
                                                                canonicalizationTransform.BaseURI);
                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.BeginCanonicalization,
                          canonicalizationSettings);
            }
        }
Exemplo n.º 13
0
        private static Stream TransformXml(Transform xForm, Object source)
        {
            (new PermissionSet(PermissionState.Unrestricted)).Assert();  // Blessed
            try
            {
                // transform
                xForm.LoadInput(source);
            }
            finally
            {
                PermissionSet.RevertAssert();
            }

            return (Stream)xForm.GetOutput();
        }
Exemplo n.º 14
0
 public void LoadXml(XmlElement value)
 {
     if (value == null)
     {
         throw new ArgumentNullException("value");
     }
     XmlElement element = value;
     if (!element.LocalName.Equals("SignedInfo"))
     {
         throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");
     }
     XmlNamespaceManager nsmgr = new XmlNamespaceManager(value.OwnerDocument.NameTable);
     nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
     this.m_id = System.Security.Cryptography.Xml.Utils.GetAttribute(element, "Id", "http://www.w3.org/2000/09/xmldsig#");
     XmlElement element2 = element.SelectSingleNode("ds:CanonicalizationMethod", nsmgr) as XmlElement;
     if (element2 == null)
     {
         throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/CanonicalizationMethod");
     }
     this.m_canonicalizationMethod = System.Security.Cryptography.Xml.Utils.GetAttribute(element2, "Algorithm", "http://www.w3.org/2000/09/xmldsig#");
     this.m_canonicalizationMethodTransform = null;
     if (element2.ChildNodes.Count > 0)
     {
         this.CanonicalizationMethodObject.LoadInnerXml(element2.ChildNodes);
     }
     XmlElement element3 = element.SelectSingleNode("ds:SignatureMethod", nsmgr) as XmlElement;
     if (element3 == null)
     {
         throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureMethod");
     }
     this.m_signatureMethod = System.Security.Cryptography.Xml.Utils.GetAttribute(element3, "Algorithm", "http://www.w3.org/2000/09/xmldsig#");
     XmlElement element4 = element3.SelectSingleNode("ds:HMACOutputLength", nsmgr) as XmlElement;
     if (element4 != null)
     {
         this.m_signatureLength = element4.InnerXml;
     }
     this.m_references.Clear();
     XmlNodeList list = element.SelectNodes("ds:Reference", nsmgr);
     if (list != null)
     {
         foreach (XmlNode node in list)
         {
             XmlElement element5 = node as XmlElement;
             Reference reference = new Reference();
             this.AddReference(reference);
             reference.LoadXml(element5);
         }
     }
     this.m_cachedXml = element;
 }
Exemplo n.º 15
0
 internal static void LogCanonicalizedOutput(SignedXml signedXml, Transform canonicalizationTransform)
 {
     if (VerboseLoggingEnabled)
     {
         using (StreamReader reader = new StreamReader(canonicalizationTransform.GetOutput(typeof(Stream)) as Stream))
         {
             string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_CanonicalizedOutput"), new object[] { reader.ReadToEnd() });
             WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.CanonicalizedData, data);
         }
     }
 }
Exemplo n.º 16
0
 public void AddTransform(Transform transform)
 {
     this.TransformChain.Add(transform);
 }
Exemplo n.º 17
0
        public ValidationResult Validate(SignatureDocument sigDocument)
        {
            /* Los elementos que se validan son:
             *
             * 1. Las huellas de las referencias de la firma.
             * 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado.
             * 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo.
             *
             * La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto.
             */

            ValidationResult result = new ValidationResult();

            try
            {
                // Verifica las huellas de las referencias y la firma
                sigDocument.XadesSignature.CheckXmldsigSignature();
            }
            catch (Exception ex)
            {
                result.IsValid = false;
                result.Message = "La verificación de la firma no ha sido satisfactoria";

                return(result);
            }

            if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
            {
                // Se comprueba el sello de tiempo

                TimeStamp      timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
                TimeStampToken token     = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));

                byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();

