public static Transform fromURI(string uri) { Transform t = null; switch (uri) { case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315": t = new XmlDsigC14NTransform(); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments": t = new XmlDsigC14NWithCommentsTransform(); break; case "http://www.w3.org/2000/09/xmldsig#enveloped-signature": t = new XmlDsigEnvelopedSignatureTransform(); break; case "http://www.w3.org/TR/1999/REC-xpath-19991116": t = new XmlDsigXPathTransform(); break; case "http://www.w3.org/TR/1999/REC-xslt-19991116": t = new XmlDsigXsltTransform(); break; case "http://www.w3.org/2001/10/xml-exc-c14n#": t = new XmlDsigExcC14NTransform(); break; } return(t); }
public void Constructor() { XmlDsigC14NWithCommentsTransform xmlDsigC14NWithCommentsTransform = new XmlDsigC14NWithCommentsTransform(); Assert.Null(xmlDsigC14NWithCommentsTransform.Context); Assert.Equal("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", xmlDsigC14NWithCommentsTransform.Algorithm); Assert.Equal(new[] { typeof(Stream), typeof(XmlDocument), typeof(XmlNodeList) }, xmlDsigC14NWithCommentsTransform.InputTypes); Assert.Equal(new[] { typeof(Stream) }, xmlDsigC14NWithCommentsTransform.OutputTypes); }
public void FullChain() { TransformChain chain = new TransformChain(); XmlDsigBase64Transform base64 = new XmlDsigBase64Transform(); chain.Add(base64); Assert.Equal(base64, chain[0]); Assert.Equal(1, chain.Count); XmlDsigC14NTransform c14n = new XmlDsigC14NTransform(); chain.Add(c14n); Assert.Equal(c14n, chain[1]); Assert.Equal(2, chain.Count); XmlDsigC14NWithCommentsTransform c14nc = new XmlDsigC14NWithCommentsTransform(); chain.Add(c14nc); Assert.Equal(c14nc, chain[2]); Assert.Equal(3, chain.Count); XmlDsigEnvelopedSignatureTransform esign = new XmlDsigEnvelopedSignatureTransform(); chain.Add(esign); Assert.Equal(esign, chain[3]); Assert.Equal(4, chain.Count); XmlDsigXPathTransform xpath = new XmlDsigXPathTransform(); chain.Add(xpath); Assert.Equal(xpath, chain[4]); Assert.Equal(5, chain.Count); XmlDsigXsltTransform xslt = new XmlDsigXsltTransform(); chain.Add(xslt); Assert.Equal(xslt, chain[5]); Assert.Equal(6, chain.Count); }
public static string GetObject2(XmlDocument doc, string id) { var signedXml = new SignedXmlObject(doc) { KeyInfo = new KeyInfo(), SigningKey = (RSA) new RSACryptoServiceProvider() }; var transform1 = new XmlDsigEnvelopedSignatureTransform(); var transform2 = new XmlDsigC14NWithCommentsTransform(); var reference = new Reference { Uri = id }; reference.AddTransform(transform1); reference.AddTransform(transform2); signedXml.AddReference(reference); signedXml.ComputeSignature(); //signedXml. AsymmetricAlgorithm algorithm = new ECDsaCng(); signedXml.CheckSignature(algorithm); var result = new StreamReader((MemoryStream)transform2.GetOutput()).ReadToEnd(); if (!Verify(result, reference.DigestValue)) { throw new Exception("Wrong canonicalization object"); } //using (var file = File.CreateText(id.Replace("#", "canonical2-") + ".txt")) //{ // file.WriteLine(result); //} return(result); }
private string ExecuteXmlDSigC14NTransform(string inputXml, Encoding encoding = null, XmlResolver resolver = null) { XmlDocument doc = new XmlDocument(); doc.XmlResolver = resolver; doc.PreserveWhitespace = true; doc.LoadXml(inputXml); Encoding actualEncoding = encoding ?? Encoding.UTF8; byte[] data = actualEncoding.GetBytes(inputXml); using (Stream stream = new MemoryStream(data)) using (XmlReader reader = XmlReader.Create(stream, new XmlReaderSettings { ValidationType = ValidationType.None, DtdProcessing = DtdProcessing.Parse, XmlResolver = resolver })) { doc.Load(reader); XmlDsigC14NWithCommentsTransform transform = new XmlDsigC14NWithCommentsTransform(); transform.LoadInput(doc); return(TestHelpers.StreamToString((Stream)transform.GetOutput(), actualEncoding)); } }
