protected override void AddSignatureToHeader(XmlNode node) { SignedXml signed = new SignedXmlWithAgnosticId(Document, Instillinger.Avsendersertifikat); signed.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; // Timestamp var tsReference = new Reference("#" + Settings.TimestampId); tsReference.AddTransform(new XmlDsigExcC14NTransform("wsse soapenv")); signed.AddReference(tsReference); // Body var bodyReference = new Reference("#" + Settings.BodyId); bodyReference.AddTransform(new XmlDsigExcC14NTransform("")); signed.AddReference(bodyReference); signed.KeyInfo.AddClause(new SecurityTokenReferenceClause(Instillinger.Avsendersertifikat)); signed.KeyInfo.Id = String.Format("KS-{0}", Guid.NewGuid()); signed.ComputeSignature(); Security.AppendChild(Document.ImportNode(signed.GetXml(), true)); }
public void FindIdElement() { var tests = new[] { "<{0} {2}='{1}'></{0}>", "<{0} {2}='{1}'></{0}>", "<{0} {2}='{1}'></{0}>", "<container><{0} {2}='{1}'></{0}></container>", "<container><invalid Id='notThis' /><{0} {2}='{1}'></{0}></container>", "<container><invalid ID='notThis'><{0} {2}='{1}'></{0}></invalid></container>", "<container xmlns='http://example.org'><{0} {2}='{1}'></{0}></container>", "<a:container xmlns:a='http://example.org'><{0} {2}='{1}'></{0}></a:container>", "<a:container xmlns:a='http://example.org'><a:{0} {2}='{1}'></a:{0}></a:container>", "<a:container xmlns:a='http://example.org'><b:{0} xmlns:b='http://nowhere.com' {2}='{1}'></b:{0}></a:container>", "<a:container xmlns:a='http://example.org'><{0} xmlns='' {2}='{1}'></{0}></a:container>", "<a:container xmlns:a='http://example.org'><{0} xmlns='' a:{2}='{1}'></{0}></a:container>" }; foreach (var item in tests) { foreach (var id in new string[] { "Id", "ID", "id" }) { var xml = new XmlDocument() { PreserveWhitespace = true }; xml.LoadXml(string.Format(item, "element", "value", id)); var signed = new SignedXmlWithAgnosticId(xml); var response = signed.GetIdElement(xml, "value"); Assert.IsNotNull(response); Assert.IsTrue(response.Attributes.OfType <XmlAttribute>().Any(a => a.LocalName == id && a.Value == "value")); } } }
public void FindIdElement() { var tests = new[] { "<{0} {2}='{1}'></{0}>", "<{0} {2}='{1}'></{0}>", "<{0} {2}='{1}'></{0}>", "<container><{0} {2}='{1}'></{0}></container>", "<container><invalid Id='notThis' /><{0} {2}='{1}'></{0}></container>", "<container><invalid ID='notThis'><{0} {2}='{1}'></{0}></invalid></container>", "<container xmlns='http://example.org'><{0} {2}='{1}'></{0}></container>", "<a:container xmlns:a='http://example.org'><{0} {2}='{1}'></{0}></a:container>", "<a:container xmlns:a='http://example.org'><a:{0} {2}='{1}'></a:{0}></a:container>", "<a:container xmlns:a='http://example.org'><b:{0} xmlns:b='http://nowhere.com' {2}='{1}'></b:{0}></a:container>", "<a:container xmlns:a='http://example.org'><{0} xmlns='' {2}='{1}'></{0}></a:container>", "<a:container xmlns:a='http://example.org'><{0} xmlns='' a:{2}='{1}'></{0}></a:container>"}; foreach (var item in tests) { foreach (var id in new string[] { "Id", "ID", "id" }) { var xml = new XmlDocument() { PreserveWhitespace = true }; xml.LoadXml(string.Format(item, "element", "value", id)); var signed = new SignedXmlWithAgnosticId(xml); var response = signed.GetIdElement(xml, "value"); Assert.IsNotNull(response); Assert.IsTrue(response.Attributes.OfType<XmlAttribute>().Any(a => a.LocalName == id && a.Value == "value")); } } }
protected override void AddSignatureToHeader(XmlNode node) { SignedXml signed = new SignedXmlWithAgnosticId(Document, SenderCertificate); signed.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; // Timestamp var tsReference = new Reference("#" + Settings.TimestampId); signed.AddReference(tsReference); // Body var bodyReference = new Reference("#" + Settings.BodyId); bodyReference.AddTransform(new XmlDsigExcC14NTransform("")); signed.AddReference(bodyReference); var securityToken = new SecurityTokenReferenceClause(Settings.BinarySecurityId); signed.KeyInfo.AddClause(securityToken); signed.KeyInfo.Id = $"KS-{Guid.NewGuid()}"; signed.ComputeSignature(); Security.AppendChild(Document.ImportNode(signed.GetXml(), true)); }
