protected override void AddSignatureToHeader(XmlNode node)
{
SignedXml signed = new SignedXmlWithAgnosticId(Document, Instillinger.Avsendersertifikat);
signed.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
// Timestamp
var tsReference = new Reference("#" + Settings.TimestampId);
tsReference.AddTransform(new XmlDsigExcC14NTransform("wsse soapenv"));
signed.AddReference(tsReference);
// Body
var bodyReference = new Reference("#" + Settings.BodyId);
bodyReference.AddTransform(new XmlDsigExcC14NTransform(""));
signed.AddReference(bodyReference);
signed.KeyInfo.AddClause(new SecurityTokenReferenceClause(Instillinger.Avsendersertifikat));
signed.KeyInfo.Id = String.Format("KS-{0}", Guid.NewGuid());
signed.ComputeSignature();
Security.AppendChild(Document.ImportNode(signed.GetXml(), true));
}
public void FindIdElement()
{
var tests = new[] {
"<{0} {2}='{1}'></{0}>",
"<{0} {2}='{1}'></{0}>",
"<{0} {2}='{1}'></{0}>",
"<container><{0} {2}='{1}'></{0}></container>",
"<container><invalid Id='notThis' /><{0} {2}='{1}'></{0}></container>",
"<container><invalid ID='notThis'><{0} {2}='{1}'></{0}></invalid></container>",
"<container xmlns='http://example.org'><{0} {2}='{1}'></{0}></container>",
"<a:container xmlns:a='http://example.org'><{0} {2}='{1}'></{0}></a:container>",
"<a:container xmlns:a='http://example.org'><a:{0} {2}='{1}'></a:{0}></a:container>",
"<a:container xmlns:a='http://example.org'><b:{0} xmlns:b='http://nowhere.com' {2}='{1}'></b:{0}></a:container>",
"<a:container xmlns:a='http://example.org'><{0} xmlns='' {2}='{1}'></{0}></a:container>",
"<a:container xmlns:a='http://example.org'><{0} xmlns='' a:{2}='{1}'></{0}></a:container>"
};
foreach (var item in tests)
{
foreach (var id in new string[] { "Id", "ID", "id" })
{
var xml = new XmlDocument()
{
PreserveWhitespace = true
};
xml.LoadXml(string.Format(item, "element", "value", id));
var signed = new SignedXmlWithAgnosticId(xml);
var response = signed.GetIdElement(xml, "value");
Assert.IsNotNull(response);
Assert.IsTrue(response.Attributes.OfType <XmlAttribute>().Any(a => a.LocalName == id && a.Value == "value"));
}
}
}
public void FindIdElement()
{
var tests = new[] {
"<{0} {2}='{1}'></{0}>",
"<{0} {2}='{1}'></{0}>",
"<{0} {2}='{1}'></{0}>",
"<container><{0} {2}='{1}'></{0}></container>",
"<container><invalid Id='notThis' /><{0} {2}='{1}'></{0}></container>",
"<container><invalid ID='notThis'><{0} {2}='{1}'></{0}></invalid></container>",
"<container xmlns='http://example.org'><{0} {2}='{1}'></{0}></container>",
"<a:container xmlns:a='http://example.org'><{0} {2}='{1}'></{0}></a:container>",
"<a:container xmlns:a='http://example.org'><a:{0} {2}='{1}'></a:{0}></a:container>",
"<a:container xmlns:a='http://example.org'><b:{0} xmlns:b='http://nowhere.com' {2}='{1}'></b:{0}></a:container>",
"<a:container xmlns:a='http://example.org'><{0} xmlns='' {2}='{1}'></{0}></a:container>",
"<a:container xmlns:a='http://example.org'><{0} xmlns='' a:{2}='{1}'></{0}></a:container>"};
foreach (var item in tests)
{
foreach (var id in new string[] { "Id", "ID", "id" })
{
var xml = new XmlDocument() { PreserveWhitespace = true };
xml.LoadXml(string.Format(item, "element", "value", id));
var signed = new SignedXmlWithAgnosticId(xml);
var response = signed.GetIdElement(xml, "value");
Assert.IsNotNull(response);
Assert.IsTrue(response.Attributes.OfType<XmlAttribute>().Any(a => a.LocalName == id && a.Value == "value"));
}
}
}
protected override void AddSignatureToHeader(XmlNode node)
{
SignedXml signed = new SignedXmlWithAgnosticId(Document, SenderCertificate);
signed.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
// Timestamp
var tsReference = new Reference("#" + Settings.TimestampId);
signed.AddReference(tsReference);
// Body
var bodyReference = new Reference("#" + Settings.BodyId);
bodyReference.AddTransform(new XmlDsigExcC14NTransform(""));
signed.AddReference(bodyReference);
var securityToken = new SecurityTokenReferenceClause(Settings.BinarySecurityId);
signed.KeyInfo.AddClause(securityToken);
signed.KeyInfo.Id = $"KS-{Guid.NewGuid()}";
signed.ComputeSignature();
