public static bool VerifyCryptoExceptionOnLoad(string xml, bool loadXmlThrows) { var xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.LoadXml(xml); var signatureNode = (XmlElement)xmlDoc.GetElementsByTagName("Signature", XmlNameSpace.Url[NS.XmlDsigNamespaceUrl])[0]; SignatureChecker signedXml = new SignatureChecker(xmlDoc); if (loadXmlThrows) { Assert.Throws <System.Security.Cryptography.CryptographicException>(() => signedXml.LoadXml(signatureNode)); } else { signedXml.LoadXml(signatureNode); } if (!loadXmlThrows) { bool checkSigResult = signedXml.CheckSignature(); return(checkSigResult); } return(false); }
public WeChatController(SignatureChecker signatureChecker, IHttpClientFactory httpClientFactory, IJsTicketAccessor jsTicketAccessor, ISignatureGenerator signatureGenerator, IWeChatOfficialOptionsResolver optionsResolver) { _signatureChecker = signatureChecker; _httpClientFactory = httpClientFactory; _jsTicketAccessor = jsTicketAccessor; _signatureGenerator = signatureGenerator; _optionsResolver = optionsResolver; }
private static bool VerifyXml(string signedXmlText, RsaKeyParameters key) { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.LoadXml(signedXmlText); SignatureChecker signedXml = new SignatureChecker(xmlDoc); var signatureNode = (XmlElement)xmlDoc.GetElementsByTagName("Signature")[0]; signedXml.LoadXml(signatureNode); return(signedXml.CheckSignature(key)); }
public WeChatController(SignatureChecker signatureChecker, IOptions <AbpWeChatOfficialOptions> officialOptions, IHttpClientFactory httpClientFactory, IJsTicketAccessor jsTicketAccessor, ISignatureGenerator signatureGenerator, IHttpContextAccessor httpContextAccessor) { _signatureChecker = signatureChecker; _httpClientFactory = httpClientFactory; _jsTicketAccessor = jsTicketAccessor; _signatureGenerator = signatureGenerator; _httpContextAccessor = httpContextAccessor; _officialOptions = officialOptions.Value; }
private static bool VerifyXml(string signedXmlText, X509Certificate certificate) { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.LoadXml(signedXmlText); SignatureChecker signedXml = new SignatureChecker(xmlDoc); var signatureNode = (XmlElement)xmlDoc.GetElementsByTagName("Signature")[0]; signedXml.LoadXml(signatureNode); return(signedXml.CheckSignature(certificate, verifySignatureOnly: true)); }
public static void CheckSignature(MethodInfo mi, Type returnType, params Type[] parameters) { if (mi == null) { throw new ArgumentNullException("mi"); } if (returnType == null) { throw new ArgumentNullException("returnType"); } SignatureChecker checker = new SignatureChecker(returnType, parameters); checker.Check(mi); }
public UpdateDownloadForm(Release release) { InitializeComponent(); Icon = updateIcon; Text = release.Name; LocalizeForm(); Focus(); changeLog.SetChangelog(release.Changelog); _redirectLinks = true; downloadProgress.DisplayStyle = TextProgressBar.ProgressBarDisplayText.Both; downloadProgress.CustomText = release.Asset.name; _releaseFile = new WebFile(new Uri(release.Asset.browser_download_url)); _releaseFileOnDownloadProgressChanged = (sender, args) => { if (downloadProgress.IsDisposed) { return; } downloadProgress.Invoke(new Action(() => { downloadProgress.Value = args.ProgressPercentage; })); }; _releaseFile.DownloadProgressChanged += _releaseFileOnDownloadProgressChanged; _releaseFile.DownloadFailed += (sender, @event) => { Log.Error(@event.Exception, "Couldn't download the Release "); MessageBox.Show(@event.Exception.Message, UpdateDownloadStrings.downloadFailed, MessageBoxButtons.OK, MessageBoxIcon.Error); }; _releaseFile.Downloaded += (sender, args) => { if (!SignatureChecker.IsValid(_releaseFile.FilePath)) { Log.Error("Wrong signature for the release"); MessageBox.Show(UpdateDownloadStrings.notSigned, UpdateDownloadStrings.notSignedTitle, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } installButton.Invoke(new Action(() => { installButton.Enabled = true; downloadProgress.Enabled = false; })); }; _releaseFile.DownloadFile(); }
