public void getRecipient(byte[] encodedEnvelopedCms) { _not_applied_certs = new HashSet <string>(); // Prepare object in which to decode and decrypt. EnvelopedCms envelopedCms = new EnvelopedCms(); // Decode the message. envelopedCms.Decode(encodedEnvelopedCms); RecipientInfoCollection recips = envelopedCms.RecipientInfos; foreach (RecipientInfo info in recips) { X509IssuerSerial serial = (X509IssuerSerial)info.RecipientIdentifier.Value; X509Certificate2Collection found_certs = FindCerts(serial.SerialNumber.ToString()); if (found_certs.Count == 0) { _not_applied_certs.Add(serial.SerialNumber.ToString()); } applied_certs.AddRange(found_certs); } applied_certs = removeDuplicates(applied_certs); }
public static void ReuseEnvelopeCmsEncodeThenDecode() { // Test ability to encrypt, encode and decode all in one EnvelopedCms instance. ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo; Assert.NotNull(recipientInfo); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
public void T1_ValidSignature() { byte[] data = GetData("SignedValidSignaturesTest1.eml"); SignedCms cms = new SignedCms(); cms.Decode(data); Assert.IsTrue(CheckHash(cms), "CheckHash"); Assert.IsTrue(CheckSignature(cms), "CheckSignature"); X509Certificate2 ee = GetCertificate("ValidCertificatePathTest1EE.crt"); // certificates aren't in any particuliar order Assert.IsTrue(cms.Certificates.Contains(ee), "EE"); Assert.IsTrue(cms.Certificates.Contains(GoodCACert), "GoodCACert"); Assert.IsFalse(cms.Detached, "Detached"); Assert.AreEqual(1, cms.Version, "Version"); Assert.AreEqual("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid"); Assert.AreEqual("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-3B-20-63-68-61-72-73-65-74-3D-69-73-6F-2D-38-38-35-39-2D-31-0D-0A-43-6F-6E-74-65-6E-74-2D-54-72-61-6E-73-66-65-72-2D-45-6E-63-6F-64-69-6E-67-3A-20-37-62-69-74-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E", BitConverter.ToString(cms.ContentInfo.Content), "ContentInfo.Content"); Assert.AreEqual(1, cms.SignerInfos.Count, "SignerInfos.Count"); Assert.AreEqual(ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate"); Assert.AreEqual(0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count"); Assert.AreEqual("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm"); Assert.AreEqual(0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count"); Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type"); X509IssuerSerial xis = (X509IssuerSerial)cms.SignerInfos[0].SignerIdentifier.Value; Assert.AreEqual("CN=Good CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName"); Assert.AreEqual("01", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber"); Assert.AreEqual(0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count"); Assert.AreEqual(1, cms.SignerInfos[0].Version, "SignerInfos[0].Version"); }
public IEnumerable <X509Certificate2> FindCertificates(RecipientInfoCollection recipients, StoreLocation storeLocation, StoreName storeName) { if (recipients == null) { throw new ArgumentNullException(nameof(recipients)); } X509Store x509Store = new X509Store(storeName, storeLocation); try { x509Store.Open(OpenFlags.ReadOnly); foreach (RecipientInfo recipientInfo in recipients) { if (recipientInfo.RecipientIdentifier.Value is X509IssuerSerial) { X509IssuerSerial recipientCertificateIssuerSerial = (X509IssuerSerial)recipientInfo.RecipientIdentifier.Value; string issuerName = recipientCertificateIssuerSerial.IssuerName; string serialNumber = recipientCertificateIssuerSerial.SerialNumber; X509Certificate2Collection matchingCertificates = x509Store.Certificates.Find(X509FindType.FindByIssuerDistinguishedName, (object)issuerName, false).Find(X509FindType.FindBySerialNumber, (object)serialNumber, false); foreach (X509Certificate2 x509Certificate2 in matchingCertificates) { if ((_allowNonValidCertificates || x509Certificate2.Verify()) && x509Certificate2.HasPrivateKey) { yield return(x509Certificate2); } } } } } finally { x509Store.Close(); } }
public static void AddSignerWithNegativeSerial() { const string expectedSerial = "FD319CB1514B06AF49E00522277E43C8"; ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 }); SignedCms cms = new SignedCms(contentInfo, false); using (X509Certificate2 cert = Certificates.NegativeSerialNumber.TryGetCertificateWithPrivateKey()) { Assert.Equal(expectedSerial, cert.SerialNumber); CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert); signer.IncludeOption = X509IncludeOption.EndCertOnly; cms.ComputeSignature(signer); } SignerInfoCollection signers = cms.SignerInfos; Assert.Equal(1, signers.Count); SignerInfo signerInfo = signers[0]; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, signerInfo.SignerIdentifier.Type); X509IssuerSerial issuerSerial = (X509IssuerSerial)signerInfo.SignerIdentifier.Value; Assert.Equal(expectedSerial, issuerSerial.SerialNumber); Assert.NotNull(signerInfo.Certificate); // Assert.NoThrow cms.CheckSignature(true); }