Security.AppendChild(Document.ImportNode(signed.GetXml(), true));
}
public override void AddSignatureElement()
{
SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env");
//Body
{
var bodyReference = new Sha256Reference("#" + Settings.GuidUtility.BodyId);
bodyReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(bodyReference);
}
//TimestampElement
{
var timestampReference = new Sha256Reference("#" + Settings.GuidUtility.TimestampId);
timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env"));
signed.AddReference(timestampReference);
}
//EbMessaging
{
var ebMessagingReference = new Sha256Reference("#" + Settings.GuidUtility.EbMessagingId);
ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(ebMessagingReference);
}
signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidUtility.BinarySecurityTokenId));
signed.ComputeSignature();
Security.AppendChild(Context.ImportNode(signed.GetXml(), true));
}
public void SignatureNodeAndBinarySecurityTokenAreAlike()
{
//Arrange
var doc = new XmlDocument {
PreserveWhitespace = false
};
var ResponeKvitteringMOttattForretningsmelding = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><env:Envelope xmlns:env=\"http://www.w3.org/2003/05/soap-envelope\">\r\n <env:Header>\r\n <wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" env:mustUnderstand=\"true\">\r\n <wsse:BinarySecurityToken EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\" wsu:Id=\"X509-ecd9521a-6429-4c94-a23f-07157e36f963\">MIIC+zCCAeOgAwIBAgIEqrcM8zANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBxEaWdpcG9zdCBUZXN0IENlcnQgQXV0aG9yaXR5MB4XDTE0MTAxMjEzMTI1NloXDTE1MDQxMzEzMTI1NlowFDESMBAGA1UEAwwJMTIzNDU2Nzg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8Y9dCm1sUitJdULB5RWzMwLW/CD42c6dzaa8AQzjXZr9xS7nNbnhty0y+srjk+SFu0llz5sRi7Gk8CHHrkY19/KmSLpa72f7G+mHNirYDgCZtTDdRbRWCw6NUJG26b2+rgDEWuHG9CNFmM9tuB6MrJ4yaVjzkJD26f6CWzC61awaguEJWzsue7Nu5GgAYbaaeUFni+EA2tTXXOtFqVPIcIOeGf7+jBR1bEIYWgr28O9nN2FT94GkVolnzf9j9ZfRFjfUkILD8piiCwJ6pZZ/0JPwsZgzYBv9WY4B2U4DupTnce15X4mqW3ixrOcYKMz2J6vvbuKnBdsV9hA7YC37QIDAQABo0IwQDAdBgNVHQ4EFgQUSNSjW1cox5Qh4QVfWNpqyqWA5PswHwYDVR0jBBgwFoAUqtY9y7k1XJVmr6GarUefSa0TznowDQYJKoZIhvcNAQELBQADggEBACenYWQeztec0CdEOzLRHbxx1FuFd9FNgHhDANtv7spsAepdUmD9fK0zA3Db2NctJV9BZx44FgqtRFjQ87B9xtkkDaId5z2Tw9ftGGxq9LiJAkeCgSdPbdkqMn8pc1BUrmaGu4hkuI+5vwwHTFZ4ZvI/ae5vYeECV0LsgAFi0beZ6JOgplvGirtgn484rBrtIodiTxDAMeHJDfTeYaatPKVMmuWYC3atmmjszoXsTp1F6jL+3SxB64i37XYwWgwSB1oC0kpIVBRSX4XKeBTw2x0z8pSM5Ud8yjpUd3tDACzw1FTFcjcsqpkPSNJVt2+zSdVspuEtyKQqh4seDZAy01s=</wsse:BinarySecurityToken>\r\n <wsu:Timestamp wsu:Id=\"TS-35be0956-ad1a-4b41-a650-2b1a005e9de9\">\r\n <wsu:Created>2014-10-13T13:12:59.849Z</wsu:Created>\r\n <wsu:Expires>2014-10-13T13:17:59.849Z</wsu:Expires>\r\n </wsu:Timestamp>\r\n <ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"SIG-bac0f5a4-4594-4f42-bab1-5acfa1ff2a4b\">\r\n <ds:SignedInfo>\r\n <ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"env\"/>\r\n </ds:CanonicalizationMethod>\r\n <ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/>\r\n <ds:Reference URI=\"#id-cfc59a25-a972-4ecc-b8c2-d568bfdeba8f\">\r\n <ds:Transforms>\r\n <ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"\"/>\r\n </ds:Transform>\r\n </ds:Transforms>\r\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ds:DigestValue>0r+2LLUhTpNgCnUz2SDAUBPdCMFUSeTWpW4QiAgO15A=</ds:DigestValue>\r\n </ds:Reference>\r\n <ds:Reference URI=\"#TS-35be0956-ad1a-4b41-a650-2b1a005e9de9\">\r\n <ds:Transforms>\r\n <ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"wsse env\"/>\r\n </ds:Transform>\r\n </ds:Transforms>\r\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ds:DigestValue>i6Y+T/GDrE4d+7A2nhdgDKZjUBHWLSv1+jIbLLP65P4=</ds:DigestValue>\r\n </ds:Reference>\r\n <ds:Reference URI=\"#id-3b7508d7-942f-45c5-9183-42dfd6fffaf6\">\r\n <ds:Transforms>\r\n <ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"\"/>\r\n </ds:Transform>\r\n </ds:Transforms>\r\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ds:DigestValue>c2KnUatnVYJ38Ebi5OsYDROyfAqPthXZ4QjTWglzgEc=</ds:DigestValue>\r\n </ds:Reference>\r\n </ds:SignedInfo>\r\n <ds:SignatureValue>KJiWpOsWwRxEeoai8GUGoWrHRJcNt3kyvKG6hQMtqNAXjAF9uo3/l2iP8GwwesjrjmOCX0mBwb/l5UlQ3Q7/83AhYar7hysAM/pp7FiMkzae9OgP/g6Oiil/eyIPmkTYAW5JkbRr/stAEUNScmcSSxrGvqTK1wpI5eoGT5EmyBWeGZIpoL2HDp10SeuAQ7beKX0XRqP1uQ0iYjgP7ME0gfi15Xh9QjccmTF6aMZ6GjuD7Cw8G7St3a/UlbJLGLllXBgeYy9lB6Hy61hchrQW/ye35zefwGiBWbQlcEYWrNB7dgB3Tf65uO0H94l956Kw2LT/IByN1rDYOWduHAaNEQ==</ds:SignatureValue>\r\n <ds:KeyInfo Id=\"KI-87bff0e0-f49c-42e7-900c-f1674148ce3e\">\r\n <wsse:SecurityTokenReference wsu:Id=\"STR-2f12caa9-60e9-414e-bbb9-ccb5042917b7\">\r\n <wsse:Reference URI=\"#X509-ecd9521a-6429-4c94-a23f-07157e36f963\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/>\r\n </wsse:SecurityTokenReference>\r\n </ds:KeyInfo>\r\n </ds:Signature>\r\n </wsse:Security>\r\n <eb:Messaging xmlns:eb=\"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" env:mustUnderstand=\"true\" wsu:Id=\"id-3b7508d7-942f-45c5-9183-42dfd6fffaf6\">\r\n <ns6:SignalMessage xmlns:ns10=\"http://uri.etsi.org/2918/v1.2.1#\" xmlns:ns11=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:ns2=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns3=\"http://www.unece.org/cefact/namespaces/StandardBusinessDocumentHeader\" xmlns:ns4=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:ns5=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:ns6=\"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/\" xmlns:ns7=\"http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0\" xmlns:ns8=\"http://www.w3.org/1999/xlink\" xmlns:ns9=\"http://begrep.difi.no/sdp/schema_v10\">\r\n <ns6:MessageInfo>\r\n <ns6:Timestamp>2014-10-13T15:12:59.841+02:00</ns6:Timestamp>\r\n <ns6:MessageId>ef86727d-d10b-499a-b9c3-e6683187951a</ns6:MessageId>\r\n <ns6:RefToMessageId>627c8082-6394-47a6-9107-a91e52240af2</ns6:RefToMessageId>\r\n </ns6:MessageInfo>\r\n <ns6:Receipt>\r\n <ns7:NonRepudiationInformation>\r\n <ns7:MessagePartNRInformation>\r\n <ns5:Reference URI=\"cid:d6f0f811-69c4-4e03-a5a3-5ef02c4dfc11@meldingsformidler.sdp.difi.no\">\r\n <ns5:Transforms>\r\n <ns5:Transform Algorithm=\"http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform\"/>\r\n </ns5:Transforms>\r\n <ns5:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ns5:DigestValue>kZLCW3NPy62+MtrcKAicYNsOOfkMwgzi5XM/VyYazAw=</ns5:DigestValue>\r\n </ns5:Reference>\r\n </ns7:MessagePartNRInformation>\r\n <ns7:MessagePartNRInformation>\r\n <ns5:Reference URI=\"#soapBody\">\r\n <ns5:Transforms>\r\n <ns5:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\r\n <ec:InclusiveNamespaces xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" PrefixList=\"\"/>\r\n </ns5:Transform>\r\n </ns5:Transforms>\r\n <ns5:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\r\n <ns5:DigestValue>uyFwocFL9AI27C6UvWulZxa1l5gr+NirsPaSXFVIyH0=</ns5:DigestValue>\r\n </ns5:Reference>\r\n </ns7:MessagePartNRInformation>\r\n </ns7:NonRepudiationInformation>\r\n </ns6:Receipt>\r\n </ns6:SignalMessage>\r\n </eb:Messaging>\r\n </env:Header>\r\n <env:Body xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"id-cfc59a25-a972-4ecc-b8c2-d568bfdeba8f\"/>\r\n</env:Envelope>\r\n";
doc.LoadXml(ResponeKvitteringMOttattForretningsmelding);
var mgr = new XmlNamespaceManager(doc.NameTable);
mgr.AddNamespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
mgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(doc);
var signatureNode = (XmlElement)doc.SelectSingleNode("//ds:Signature", mgr);
signedXmlWithAgnosticId.LoadXml(signatureNode);
//Act
var binarySecurityToken = doc.SelectSingleNode("//wsse:BinarySecurityToken", mgr);
var key = new X509Certificate2(Convert.FromBase64String(binarySecurityToken.InnerText));
var publicKey = typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey", BindingFlags.Instance | BindingFlags.NonPublic).Invoke(signedXmlWithAgnosticId, null) as AsymmetricAlgorithm;
//Assert
Assert.Equal(publicKey.ToXmlString(false), key.PublicKey.Key.ToXmlString(false));
}
public void GetPublicKey()
{
XmlDocument doc = new XmlDocument {
PreserveWhitespace = false
};
doc.LoadXml(ResponeKvitteringMOttattForretningsmelding());