public static void TestDummySignatureAlgorithm() { string objectToConstruct = typeof(DummyClass).AssemblyQualifiedName; string xml = $@"<?xml version=""1.0"" encoding=""UTF-8""?> <a><b xmlns:ns1=""http://www.contoso.com/"">X<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315""/><SignatureMethod Algorithm=""{objectToConstruct}""/><Reference URI=""""><Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature""/><Transform Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315""/></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1""/><DigestValue>ZVZLYkc1BAx+YtaqeYlxanb2cGI=</DigestValue></Reference></SignedInfo><SignatureValue>Kx8xs0of766gimu5girTqiTR5xoiWjN4XMx8uzDDhG70bIqpSzlhh6IA3iI54R5mpqCCPWrJJp85ps4jpQk8RGHe4KMejstbY6YXCfs7LtRPzkNzcoZB3vDbr3ijUSrbMk+0wTaZeyeYs8Z6cOicDIVN6bN6yC/Se5fbzTTCSmg=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>ww2w+NbXwY/GRBZfFcXqrAM2X+P1NQoU+QEvgLO1izMTB8kvx1i/bodBvHTrKMwAMGEO4kVATA1f1Vf5/lVnbqiCLMJPVRZU6rWKjOGD28T/VRaIGywTV+mC0HvMbe4DlEd3dBwJZLIMUNvOPsj5Ua+l9IS4EoszFNAg6F5Lsyk=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></b></a>"; var xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.LoadXml(xml); var signatureNode = (XmlElement)xmlDoc.GetElementsByTagName("Signature", XmlNameSpace.Url[NS.XmlDsigNamespaceUrl])[0]; SignatureChecker signedXml = new SignatureChecker(xmlDoc); signedXml.LoadXml(signatureNode); Assert.Throws <System.Security.Cryptography.CryptographicException>(() => signedXml.CheckSignature()); }
public async void CanMatchSignatures() { await using var tempFile = new TempFile(); var sig = new byte[] { 0x00, 0x01, 0x00, 0x00, 0x00 }; await tempFile.Path.WriteAllBytesAsync(sig); var list = new List <Definitions.FileType> { Definitions.FileType.TTF, Definitions.FileType.ABA, Definitions.FileType.ACCDB }; var checker = new SignatureChecker(list.ToArray()); var res = await checker.MatchesAsync(tempFile.Path); Assert.NotNull(res); Assert.Equal(Definitions.FileType.TTF, res); }
public LoginAppService( LoginService loginService, ACodeService aCodeService, SignatureChecker signatureChecker, SignInManager <IdentityUser> signInManager, IDataFilter dataFilter, IConfiguration configuration, IHttpClientFactory httpClientFactory, IUserInfoRepository userInfoRepository, IJsonSerializer jsonSerializer, IWeChatMiniProgramAsyncLocal weChatMiniProgramAsyncLocal, IMiniProgramUserRepository miniProgramUserRepository, IMiniProgramLoginNewUserCreator miniProgramLoginNewUserCreator, IMiniProgramLoginProviderProvider miniProgramLoginProviderProvider, IDistributedCache <MiniProgramPcLoginAuthorizationCacheItem> pcLoginAuthorizationCache, IDistributedCache <MiniProgramPcLoginUserLimitCacheItem> pcLoginUserLimitCache, IOptions <IdentityOptions> identityOptions, IdentityUserManager identityUserManager, IMiniProgramRepository miniProgramRepository) { _loginService = loginService; _aCodeService = aCodeService; _signatureChecker = signatureChecker; _signInManager = signInManager; _dataFilter = dataFilter; _configuration = configuration; _httpClientFactory = httpClientFactory; _userInfoRepository = userInfoRepository; _jsonSerializer = jsonSerializer; _weChatMiniProgramAsyncLocal = weChatMiniProgramAsyncLocal; _miniProgramUserRepository = miniProgramUserRepository; _miniProgramLoginNewUserCreator = miniProgramLoginNewUserCreator; _miniProgramLoginProviderProvider = miniProgramLoginProviderProvider; _pcLoginAuthorizationCache = pcLoginAuthorizationCache; _pcLoginUserLimitCache = pcLoginUserLimitCache; _identityOptions = identityOptions; _identityUserManager = identityUserManager; _miniProgramRepository = miniProgramRepository; }
