示例#1
0
        private static void SignElement(string absoluteCertFilePath, string password, object element)
        {
            TElXMLSigner          Signer;
            TElXAdESSigner        XAdESSigner = null;
            TElXMLKeyInfoRSAData  RSAKeyData  = null;
            TElXMLKeyInfoX509Data X509KeyData = null;
            TElXMLKeyInfoPGPData  PGPKeyData  = null;
            FileStream            F;
            TElXMLDOMNode         SigNode;

            TElXMLReferenceList Refs = new TElXMLReferenceList();
            TElXMLReference     Ref  = new TElXMLReference();

            Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
            if ((TElXMLDOMNode)element is TElXMLDOMDocument)
            {
                Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
                Ref.URI     = "";
            }
            else
            if ((TElXMLDOMNode)element is TElXMLDOMElement)
            {
                Ref.URINode = (TElXMLDOMNode)element;
                TElXMLDOMElement El = (TElXMLDOMElement)element;
                if (El.GetAttribute("ID") != "")
                {
                    Ref.URI = "#" + El.GetAttribute("ID");
                }
                else
                if (El.ParentNode is TElXMLDOMDocument)
                {
                    Ref.URI = "";
                }
                else
                {
                    El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                    Ref.URI = "#" + El.GetAttribute("Id");
                }
            }
            else
            {
                Ref.URINode = (TElXMLDOMNode)element;
                Ref.URI     = ((TElXMLDOMNode)element).LocalName;
            }

            Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
            Ref.TransformChain.Add(new TElXMLC14NTransform());
            Refs.Add(Ref);

            Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
            try
            {
                Signer.SignatureType          = SBXMLSec.Unit.xstEnveloped;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
                Signer.SignatureMethodType    = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod        = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod  = SBXMLSec.Unit.xmmHMAC_MD5;
                Signer.References = Refs;
                Signer.KeyName    = String.Empty;
                Signer.IncludeKey = false;

                Signer.OnFormatElement += FormatElement;
                Signer.OnFormatText    += FormatText;

                if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
                {
                    TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
                    El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                    Ref.URI = "#" + El.GetAttribute("Id");
                }


                RSAKeyData = new TElXMLKeyInfoRSAData(true);
                RSAKeyData.RSAKeyMaterial.Passphrase = password;
                X509KeyData = new TElXMLKeyInfoX509Data(true);
                PGPKeyData  = new TElXMLKeyInfoPGPData(true);

                F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);

                try
                {
                    // trying to load file as RSA key material
                    RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
                }
                catch { }

                if (!RSAKeyData.RSAKeyMaterial.SecretKey)
                {
                    // trying to load file as Certificate
                    F.Position = 0;
                    LoadCertificate(F, password, X509KeyData);
                }

                if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
                    (X509KeyData.Certificate == null))
                {
                    // trying to load file as PGP key
                    F.Position                      = 0;
                    PGPKeyData.SecretKey            = new TElPGPSecretKey();
                    PGPKeyData.SecretKey.Passphrase = password;
                    try
                    {
                        ((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
                    }
                    catch
                    {
                        PGPKeyData.SecretKey = null;
                    }
                }

                F.Close();

                if (RSAKeyData.RSAKeyMaterial.SecretKey)
                {
                    Signer.KeyData = RSAKeyData;
                }
                else if (X509KeyData.Certificate != null)
                {
                    if (!X509KeyData.Certificate.PrivateKeyExists)
                    {
                        throw new Exception("The selected certificate doesn''t contain a private key");
                    }

                    Signer.KeyData = X509KeyData;
                }
                else if (PGPKeyData.SecretKey != null)
                {
                    Signer.KeyData = PGPKeyData;
                }

                Signer.UpdateReferencesDigest();

                Signer.GenerateSignature();

                SigNode = (TElXMLDOMNode)element;
                if (SigNode is TElXMLDOMDocument)
                {
                    SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;
                }

                try
                {
                    // If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
                    // If the signature type is enveloped, the signature is placed as a child of the passed node.
                    Signer.Save(ref SigNode);
                }
                catch (Exception E)
                {
                    throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
                }
            }
            finally
            {
                Signer.Dispose();
                if (XAdESSigner != null)
                {
                    XAdESSigner.Dispose();
                }
                if (X509KeyData != null)
                {
                    X509KeyData.Dispose();
                }
                if (PGPKeyData != null)
                {
                    PGPKeyData.Dispose();
                }
            }
        }
示例#2
0
        private static void SignElement(string absoluteCertFilePath, string password, object element)
        {
            TElXMLSigner Signer;
            TElXAdESSigner XAdESSigner = null;
            TElXMLKeyInfoRSAData RSAKeyData = null;
            TElXMLKeyInfoX509Data X509KeyData = null;
            TElXMLKeyInfoPGPData PGPKeyData = null;
            FileStream F;
            TElXMLDOMNode SigNode;

