public void DigestValue_LF () { XmlDocument doc = CreateSomeXml ("\n"); XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform (); transform.LoadInput (doc); Stream s = (Stream) transform.GetOutput (); string output = Stream2String (s); Assert.AreEqual ("<person>\n <birthplace>Brussels</birthplace>\n</person>", output, "#1"); s.Position = 0; HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider"); byte[] digest = hash.ComputeHash (s); Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2"); X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono"); SignedXml signedXml = new SignedXml (doc); signedXml.SigningKey = cert.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; Reference reference = new Reference (); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform (); reference.AddTransform (env); signedXml.AddReference (reference); KeyInfo keyInfo = new KeyInfo (); KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data (); x509KeyInfo.AddCertificate (new X509Certificate2 (_cert)); x509KeyInfo.AddCertificate (cert); keyInfo.AddClause (x509KeyInfo); signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature (); digest = reference.DigestValue; Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3"); Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" + "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" + "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" + "<Reference URI=\"\">" + "<Transforms>" + "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" + "</Transforms>" + "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" + "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>" + "</Reference>" + "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4"); }
// creates a signed XML document with two certificates in the X509Data // element, with the second being the one that should be used to verify // the signature static XmlDocument CreateSignedXml (X509Certificate2 cert, string canonicalizationMethod, string lineFeed) { XmlDocument doc = CreateSomeXml (lineFeed); SignedXml signedXml = new SignedXml (doc); signedXml.SigningKey = cert.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod; Reference reference = new Reference (); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform (); reference.AddTransform (env); signedXml.AddReference (reference); KeyInfo keyInfo = new KeyInfo (); KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data (); x509KeyInfo.AddCertificate (new X509Certificate2 (_cert)); x509KeyInfo.AddCertificate (cert); keyInfo.AddClause (x509KeyInfo); signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature (); XmlElement xmlDigitalSignature = signedXml.GetXml (); doc.DocumentElement.AppendChild (doc.ImportNode (xmlDigitalSignature, true)); return doc; }
public void AddCertificate_Null () { KeyInfoX509Data data = new KeyInfoX509Data (); data.AddCertificate (null); }
public void Complex () { KeyInfoX509Data data1 = new KeyInfoX509Data (cert); KeyInfoX509Data data2 = new KeyInfoX509Data (); XmlElement xel = data1.GetXml (); data2.LoadXml (xel); Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2"); byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData(); AssertCrypto.AssertEquals ("Certificate[0]", cert, c); // add a second X.509 certificate X509Certificate x509 = new X509Certificate (cert2); data1.AddCertificate (x509); xel = data1.GetXml (); data2.LoadXml (xel); Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2"); c = (data1.Certificates [1] as X509Certificate).GetRawCertData(); Assert.AreEqual (cert2, c, "Certificate[1]"); // add properties from a third X.509 certificate x509 = new X509Certificate (cert3); data1.AddIssuerSerial (x509.GetIssuerName (), x509.GetSerialNumberString ()); xel = data1.GetXml (); data2.LoadXml (xel); Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2"); // TODO: The type of IssuerSerial isn't documented // X509Certificate doesn't export SubjectKeyId so we must improvise byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE }; data1.AddSubjectKeyId (skid); xel = data1.GetXml (); data2.LoadXml (xel); Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2"); Assert.AreEqual (skid, (byte[])data1.SubjectKeyIds[0], "SubjectKeyId"); data1.AddSubjectName (x509.GetName ()); xel = data1.GetXml (); data2.LoadXml (xel); Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2"); string s = (string) data1.SubjectNames [0]; Assert.AreEqual (x509.GetName (), s, "SubjectName"); }