public override void AddSignatureElement() { SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env"); //Body { var bodyReference = new Sha256Reference("#" + Settings.GuidUtility.BodyId); bodyReference.AddTransform(new XmlDsigExcC14NTransform()); signed.AddReference(bodyReference); } //TimestampElement { var timestampReference = new Sha256Reference("#" + Settings.GuidUtility.TimestampId); timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env")); signed.AddReference(timestampReference); } //EbMessaging { var ebMessagingReference = new Sha256Reference("#" + Settings.GuidUtility.EbMessagingId); ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform()); signed.AddReference(ebMessagingReference); } signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidUtility.BinarySecurityTokenId)); signed.ComputeSignature(); Security.AppendChild(Context.ImportNode(signed.GetXml(), true)); }
public void SignatureNodeAndBinarySecurityTokenAreAlike() { //Arrange var doc = new XmlDocument { PreserveWhitespace = false }; var ResponeKvitteringMOttattForretningsmelding = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><env:Envelope xmlns:env=\"http://www.w3.org/2003/05/soap-envelope\">\r\n <env:Header>\r\n <wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" env:mustUnderstand=\"true\">\r\n <wsse:BinarySecurityToken EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\" wsu:Id=\"X509-ecd9521a-6429-4c94-a23f-07157e36f963\">MIIC+zCCAeOgAwIBAgIEqrcM8zANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBxEaWdpcG9zdCBUZXN0IENlcnQgQXV0aG9yaXR5MB4XDTE0MTAxMjEzMTI1NloXDTE1MDQxMzEzMTI1NlowFDESMBAGA1UEAwwJMTIzNDU2Nzg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8Y9dCm1sUitJdULB5RWzMwLW/CD42c6dzaa8AQzjXZr9xS7nNbnhty0y+srjk+SFu0llz5sRi7Gk8CHHrkY19/KmSLpa72f7G+mHNirYDgCZtTDdRbRWCw6NUJG26b2+rgDEWuHG9CNFmM9tuB6MrJ4yaVjzkJD26f6CWzC61awaguEJWzsue7Nu5GgAYbaaeUFni+EA2tTXXOtFqVPIcIOeGf7+jBR1bEIYWgr28O9nN2FT94GkVolnzf9j9ZfRFjfUkILD8piiCwJ6pZZ/0JPwsZgzYBv9WY4B2U4DupTnce15X4mqW3ixrOcYKMz2J6vvbuKnBdsV9hA7YC37QIDAQABo0IwQDAdBgNVHQ4EFgQUSNSjW1cox5Qh4QVfWNpqyqWA5PswHwYDVR0jBBgwFoAUqtY9y7k1XJVmr6GarUefSa0TznowDQYJKoZIhvcNAQELBQADggEBACenYWQeztec0CdEOzLRHbxx1FuFd9FNgHhDANtv7spsAepdUmD9fK0zA3Db2NctJV9BZx44FgqtRFjQ87B9xtkkDaId5z2Tw9ftGGxq9LiJAkeCgSdPbdkqMn8pc1BUrmaGu4hkuI+5vwwHTFZ4ZvI/ae5vYeECV0LsgAFi0beZ6JOgplvGirtgn484rBrtIodiTxDAMeHJDfTeYaatPKVMmuWYC3atmmjszoXsTp1F6jL+3SxB64i37XYwWgwSB1oC0kpIVBRSX4XKeBTw2x0z8pSM5Ud8yjpUd3tDACzw1FTFcjcsqpkPSNJVt2+zSdVspuEtyKQqh4seDZAy01s=</wsse:BinarySecurityToken>\r\n <wsu:Timestamp wsu:Id=\"TS-35be0956-ad1a-4b41-a650-2b1a005e9de9\">\r\n <wsu:Created>2014-10-13T13:12:59.849Z</wsu:Created>\r\n <wsu:Expires>2014-10-13T13:17:59.849Z</wsu:Expires>\r\n </wsu:Timestamp>\r\n <ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"SIG-bac0f5a4-4594-4f42-bab1-5acfa1ff2a4b\">\r\n <ds:SignedInfo>\r\n <ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"env\"/>\r\n </ds:CanonicalizationMethod>\r\n <ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/>\r\n <ds:Reference URI=\"#id-cfc59a25-a972-4ecc-b8c2-d568bfdeba8f\">\r\n <ds:Transforms>\r\n <ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"\"/>\r\n </ds:Transform>\r\n </ds:Transforms>\r\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ds:DigestValue>0r+2LLUhTpNgCnUz2SDAUBPdCMFUSeTWpW4QiAgO15A=</ds:DigestValue>\r\n </ds:Reference>\r\n <ds:Reference URI=\"#TS-35be0956-ad1a-4b41-a650-2b1a005e9de9\">\r\n <ds:Transforms>\r\n <ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"wsse env\"/>\r\n </ds:Transform>\r\n </ds:Transforms>\r\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ds:DigestValue>i6Y+T/GDrE4d+7A2nhdgDKZjUBHWLSv1+jIbLLP65P4=</ds:DigestValue>\r\n </ds:Reference>\r\n <ds:Reference URI=\"#id-3b7508d7-942f-45c5-9183-42dfd6fffaf6\">\r\n <ds:Transforms>\r\n <ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"\"/>\r\n </ds:Transform>\r\n </ds:Transforms>\r\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ds:DigestValue>c2KnUatnVYJ38Ebi5OsYDROyfAqPthXZ4QjTWglzgEc=</ds:DigestValue>\r\n </ds:Reference>\r\n </ds:SignedInfo>\r\n <ds:SignatureValue>KJiWpOsWwRxEeoai8GUGoWrHRJcNt3kyvKG6hQMtqNAXjAF9uo3/l2iP8GwwesjrjmOCX0mBwb/l5UlQ3Q7/83AhYar7hysAM/pp7FiMkzae9OgP/g6Oiil/eyIPmkTYAW5JkbRr/stAEUNScmcSSxrGvqTK1wpI5eoGT5EmyBWeGZIpoL2HDp10SeuAQ7beKX0XRqP1uQ0iYjgP7ME0gfi15Xh9QjccmTF6aMZ6GjuD7Cw8G7St3a/UlbJLGLllXBgeYy9lB6Hy61hchrQW/ye35zefwGiBWbQlcEYWrNB7dgB3Tf65uO0H94l956Kw2LT/IByN1rDYOWduHAaNEQ==</ds:SignatureValue>\r\n <ds:KeyInfo Id=\"KI-87bff0e0-f49c-42e7-900c-f1674148ce3e\">\r\n <wsse:SecurityTokenReference wsu:Id=\"STR-2f12caa9-60e9-414e-bbb9-ccb5042917b7\">\r\n <wsse:Reference URI=\"#X509-ecd9521a-6429-4c94-a23f-07157e36f963\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/>\r\n </wsse:SecurityTokenReference>\r\n </ds:KeyInfo>\r\n </ds:Signature>\r\n </wsse:Security>\r\n <eb:Messaging xmlns:eb=\"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" env:mustUnderstand=\"true\" wsu:Id=\"id-3b7508d7-942f-45c5-9183-42dfd6fffaf6\">\r\n <ns6:SignalMessage xmlns:ns10=\"http://uri.etsi.org/2918/v1.2.1#\" xmlns:ns11=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:ns2=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns3=\"http://www.unece.org/cefact/namespaces/StandardBusinessDocumentHeader\" xmlns:ns4=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:ns5=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:ns6=\"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/\" xmlns:ns7=\"http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0\" xmlns:ns8=\"http://www.w3.org/1999/xlink\" xmlns:ns9=\"http://begrep.difi.no/sdp/schema_v10\">\r\n <ns6:MessageInfo>\r\n <ns6:Timestamp>2014-10-13T15:12:59.841+02:00</ns6:Timestamp>\r\n <ns6:MessageId>ef86727d-d10b-499a-b9c3-e6683187951a</ns6:MessageId>\r\n <ns6:RefToMessageId>627c8082-6394-47a6-9107-a91e52240af2</ns6:RefToMessageId>\r\n </ns6:MessageInfo>\r\n <ns6:Receipt>\r\n <ns7:NonRepudiationInformation>\r\n <ns7:MessagePartNRInformation>\r\n <ns5:Reference URI=\"cid:d6f0f811-69c4-4e03-a5a3-5ef02c4dfc11@meldingsformidler.sdp.difi.no\">\r\n <ns5:Transforms>\r\n <ns5:Transform Algorithm=\"http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform\"/>\r\n </ns5:Transforms>\r\n <ns5:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ns5:DigestValue>kZLCW3NPy62+MtrcKAicYNsOOfkMwgzi5XM/VyYazAw=</ns5:DigestValue>\r\n </ns5:Reference>\r\n </ns7:MessagePartNRInformation>\r\n <ns7:MessagePartNRInformation>\r\n <ns5:Reference URI=\"#soapBody\">\r\n <ns5:Transforms>\r\n <ns5:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" PrefixList=\"\"/>\r\n </ns5:Transform>\r\n </ns5:Transforms>\r\n <ns5:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ns5:DigestValue>uyFwocFL9AI27C6UvWulZxa1l5gr+NirsPaSXFVIyH0=</ns5:DigestValue>\r\n </ns5:Reference>\r\n </ns7:MessagePartNRInformation>\r\n </ns7:NonRepudiationInformation>\r\n </ns6:Receipt>\r\n </ns6:SignalMessage>\r\n </eb:Messaging>\r\n </env:Header>\r\n <env:Body xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"id-cfc59a25-a972-4ecc-b8c2-d568bfdeba8f\"/>\r\n</env:Envelope>\r\n"; doc.LoadXml(ResponeKvitteringMOttattForretningsmelding); var mgr = new XmlNamespaceManager(doc.NameTable); mgr.AddNamespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); mgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(doc); var signatureNode = (XmlElement)doc.SelectSingleNode("//ds:Signature", mgr); signedXmlWithAgnosticId.LoadXml(signatureNode); //Act var binarySecurityToken = doc.SelectSingleNode("//wsse:BinarySecurityToken", mgr); var key = new X509Certificate2(Convert.FromBase64String(binarySecurityToken.InnerText)); var publicKey = typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey", BindingFlags.Instance | BindingFlags.NonPublic).Invoke(signedXmlWithAgnosticId, null) as AsymmetricAlgorithm; //Assert Assert.Equal(publicKey.ToXmlString(false), key.PublicKey.Key.ToXmlString(false)); }