                //TODO: Verificare
                // Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.ObjectID.Id);
                Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);

                System.Security.Cryptography.Xml.Transform transform = null;

                if (timeStamp.CanonicalizationMethod != null)
                {
                    transform = CryptoConfig.CreateFromName(timeStamp.CanonicalizationMethod.Algorithm) as System.Security.Cryptography.Xml.Transform;
                }
                else
                {
                    transform = new XmlDsigC14NTransform();
                }

                ArrayList signatureValueElementXpaths = new ArrayList();
                signatureValueElementXpaths.Add("ds:SignatureValue");
                byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths, transform), tsDigestMethod);

                if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
                {
                    result.IsValid = false;
                    result.Message = "La huella del sello de tiempo no se corresponde con la calculada";

                    return(result);
                }
            }

            result.IsValid = true;
            result.Message = "Verificación de la firma satisfactoria";

            return(result);
        }
Exemplo n.º 18
0
		string SignWithHMACSHA1 (string input, byte [] key, Transform transform)
		{
			XmlDocument doc = new XmlDocument ();
			doc.LoadXml (input);
			SignedXml sxml = new SignedXml (doc);

			HMACSHA1 keyhash = new HMACSHA1 (key);
			DataObject d = new DataObject ();
			//d.Data = doc.SelectNodes ("//*[local-name()='Body']/*");
			d.Data = doc.SelectNodes ("//*[local-name()='Action']");
			d.Id = "_1";
			sxml.AddObject (d);
			Reference r = new Reference ("#_1");
			r.AddTransform (transform);
			r.DigestMethod = SignedXml.XmlDsigSHA1Url;
			sxml.SignedInfo.AddReference (r);
			sxml.ComputeSignature (keyhash);
			StringWriter sw = new StringWriter ();
			XmlWriter w = new XmlTextWriter (sw);
			sxml.GetXml ().WriteTo (w);
			w.Close ();
			return sw.ToString ();
		}
Exemplo n.º 19
0
        public void LoadXml(XmlElement value) {
            if (value == null)
                throw new ArgumentNullException("value");

            // SignedInfo
            XmlElement signedInfoElement = value;
            if (!signedInfoElement.LocalName.Equals("SignedInfo"))
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo");

            XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);
            nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            // Id attribute -- optional
            m_id = Utils.GetAttribute(signedInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl);

            // CanonicalizationMethod -- must be present
            XmlElement canonicalizationMethodElement = signedInfoElement.SelectSingleNode("ds:CanonicalizationMethod", nsm) as XmlElement;
            if (canonicalizationMethodElement == null)
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/CanonicalizationMethod");
            m_canonicalizationMethod = Utils.GetAttribute(canonicalizationMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
            m_canonicalizationMethodTransform = null;
            if (canonicalizationMethodElement.ChildNodes.Count > 0)
                this.CanonicalizationMethodObject.LoadInnerXml(canonicalizationMethodElement.ChildNodes);

            // SignatureMethod -- must be present
            XmlElement signatureMethodElement = signedInfoElement.SelectSingleNode("ds:SignatureMethod", nsm) as XmlElement;
            if (signatureMethodElement == null)
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/SignatureMethod");
            m_signatureMethod = Utils.GetAttribute(signatureMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);

            // Now get the output length if we are using a MAC algorithm
            XmlElement signatureLengthElement = signatureMethodElement.SelectSingleNode("ds:HMACOutputLength", nsm) as XmlElement;
            if (signatureLengthElement != null) 
                m_signatureLength = signatureLengthElement.InnerXml;

            // flush out any reference that was there
            m_references.Clear();

            XmlNodeList referenceNodes = signedInfoElement.SelectNodes("ds:Reference", nsm);
            if (referenceNodes != null) {
                foreach(XmlNode node in referenceNodes) {
                    XmlElement referenceElement = node as XmlElement;
                    Reference reference = new Reference();
                    AddReference(reference);
                    reference.LoadXml(referenceElement);
                }
            }

            // Save away the cached value
            m_cachedXml = signedInfoElement;
        }