public void GetOutput_UnsupportedType(Type type) { XmlDsigC14NWithCommentsTransform xmlDsigC14NWithCommentsTransform = new XmlDsigC14NWithCommentsTransform(); AssertExtensions.Throws <ArgumentException>("type", () => xmlDsigC14NWithCommentsTransform.GetOutput(type)); }
public void LoadInput_UnsupportedType(object input) { XmlDsigC14NWithCommentsTransform xmlDsigC14NWithCommentsTransform = new XmlDsigC14NWithCommentsTransform(); AssertExtensions.Throws <ArgumentException>("obj", () => xmlDsigC14NWithCommentsTransform.LoadInput(input)); }
/// <summary> /// Takes a document /// </summary> /// <param name="args"></param> /// <returns></returns> public static string AddIRMark(ref XmlDocument originalDoc, string ManifestNameSpace) { try { if ((originalDoc == null) || (originalDoc.ChildNodes.Count == 0)) { return(""); } // Load XML Return originalDoc.PreserveWhitespace = false; // originalDoc.WriteTo(new XmlTextWriter("c:\\OriginalDoc.xml", Encoding.ASCII)); // Step 1. Clone the original document and create a workspace object XmlDocument canonDoc = new XmlDocument(); canonDoc.LoadXml(originalDoc.OuterXml); // We also pick up the name table from the original document XmlNamespaceManager nsMgr = new XmlNamespaceManager(canonDoc.NameTable); // Define namespaces within the document: nsMgr.AddNamespace("ir", ManifestNameSpace); // Define a namespace for the IRheader nsMgr.AddNamespace("gt", "http://www.govtalk.gov.uk/CM/envelope"); // Define a namespace for the GovTalk element XmlNode bodyNode = null; try { // Step 2. Find the Body node and add the GovTalk namespace to it. // Originally was using select single node but this has been replced // with GetElementByTagName as SelectSingleNode has cannot be used // through the COM interface. //bodyNode = canonDoc.SelectSingleNode("//gt:Body", nsMgr); XmlNodeList BodyNodeList = canonDoc.GetElementsByTagName("Body", "http://www.govtalk.gov.uk/CM/envelope"); bodyNode = BodyNodeList[0]; bodyNode.Attributes.Append(canonDoc.CreateAttribute("xmlns")); bodyNode.Attributes["xmlns"].Value = "http://www.govtalk.gov.uk/CM/envelope"; } catch (Exception ex) { throw ex; } // Step 2. Find the IRmark and remove it // Originally was using select single node but this has been replced // with GetElementByTagName as SelectSingleNode has cannot be used // through the COM interface. // XmlNode IRheader = canonDoc.SelectSingleNode("//ir:IRheader", nsMgr); // XmlNode irMarkNode = IRheader.SelectSingleNode("//ir:IRmark", nsMgr); //if (irMarkNode != null) // IRheader.RemoveChild(irMarkNode); XmlNodeList IRHeaderNodeList; // XmlNodeList irMarkNodeList; XmlNode IRheader; XmlNode irMarkNode; IRHeaderNodeList = canonDoc.GetElementsByTagName("IRheader", ManifestNameSpace); IRheader = IRHeaderNodeList[0]; foreach (XmlNode SearchNode in IRheader.ChildNodes) { if (SearchNode.Name == "IRmark") { SearchNode.ParentNode.RemoveChild(SearchNode); } // SearchNode.RemoveAll(); } //Step 4. Generate IRmark canonDoc.PreserveWhitespace = true; // 4a. Extract <Body /> element into an XmlDocument XmlDocument workSpace = new XmlDocument(); workSpace.LoadXml(bodyNode.OuterXml); // 4b. Canonicalise Document XmlDsigC14NWithCommentsTransform transform = new XmlDsigC14NWithCommentsTransform(); transform.LoadInput(workSpace); // 4c. Create SHA1 digest Stream s = (Stream)transform.GetOutput(typeof(Stream)); SHA1 sha1 = SHA1.Create(); // 4d. Compute byte-array hash byte[] hash = sha1.ComputeHash(s); // Step 5. Replace the IRmark in the original document with the computed hash // Originally was using select single node but this has been replced // with GetElementByTagName as SelectSingleNode has cannot be used // through the COM interface. // irMarkNode = originalDoc.SelectSingleNode("//ir:IRmark", nsMgr); XmlNodeList irMarkNodeList2; irMarkNodeList2 = originalDoc.GetElementsByTagName("IRmark", ManifestNameSpace); irMarkNode = irMarkNodeList2[0]; if (irMarkNode == null) { // Add the IRMark at the specified location // XmlNode parentNode = originalDoc.SelectSingleNode("//ir:IRheader"); // XmlNode precedingNode = originalDoc.SelectSingleNode("//ir:Sender"); XmlNodeList parentNodeList; XmlNodeList precedingNodeList; parentNodeList = originalDoc.GetElementsByTagName("IRheader", ManifestNameSpace); precedingNodeList = originalDoc.GetElementsByTagName("Sender", ManifestNameSpace); XmlNode parentNode = parentNodeList[0]; XmlNode precedingNode = precedingNodeList[0]; irMarkNode = originalDoc.CreateElement("IRmark"); parentNode.InsertBefore(irMarkNode, precedingNode); } // 5a. Create the "Type" attribute if it does not exist bool found = false; foreach (XmlAttribute attr in irMarkNode.Attributes) { if (attr.Name == "Type") { found = true; break; } } if (!found) { irMarkNode.Attributes.Prepend(originalDoc.CreateAttribute("Type")); } // 5b. Assign the "Type" attribute the value of "generic" irMarkNode.Attributes["Type"].Value = "generic"; // 5c. Convert the IRmark byte-array to a Base-64 string and set the node with this value: irMarkNode.InnerText = Convert.ToBase64String(hash); // 6. Return the IRmark in Base32. return(IRMark32.ToBase32String(hash)); } catch // (Exception ex) { return("Failed the genration of the IR Mark"); } // The following code is unreachable and causes a compiler warning // return "Failed the genration of the IR Mark"; }
public string SignXml(XmlDocument xmlDoc, X509Certificate2 cert, ILogger _logger) { var Key = (RSACryptoServiceProvider)cert.PrivateKey; // Check arguments. try { if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (cert == null) { throw new ArgumentException("Certificate"); } } catch (Exception e) { _logger.Info(e.Message, "Request"); } var signedXml = new SignedXml(xmlDoc); var XMLSignature = signedXml.Signature; signedXml.SigningKey = Key; var reference = new Reference("#Header"); var env = new XmlDsigEnvelopedSignatureTransform(); var c14n = new XmlDsigC14NWithCommentsTransform(); reference.AddTransform(env); reference.AddTransform(c14n); signedXml.AddReference(reference); var reference1 = new Reference("#Body"); var env1 = new XmlDsigEnvelopedSignatureTransform(); var c14n1 = new XmlDsigC14NWithCommentsTransform(); reference1.AddTransform(env1); reference1.AddTransform(c14n1); signedXml.AddReference(reference1); var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); XMLSignature.KeyInfo = keyInfo; try { signedXml.ComputeSignature(); } catch (Exception e) { _logger.Info(e.Message + "==== Non existing Body or Header atributes!!!", "Request"); } var xmlDigitalSignature = signedXml.GetXml(); XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable); ns.AddNamespace("mioa", "http://mioa.gov.mk/interop/mim/v1"); try { var sig = xmlDoc.SelectSingleNode("//mioa:Signature", ns); sig.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); } catch (Exception e) { _logger.Info(e.Message + "==== Non existing mioa:Signature tag!!!", "Request"); } return(xmlDoc.InnerXml); }