/// <summary> /// Converts a secure string back to the object tree it represents, using /// a custom <see cref="Deserializer"/> and <see cref="SignatureChecker"/>. /// </summary> /// <param name="secureString">the secure string to be converted back to an /// object tree.</param> /// <param name="encryptionKey">the key to use to decrypt the ciphertext</param> /// <param name="validationKey">ignored</param> /// <param name="encryptionAlgorithm">the name of the encryption algorithm to use, null means use default</param> /// <param name="validationAlgorithm">the name of the signing algorithm to use, null means use default</param> /// <param name="deserializer">a <see cref="Deserializer"/> delegate from the /// root object of the object tree that can recreate the object tree from a /// <see cref="Stream"/> of serialized bytes.</param> /// <param name="sigChecker">a <see cref="SignatureChecker"/> delegate that /// compares an actual signature to the expected signature, throwin an exception /// if they don't match.</param> /// <remarks>The encryption key and algorithms must have /// the same values as they did when <see cref="Protect(Serializer, byte[], byte[])"/> was called or /// an exception will occur.</remarks> public static void Unprotect(string secureString, byte[] encryptionKey, byte[] unused, string encryptionAlgorithm, string validationAlgorithm, Deserializer deserializer, SignatureChecker sigChecker) { byte[] secureBytes = Convert.FromBase64String(secureString); MemoryStream secureStream = new MemoryStream(secureBytes); BinaryReader binaryReader = new BinaryReader(secureStream); byte[] actualHash = binaryReader.ReadBytes(binaryReader.ReadByte()); byte[] iv = binaryReader.ReadBytes(binaryReader.ReadByte()); byte[] cipherText = binaryReader.ReadBytes((int)(secureStream.Length - secureStream.Position)); // Verify the hash HashAlgorithm hashAlgorithm = validationAlgorithm != null ? HashAlgorithm.Create(validationAlgorithm) : HashAlgorithm.Create(); byte[] expectedHash = hashAlgorithm.ComputeHash(cipherText); sigChecker(actualHash, expectedHash); // Decrypt the ciphertext MemoryStream cipherTextStream = new MemoryStream(cipherText); SymmetricAlgorithm cipher = encryptionAlgorithm != null ? SymmetricAlgorithm.Create(encryptionAlgorithm) : SymmetricAlgorithm.Create(); cipher.Mode = CipherMode.CBC; cipher.Padding = PaddingMode.PKCS7; cipher.Key = encryptionKey; cipher.IV = iv; CryptoStream cryptoStream = new CryptoStream(cipherTextStream, cipher.CreateDecryptor(), CryptoStreamMode.Read); try { deserializer(cryptoStream); } finally { cryptoStream.Close(); } }
/// <summary> /// Converts a secure string back to the object tree it represents, using /// a custom <see cref="Deserializer"/> and <see cref="SignatureChecker"/>. /// </summary> /// <param name="secureString">the secure string to be converted back to an /// object tree.</param> /// <param name="encryptionKey">the key to use to decrypt the ciphertext</param> /// <param name="validationKey">the key to use to verify the signature</param> /// <param name="deserializer">a <see cref="Deserializer"/> delegate from the /// root object of the object tree that can recreate the object tree from a /// <see cref="Stream"/> of serialized bytes.</param> /// <param name="sigChecker">a <see cref="SignatureChecker"/> delegate that /// compares an actual signature to the expected signature, throwin an exception /// if they don't match.</param> /// <remarks>The encryption and validation keys must have /// the same values as they did when <see cref="Protect(Serializer, byte[], byte[])"/> was called or /// an exception will occur.</remarks> public static void Unprotect(string secureString, byte[] encryptionKey, byte[] validationKey, Deserializer deserializer, SignatureChecker sigChecker) { Unprotect(secureString, encryptionKey, validationKey, null, null, deserializer, sigChecker); }
