private static void SignElement(string absoluteCertFilePath, string password, object element)
{
TElXMLSigner Signer;
TElXAdESSigner XAdESSigner = null;
TElXMLKeyInfoRSAData RSAKeyData = null;
TElXMLKeyInfoX509Data X509KeyData = null;
TElXMLKeyInfoPGPData PGPKeyData = null;
FileStream F;
TElXMLDOMNode SigNode;
TElXMLReferenceList Refs = new TElXMLReferenceList();
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
if ((TElXMLDOMNode)element is TElXMLDOMDocument)
{
Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
Ref.URI = "";
}
else
if ((TElXMLDOMNode)element is TElXMLDOMElement)
{
Ref.URINode = (TElXMLDOMNode)element;
TElXMLDOMElement El = (TElXMLDOMElement)element;
if (El.GetAttribute("ID") != "")
{
Ref.URI = "#" + El.GetAttribute("ID");
}
else
if (El.ParentNode is TElXMLDOMDocument)
{
Ref.URI = "";
}
else
{
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
}
else
{
Ref.URINode = (TElXMLDOMNode)element;
Ref.URI = ((TElXMLDOMNode)element).LocalName;
}
Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
Ref.TransformChain.Add(new TElXMLC14NTransform());
Refs.Add(Ref);
Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5;
Signer.References = Refs;
Signer.KeyName = String.Empty;
Signer.IncludeKey = false;
Signer.OnFormatElement += FormatElement;
Signer.OnFormatText += FormatText;
if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
{
TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = password;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);
try
{
// trying to load file as RSA key material
RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
}
catch { }
if (!RSAKeyData.RSAKeyMaterial.SecretKey)
{
// trying to load file as Certificate
F.Position = 0;
LoadCertificate(F, password, X509KeyData);
}
if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
(X509KeyData.Certificate == null))
{
// trying to load file as PGP key
F.Position = 0;
PGPKeyData.SecretKey = new TElPGPSecretKey();
PGPKeyData.SecretKey.Passphrase = password;
try
{
((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
}
catch
{
PGPKeyData.SecretKey = null;
}
}
F.Close();
if (RSAKeyData.RSAKeyMaterial.SecretKey)
{
Signer.KeyData = RSAKeyData;
}
else if (X509KeyData.Certificate != null)
{
if (!X509KeyData.Certificate.PrivateKeyExists)
{
throw new Exception("The selected certificate doesn''t contain a private key");
}
Signer.KeyData = X509KeyData;
}
else if (PGPKeyData.SecretKey != null)
{
Signer.KeyData = PGPKeyData;
}
Signer.UpdateReferencesDigest();
Signer.GenerateSignature();
SigNode = (TElXMLDOMNode)element;
if (SigNode is TElXMLDOMDocument)
{
SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;
}
try
{
// If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
// If the signature type is enveloped, the signature is placed as a child of the passed node.
Signer.Save(ref SigNode);
}
catch (Exception E)
{
throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
}
}
finally
{
Signer.Dispose();
if (XAdESSigner != null)
{
XAdESSigner.Dispose();
}
if (X509KeyData != null)
{
X509KeyData.Dispose();
}
if (PGPKeyData != null)
{
PGPKeyData.Dispose();
}
}
}
private static void SignElement(string absoluteCertFilePath, string password, object element)
{
TElXMLSigner Signer;
TElXAdESSigner XAdESSigner = null;
TElXMLKeyInfoRSAData RSAKeyData = null;
TElXMLKeyInfoX509Data X509KeyData = null;
TElXMLKeyInfoPGPData PGPKeyData = null;
FileStream F;
TElXMLDOMNode SigNode;
TElXMLReferenceList Refs = new TElXMLReferenceList();
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
if ((TElXMLDOMNode)element is TElXMLDOMDocument)
{
Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
Ref.URI = "";
}
else
if ((TElXMLDOMNode)element is TElXMLDOMElement)
{
Ref.URINode = (TElXMLDOMNode)element;
TElXMLDOMElement El = (TElXMLDOMElement)element;
if (El.GetAttribute("ID") != "")
Ref.URI = "#" + El.GetAttribute("ID");
else
if (El.ParentNode is TElXMLDOMDocument)
Ref.URI = "";
else
{
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
}
else
{
Ref.URINode = (TElXMLDOMNode)element;
Ref.URI = ((TElXMLDOMNode)element).LocalName;
}
Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
Ref.TransformChain.Add(new TElXMLC14NTransform());
Refs.Add(Ref);
Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5;
Signer.References = Refs;
Signer.KeyName = String.Empty;
Signer.IncludeKey = false;
Signer.OnFormatElement += FormatElement;
Signer.OnFormatText += FormatText;
if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
{
TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = password;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);
try
{
// trying to load file as RSA key material
RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
}
catch { }
if (!RSAKeyData.RSAKeyMaterial.SecretKey)
{
// trying to load file as Certificate
F.Position = 0;
LoadCertificate(F, password, X509KeyData);
}
if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
(X509KeyData.Certificate == null))
{
// trying to load file as PGP key
F.Position = 0;
PGPKeyData.SecretKey = new TElPGPSecretKey();
PGPKeyData.SecretKey.Passphrase = password;
try
{
((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
}
catch
{
PGPKeyData.SecretKey = null;
}
}
F.Close();
if (RSAKeyData.RSAKeyMaterial.SecretKey)
Signer.KeyData = RSAKeyData;
else if (X509KeyData.Certificate != null)
{
if (!X509KeyData.Certificate.PrivateKeyExists)
{
throw new Exception("The selected certificate doesn''t contain a private key");
}
Signer.KeyData = X509KeyData;
}
else if (PGPKeyData.SecretKey != null)
{
Signer.KeyData = PGPKeyData;
}
Signer.UpdateReferencesDigest();
Signer.GenerateSignature();
SigNode = (TElXMLDOMNode)element;
if (SigNode is TElXMLDOMDocument)
SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;
try
{
// If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
// If the signature type is enveloped, the signature is placed as a child of the passed node.