public UniversalSubjectIdentifier(CRYPTOAPI_BLOB issuer, CRYPTOAPI_BLOB serialNumber) { var allZeroSerial = IsBlobAllZero(serialNumber); if (allZeroSerial) { var x500Name = LocalBufferSafeHandle.Zero; var flags = EncodingType.PKCS_7_ASN_ENCODING | EncodingType.X509_ASN_ENCODING; uint size = 0; if (Crypt32.CryptDecodeObjectEx(flags, (IntPtr)7, issuer.pbData, issuer.cbData, CryptDecodeFlags.CRYPT_DECODE_ALLOC_FLAG, IntPtr.Zero, out x500Name, ref size)) { using (x500Name) { var info = Marshal.PtrToStructure <CERT_NAME_INFO>(x500Name.DangerousGetHandle()); for (var i = 0L; i < info.cRDN; i++) { var rdn = Marshal.PtrToStructure <CERT_RDN>(new IntPtr(info.rgRDN.ToInt64() + i * Marshal.SizeOf <CERT_RDN>())); for (var j = 0; j < rdn.cRDNAttr; j++) { var attribute = Marshal.PtrToStructure <CERT_RDN_ATTR>(new IntPtr(rdn.rgRDNAttr.ToInt64() + j * Marshal.SizeOf <CERT_RDN_ATTR>())); if (attribute.pszObjId == KnownOids.KeyId) { Type = SubjectIdentifierType.SubjectKeyIdentifier; var ski = new byte[attribute.Value.cbData]; Marshal.Copy(attribute.Value.pbData, ski, 0, ski.Length); Value = HashHelpers.HexEncodeBigEndian(ski); return; } } } } } } unsafe { var result = Crypt32.CertNameToStr(EncodingType.PKCS_7_ASN_ENCODING | EncodingType.X509_ASN_ENCODING, new IntPtr(&issuer), CertNameStrType.CERT_X500_NAME_STR | CertNameStrType.CERT_NAME_STR_REVERSE_FLAG, null, 0); if (result <= 1) { throw new InvalidOperationException(); } var builder = new StringBuilder((int)result); var final = Crypt32.CertNameToStr(EncodingType.PKCS_7_ASN_ENCODING | EncodingType.X509_ASN_ENCODING, new IntPtr(&issuer), CertNameStrType.CERT_X500_NAME_STR | CertNameStrType.CERT_NAME_STR_REVERSE_FLAG, builder, result); if (final <= 1) { throw new InvalidOperationException(); } var serial = new byte[serialNumber.cbData]; Marshal.Copy(serialNumber.pbData, serial, 0, serial.Length); var issuerSerial = new X509IssuerSerial(); issuerSerial.IssuerName = builder.ToString(); issuerSerial.SerialNumber = HashHelpers.HexEncodeBigEndian(serial); Value = issuerSerial; Type = SubjectIdentifierType.IssuerAndSerialNumber; } }
public void IssuerAndSerialNumber() { SubjectIdentifier si = GetSubjectIdentifier(issuerAndSerialNumberSignature); Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, si.Type, "SignerIdentifier.Type"); Assert.IsTrue((si.Value.GetType() == typeof(X509IssuerSerial)), "SignerIdentifier.Value"); X509IssuerSerial xis = (X509IssuerSerial)si.Value; Assert.AreEqual("CN=Motus Technologies inc.(test)", xis.IssuerName, "X509IssuerSerial.IssuerName"); Assert.AreEqual("91C44B0DB7D81084422671B397B50097", xis.SerialNumber, "X509IssuerSerial.SerialNumber"); }
public static void TestKeyAgreeRecipientIdValue_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=\"Managed PKCS#7 Test Root Authority\"", xis.IssuerName); Assert.Equal("0AE59B0CB8119F8942EDA74163413A02", xis.SerialNumber); }
public static void TestKeyTransRecipientIdValue_FixedValue() { KeyTransRecipientInfo recipient = FixedValueKeyTrans1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
protected X509Certificate2 FindCertificate(X509IssuerSerial issuerSerial, X509Certificate2Collection certificateCollection) { var byDN = certificateCollection.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false); if (byDN.Count < 1) { return(null); } var bySerial = byDN.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false); if (bySerial.Count != 1) { return(null); } return(bySerial[0]); }
public static SubjectIdentifier ToSubjectIdentifier(this CERT_ID certId) { switch (certId.dwIdChoice) { case CertIdChoice.CERT_ID_ISSUER_SERIAL_NUMBER: { const int dwStrType = (int)(CertNameStrTypeAndFlags.CERT_X500_NAME_STR | CertNameStrTypeAndFlags.CERT_NAME_STR_REVERSE_FLAG); string issuer; unsafe { DATA_BLOB *dataBlobPtr = &certId.u.IssuerSerialNumber.Issuer; int nc = Interop.Crypt32.CertNameToStr((int)MsgEncodingType.All, dataBlobPtr, dwStrType, null, 0); if (nc <= 1) // The API actually return 1 when it fails; which is not what the documentation says. { throw Interop.CPError.GetLastWin32Error().ToCryptographicException(); } Span <byte> name = nc <= 256 ? stackalloc byte[nc * sizeof_wchar_t] : new byte[nc * sizeof_wchar_t]; fixed(byte *namePtr = name) { nc = Interop.Crypt32.CertNameToStr((int)MsgEncodingType.All, dataBlobPtr, dwStrType, (char *)namePtr, nc); if (nc <= 1) // The API actually return 1 when it fails; which is not what the documentation says. { throw Interop.CPError.GetLastWin32Error().ToCryptographicException(); } issuer = System.Text.Encoding.UTF32.GetString(name.Slice(0, (nc - 1) * sizeof_wchar_t).ToArray()); } } byte[] serial = certId.u.IssuerSerialNumber.SerialNumber.ToByteArray(); X509IssuerSerial issuerSerial = new X509IssuerSerial(issuer, serial.ToSerialString()); return(new SubjectIdentifier(SubjectIdentifierType.IssuerAndSerialNumber, issuerSerial)); } case CertIdChoice.CERT_ID_KEY_IDENTIFIER: { byte[] ski = certId.u.KeyId.ToByteArray(); return(new SubjectIdentifier(SubjectIdentifierType.SubjectKeyIdentifier, ski.ToSkiString())); } default: throw new CryptographicException(SR.Format(SR.Cryptography_Cms_Invalid_Subject_Identifier_Type, certId.dwIdChoice)); } }