public void GetPublicKey() { XmlDocument doc = new XmlDocument { PreserveWhitespace = false }; doc.LoadXml(ResponeKvitteringMOttattForretningsmelding()); var mgr = new XmlNamespaceManager(doc.NameTable); mgr.AddNamespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); mgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); // Find key var token = doc.SelectSingleNode("//wsse:BinarySecurityToken", mgr); var key = new X509Certificate2(Convert.FromBase64String(token.InnerText)); var signed = new SignedXmlWithAgnosticId(doc); var signatureNode = (XmlElement)doc.SelectSingleNode("//ds:Signature", mgr); signed.LoadXml(signatureNode); var result = typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey", BindingFlags.Instance | BindingFlags.NonPublic).Invoke(signed, null) as AsymmetricAlgorithm; Assert.AreEqual(result.ToXmlString(false), key.PublicKey.Key.ToXmlString(false)); }
private SignedXml Signaturnode() { var signedXml = new SignedXmlWithAgnosticId(_xml, _sertifikat); signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; signedXml.Signature.Id = "Signature"; return(signedXml); }
private void ValidateHeaderSignature() { XmlNode responseRoot = ResponseMessage.DocumentElement; _signatureNode = (XmlElement) responseRoot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", _nsMgr); _signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(ResponseMessage); ValidateSignatureElements(); ValidateSignatureAndCertificate("/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken"); }
private void ValiderHeaderSignatur() { XmlNode responsRot = Respons.DocumentElement; _signaturnode = (XmlElement)responsRot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", _nsMgr); _signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(Respons); ValiderSignaturelementer(); ValiderSignaturOgSertifikat("/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken"); }
private void IdNodeMatcher(SignedXmlWithAgnosticId signedXml, string elementId, XmlNodeList nodes, string elementXPath) { var targetNode = signedXml.GetIdElement(ResponseContainer.Envelope, elementId); if (targetNode != nodes[0]) { throw new ValideringsException($"Signaturreferansen med id '{elementId}' må referere til node med sti '{elementXPath}'"); } }
private void ValidateHeaderSignature() { XmlNode responseRoot = ResponseMessage.DocumentElement; _signatureNode = (XmlElement)responseRoot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", _nsMgr); _signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(ResponseMessage); ValidateHeaderSignatureNodeElements(); ValidateSignatureAndCertificate("/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken", _certificateValidationProperties.OrganisasjonsnummerMeldingsformidler.Verdi); }
/// <summary> /// Validerer signaturen i soap headeren for motatt dokument. /// </summary> public void ValiderHeaderSignatur() { XmlNode responseRot = responseDocument.DocumentElement; var signatureNode = (XmlElement)responseRot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", nsMgr); var signed = new SignedXmlWithAgnosticId(responseDocument); ValiderInnhold(signatureNode, signed); ValiderSignaturOgSertifikat(signed, signatureNode, "/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken"); }
/// <summary> /// Sjekker at soap envelopen inneholder timestamp, body og messaging element med korrekt id og referanser i security /// signaturen. /// </summary> protected void ValidateSignatureReferences(XmlElement signature, SignedXmlWithAgnosticId signedXml, string[] påkrevdeReferanser) { foreach (var påkrevdReferanse in påkrevdeReferanser) { var node = InneholderNode(påkrevdReferanse); var elementId = NodeFinnesISignaturElement(signature, node, påkrevdReferanse); IdNodeMatcher(signedXml, elementId, node, påkrevdReferanse); } }
public void KonstruktørMedXmlDokumentOgSertifikat() { //Arrange var xmlDokument = XmlUtility.ToXmlDocument(TransportKvittering.TransportOkKvittertingFunksjoneltTestmiljø); var sertifikat = CertificateResource.UnitTests.GetAvsenderEnhetstesterSertifikat(); var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(xmlDokument, sertifikat); //Act var signingKey = signedXmlWithAgnosticId.SigningKey; //Assert Assert.True(signingKey is RSACryptoServiceProvider); }