var mgr = new XmlNamespaceManager(doc.NameTable);
mgr.AddNamespace("wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
mgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
// Find key
var token = doc.SelectSingleNode("//wsse:BinarySecurityToken", mgr);
var key = new X509Certificate2(Convert.FromBase64String(token.InnerText));
var signed = new SignedXmlWithAgnosticId(doc);
var signatureNode = (XmlElement)doc.SelectSingleNode("//ds:Signature", mgr);
signed.LoadXml(signatureNode);
var result =
typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey",
BindingFlags.Instance | BindingFlags.NonPublic).Invoke(signed, null) as AsymmetricAlgorithm;
Assert.AreEqual(result.ToXmlString(false), key.PublicKey.Key.ToXmlString(false));
}
public override void AddSignatureElement()
{
SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env");
//Body
{
var bodyReference = new Sha256Reference("#" + Settings.GuidUtility.BodyId);
bodyReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(bodyReference);
}
//TimestampElement
{
var timestampReference = new Sha256Reference("#" + Settings.GuidUtility.TimestampId);
timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env"));
signed.AddReference(timestampReference);
}
//EbMessaging
{
var ebMessagingReference = new Sha256Reference("#" + Settings.GuidUtility.EbMessagingId);
ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(ebMessagingReference);
}
signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidUtility.BinarySecurityTokenId));
signed.ComputeSignature();
Security.AppendChild(Context.ImportNode(signed.GetXml(), true));
}
private SignedXml Signaturnode()
{
var signedXml = new SignedXmlWithAgnosticId(_xml, _sertifikat);
signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
signedXml.Signature.Id = "Signature";
return(signedXml);
}
private void ValidateHeaderSignature()
{
XmlNode responseRoot = ResponseMessage.DocumentElement;
_signatureNode = (XmlElement) responseRoot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", _nsMgr);
_signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(ResponseMessage);
ValidateSignatureElements();
ValidateSignatureAndCertificate("/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken");
}
private void ValiderHeaderSignatur()
{
XmlNode responsRot = Respons.DocumentElement;
_signaturnode = (XmlElement)responsRot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", _nsMgr);
_signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(Respons);
ValiderSignaturelementer();
ValiderSignaturOgSertifikat("/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken");
}
private void IdNodeMatcher(SignedXmlWithAgnosticId signedXml, string elementId, XmlNodeList nodes,
string elementXPath)
{
var targetNode = signedXml.GetIdElement(ResponseContainer.Envelope, elementId);
if (targetNode != nodes[0])
{
throw new ValideringsException($"Signaturreferansen med id '{elementId}' må referere til node med sti '{elementXPath}'");
}
}
private void ValidateHeaderSignature()
{
XmlNode responseRoot = ResponseMessage.DocumentElement;
_signatureNode = (XmlElement)responseRoot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", _nsMgr);
_signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(ResponseMessage);
ValidateHeaderSignatureNodeElements();
ValidateSignatureAndCertificate("/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken", _certificateValidationProperties.OrganisasjonsnummerMeldingsformidler.Verdi);
}
/// <summary>
/// Validerer signaturen i soap headeren for motatt dokument.
/// </summary>
public void ValiderHeaderSignatur()
{
XmlNode responseRot = responseDocument.DocumentElement;
var signatureNode = (XmlElement)responseRot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", nsMgr);
var signed = new SignedXmlWithAgnosticId(responseDocument);
ValiderInnhold(signatureNode, signed);
ValiderSignaturOgSertifikat(signed, signatureNode, "/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken");
}
/// <summary>
/// Sjekker at soap envelopen inneholder timestamp, body og messaging element med korrekt id og referanser i security
/// signaturen.