public void IssuerAndSerialNumber() { KeyTransRecipientInfo ktri = GetKeyTransRecipientInfo(issuerAndSerialNumber); Assert.AreEqual("CA-4B-97-9C-AB-79-C6-DF-6A-27-C7-24-C4-5E-3B-31-AD-BC-25-E6-38-5E-79-26-0E-68-46-1D-21-81-38-92-EC-CB-7C-91-D6-09-38-91-CE-50-5B-70-31-B0-9F-FC-E2-EE-45-BC-4B-F8-9A-D9-EE-E7-4A-3D-CD-8D-FF-10-AB-C8-19-05-54-5E-40-7A-BE-2B-D7-22-97-F3-23-AF-50-F5-EB-43-06-C3-FB-17-CA-BD-AD-28-D8-10-0F-61-CE-F8-25-70-F6-C8-1E-7F-82-E5-94-EB-11-BF-B8-6F-EE-79-CD-63-DD-59-8D-25-0E-78-55-CE-21-BA-13-6B", BitConverter.ToString(ktri.EncryptedKey), "EncryptedKey"); Assert.AreEqual(0, ktri.KeyEncryptionAlgorithm.KeyLength, "KeyEncryptionAlgorithm.KeyLength"); Assert.AreEqual("RSA", ktri.KeyEncryptionAlgorithm.Oid.FriendlyName, "KeyEncryptionAlgorithm.Oid.FriendlyName"); Assert.AreEqual("1.2.840.113549.1.1.1", ktri.KeyEncryptionAlgorithm.Oid.Value, "KeyEncryptionAlgorithm.Oid.Value"); Assert.AreEqual(0, ktri.KeyEncryptionAlgorithm.Parameters.Length, "KeyEncryptionAlgorithm.Parameters"); Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, ktri.RecipientIdentifier.Type, "RecipientIdentifier.Type"); X509IssuerSerial xis = (X509IssuerSerial)ktri.RecipientIdentifier.Value; Assert.AreEqual("CN=Motus Technologies inc.(test)", xis.IssuerName, "RecipientIdentifier.Value.IssuerName"); Assert.AreEqual("91C44B0DB7D81084422671B397B50097", xis.SerialNumber, "RecipientIdentifier.Value.SerialNumber"); Assert.AreEqual(RecipientInfoType.KeyTransport, ktri.Type, "Type"); Assert.AreEqual(0, ktri.Version, "Version"); }
public void EncryptToNegativeSerialNumber() { CertLoader negativeSerial = Certificates.NegativeSerialNumber; const string expectedSerial = "FD319CB1514B06AF49E00522277E43C8"; byte[] content = { 1, 2, 3 }; ContentInfo contentInfo = new ContentInfo(content); EnvelopedCms cms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = negativeSerial.GetCertificate()) { Assert.Equal(expectedSerial, cert.SerialNumber); CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert); cms.Encrypt(recipient); } EnvelopedCms cms2 = new EnvelopedCms(); cms2.Decode(cms.Encode()); RecipientInfoCollection recipients = cms2.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, recipientInfo.RecipientIdentifier.Type); X509IssuerSerial issuerSerial = (X509IssuerSerial)recipientInfo.RecipientIdentifier.Value; Assert.Equal(expectedSerial, issuerSerial.SerialNumber); using (X509Certificate2 cert = negativeSerial.TryGetCertificateWithPrivateKey()) { Assert.Equal(expectedSerial, cert.SerialNumber); cms2.Decrypt(new X509Certificate2Collection(cert)); } Assert.Equal(content, cms2.ContentInfo.Content); }
public static void ReuseEnvelopeCmsDecodeThenEncode() { byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e" + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c" + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4" + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d" + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } encodedMessage = ecms.Encode(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo; Assert.NotNull(recipientInfo); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
public static void PostDecrypt_RecipientInfos() { byte[] expectedContent = { 6, 3, 128, 33, 44 }; EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent)); ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate())); byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067" + "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380" + "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac" + "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d" + "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray(); ecms.Decode(encodedMessage); using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey()) { if (cer == null) { return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can. } X509Certificate2Collection extraStore = new X509Certificate2Collection(cer); RecipientInfoCollection col1 = ecms.RecipientInfos; ecms.Decrypt(col1[0], extraStore); // Make sure we can still RecipientInfos after a Decrypt() RecipientInfoCollection col2 = ecms.RecipientInfos; Assert.Equal(col1.Count, col2.Count); RecipientInfo r1 = col1[0]; RecipientInfo r2 = col2[0]; X509IssuerSerial is1 = (X509IssuerSerial)(r1.RecipientIdentifier.Value); X509IssuerSerial is2 = (X509IssuerSerial)(r2.RecipientIdentifier.Value); Assert.Equal(is1.IssuerName, is2.IssuerName); Assert.Equal(is1.SerialNumber, is2.SerialNumber); } }