public void GetsKeyFromMessageReceiptHeader() { //Arrange var document = XmlUtility.ToXmlDocument(ReceiptResponse.FunctionalTestEnvironment); var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(document); AddHeaderSignatureNodeToSignedXmlWithAgnosticId(document, signedXmlWithAgnosticId); //Act var signingKey = GetPublicKey(signedXmlWithAgnosticId); var signingKey2 = GetPublicKey(signedXmlWithAgnosticId); //Assert Assert.NotNull(signingKey); Assert.Null(signingKey2); }
private SignedXml SignatureElement() { SignedXml signedXml = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat); var reference = new Sha256Reference(""); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform("ns9")); signedXml.AddReference(reference); var keyInfoX509Data = new KeyInfoX509Data(Settings.Databehandler.Sertifikat); signedXml.KeyInfo.AddClause(keyInfoX509Data); signedXml.ComputeSignature(); return signedXml; }
public void GetsKeyFromTransportReceipt() { //Arrange var xmlDokument = XmlUtility.ToXmlDocument(TransportKvittering.TransportOkKvittertingFunksjoneltTestmiljø); var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(xmlDokument); AddHeaderSignatureNodeToSignedXmlWithAgnosticId(xmlDokument, signedXmlWithAgnosticId); //Act var signingKey = GetPublicKey(signedXmlWithAgnosticId); var signingKey2 = GetPublicKey(signedXmlWithAgnosticId); //Assert Assert.NotNull(signingKey); Assert.Null(signingKey2); }
public void Validate() { var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(ResponseContainer.Envelope); signedXmlWithAgnosticId.LoadXml(ResponseContainer.HeaderSignatureElement); // Ensures received envelope contains signature confirmation, and that body and ids matches header signature ValidateSignatureReferences(ResponseContainer.HeaderSignatureElement, signedXmlWithAgnosticId, new[] { "/env:Envelope/env:Header/wsse:Security/wsse11:SignatureConfirmation", "/env:Envelope/env:Body" }); // Validating SignatureConfirmation PerformSignatureConfirmation(ResponseContainer.HeaderSecurityElement); CheckTimestamp(TimeSpan.FromSeconds(2000)); ValidateResponseCertificate(signedXmlWithAgnosticId); }
private SignedXml SignatureElement() { SignedXml signedXml = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat); var reference = new Sha256Reference(""); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform("ns9")); signedXml.AddReference(reference); var keyInfoX509Data = new KeyInfoX509Data(Settings.Databehandler.Sertifikat); signedXml.KeyInfo.AddClause(keyInfoX509Data); signedXml.ComputeSignature(); return(signedXml); }
internal void ValidateResponseCertificate(SignedXmlWithAgnosticId signed) { var signature = ResponseContainer.HeaderBinarySecurityToken.InnerText; var value = Convert.FromBase64String(signature); var responseCertificate = new X509Certificate2(value); const string organizationNumberDirektoratetForForvaltningOgIkt = "991825827"; var responseCertificateValidationResult = CertificateValidator.ValidateCertificateAndChain( responseCertificate, organizationNumberDirektoratetForForvaltningOgIkt, Environment.GodkjenteKjedeSertifikaterForRespons ); if (responseCertificateValidationResult.Type != CertificateValidationType.Valid) { throw new SecurityException($"Sertifikatet som ble mottatt i responsen er ikke gyldig. Grunnen er '{responseCertificateValidationResult.Type.ToNorwegianString()}', med melding '{responseCertificateValidationResult.Message}'"); } }
private void ValiderKvitteringSignatur() { var standardBusinessDocumentNode = Respons.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", _nsMgr); if (standardBusinessDocumentNode != null) { var standardBusinessDocument = XmlNodeToXmlDocument(standardBusinessDocumentNode); _signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(standardBusinessDocument); _signaturnode = (XmlElement)standardBusinessDocument.SelectSingleNode("//ds:Signature", _nsMgr); ValiderSignaturOgSertifikat("./ds:KeyInfo/ds:X509Data/ds:X509Certificate"); } else { throw new SdpSecurityException("Fant ikke StandardBusinessDocument-node. Prøvde du å validere en transportkvittering?"); } }