            TElXMLReferenceList Refs = new TElXMLReferenceList();
            TElXMLReference Ref = new TElXMLReference();
            Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
            if ((TElXMLDOMNode)element is TElXMLDOMDocument)
            {
                Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
                Ref.URI = "";
            }
            else
                if ((TElXMLDOMNode)element is TElXMLDOMElement)
                {
                    Ref.URINode = (TElXMLDOMNode)element;
                    TElXMLDOMElement El = (TElXMLDOMElement)element;
                    if (El.GetAttribute("ID") != "")
                        Ref.URI = "#" + El.GetAttribute("ID");
                    else
                        if (El.ParentNode is TElXMLDOMDocument)
                            Ref.URI = "";
                        else
                        {
                            El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                            Ref.URI = "#" + El.GetAttribute("Id");
                        }
                }
                else
                {
                    Ref.URINode = (TElXMLDOMNode)element;
                    Ref.URI = ((TElXMLDOMNode)element).LocalName;
                }

            Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
            Ref.TransformChain.Add(new TElXMLC14NTransform());
            Refs.Add(Ref);

            Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
            try
            {
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5;
                Signer.References = Refs;
                Signer.KeyName = String.Empty;
                Signer.IncludeKey = false;

                Signer.OnFormatElement += FormatElement;
                Signer.OnFormatText += FormatText;

                if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
                {
                    TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
                    El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                    Ref.URI = "#" + El.GetAttribute("Id");
                }

                RSAKeyData = new TElXMLKeyInfoRSAData(true);
                RSAKeyData.RSAKeyMaterial.Passphrase = password;
                X509KeyData = new TElXMLKeyInfoX509Data(true);
                PGPKeyData = new TElXMLKeyInfoPGPData(true);

                F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);

                try
                {
                    // trying to load file as RSA key material
                    RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
                }
                catch { }

                if (!RSAKeyData.RSAKeyMaterial.SecretKey)
                {
                    // trying to load file as Certificate
                    F.Position = 0;
                    LoadCertificate(F, password, X509KeyData);
                }

                if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
                    (X509KeyData.Certificate == null))
                {
                    // trying to load file as PGP key
                    F.Position = 0;
                    PGPKeyData.SecretKey = new TElPGPSecretKey();
                    PGPKeyData.SecretKey.Passphrase = password;
                    try
                    {
                        ((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
                    }
                    catch
                    {
                        PGPKeyData.SecretKey = null;
                    }
                }

                F.Close();

                if (RSAKeyData.RSAKeyMaterial.SecretKey)
                    Signer.KeyData = RSAKeyData;
                else if (X509KeyData.Certificate != null)
                {
                    if (!X509KeyData.Certificate.PrivateKeyExists)
                        {
                        throw new Exception("The selected certificate doesn''t contain a private key");
                    }

                    Signer.KeyData = X509KeyData;
                }
                else if (PGPKeyData.SecretKey != null)
                {
                    Signer.KeyData = PGPKeyData;
                }

                Signer.UpdateReferencesDigest();

                Signer.GenerateSignature();

                SigNode = (TElXMLDOMNode)element;
                if (SigNode is TElXMLDOMDocument)
                    SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;

                try
                {
                    // If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
                    // If the signature type is enveloped, the signature is placed as a child of the passed node.
                    Signer.Save(ref SigNode);
                }
                catch (Exception E)
                {
                    throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
                }
            }
            finally
            {
                Signer.Dispose();
                if (XAdESSigner != null)
                    XAdESSigner.Dispose();
                if (X509KeyData != null)
                    X509KeyData.Dispose();
                if (PGPKeyData != null)
                    PGPKeyData.Dispose();
            }
        }
示例#3
0
        private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
        {
            //var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);

            TElXMLEncryptor            Encryptor;
            TElXMLKeyInfoSymmetricData SymKeyData;
            TElXMLKeyInfoRSAData       RSAKeyData;
            TElXMLKeyInfoX509Data      X509KeyData;
            TElXMLKeyInfoPGPData       PGPKeyData;
            FileStream    F;
            TElXMLDOMNode EncNode;