public static string Sign(XmlDocument document, byte[] pkcs12Data, string passwordPkcs12) { using var certificate = new X509Certificate2(pkcs12Data, passwordPkcs12); try { var rsa = certificate.GetRSAPrivateKey(); var signedXml = new SignedXml(document) { SigningKey = rsa }; var env = new XmlDsigEnvelopedSignatureTransform(); var reference = new Reference { Uri = string.Empty }; reference.AddTransform(env); var keyInfo = new KeyInfo(); var kdata = new KeyInfoX509Data(certificate); var xserial = new X509IssuerSerial { IssuerName = certificate.Issuer, SerialNumber = certificate.SerialNumber }; kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber); keyInfo.AddClause(kdata); signedXml.KeyInfo = keyInfo; signedXml.AddReference(reference); signedXml.ComputeSignature(); var xmlDigitalSignature = signedXml.GetXml(); var xmlNodo = xmlDigitalSignature as XmlNode; document.DocumentElement.AppendChild(document.ImportNode(xmlNodo, true)); return(document.OuterXml); } finally { certificate.Dispose(); } }
public void RemoveCounterSignature(SignerInfo counterSignerInfo) { if (this.m_parentSignerInfo != null) { throw new CryptographicException(-2147483647); } if (counterSignerInfo == null) { throw new ArgumentNullException("counterSignerInfo"); } foreach (CryptographicAttributeObject cryptographicAttributeObject in this.UnsignedAttributes) { if (string.Compare(cryptographicAttributeObject.Oid.Value, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0) { for (int childIndex = 0; childIndex < cryptographicAttributeObject.Values.Count; ++childIndex) { SignerInfo signerInfo = new SignerInfo(this.m_signedCms, this.m_parentSignerInfo, cryptographicAttributeObject.Values[childIndex].RawData); if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) { X509IssuerSerial x509IssuerSerial1 = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value; X509IssuerSerial x509IssuerSerial2 = (X509IssuerSerial)signerInfo.SignerIdentifier.Value; if (string.Compare(x509IssuerSerial1.IssuerName, x509IssuerSerial2.IssuerName, StringComparison.OrdinalIgnoreCase) == 0 && string.Compare(x509IssuerSerial1.SerialNumber, x509IssuerSerial2.SerialNumber, StringComparison.OrdinalIgnoreCase) == 0) { this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex); return; } } else if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && string.Compare(counterSignerInfo.SignerIdentifier.Value as string, signerInfo.SignerIdentifier.Value as string, StringComparison.OrdinalIgnoreCase) == 0) { this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex); return; } } } } throw new CryptographicException(-2146889714); }
internal static unsafe X509IssuerSerial DecodeIssuerSerial(CAPI.CERT_ISSUER_SERIAL_NUMBER pIssuerAndSerial) { SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle; uint csz = CAPI.CAPISafe.CertNameToStrW(65537U, new IntPtr((void *)&pIssuerAndSerial.Issuer), 33554435U, invalidHandle, 0U); if (csz <= 1U) { throw new CryptographicException(Marshal.GetLastWin32Error()); } SafeLocalAllocHandle psz = CAPI.LocalAlloc(0U, new IntPtr((long)(2U * csz))); if (CAPI.CAPISafe.CertNameToStrW(65537U, new IntPtr((void *)&pIssuerAndSerial.Issuer), 33554435U, psz, csz) <= 1U) { throw new CryptographicException(Marshal.GetLastWin32Error()); } X509IssuerSerial x509IssuerSerial = new X509IssuerSerial(); x509IssuerSerial.IssuerName = Marshal.PtrToStringUni(psz.DangerousGetHandle()); byte[] numArray = new byte[(IntPtr)pIssuerAndSerial.SerialNumber.cbData]; Marshal.Copy(pIssuerAndSerial.SerialNumber.pbData, numArray, 0, numArray.Length); x509IssuerSerial.SerialNumber = X509Utils.EncodeHexStringFromInt(numArray); psz.Dispose(); return(x509IssuerSerial); }
static DCinemaSecurityMessageType BuildDCinemaSecurityMessage(X509Certificate2 x509Certificate2) { DCinemaSecurityMessageType dCinemaSecurityMessageType = new DCinemaSecurityMessageType(); dCinemaSecurityMessageType.AuthenticatedPublic = new AuthenticatedPublicType(); dCinemaSecurityMessageType.AuthenticatedPublic.Id = "AuthenticatedPublic.Id." + Guid.NewGuid().ToString(); dCinemaSecurityMessageType.AuthenticatedPublic.MessageId = "urn:uuid:" + Guid.NewGuid().ToString(); dCinemaSecurityMessageType.AuthenticatedPublic.MessageType = "http://www.smpte-ra.org/schemas/430-3/2006/ETM"; dCinemaSecurityMessageType.AuthenticatedPublic.AnnotationText = new UserText(); dCinemaSecurityMessageType.AuthenticatedPublic.AnnotationText.Value = "Empty Extra-Theatre Message"; dCinemaSecurityMessageType.AuthenticatedPublic.AnnotationText.language = "en-us"; dCinemaSecurityMessageType.AuthenticatedPublic.IssueDate = DateTime.Now; X509IssuerSerial issuerSerial = new X509IssuerSerial(); issuerSerial.IssuerName = x509Certificate2.IssuerName.Name; issuerSerial.SerialNumber = x509Certificate2.SerialNumber; dCinemaSecurityMessageType.AuthenticatedPublic.Signer = issuerSerial; dCinemaSecurityMessageType.AuthenticatedPrivate = new AuthenticatedPrivateType(); dCinemaSecurityMessageType.AuthenticatedPrivate.Id = "AuthenticatedPrivate.Id." + Guid.NewGuid().ToString(); return(dCinemaSecurityMessageType); }