private void ValidateReceiptSignature() { var standardBusinessDocumentNode = ResponseMessage.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", _nsMgr); if (standardBusinessDocumentNode != null) { var standardBusinessDocument = XmlNodeToXmlDocument(standardBusinessDocumentNode); _signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(standardBusinessDocument); _signatureNode = (XmlElement)standardBusinessDocument.SelectSingleNode("//ds:Signature", _nsMgr); ValidateSignatureAndCertificate("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", String.Empty); // Validerer ikke organisasjonsnummer for sertifikat brukt til å signere forretningskvittering } else { throw new SecurityException("Fant ikke StandardBusinessDocument-node. Prøvde du å validere en transportkvittering?"); } }
public void Valider() { var signed = new SignedXmlWithAgnosticId(ResponseDocument); signed.LoadXml(HeaderSignatureElement); // Sørger for at motatt envelope inneholder signature confirmation og body samt at id'ne matcher mot header signatur ValiderSignaturReferences(HeaderSignatureElement, signed, new string[] { "/env:Envelope/env:Header/wsse:Security/wsse11:SignatureConfirmation", "/env:Envelope/env:Body" }); // Validerer SignatureConfirmation PerformSignatureConfirmation(HeaderSecurityElement); SjekkTimestamp(TimeSpan.FromSeconds(2000)); // Sjekker signatur if (!signed.CheckSignature(instillinger.Valideringssertifikat.PublicKey.Key)) { throw new Exception("Signaturen i motatt svar er ikke gyldig"); } }
private void ValiderSignaturOgSertifikat(SignedXmlWithAgnosticId signed, XmlElement signatureNode, string path) { var certificate = new X509Certificate2(Convert.FromBase64String(signatureNode.SelectSingleNode(path, nsMgr).InnerText)); ErKvalifisertMellomliggendeSertifikat(certificate); signed.LoadXml(signatureNode); AsymmetricAlgorithm key = null; if (!signed.CheckSignatureReturningKey(out key)) { throw new Exception("Signaturen i motatt svar er ikke gyldig."); } if (key.ToXmlString(false) != certificate.PublicKey.Key.ToXmlString(false)) { throw new Exception(string.Format("Sertifikatet som er benyttet for å validere signaturen er ikke det samme som er spesifisert i {0} elementet.", path)); } }
public void ValiderKvitteringSignatur() { // Signaturer i //difi elementer har kontekst av standard business document. Kjører derfor valideringen på et subset av originaldokumentet. var standardBusinessDocument = responseDocument.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", nsMgr); if (standardBusinessDocument == null) { return; } XmlDocument sbd = new XmlDocument(); sbd.LoadXml(standardBusinessDocument.OuterXml); var signed = new SignedXmlWithAgnosticId(sbd); var signatureNode = (XmlElement)sbd.SelectSingleNode("//ds:Signature", nsMgr); ValiderSignaturOgSertifikat(signed, signatureNode, "./ds:KeyInfo/ds:X509Data/ds:X509Certificate"); }
public override void AddSignatureElement() { SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env"); //Body { var bodyReference = new Sha256Reference("#" + Settings.GuidHandler.BodyId); bodyReference.AddTransform(new XmlDsigExcC14NTransform()); signed.AddReference(bodyReference); } //TimestampElement { var timestampReference = new Sha256Reference("#" + Settings.GuidHandler.TimestampId); timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env")); signed.AddReference(timestampReference); } //EbMessaging { var ebMessagingReference = new Sha256Reference("#" + Settings.GuidHandler.EbMessagingId); ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform()); signed.AddReference(ebMessagingReference); } //Partinfo/Dokumentpakke { var partInfoReference = new Sha256Reference(Settings.AsicEArkiv.Bytes) { Uri = $"cid:{Settings.GuidHandler.DokumentpakkeId}" }; partInfoReference.AddTransform(new AttachmentContentSignatureTransform()); signed.AddReference(partInfoReference); } signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidHandler.BinarySecurityTokenId)); signed.ComputeSignature(); Security.AppendChild(Context.ImportNode(signed.GetXml(), true)); }