            Encryptor = new TElXMLEncryptor
            {
                EncryptKey         = true,
                EncryptionMethod   = 1,
                KeyName            = String.Empty,
                EncryptedDataType  = 0,
                KeyEncryptionType  = 0,
                KeyTransportMethod = 1,
                KeyWrapMethod      = 0
            };

            SymKeyData = new TElXMLKeyInfoSymmetricData(true);
            // generate random Key & IV
            SymKeyData.Key.Generate(32 * 8);
            SymKeyData.Key.GenerateIV(16 * 8);

            Encryptor.KeyData = SymKeyData;

            // xetKeyTransport
            RSAKeyData = new TElXMLKeyInfoRSAData(true);
            RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
            X509KeyData = new TElXMLKeyInfoX509Data(true);
            PGPKeyData  = new TElXMLKeyInfoPGPData(true);

            certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
            F           = new FileStream(certificate, FileMode.Open, FileAccess.Read);

            PGPKeyData.PublicKey = new TElPGPPublicKey();
            try
            {
                ((TElPGPPublicKey)PGPKeyData.PublicKey).LoadFromStream(F);
            }
            catch
            {
                PGPKeyData.PublicKey.Dispose();
                PGPKeyData.PublicKey = null;
            }

            F.Close();

            Encryptor.KeyEncryptionKeyData = PGPKeyData;

            //Encrypt Node
            Encryptor.Encrypt(nodeToEnrypt);
            // Save document
            EncNode = Encryptor.Save(FXMLDocument);

            //Replacing selected node with encrypted node
            var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");

            var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");

            nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
            encryptedAssertion.Attributes.Add(nsAttr);
            encryptedAssertion.AppendChild(EncNode);
            nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);

            Encryptor.Dispose();
            if (X509KeyData != null)
            {
                X509KeyData.Dispose();
            }
            if (PGPKeyData != null)
            {
                PGPKeyData.Dispose();
            }
        }
示例#4
0
        private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
        {
            //var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);

            TElXMLEncryptor Encryptor;
            TElXMLKeyInfoSymmetricData SymKeyData;
            TElXMLKeyInfoRSAData RSAKeyData;
            TElXMLKeyInfoX509Data X509KeyData;
            TElXMLKeyInfoPGPData PGPKeyData;
            FileStream F;
            TElXMLDOMNode EncNode;

            Encryptor = new TElXMLEncryptor
            {
                EncryptKey = true,
                EncryptionMethod = 1,
                KeyName = String.Empty,
                EncryptedDataType = 0,
                KeyEncryptionType = 0,
                KeyTransportMethod = 1,
                KeyWrapMethod = 0
            };

            SymKeyData = new TElXMLKeyInfoSymmetricData(true);
            // generate random Key & IV
            SymKeyData.Key.Generate(32 * 8);
            SymKeyData.Key.GenerateIV(16 * 8);

            Encryptor.KeyData = SymKeyData;

            // xetKeyTransport
            RSAKeyData = new TElXMLKeyInfoRSAData(true);
            RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
            X509KeyData = new TElXMLKeyInfoX509Data(true);
            PGPKeyData = new TElXMLKeyInfoPGPData(true);

            certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
            F = new FileStream(certificate, FileMode.Open, FileAccess.Read);

            PGPKeyData.PublicKey = new TElPGPPublicKey();
            try
            {
                ((TElPGPPublicKey) PGPKeyData.PublicKey).LoadFromStream(F);
            }
            catch
            {
                PGPKeyData.PublicKey.Dispose();
                PGPKeyData.PublicKey = null;
            }

            F.Close();

            Encryptor.KeyEncryptionKeyData = PGPKeyData;

            //Encrypt Node
            Encryptor.Encrypt(nodeToEnrypt);
            // Save document
            EncNode = Encryptor.Save(FXMLDocument);

            //Replacing selected node with encrypted node
            var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");

            var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");
            nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
            encryptedAssertion.Attributes.Add(nsAttr);
            encryptedAssertion.AppendChild(EncNode);
            nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);

            Encryptor.Dispose();
            if (X509KeyData != null)
                X509KeyData.Dispose();
            if (PGPKeyData != null)
                PGPKeyData.Dispose();
        }