/// </summary>
protected void ValidateSignatureReferences(XmlElement signature, SignedXmlWithAgnosticId signedXml,
string[] påkrevdeReferanser)
{
foreach (var påkrevdReferanse in påkrevdeReferanser)
{
var node = InneholderNode(påkrevdReferanse);
var elementId = NodeFinnesISignaturElement(signature, node, påkrevdReferanse);
IdNodeMatcher(signedXml, elementId, node, påkrevdReferanse);
}
}
public void KonstruktørMedXmlDokumentOgSertifikat()
{
//Arrange
var xmlDokument = XmlUtility.ToXmlDocument(TransportKvittering.TransportOkKvittertingFunksjoneltTestmiljø);
var sertifikat = CertificateResource.UnitTests.GetAvsenderEnhetstesterSertifikat();
var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(xmlDokument, sertifikat);
//Act
var signingKey = signedXmlWithAgnosticId.SigningKey;
//Assert
Assert.True(signingKey is RSACryptoServiceProvider);
}
public void GetsKeyFromMessageReceiptHeader()
{
//Arrange
var document = XmlUtility.ToXmlDocument(ReceiptResponse.FunctionalTestEnvironment);
var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(document);
AddHeaderSignatureNodeToSignedXmlWithAgnosticId(document, signedXmlWithAgnosticId);
//Act
var signingKey = GetPublicKey(signedXmlWithAgnosticId);
var signingKey2 = GetPublicKey(signedXmlWithAgnosticId);
//Assert
Assert.NotNull(signingKey);
Assert.Null(signingKey2);
}
private SignedXml SignatureElement()
{
SignedXml signedXml = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat);
var reference = new Sha256Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform("ns9"));
signedXml.AddReference(reference);
var keyInfoX509Data = new KeyInfoX509Data(Settings.Databehandler.Sertifikat);
signedXml.KeyInfo.AddClause(keyInfoX509Data);
signedXml.ComputeSignature();
return signedXml;
}
public void GetsKeyFromTransportReceipt()
{
//Arrange
var xmlDokument = XmlUtility.ToXmlDocument(TransportKvittering.TransportOkKvittertingFunksjoneltTestmiljø);
var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(xmlDokument);
AddHeaderSignatureNodeToSignedXmlWithAgnosticId(xmlDokument, signedXmlWithAgnosticId);
//Act
var signingKey = GetPublicKey(signedXmlWithAgnosticId);
var signingKey2 = GetPublicKey(signedXmlWithAgnosticId);
//Assert
Assert.NotNull(signingKey);
Assert.Null(signingKey2);
}
public void Validate()
{
var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(ResponseContainer.Envelope);
signedXmlWithAgnosticId.LoadXml(ResponseContainer.HeaderSignatureElement);
// Ensures received envelope contains signature confirmation, and that body and ids matches header signature
ValidateSignatureReferences(ResponseContainer.HeaderSignatureElement, signedXmlWithAgnosticId,
new[] { "/env:Envelope/env:Header/wsse:Security/wsse11:SignatureConfirmation", "/env:Envelope/env:Body" });
// Validating SignatureConfirmation
PerformSignatureConfirmation(ResponseContainer.HeaderSecurityElement);
CheckTimestamp(TimeSpan.FromSeconds(2000));
ValidateResponseCertificate(signedXmlWithAgnosticId);
}
private SignedXml SignatureElement()
{
SignedXml signedXml = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat);
var reference = new Sha256Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform("ns9"));
signedXml.AddReference(reference);
var keyInfoX509Data = new KeyInfoX509Data(Settings.Databehandler.Sertifikat);
signedXml.KeyInfo.AddClause(keyInfoX509Data);
signedXml.ComputeSignature();
return(signedXml);
}
internal void ValidateResponseCertificate(SignedXmlWithAgnosticId signed)
{
var signature = ResponseContainer.HeaderBinarySecurityToken.InnerText;
var value = Convert.FromBase64String(signature);
var responseCertificate = new X509Certificate2(value);
const string organizationNumberDirektoratetForForvaltningOgIkt = "991825827";
var responseCertificateValidationResult = CertificateValidator.ValidateCertificateAndChain(
responseCertificate,
organizationNumberDirektoratetForForvaltningOgIkt,
Environment.GodkjenteKjedeSertifikaterForRespons
);
if (responseCertificateValidationResult.Type != CertificateValidationType.Valid)
{