public override void AddSignatureElement() { SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env"); //Body { var bodyReference = new Sha256Reference("#" + Settings.GuidHandler.BodyId); bodyReference.AddTransform(new XmlDsigExcC14NTransform()); signed.AddReference(bodyReference); } //TimestampElement { var timestampReference = new Sha256Reference("#" + Settings.GuidHandler.TimestampId); timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env")); signed.AddReference(timestampReference); } //EbMessaging { var ebMessagingReference = new Sha256Reference("#" + Settings.GuidHandler.EbMessagingId); ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform()); signed.AddReference(ebMessagingReference); } //Partinfo/Dokumentpakke { var partInfoReference = new Sha256Reference(Settings.AsicEArkiv.Bytes); partInfoReference.Uri = String.Format("cid:{0}", Settings.GuidHandler.DokumentpakkeId); partInfoReference.AddTransform(new AttachmentContentSignatureTransform()); signed.AddReference(partInfoReference); } signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidHandler.BinarySecurityTokenId)); signed.ComputeSignature(); Security.AppendChild(Context.ImportNode(signed.GetXml(), true)); }
/// <summary> /// Sjekker at soap envelopen inneholder timestamp, body og messaging element med korrekt id og referanser i security signaturen. /// </summary> private void ValiderInnhold(XmlElement signature, SignedXmlWithAgnosticId signedXml) { string[] requiredSignatureElements = { "/env:Envelope/env:Header/wsse:Security/wsu:Timestamp", "/env:Envelope/env:Body", "/env:Envelope/env:Header/eb:Messaging" }; foreach (var elementXPath in requiredSignatureElements) { // Sørg for at svar inneholde påkrevede noder. var nodes = responseDocument.SelectNodes(elementXPath, nsMgr); if (nodes == null || nodes.Count == 0) { throw new Exception(string.Format("Kan ikke finne påkrevet element '{0}' i svar fra meldingsformidler.", elementXPath)); } if (nodes.Count > 1) { throw new Exception(string.Format("Påkrevet element '{0}' kan kun forekomme én gang i svar fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, nodes.Count)); } // Sørg for at det finnes en refereanse til node i signatur element var elementId = nodes[0].Attributes["wsu:Id"].Value; var references = signature.SelectNodes(string.Format("./ds:SignedInfo/ds:Reference[@URI='#{0}']", elementId), nsMgr); if (references == null || references.Count == 0) { throw new Exception(string.Format("Kan ikke finne påkrevet refereanse til element '{0}' i signatur fra meldingsformidler.", elementXPath)); } if (references.Count > 1) { throw new Exception(string.Format("Påkrevet refereanse til element '{0}' kan kun forekomme én gang i signatur fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, references.Count)); } // Sørg for at Id node matcher var targetNode = signedXml.GetIdElement(responseDocument, elementId); if (targetNode != nodes[0]) { throw new Exception(string.Format("Signaturreferansen med id '{0}' må refererer til node med sti '{1}'", elementId, elementXPath)); } } }
private SignedXml Signaturnode() { var signedXml = new SignedXmlWithAgnosticId(_xml, _sertifikat); signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; signedXml.Signature.Id = "Signature"; return signedXml; }
private void ValiderSignaturOgSertifikat(SignedXmlWithAgnosticId signed, XmlElement signatureNode, string path) { var certificate = new X509Certificate2(Convert.FromBase64String(signatureNode.SelectSingleNode(path, nsMgr).InnerText)); ErKvalifisertMellomliggendeSertifikat(certificate); signed.LoadXml(signatureNode); AsymmetricAlgorithm key = null; if (!signed.CheckSignatureReturningKey(out key)) throw new Exception("Signaturen i motatt svar er ikke gyldig."); if (key.ToXmlString(false) != certificate.PublicKey.Key.ToXmlString(false)) throw new Exception(string.Format("Sertifikatet som er benyttet for å validere signaturen er ikke det samme som er spesifisert i {0} elementet.", path)); }