public String BuildSamlAssertion(AttributeHolder attributes) { XmlDocument xmlDoc = new XmlDocument(); //required by World Wide Web Consortium (W3C) for digitial signatures xmlDoc.PreserveWhitespace = true; #region Build the SAML 2.0 Root Element XElement root = new XElement(saml2 + "Assertion", new XAttribute(XNamespace.Xmlns + "saml2", saml2.ToString()), new XAttribute(XNamespace.Xmlns + "xs", xs.ToString()), new XAttribute("ID", attributes.Id), new XAttribute("IssueInstant", attributes.IssueInstant), new XAttribute("Version", "2.0")); XElement issuer = new XElement(saml2 + "Issuer", new XAttribute("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"), attributes.ElectronicEntityId); root.Add(issuer); xmlDoc.Load(root.CreateReader()); #endregion #region Build the Conditions Block /*.Net seems to process much quicker than JAVA, and so we set the NotBefore condition back by * 10 seconds so that when the request is sent we don't run into problems of not meeting our own * conditions on the ISI. This was a problem found during testing, and this seems to have resolved * the issue. */ TimeSpan ts = new TimeSpan(0, 0, 10); XElement conditions = new XElement(saml2 + "Conditions", new XAttribute("NotBefore", DateTime.Now.Subtract(ts).ToUniversalTime()), new XAttribute("NotOnOrAfter", DateTime.Now.AddMonths(12).ToUniversalTime())); XElement restrictions = new XElement(saml2 + "AudienceRestriction"); XElement audience = new XElement(saml2 + "Audience", "urn:mise:all"); restrictions.Add(new XElement(audience)); conditions.Add(new XElement(restrictions)); XmlNode conditionNode = xmlDoc.ReadNode(conditions.CreateReader()); xmlDoc.DocumentElement.AppendChild(conditionNode); #endregion #region Build the Attribute Statement Block XElement attributeHolder = new XElement(saml2 + "AttributeStatement"); attributeHolder.Add(this.AssertionBuilder("ElectronicIdentityId", "mise:1.2:user:ElectronicIdentityId", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.ElectronicEntityId)); attributeHolder.Add(this.AssertionBuilder("FullName", "mise:1.2:user:FullName", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.FullName)); attributeHolder.Add(this.AssertionBuilder("CitizenshipCode", "mise:1.2:user:CitizenshipCode", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.CitizenCodes)); attributeHolder.Add(this.AssertionBuilder("Scope", "mise:1.2:user:Scope", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.Scope)); attributeHolder.Add(this.AssertionBuilder("LawEnforcementIndicator", "mise:1.2:user:LawEnforcementIndicator", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.LEI.ToString())); attributeHolder.Add(this.AssertionBuilder("PrivacyProtectedIndicator", "mise:1.2:user:PrivacyProtectedIndicator", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.PPI.ToString())); attributeHolder.Add(this.AssertionBuilder("COIIndicator", "mise:1.2:user:COIIndicator", "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", attributes.COI.ToString())); XmlNode attrNode = xmlDoc.ReadNode(attributeHolder.CreateReader()); xmlDoc.DocumentElement.AppendChild(attrNode); #endregion //need to sign after all other nodes have been created #region Build the Signature Block SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SigningKey = _privateCert.PrivateKey; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(true); env.Algorithm = SignedXml.XmlDsigEnvelopedSignatureTransformUrl; reference.AddTransform(env); //With respect to the trustfabric the transform c14t with comments are required //for the interoperability between c# and java XmlDsigC14NWithCommentsTransform c14t = new XmlDsigC14NWithCommentsTransform(); c14t.Algorithm = SignedXml.XmlDsigC14NWithCommentsTransformUrl; reference.AddTransform(c14t); KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data keyInfoData = new KeyInfoX509Data(_privateCert); keyInfo.AddClause(keyInfoData); signedXml.KeyInfo = keyInfo; signedXml.AddReference(reference); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.ComputeSignature(); XmlElement assignedSignature = signedXml.GetXml(); //insert the cert in the correct document location (not necassary will work if appendchild is used) xmlDoc.DocumentElement.InsertBefore(xmlDoc.ImportNode(assignedSignature, true), conditionNode); #endregion return(xmlDoc.OuterXml); }