throw new SecurityException($"Sertifikatet som ble mottatt i responsen er ikke gyldig. Grunnen er '{responseCertificateValidationResult.Type.ToNorwegianString()}', med melding '{responseCertificateValidationResult.Message}'");
}
}
private void ValiderKvitteringSignatur()
{
var standardBusinessDocumentNode =
Respons.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", _nsMgr);
if (standardBusinessDocumentNode != null)
{
var standardBusinessDocument = XmlNodeToXmlDocument(standardBusinessDocumentNode);
_signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(standardBusinessDocument);
_signaturnode = (XmlElement)standardBusinessDocument.SelectSingleNode("//ds:Signature", _nsMgr);
ValiderSignaturOgSertifikat("./ds:KeyInfo/ds:X509Data/ds:X509Certificate");
}
else
{
throw new SdpSecurityException("Fant ikke StandardBusinessDocument-node. Prøvde du å validere en transportkvittering?");
}
}
private void ValidateReceiptSignature()
{
var standardBusinessDocumentNode =
ResponseMessage.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", _nsMgr);
if (standardBusinessDocumentNode != null)
{
var standardBusinessDocument = XmlNodeToXmlDocument(standardBusinessDocumentNode);
_signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(standardBusinessDocument);
_signatureNode = (XmlElement)standardBusinessDocument.SelectSingleNode("//ds:Signature", _nsMgr);
ValidateSignatureAndCertificate("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", String.Empty); // Validerer ikke organisasjonsnummer for sertifikat brukt til å signere forretningskvittering
}
else
{
throw new SecurityException("Fant ikke StandardBusinessDocument-node. Prøvde du å validere en transportkvittering?");
}
}
public void Valider()
{
var signed = new SignedXmlWithAgnosticId(ResponseDocument);
signed.LoadXml(HeaderSignatureElement);
// Sørger for at motatt envelope inneholder signature confirmation og body samt at id'ne matcher mot header signatur
ValiderSignaturReferences(HeaderSignatureElement, signed, new string[] { "/env:Envelope/env:Header/wsse:Security/wsse11:SignatureConfirmation", "/env:Envelope/env:Body" });
// Validerer SignatureConfirmation
PerformSignatureConfirmation(HeaderSecurityElement);
SjekkTimestamp(TimeSpan.FromSeconds(2000));
// Sjekker signatur
if (!signed.CheckSignature(instillinger.Valideringssertifikat.PublicKey.Key))
{
throw new Exception("Signaturen i motatt svar er ikke gyldig");
}
}
private void ValiderSignaturOgSertifikat(SignedXmlWithAgnosticId signed, XmlElement signatureNode, string path)
{
var certificate = new X509Certificate2(Convert.FromBase64String(signatureNode.SelectSingleNode(path, nsMgr).InnerText));
ErKvalifisertMellomliggendeSertifikat(certificate);
signed.LoadXml(signatureNode);
AsymmetricAlgorithm key = null;
if (!signed.CheckSignatureReturningKey(out key))
{
throw new Exception("Signaturen i motatt svar er ikke gyldig.");
}
if (key.ToXmlString(false) != certificate.PublicKey.Key.ToXmlString(false))
{
throw new Exception(string.Format("Sertifikatet som er benyttet for å validere signaturen er ikke det samme som er spesifisert i {0} elementet.", path));
}
}
public void GetPublicKey()
{
XmlDocument doc = new XmlDocument { PreserveWhitespace = false };
doc.LoadXml(ResponeKvitteringMOttattForretningsmelding());
var mgr = new XmlNamespaceManager(doc.NameTable);
mgr.AddNamespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
mgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
// Find key
var token = doc.SelectSingleNode("//wsse:BinarySecurityToken", mgr);
var key = new X509Certificate2(Convert.FromBase64String(token.InnerText));
var signed = new SignedXmlWithAgnosticId(doc);
var signatureNode = (XmlElement)doc.SelectSingleNode("//ds:Signature", mgr);
signed.LoadXml(signatureNode);
var result = typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey", BindingFlags.Instance | BindingFlags.NonPublic).Invoke(signed, null) as AsymmetricAlgorithm;
Assert.AreEqual(result.ToXmlString(false), key.PublicKey.Key.ToXmlString(false));
}
public void ValiderKvitteringSignatur()
{
// Signaturer i //difi elementer har kontekst av standard business document. Kjører derfor valideringen på et subset av originaldokumentet.