public void ValiderKvitteringSignatur() { // Signaturer i //difi elementer har kontekst av standard business document. Kjører derfor valideringen på et subset av originaldokumentet. var standardBusinessDocument = responseDocument.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", nsMgr); if (standardBusinessDocument == null) return; XmlDocument sbd = new XmlDocument(); sbd.LoadXml(standardBusinessDocument.OuterXml); var signed = new SignedXmlWithAgnosticId(sbd); var signatureNode = (XmlElement)sbd.SelectSingleNode("//ds:Signature", nsMgr); ValiderSignaturOgSertifikat(signed, signatureNode, "./ds:KeyInfo/ds:X509Data/ds:X509Certificate"); }
private void ValidateReceiptSignature() { var standardBusinessDocumentNode = ResponseMessage.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", _nsMgr); if (standardBusinessDocumentNode != null) { var standardBusinessDocument = XmlNodeToXmlDocument(standardBusinessDocumentNode); _signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(standardBusinessDocument); _signatureNode = (XmlElement) standardBusinessDocument.SelectSingleNode("//ds:Signature", _nsMgr); ValidateSignatureAndCertificate("./ds:KeyInfo/ds:X509Data/ds:X509Certificate"); } else { throw new SdpSecurityException("Fant ikke StandardBusinessDocument-node. Prøvde du å validere en transportkvittering?"); } }
/// <summary> /// Sjekker at soap envelopen inneholder timestamp, body og messaging element med korrekt id og referanser i security signaturen. /// </summary> private void ValiderInnhold(XmlElement signature, SignedXmlWithAgnosticId signedXml) { string[] requiredSignatureElements = { "/env:Envelope/env:Header/wsse:Security/wsu:Timestamp", "/env:Envelope/env:Body", "/env:Envelope/env:Header/eb:Messaging" }; foreach (var elementXPath in requiredSignatureElements) { // Sørg for at svar inneholde påkrevede noder. var nodes = responseDocument.SelectNodes(elementXPath, nsMgr); if (nodes == null || nodes.Count == 0) throw new Exception(string.Format("Kan ikke finne påkrevet element '{0}' i svar fra meldingsformidler.", elementXPath)); if (nodes.Count > 1) throw new Exception(string.Format("Påkrevet element '{0}' kan kun forekomme én gang i svar fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, nodes.Count)); // Sørg for at det finnes en refereanse til node i signatur element var elementId = nodes[0].Attributes["wsu:Id"].Value; var references = signature.SelectNodes(string.Format("./ds:SignedInfo/ds:Reference[@URI='#{0}']", elementId), nsMgr); if (references == null || references.Count == 0) throw new Exception(string.Format("Kan ikke finne påkrevet refereanse til element '{0}' i signatur fra meldingsformidler.", elementXPath)); if (references.Count > 1) throw new Exception(string.Format("Påkrevet refereanse til element '{0}' kan kun forekomme én gang i signatur fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, references.Count)); // Sørg for at Id node matcher var targetNode = signedXml.GetIdElement(responseDocument, elementId); if (targetNode != nodes[0]) throw new Exception(string.Format("Signaturreferansen med id '{0}' må refererer til node med sti '{1}'", elementId, elementXPath)); } }
private void AddHeaderSignatureNodeToSignedXmlWithAgnosticId(XmlDocument kildeXmlDokument, SignedXmlWithAgnosticId signedXmlWithAgnosticId) { var headerSignatureNode = (XmlElement)kildeXmlDokument.DocumentElement.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", GetNamespaceManager(kildeXmlDokument)); signedXmlWithAgnosticId.LoadXml(headerSignatureNode); }
private void AddBodySignatureNodeToSignedXmlWithAgnosticId(XmlDocument kildeXmlDokument, SignedXmlWithAgnosticId signedXmlWithAgnosticId) { var standardBusinessDocumentNode = (XmlElement)kildeXmlDokument.SelectSingleNode("//ds:Signature", GetNamespaceManager(kildeXmlDokument)); signedXmlWithAgnosticId.LoadXml(standardBusinessDocumentNode); }
private object GetPublicKey(SignedXmlWithAgnosticId signedXmlWithAgnosticId) { return(typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey", BindingFlags.Instance | BindingFlags.NonPublic) .Invoke(signedXmlWithAgnosticId, null)); }