static void Main(string[] args) { X509Certificate2 x509Certificate2 = GetCertificate("990B25F50DC7E2B548BE75AFED579448"); //X509Certificate2 x509Certificate2 = GetCertificate("0efb7eebdcda4f64a718db3ff908b085"); //X509Certificate2 x509Certificate2 = GetCertificate("2E0A6058EA90DB8C46D1FD3513A877F8"); DCinemaSecurityMessageType extraTheatreMessage = new DCinemaSecurityMessageType(); XmlSerializer xmlSerializer = new XmlSerializer(extraTheatreMessage.GetType()); extraTheatreMessage.AuthenticatedPublic = new AuthenticatedPublicType(); extraTheatreMessage.AuthenticatedPublic.Id = "AuthenticatedPublic.Id." + Guid.NewGuid().ToString(); extraTheatreMessage.AuthenticatedPublic.MessageId = "urn:uuid:" + Guid.NewGuid().ToString(); extraTheatreMessage.AuthenticatedPublic.MessageType = "http://www.smpte-ra.org/schemas/430-3/2006/ETM"; extraTheatreMessage.AuthenticatedPublic.AnnotationText = new UserText(); extraTheatreMessage.AuthenticatedPublic.AnnotationText.Value = "Empty Extra-Theatre Message"; extraTheatreMessage.AuthenticatedPublic.AnnotationText.language = "en-us"; extraTheatreMessage.AuthenticatedPublic.IssueDate = DateTime.Now; X509IssuerSerial issuerSerial = new X509IssuerSerial(); issuerSerial.IssuerName = x509Certificate2.IssuerName.Name; issuerSerial.SerialNumber = x509Certificate2.SerialNumber; extraTheatreMessage.AuthenticatedPublic.Signer = issuerSerial; extraTheatreMessage.AuthenticatedPrivate = new AuthenticatedPrivateType(); extraTheatreMessage.AuthenticatedPrivate.Id = "AuthenticatedPrivate.Id." + Guid.NewGuid().ToString(); #region Build the signature elements SignedXml signedXml = null; try { signedXml = new SignedXml(); signedXml.SigningKey = x509Certificate2.PrivateKey; //signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/ 2001/04/xmldsig-more#rsasha256"; //signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; StringWriter stringWriter = new StringWriter(); xmlSerializer.Serialize(stringWriter, extraTheatreMessage); string serializedXML = stringWriter.ToString(); #region Build the AuthenticatedPublic DataObject & Reference string xmlAuthenticatedPublic = GetCleanElement(serializedXML, "AuthenticatedPublic"); XmlDocument docAuthenticatedPublic = new XmlDocument(); docAuthenticatedPublic.LoadXml(xmlAuthenticatedPublic.ToString()); //XmlAttribute attrAuthenticatedPublic = docAuthenticatedPublic.CreateAttribute("xmlns"); //attrAuthenticatedPublic.Value = "http://www.smpte-ra.org/schemas/430-3/2006/ETM"; //docAuthenticatedPublic.DocumentElement.Attributes.Append(attrAuthenticatedPublic); DataObject dataObjectAuthenticatedPublic = new DataObject("AuthenticatedPublic", "", "", docAuthenticatedPublic.DocumentElement); //DataObject dataObjectAuthenticatedPublic = new DataObject(); dataObjectAuthenticatedPublic.Data = docAuthenticatedPublic.ChildNodes; dataObjectAuthenticatedPublic.Id = "AuthenticatedPublic"; signedXml.AddObject(dataObjectAuthenticatedPublic); Reference referenceAuthenticatedPublic = new Reference(); referenceAuthenticatedPublic.Uri = "#AuthenticatedPublic"; referenceAuthenticatedPublic.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; signedXml.AddReference(referenceAuthenticatedPublic); #endregion #region Build the AuthenticatedPublic DataObject & Reference string xmlAuthenticatedPrivate = GetCleanElement(serializedXML, "AuthenticatedPrivate"); XmlDocument docAuthenticatedPrivate = new XmlDocument(); docAuthenticatedPrivate.LoadXml(xmlAuthenticatedPrivate.ToString()); //XmlAttribute attrAuthenticatedPrivate = docAuthenticatedPrivate.CreateAttribute("xmlns"); //attrAuthenticatedPrivate.Value = "http://www.smpte-ra.org/schemas/430-3/2006/FLM"; //docAuthenticatedPrivate.DocumentElement.Attributes.Append(attrAuthenticatedPrivate); DataObject dataObjectAuthenticatedPrivate = new DataObject("AuthenticatedPrivate", "", "", docAuthenticatedPrivate.DocumentElement); //DataObject dataObjectAuthenticatedPrivate = new DataObject("AuthenticatedPrivate", "", "", docAuthenticatedPrivate.DocumentElement); //dataObjectAuthenticatedPrivate.Data = docAuthenticatedPrivate.ChildNodes; //dataObjectAuthenticatedPrivate.Id = "AuthenticatedPrivate"; signedXml.AddObject(dataObjectAuthenticatedPrivate); Reference referenceAuthenticatedPrivate = new Reference(); referenceAuthenticatedPrivate.Uri = "#AuthenticatedPrivate"; referenceAuthenticatedPrivate.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // Add the reference to the message. signedXml.AddReference(referenceAuthenticatedPrivate); #endregion // Add a KeyInfo. KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(x509Certificate2, X509IncludeOption.WholeChain)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); XmlElement singedElement = signedXml.GetXml(); XmlSerializer signedSerializer = new XmlSerializer(singedElement.GetType()); StreamWriter signedWriter = new StreamWriter("D:\\signedSerializer.Test.xml"); signedSerializer.Serialize(signedWriter, singedElement); signedWriter.Close(); } catch (CryptographicException e) { Console.WriteLine(e.Message); } #endregion #region Fill in the signature element extraTheatreMessage.Signature = signedXml.Signature.GetXml(); #endregion xmlSerializer.Serialize(Console.Out, extraTheatreMessage); Console.WriteLine("\r\n"); TextWriter WriteFileStream = new StreamWriter(@"\Source_SMPTE\Output\ExtraTheatreMessage.xml"); xmlSerializer.Serialize(WriteFileStream, extraTheatreMessage); WriteFileStream.Close(); ServiceExtraTheatreMessageClient client = new ServiceExtraTheatreMessageClient(); string response = client.ETM(extraTheatreMessage); DCinemaSecurityMessageType existingETM = new DCinemaSecurityMessageType(); TextReader readFileStream = new StreamReader(@"\Source_SMPTE\Input\DCinemaSecurityMessageType_AMC.xml"); existingETM = (DCinemaSecurityMessageType)xmlSerializer.Deserialize(readFileStream); readFileStream.Close(); existingETM.AuthenticatedPrivate = new AuthenticatedPrivateType(); existingETM.Signature = signedXml.Signature.GetXml(); WriteFileStream = new StreamWriter(@"\Source_SMPTE\Output\Read_ExtraTheatreMessage.xml"); xmlSerializer.Serialize(WriteFileStream, existingETM); WriteFileStream.Close(); response = client.ETM(existingETM); }
/// <summary> /// Sign an XML document and save in a file /// </summary> /// <param name="xmlData">XML document</param> /// <param name="SignedFileName">Output filename</param> /// <param name="cert">The cert.</param> /// <param name="cspParam">The CSP parameter.</param> /// <exception cref="System.ArgumentNullException"> /// xmlData /// or /// SignedFileName /// </exception> public static void SignXml(XDocument xmlData, string SignedFileName, X509Certificate cert, CspParameters cspParam) { if (null == xmlData) { throw new ArgumentNullException("xmlData"); } if (null == SignedFileName) { throw new ArgumentNullException("SignedFileName"); } // Convert the cert into system format Sys.X509Certificate2 sysCert = new Sys.X509Certificate2(cert.GetEncoded()); // Create a new XML document. XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(xmlData.CreateReader()); // Remove old signature if there is one XmlNodeList nodeList = doc.GetElementsByTagName("Signature"); if (nodeList.Count > 0) { XmlNode xmlNode = nodeList[0]; // Remove the signature node xmlNode.RemoveAll(); doc.DocumentElement.RemoveChild(xmlNode); } if (cspParam != null) // RSA/DSA signing key { // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Create a reference element for the signature. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a KeyInfo element. KeyInfo keyInfo = new KeyInfo(); // Create KeyInfoX509Data subelement and configure // Load the certificate into the KeyInfoX509Data subelement KeyInfoX509Data kdata = new KeyInfoX509Data(sysCert); // Create an X509IssuerSerial element and add it to the // KeyInfoX509Data. X509IssuerSerial xserial = new X509IssuerSerial(); xserial.IssuerName = sysCert.IssuerName.Name; xserial.SerialNumber = sysCert.SerialNumber; kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber); // Add the KeyInfoX509Data subelement to the KeyInfo element keyInfo.AddClause(kdata); // Add the KeyInfo element to the SignedXml object. signedXml.KeyInfo = keyInfo; // Compute the signature using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParam)) { // Set the key to sign the Xml document signedXml.SigningKey = rsa; // Compute the signature. signedXml.ComputeSignature(); } // Get the XML representation of the signature XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); // Get rid of the <?xml version.. in the document (it is added by the writer?) if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } } // Save the signed XML document to the specified file. using (XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false))) { doc.WriteTo(xmltw); xmltw.Flush(); xmltw.Close(); } }
public void parsePKCS7(byte[] pkcs7stream, TreeNode node) { byte[] data = pkcs7stream; try { EnvelopedCms envData = new EnvelopedCms(); envData.Decode(data); TreeNode pkcs = node; String str; str = "Encryption Algorithm"; txtBox.AppendText(str + "\n"); TreeNode encAlgo = pkcs.Nodes.Add(str); str = " Name=" + envData.ContentEncryptionAlgorithm.Oid.FriendlyName + " / OID=" + envData.ContentEncryptionAlgorithm.Oid.Value; txtBox.AppendText(str + "\n"); TreeNode encName = pkcs.Nodes.Add(str.Trim()); str = " Key length=" + envData.ContentEncryptionAlgorithm.KeyLength + " bit"; txtBox.AppendText(str + "\n\n"); TreeNode encKey = pkcs.Nodes.Add(str.Trim()); str = "Number of recipients " + envData.RecipientInfos.Count; txtBox.AppendText(str + "\n"); TreeNode numRecp = node.Nodes.Add(str); int num = 1; foreach (RecipientInfo r in envData.RecipientInfos) { txtBox.AppendText("=================\n"); TreeNode rec = numRecp.Nodes.Add("Recipient Nr: " + num++); str = " Encrypted key=" + BitConverter.ToString(r.EncryptedKey) + " (" + r.EncryptedKey.Length + " bytes)"; txtBox.AppendText(str + "\n"); TreeNode n = rec.Nodes.Add(str.Trim()); str = " Encryption alg=" + r.KeyEncryptionAlgorithm.Oid.FriendlyName + ", OID=" + r.KeyEncryptionAlgorithm.Oid.Value; txtBox.AppendText(str + "\n"); n = rec.Nodes.Add(str.Trim()); str = " RecipientIdentifier.Type=" + r.RecipientIdentifier.Type; txtBox.AppendText(str + "\n"); n = rec.Nodes.Add(str.Trim()); switch (r.RecipientIdentifier.Type) { case SubjectIdentifierType.IssuerAndSerialNumber: X509IssuerSerial xi = (X509IssuerSerial)r.RecipientIdentifier.Value; str = " Issuer=" + xi.IssuerName; txtBox.AppendText(str + "\n"); rec.Nodes.Add(str.Trim()); str = " SerialNumber=" + xi.SerialNumber + " (hex)"; txtBox.AppendText(str + "\n"); rec.Nodes.Add(str.Trim()); bool found = false; foreach (X509Certificate2 c in certs.Values) { if (c.SerialNumber.ToLower() == xi.SerialNumber.ToLower()) { str = " Certificate Details=" + printCertDetails(c); txtBox.AppendText(str + "\n"); rec.Nodes.Add(str.Trim()); found = true; } } if (!found) { str = " Certificate Details=<could not be identified in AD>"; txtBox.AppendText(str + "\n"); rec.Nodes.Add(str.Trim()); } break; case SubjectIdentifierType.NoSignature: str = " No signature"; txtBox.AppendText(str + "\n"); rec.Nodes.Add(str.Trim()); break; case SubjectIdentifierType.SubjectKeyIdentifier: case SubjectIdentifierType.Unknown: str = " SubjectKeyInfo=" + r.RecipientIdentifier.Value + "(no X.509 tag)"; txtBox.AppendText(str + "\n"); rec.Nodes.Add(str.Trim()); break; } } txtBox.AppendText("\n"); str = "Attached certificates " + envData.Certificates.Count; txtBox.AppendText(str + "\n"); TreeNode a = node.Nodes.Add(str); foreach (X509Certificate2 cert in envData.Certificates) { str = " Subject=" + cert.SubjectName; txtBox.AppendText(str + "\n"); TreeNode n = a.Nodes.Add(str); } txtBox.AppendText("\n"); str = "Unprotected Attributes " + envData.UnprotectedAttributes.Count; txtBox.AppendText(str + "\n"); TreeNode u = node.Nodes.Add(str); foreach (CryptographicAttributeObject obj in envData.UnprotectedAttributes) { str = obj.Oid.FriendlyName; txtBox.AppendText(str + " "); TreeNode unprot = u.Nodes.Add(str); } txtBox.AppendText("\n"); } catch (Exception ex) { txtBox.AppendText(ex.Message); } finally { // reader.Close(); } }
public void parsePKCS7(byte[] pkcs7stream, TreeNode node) { /*FileStream encFile = new FileStream( * @"e:\sba-eda-smime.p7m", * FileMode.Open * ); * BinaryReader reader = new BinaryReader(encFile); * * byte[] data = new byte[encFile.Length]; * reader.Read(data, 0, Convert.ToInt32(encFile.Length)); * reader.Close(); * TextReader tr = new StreamReader("e:\\ese-smime.p7m"); * String str = tr.ReadToEnd(); * data = Convert.FromBase64String(str); */ byte[] data = pkcs7stream; try { EnvelopedCms envData = new EnvelopedCms(); envData.Decode(data); TreeNode pkcs = node; String str; str = "Encryption Algorithm"; txtBox.AppendText(str + "\n"); TreeNode encAlgo = pkcs.Nodes.Add(str); str = " Name=" + envData.ContentEncryptionAlgorithm.Oid.FriendlyName + " / OID=" + envData.ContentEncryptionAlgorithm.Oid.Value; txtBox.AppendText(str + "\n"); TreeNode encName = pkcs.Nodes.Add(str.Trim()); str = " Key length=" + envData.ContentEncryptionAlgorithm.KeyLength + " bit"; txtBox.AppendText(str + "\n\n"); TreeNode encKey = pkcs.Nodes.Add(str.Trim()); str = "Number of recipients " + envData.RecipientInfos.Count; txtBox.AppendText(str + "\n"); TreeNode numRecp = node.Nodes.Add(str); int num = 1; foreach (RecipientInfo r in envData.RecipientInfos) { txtBox.AppendText("=================\n"); TreeNode rec = numRecp.Nodes.Add("Recipient Nr: " + num++); str = " Encrypted key=" + BitConverter.ToString(r.EncryptedKey) + " (" + r.EncryptedKey.Length + " bytes)"; txtBox.AppendText(str + "\n"); TreeNode n = rec.Nodes.Add(str.Trim()); str = " Encryption alg=" + r.KeyEncryptionAlgorithm.Oid.FriendlyName + ", OID=" + r.KeyEncryptionAlgorithm.Oid.Value; txtBox.AppendText(str + "\n"); n = rec.Nodes.Add(str.Trim()); if (r.RecipientIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) { X509IssuerSerial xi = (X509IssuerSerial)r.RecipientIdentifier.Value; str = " Issuer=" + xi.IssuerName; txtBox.AppendText(str + "\n"); TreeNode i = rec.Nodes.Add(str.Trim()); str = " SerialNumber=" + xi.SerialNumber + " (hex) / " + int.Parse(xi.SerialNumber, System.Globalization.NumberStyles.HexNumber) + " (dec)"; txtBox.AppendText(str + "\n"); TreeNode s = rec.Nodes.Add(str.Trim()); } else { str = " SubjectKeyInfo=" + r.RecipientIdentifier.Value + "(no X.509 tag)"; txtBox.AppendText(str + "\n"); TreeNode s = rec.Nodes.Add(str.Trim()); } } txtBox.AppendText("\n"); str = "Attached certificates " + envData.Certificates.Count; txtBox.AppendText(str + "\n"); TreeNode a = node.Nodes.Add(str); foreach (X509Certificate2 cert in envData.Certificates) { str = " Subject=" + cert.SubjectName; txtBox.AppendText(str + "\n"); TreeNode n = a.Nodes.Add(str); } txtBox.AppendText("\n"); str = "Unprotected Attributes " + envData.UnprotectedAttributes.Count; txtBox.AppendText(str + "\n"); TreeNode u = node.Nodes.Add(str); foreach (CryptographicAttributeObject obj in envData.UnprotectedAttributes) { str = obj.Oid.FriendlyName; txtBox.AppendText(str + " "); TreeNode unprot = u.Nodes.Add(str); } txtBox.AppendText("\n"); } catch (Exception ex) { txtBox.AppendText(ex.ToString()); } finally { // reader.Close(); } }