public void DownloadRelease(Release release) { changeLog.SetChangelog(release.Changelog); Name = release.Name; downloadProgress.CustomText = release.Asset.name; downloadProgress.Value = 0; installButton.Enabled = false; downloadProgress.Enabled = true; _releaseFile = new WebFile(new Uri(release.Asset.browser_download_url)); _releaseFile.DownloadProgress += (sender, progress) => { if (downloadProgress.IsDisposed) { return; } if (downloadProgress.InvokeRequired) { downloadProgress.BeginInvoke(new Action(() => { downloadProgress.Value = (int)Math.Ceiling(progress.Percentage); })); } else { downloadProgress.Value = (int)Math.Ceiling(progress.Percentage); } }; _releaseFile.DownloadFailed += (sender, @event) => { Log.Error(@event.Exception, "Couldn't download the Release "); MessageBox.Show(@event.Exception.Message, UpdateDownloadStrings.downloadFailed, MessageBoxButtons.OK, MessageBoxIcon.Error); }; _releaseFile.Downloaded += (sender, args) => { if (!SignatureChecker.IsValid(_releaseFile.FilePath)) { Log.Error("Wrong signature for the release"); MessageBox.Show(UpdateDownloadStrings.notSigned, UpdateDownloadStrings.notSignedTitle, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } if (installButton.InvokeRequired) { installButton.BeginInvoke(new Action(() => { installButton.Enabled = true; downloadProgress.Enabled = false; })); } else { installButton.Enabled = true; downloadProgress.Enabled = false; } }; _releaseFile.DownloadFile(); ShowDialog(); }
public LtiController(IConfiguration config) { signatureChecker = new SignatureChecker(config["LtiKey"]); }
/// <summary> /// Converts a secure string back to the object tree it represents, using /// a custom <see cref="Deserializer"/> and <see cref="SignatureChecker"/>. /// </summary> /// <param name="secureString">the secure string to be converted back to an /// object tree.</param> /// <param name="encryptionKey">the key to use to decrypt the ciphertext</param> /// <param name="validationKey">the key to use to verify the signature</param> /// <param name="deserializer">a <see cref="Deserializer"/> delegate from the /// root object of the object tree that can recreate the object tree from a /// <see cref="Stream"/> of serialized bytes.</param> /// <param name="sigChecker">a <see cref="SignatureChecker"/> delegate that /// compares an actual signature to the expected signature, throwin an exception /// if they don't match.</param> /// <remarks>The encryption and validation keys must have /// the same values as they did when <see cref="Protect(Serializer, byte[], byte[])"/> was called or /// an exception will occur.</remarks> public static void Unprotect(string secureString, byte[] encryptionKey, byte[] validationKey, Deserializer deserializer, SignatureChecker sigChecker) { byte[] secureBytes = Convert.FromBase64String(secureString); MemoryStream secureStream = new MemoryStream(secureBytes); BinaryReader binaryReader = new BinaryReader(secureStream); byte[] actualHash = binaryReader.ReadBytes(binaryReader.ReadByte()); byte[] iv = binaryReader.ReadBytes(binaryReader.ReadByte()); byte[] cipherText = binaryReader.ReadBytes((int)(secureStream.Length - secureStream.Position)); // Verify the hash KeyedHashAlgorithm macAlgorithm = KeyedHashAlgorithm.Create(); macAlgorithm.Key = validationKey; byte[] expectedHash = macAlgorithm.ComputeHash(cipherText); sigChecker(actualHash, expectedHash); // Decrypt the ciphertext MemoryStream cipherTextStream = new MemoryStream(cipherText); SymmetricAlgorithm cipher = SymmetricAlgorithm.Create(); cipher.Mode = CipherMode.CBC; cipher.Padding = PaddingMode.PKCS7; cipher.Key = encryptionKey; cipher.IV = iv; CryptoStream cryptoStream = new CryptoStream(cipherTextStream, cipher.CreateDecryptor(), CryptoStreamMode.Read); try { deserializer(cryptoStream); } finally { cryptoStream.Close(); } }