var standardBusinessDocument =
responseDocument.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", nsMgr);
if (standardBusinessDocument == null)
{
return;
}
XmlDocument sbd = new XmlDocument();
sbd.LoadXml(standardBusinessDocument.OuterXml);
var signed = new SignedXmlWithAgnosticId(sbd);
var signatureNode = (XmlElement)sbd.SelectSingleNode("//ds:Signature", nsMgr);
ValiderSignaturOgSertifikat(signed, signatureNode, "./ds:KeyInfo/ds:X509Data/ds:X509Certificate");
}
public override void AddSignatureElement()
{
SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env");
//Body
{
var bodyReference = new Sha256Reference("#" + Settings.GuidHandler.BodyId);
bodyReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(bodyReference);
}
//TimestampElement
{
var timestampReference = new Sha256Reference("#" + Settings.GuidHandler.TimestampId);
timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env"));
signed.AddReference(timestampReference);
}
//EbMessaging
{
var ebMessagingReference = new Sha256Reference("#" + Settings.GuidHandler.EbMessagingId);
ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(ebMessagingReference);
}
//Partinfo/Dokumentpakke
{
var partInfoReference = new Sha256Reference(Settings.AsicEArkiv.Bytes)
{
Uri = $"cid:{Settings.GuidHandler.DokumentpakkeId}"
};
partInfoReference.AddTransform(new AttachmentContentSignatureTransform());
signed.AddReference(partInfoReference);
}
signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidHandler.BinarySecurityTokenId));
signed.ComputeSignature();
Security.AppendChild(Context.ImportNode(signed.GetXml(), true));
}
public override void AddSignatureElement()
{
SignedXml signed = new SignedXmlWithAgnosticId(Context, Settings.Databehandler.Sertifikat, "env");
//Body
{
var bodyReference = new Sha256Reference("#" + Settings.GuidHandler.BodyId);
bodyReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(bodyReference);
}
//TimestampElement
{
var timestampReference = new Sha256Reference("#" + Settings.GuidHandler.TimestampId);
timestampReference.AddTransform(new XmlDsigExcC14NTransform("wsse env"));
signed.AddReference(timestampReference);
}
//EbMessaging
{
var ebMessagingReference = new Sha256Reference("#" + Settings.GuidHandler.EbMessagingId);
ebMessagingReference.AddTransform(new XmlDsigExcC14NTransform());
signed.AddReference(ebMessagingReference);
}
//Partinfo/Dokumentpakke
{
var partInfoReference = new Sha256Reference(Settings.AsicEArkiv.Bytes);
partInfoReference.Uri = String.Format("cid:{0}", Settings.GuidHandler.DokumentpakkeId);
partInfoReference.AddTransform(new AttachmentContentSignatureTransform());
signed.AddReference(partInfoReference);
}
signed.KeyInfo.AddClause(new SecurityTokenReferenceClause("#" + Settings.GuidHandler.BinarySecurityTokenId));
signed.ComputeSignature();
Security.AppendChild(Context.ImportNode(signed.GetXml(), true));
}
/// <summary>
/// Sjekker at soap envelopen inneholder timestamp, body og messaging element med korrekt id og referanser i security signaturen.
/// </summary>
private void ValiderInnhold(XmlElement signature, SignedXmlWithAgnosticId signedXml)
{
string[] requiredSignatureElements = { "/env:Envelope/env:Header/wsse:Security/wsu:Timestamp", "/env:Envelope/env:Body", "/env:Envelope/env:Header/eb:Messaging" };
foreach (var elementXPath in requiredSignatureElements)
{
// Sørg for at svar inneholde påkrevede noder.
var nodes = responseDocument.SelectNodes(elementXPath, nsMgr);
if (nodes == null || nodes.Count == 0)
{
throw new Exception(string.Format("Kan ikke finne påkrevet element '{0}' i svar fra meldingsformidler.", elementXPath));
}
if (nodes.Count > 1)
{
throw new Exception(string.Format("Påkrevet element '{0}' kan kun forekomme én gang i svar fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, nodes.Count));
}
// Sørg for at det finnes en refereanse til node i signatur element
var elementId = nodes[0].Attributes["wsu:Id"].Value;
var references = signature.SelectNodes(string.Format("./ds:SignedInfo/ds:Reference[@URI='#{0}']", elementId), nsMgr);
if (references == null || references.Count == 0)
{
throw new Exception(string.Format("Kan ikke finne påkrevet refereanse til element '{0}' i signatur fra meldingsformidler.", elementXPath));
}
if (references.Count > 1)
{
throw new Exception(string.Format("Påkrevet refereanse til element '{0}' kan kun forekomme én gang i signatur fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, references.Count));
}
// Sørg for at Id node matcher
var targetNode = signedXml.GetIdElement(responseDocument, elementId);
if (targetNode != nodes[0])
{
throw new Exception(string.Format("Signaturreferansen med id '{0}' må refererer til node med sti '{1}'", elementId, elementXPath));
}
}
}
private SignedXml Signaturnode()
{
var signedXml = new SignedXmlWithAgnosticId(_xml, _sertifikat);
signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
signedXml.Signature.Id = "Signature";
return signedXml;
}
private void ValiderSignaturOgSertifikat(SignedXmlWithAgnosticId signed, XmlElement signatureNode, string path)
{
var certificate = new X509Certificate2(Convert.FromBase64String(signatureNode.SelectSingleNode(path, nsMgr).InnerText));
ErKvalifisertMellomliggendeSertifikat(certificate);
signed.LoadXml(signatureNode);
AsymmetricAlgorithm key = null;
if (!signed.CheckSignatureReturningKey(out key))
throw new Exception("Signaturen i motatt svar er ikke gyldig.");
if (key.ToXmlString(false) != certificate.PublicKey.Key.ToXmlString(false))
throw new Exception(string.Format("Sertifikatet som er benyttet for å validere signaturen er ikke det samme som er spesifisert i {0} elementet.", path));
}
public void ValiderKvitteringSignatur()
{
// Signaturer i //difi elementer har kontekst av standard business document. Kjører derfor valideringen på et subset av originaldokumentet.