SecurityKeyIdentifierClause ReadSecurityTokenReference(XmlReader reader) { reader.ReadStartElement(); reader.MoveToContent(); if (reader.NamespaceURI == SignedXml.XmlDsigNamespaceUrl) { KeyInfoX509Data x509 = new KeyInfoX509Data(); x509.LoadXml(new XmlDocument().ReadNode(reader) as XmlElement); if (x509.IssuerSerials.Count == 0) { throw new XmlException("'X509IssuerSerial' element is expected inside 'X509Data' element"); } X509IssuerSerial s = (X509IssuerSerial)x509.IssuerSerials [0]; reader.MoveToContent(); reader.ReadEndElement(); return(new X509IssuerSerialKeyIdentifierClause(s.IssuerName, s.SerialNumber)); } if (reader.NamespaceURI != Constants.WssNamespace) { throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI)); } switch (reader.LocalName) { case "Reference": Type ownerType = null; // FIXME: there could be more token types. if (reader.MoveToAttribute("ValueType")) { switch (reader.Value) { case Constants.WSSEncryptedKeyToken: ownerType = typeof(WrappedKeySecurityToken); break; case Constants.WSSX509Token: ownerType = typeof(X509SecurityToken); break; case Constants.WsscContextToken: ownerType = typeof(SecurityContextSecurityToken); break; default: throw new XmlException(String.Format("Unexpected ValueType in 'Reference' element: '{0}'", reader.Value)); } } reader.MoveToElement(); string uri = reader.GetAttribute("URI"); if (String.IsNullOrEmpty(uri)) { uri = "#"; } SecurityKeyIdentifierClause ic = null; if (ownerType == typeof(SecurityContextSecurityToken) && uri [0] != '#') { // FIXME: Generation? ic = new SecurityContextKeyIdentifierClause(new UniqueId(uri)); } else { ic = new LocalIdKeyIdentifierClause(uri.Substring(1), ownerType); } reader.Skip(); reader.MoveToContent(); reader.ReadEndElement(); return(ic); case "KeyIdentifier": string valueType = reader.GetAttribute("ValueType"); string value = reader.ReadElementContentAsString(); reader.MoveToContent(); reader.ReadEndElement(); // consume </Reference> switch (valueType) { case Constants.WssKeyIdentifierX509Thumbptint: return(new X509ThumbprintKeyIdentifierClause(Convert.FromBase64String(value))); case Constants.WssKeyIdentifierEncryptedKey: return(new InternalEncryptedKeyIdentifierClause(Convert.FromBase64String(value))); case Constants.WssKeyIdentifierSamlAssertion: return(new SamlAssertionKeyIdentifierClause(value)); default: // It is kinda weird but it throws XmlException here ... throw new XmlException(String.Format("KeyIdentifier type '{0}' is not supported in WSSecurityTokenSerializer.", valueType)); } default: throw new XmlException(String.Format("Unexpected SecurityTokenReference content: expected local name 'Reference' and namespace URI '{0}' but found local name '{1}' and namespace '{2}'.", Constants.WssNamespace, reader.LocalName, reader.NamespaceURI)); } }
/// <summary> /// Read XML from a stream, sign it and save in a file /// </summary> /// <param name="xmlData">Input XML stream</param> /// <param name="SignedFileName">Output filename</param> public void SignXml(Stream xmlData, string SignedFileName, X509Certificate2 cert) { if (null == xmlData) { throw new ArgumentNullException("xmlData"); } if (null == SignedFileName) { throw new ArgumentNullException("SignedFileName"); } // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. //doc.PreserveWhitespace = false; doc.PreserveWhitespace = true; // Reset the stream pointer to 0 xmlData.Position = 0; doc.Load(xmlData); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Set the key to signed the Xml document signedXml.SigningKey = cert.PrivateKey; // Create a reference element for the signature. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a KeyInfo element. KeyInfo keyInfo = new KeyInfo(); // Create KeyInfoX509Data subelement and configure // Load the certificate into the KeyInfoX509Data subelement KeyInfoX509Data kdata = new KeyInfoX509Data(cert); // Create an X509IssuerSerial element and add it to the // KeyInfoX509Data. X509IssuerSerial xserial = new X509IssuerSerial(); xserial.IssuerName = cert.IssuerName.ToString(); xserial.SerialNumber = cert.SerialNumber; kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber); // Add the KeyInfoX509Data subelement to the KeyInfo element keyInfo.AddClause(kdata); // Add the KeyInfo element to the SignedXml object. signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); // Get rid of the <?xml version.. in the document (it is added by the writer?) if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to the specified file. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); using (xmltw) { doc.WriteTo(xmltw); xmltw.Close(); } LogManager.Log(LOG_FILE.DRCA_BL, "DigitalSignatureManager.SignXML(): created file " + SignedFileName); }