public void WriteContentsTo ( AddressingVersion addressingVersion, XmlDictionaryWriter writer) { if (writer == null) throw new ArgumentNullException ("writer"); #if NET_2_1 writer.WriteString (Uri.AbsoluteUri); #else if (addressingVersion == AddressingVersion.None) writer.WriteString (Uri.AbsoluteUri); else { writer.WriteStartElement ("Address", addressingVersion.Namespace); writer.WriteString (Uri.AbsoluteUri); writer.WriteEndElement (); if (Headers != null) foreach (AddressHeader ah in Headers) ah.WriteAddressHeader (writer); if (Identity == null) return; writer.WriteStartElement ("Identity", Constants.WsaIdentityUri); X509CertificateEndpointIdentity x509 = Identity as X509CertificateEndpointIdentity; if (x509 != null) { KeyInfo ki = new KeyInfo (); KeyInfoX509Data x = new KeyInfoX509Data (); foreach (X509Certificate2 cert in x509.Certificates) x.AddCertificate (cert); ki.AddClause (x); ki.GetXml ().WriteTo (writer); } else { DataContractSerializer ds = new DataContractSerializer (Identity.IdentityClaim.GetType ()); ds.WriteObject (writer, Identity.IdentityClaim); } writer.WriteEndElement (); } #endif }
void IXmlSerializable.WriteXml (XmlWriter writer) { if (writer == null) throw new ArgumentNullException ("writer"); writer.WriteStartElement ("Address", Constants.WsaNamespace); writer.WriteString (address.Uri.AbsoluteUri); writer.WriteEndElement (); if (address.Identity == null) return; if (address.Headers != null) foreach (AddressHeader ah in address.Headers) ah.WriteAddressHeader (writer); writer.WriteStartElement ("Identity", Constants.WsaIdentityUri); #if !NET_2_1 X509CertificateEndpointIdentity x509 = address.Identity as X509CertificateEndpointIdentity; if (x509 != null) { KeyInfo ki = new KeyInfo (); KeyInfoX509Data x = new KeyInfoX509Data (); foreach (X509Certificate2 cert in x509.Certificates) x.AddCertificate (cert); ki.AddClause (x); ki.GetXml ().WriteTo (writer); } else { DataContractSerializer ds = new DataContractSerializer (address.Identity.IdentityClaim.GetType ()); ds.WriteObject (writer, address.Identity.IdentityClaim); } #endif writer.WriteEndElement (); }
public void AddCertificate_Null_GetXml () { KeyInfoX509Data data = new KeyInfoX509Data (); data.AddCertificate (null); XmlElement empty = data.GetXml (); }
// Creates a KeyInfo from the supplied X.509 certificate private static KeyInfo CreateKeyInfo(X509Certificate2 x509Certificate) { KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data(); keyInfoX509Data.AddCertificate(x509Certificate); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(keyInfoX509Data); return keyInfo; }
private void AddCertificateInfoToSignature(XadesSignedXml xadesSignedXml, SignatureParameters parameters) { var key = parameters.SigningCertificate.GetPublicKey(); if (key is RsaKeyParameters) { RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(); RSAParameters RSAKeyInfo = new RSAParameters(); //Set RSAKeyInfo to the public key values. RSAKeyInfo.Modulus = ((RsaKeyParameters)key).Modulus.ToByteArray(); RSAKeyInfo.Exponent = ((RsaKeyParameters)key).Exponent.ToByteArray(); rsaKey.ImportParameters(RSAKeyInfo); xadesSignedXml.SigningKey = rsaKey; KeyInfo keyInfo = new KeyInfo(); // ETSI TS 103 171 V2.1.1 // 6.2.1 Placement of the signing certificate // "b) In order to facilitate path-building, generators should include in the same ds:KeyInfo/X509Data element as // in note a) all certificates not available to verifiers that can be used during path building." //keyInfo.AddClause(new KeyInfoX509Data(this.certificate)); { KeyInfoX509Data x509Data = new KeyInfoX509Data(); foreach (X509Certificate cert in parameters.CertificateChain) { x509Data.AddCertificate(DotNetUtilities.ToX509Certificate2(cert)); //TODO jbonilla validar más de uno? //break; } keyInfo.AddClause(x509Data); } keyInfo.AddClause(new RSAKeyValue(rsaKey)); xadesSignedXml.KeyInfo = keyInfo; } else { throw new ArgumentException("Only allowed RsaKeyParameters", "key"); } }