var standardBusinessDocument =
responseDocument.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", nsMgr);
if (standardBusinessDocument == null)
return;
XmlDocument sbd = new XmlDocument();
sbd.LoadXml(standardBusinessDocument.OuterXml);
var signed = new SignedXmlWithAgnosticId(sbd);
var signatureNode = (XmlElement)sbd.SelectSingleNode("//ds:Signature", nsMgr);
ValiderSignaturOgSertifikat(signed, signatureNode, "./ds:KeyInfo/ds:X509Data/ds:X509Certificate");
}
private void ValidateReceiptSignature()
{
var standardBusinessDocumentNode =
ResponseMessage.SelectSingleNode("/env:Envelope/env:Body/sbd:StandardBusinessDocument", _nsMgr);
if (standardBusinessDocumentNode != null)
{
var standardBusinessDocument = XmlNodeToXmlDocument(standardBusinessDocumentNode);
_signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(standardBusinessDocument);
_signatureNode = (XmlElement) standardBusinessDocument.SelectSingleNode("//ds:Signature", _nsMgr);
ValidateSignatureAndCertificate("./ds:KeyInfo/ds:X509Data/ds:X509Certificate");
}
else
{
throw new SdpSecurityException("Fant ikke StandardBusinessDocument-node. Prøvde du å validere en transportkvittering?");
}
}
/// <summary>
/// Sjekker at soap envelopen inneholder timestamp, body og messaging element med korrekt id og referanser i security signaturen.
/// </summary>
private void ValiderInnhold(XmlElement signature, SignedXmlWithAgnosticId signedXml)
{
string[] requiredSignatureElements = { "/env:Envelope/env:Header/wsse:Security/wsu:Timestamp", "/env:Envelope/env:Body", "/env:Envelope/env:Header/eb:Messaging" };
foreach (var elementXPath in requiredSignatureElements)
{
// Sørg for at svar inneholde påkrevede noder.
var nodes = responseDocument.SelectNodes(elementXPath, nsMgr);
if (nodes == null || nodes.Count == 0)
throw new Exception(string.Format("Kan ikke finne påkrevet element '{0}' i svar fra meldingsformidler.", elementXPath));
if (nodes.Count > 1)
throw new Exception(string.Format("Påkrevet element '{0}' kan kun forekomme én gang i svar fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, nodes.Count));
// Sørg for at det finnes en refereanse til node i signatur element
var elementId = nodes[0].Attributes["wsu:Id"].Value;
var references = signature.SelectNodes(string.Format("./ds:SignedInfo/ds:Reference[@URI='#{0}']", elementId), nsMgr);
if (references == null || references.Count == 0)
throw new Exception(string.Format("Kan ikke finne påkrevet refereanse til element '{0}' i signatur fra meldingsformidler.", elementXPath));
if (references.Count > 1)
throw new Exception(string.Format("Påkrevet refereanse til element '{0}' kan kun forekomme én gang i signatur fra meldingsformidler. Ble funnet {1} ganger.", elementXPath, references.Count));
// Sørg for at Id node matcher
var targetNode = signedXml.GetIdElement(responseDocument, elementId);
if (targetNode != nodes[0])
throw new Exception(string.Format("Signaturreferansen med id '{0}' må refererer til node med sti '{1}'", elementId, elementXPath));
}
}
/// <summary>
/// Validerer signaturen i soap headeren for motatt dokument.
/// </summary>
public void ValiderHeaderSignatur()
{
XmlNode responseRot = responseDocument.DocumentElement;
var signatureNode = (XmlElement)responseRot.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature", nsMgr);
var signed = new SignedXmlWithAgnosticId(responseDocument);
ValiderInnhold(signatureNode, signed);
ValiderSignaturOgSertifikat(signed, signatureNode, "/env:Envelope/env:Header/wsse:Security/wsse:BinarySecurityToken");
}
private void AddHeaderSignatureNodeToSignedXmlWithAgnosticId(XmlDocument kildeXmlDokument, SignedXmlWithAgnosticId signedXmlWithAgnosticId)
{
var headerSignatureNode = (XmlElement)kildeXmlDokument.DocumentElement.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/ds:Signature",
GetNamespaceManager(kildeXmlDokument));
signedXmlWithAgnosticId.LoadXml(headerSignatureNode);
}
private void AddBodySignatureNodeToSignedXmlWithAgnosticId(XmlDocument kildeXmlDokument, SignedXmlWithAgnosticId signedXmlWithAgnosticId)
{
var standardBusinessDocumentNode = (XmlElement)kildeXmlDokument.SelectSingleNode("//ds:Signature", GetNamespaceManager(kildeXmlDokument));
signedXmlWithAgnosticId.LoadXml(standardBusinessDocumentNode);
}
private object GetPublicKey(SignedXmlWithAgnosticId signedXmlWithAgnosticId)
{
return(typeof(SignedXmlWithAgnosticId).GetMethod("GetPublicKey", BindingFlags.Instance | BindingFlags.NonPublic)
.Invoke(signedXmlWithAgnosticId, null));
}