Signer.Save(ref SigNode);
}
catch (Exception E)
{
throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
}
}
finally
{
Signer.Dispose();
if (XAdESSigner != null)
XAdESSigner.Dispose();
if (X509KeyData != null)
X509KeyData.Dispose();
if (PGPKeyData != null)
PGPKeyData.Dispose();
}
}
private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
{
//var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);
TElXMLEncryptor Encryptor;
TElXMLKeyInfoSymmetricData SymKeyData;
TElXMLKeyInfoRSAData RSAKeyData;
TElXMLKeyInfoX509Data X509KeyData;
TElXMLKeyInfoPGPData PGPKeyData;
FileStream F;
TElXMLDOMNode EncNode;
Encryptor = new TElXMLEncryptor
{
EncryptKey = true,
EncryptionMethod = 1,
KeyName = String.Empty,
EncryptedDataType = 0,
KeyEncryptionType = 0,
KeyTransportMethod = 1,
KeyWrapMethod = 0
};
SymKeyData = new TElXMLKeyInfoSymmetricData(true);
// generate random Key & IV
SymKeyData.Key.Generate(32 * 8);
SymKeyData.Key.GenerateIV(16 * 8);
Encryptor.KeyData = SymKeyData;
// xetKeyTransport
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
F = new FileStream(certificate, FileMode.Open, FileAccess.Read);
PGPKeyData.PublicKey = new TElPGPPublicKey();
try
{
((TElPGPPublicKey)PGPKeyData.PublicKey).LoadFromStream(F);
}
catch
{
PGPKeyData.PublicKey.Dispose();
PGPKeyData.PublicKey = null;
}
F.Close();
Encryptor.KeyEncryptionKeyData = PGPKeyData;
//Encrypt Node
Encryptor.Encrypt(nodeToEnrypt);
// Save document
EncNode = Encryptor.Save(FXMLDocument);
//Replacing selected node with encrypted node
var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");
var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");
nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
encryptedAssertion.Attributes.Add(nsAttr);
encryptedAssertion.AppendChild(EncNode);
nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);
Encryptor.Dispose();
if (X509KeyData != null)
{
X509KeyData.Dispose();
}
if (PGPKeyData != null)
{
PGPKeyData.Dispose();
}
}
private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
{
//var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);
TElXMLEncryptor Encryptor;
TElXMLKeyInfoSymmetricData SymKeyData;
TElXMLKeyInfoRSAData RSAKeyData;
TElXMLKeyInfoX509Data X509KeyData;
TElXMLKeyInfoPGPData PGPKeyData;
FileStream F;
TElXMLDOMNode EncNode;
Encryptor = new TElXMLEncryptor
{
EncryptKey = true,
EncryptionMethod = 1,
KeyName = String.Empty,
EncryptedDataType = 0,
KeyEncryptionType = 0,
KeyTransportMethod = 1,
KeyWrapMethod = 0
};
SymKeyData = new TElXMLKeyInfoSymmetricData(true);
// generate random Key & IV
SymKeyData.Key.Generate(32 * 8);
SymKeyData.Key.GenerateIV(16 * 8);
Encryptor.KeyData = SymKeyData;
// xetKeyTransport
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
F = new FileStream(certificate, FileMode.Open, FileAccess.Read);
PGPKeyData.PublicKey = new TElPGPPublicKey();
try
{
((TElPGPPublicKey) PGPKeyData.PublicKey).LoadFromStream(F);
}
catch
{
PGPKeyData.PublicKey.Dispose();
PGPKeyData.PublicKey = null;
}
F.Close();
Encryptor.KeyEncryptionKeyData = PGPKeyData;
//Encrypt Node
Encryptor.Encrypt(nodeToEnrypt);
// Save document
EncNode = Encryptor.Save(FXMLDocument);
//Replacing selected node with encrypted node
var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");
var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");
nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
encryptedAssertion.Attributes.Add(nsAttr);
encryptedAssertion.AppendChild(EncNode);
nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);
Encryptor.Dispose();
if (X509KeyData != null)
X509KeyData.Dispose();
if (PGPKeyData != null)
PGPKeyData.Dispose();
}
