public void Add(Transform transform) { if (transform != null) { this.m_transforms.Add(transform); } }
/// <remarks>Sólo se implementan las transformadas de canonicalización</remarks> private Stream SignedInfoTransformed() { System.Security.Cryptography.Xml.Transform t = null; switch (signature.SignedInfo.CanonicalizationMethod) { case XmlSignatureConstants.XmlDsigC14NTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigC14NTransform(); break; case XmlSignatureConstants.XmlDsigC14NWithCommentsTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigC14NWithCommentsTransform(); break; case XmlSignatureConstants.XmlDsigExcC14NTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigExcC14NTransform(signature.SignedInfo.InclusiveNamespaces); break; case XmlSignatureConstants.XmlDsigExcC14NWithCommentsTransformUrl: t = new System.Security.Cryptography.Xml.XmlDsigExcC14NWithCommentsTransform(); break; default: t = null; break; } if (t == null) { return(null); } XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; XmlElement signatureNode = (XmlElement)envdoc.SelectSingleNode("//*[@Id='" + signature.Id + "']"); if (signatureNode != null) { XmlNamespaceManager xmlnsManager = new XmlNamespaceManager(envdoc.NameTable); xmlnsManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); XmlNode signedInfoNode = signatureNode.SelectSingleNode("ds:SignedInfo", xmlnsManager); doc.LoadXml(signedInfoNode.OuterXml); } else { doc.LoadXml(signature.SignedInfo.GetXml().OuterXml); } var namespaces = GetAllNamespaces(signatureNode); foreach (var item in namespaces) { AddNameSpace(doc, doc.DocumentElement, item.Name, item.Value); } return(ApplyTransform(t, doc)); }
public void AddTransform(Transform transform) { if (transform == null) { throw new ArgumentNullException("transform"); } transform.Reference = this; this.TransformChain.Add(transform); }
private Stream ApplyTransform(System.Security.Cryptography.Xml.Transform t, XmlDocument doc) { byte[] buffer = System.Text.Encoding.UTF8.GetBytes(doc.OuterXml); using (MemoryStream ms = new MemoryStream(buffer)) { t.LoadInput(ms); return((MemoryStream)t.GetOutput(typeof(Stream))); } }
public static byte[] ApplyTransform(XmlElement element, System.Security.Cryptography.Xml.Transform transform) { byte[] bytes = Encoding.UTF8.GetBytes(element.OuterXml); using (MemoryStream obj = new MemoryStream(bytes)) { transform.LoadInput(obj); using (MemoryStream memoryStream = (MemoryStream)transform.GetOutput(typeof(Stream))) { return(memoryStream.ToArray()); } } }
internal static void LogBeginCanonicalization(SignedXml signedXml, Transform canonicalizationTransform) { if (InformationLoggingEnabled) { string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_BeginCanonicalization"), new object[] { canonicalizationTransform.Algorithm, canonicalizationTransform.GetType().Name }); WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.BeginCanonicalization, data); } if (VerboseLoggingEnabled) { string str2 = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_CanonicalizationSettings"), new object[] { canonicalizationTransform.Resolver.GetType(), canonicalizationTransform.BaseURI }); WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.BeginCanonicalization, str2); } }
private Stream ApplyTransform(System.Security.Cryptography.Xml.Transform t, Stream s) { try { t.LoadInput(s); s = (Stream)t.GetOutput(); } catch (Exception e) { string temp = e.ToString(); } return(s); }
/// <summary> /// Obtiene el valor canonicalizado de los elementos especificados en elementXpaths /// </summary> /// <param name="xadesSignedXml"></param> /// <param name="elementXpaths"></param> /// <returns></returns> public static byte[] ComputeValueOfElementList(XadesSignedXml xadesSignedXml, ArrayList elementXpaths, System.Security.Cryptography.Xml.Transform transform) { XmlDocument xmlDocument; XmlNamespaceManager xmlNamespaceManager; XmlNodeList searchXmlNodeList; var signatureXmlElement = xadesSignedXml.GetSignatureElement(); var namespaces = xadesSignedXml.GetAllNamespaces(signatureXmlElement); xmlDocument = signatureXmlElement.OwnerDocument; xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable); xmlNamespaceManager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); xmlNamespaceManager.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri); using (MemoryStream msResult = new MemoryStream()) { foreach (string elementXpath in elementXpaths) { searchXmlNodeList = signatureXmlElement.SelectNodes(elementXpath, xmlNamespaceManager); if (searchXmlNodeList.Count == 0) { throw new CryptographicException("Element " + elementXpath + " not found while calculating hash"); } foreach (XmlNode xmlNode in searchXmlNodeList) { XmlElement clonedElement = (XmlElement)xmlNode.Clone(); clonedElement.SetAttribute("xmlns:" + XadesSignedXml.XmlDSigPrefix, XadesSignedXml.XmlDsigNamespaceUrl); foreach (var attr in namespaces) { clonedElement.SetAttribute(attr.Name, attr.Value); } byte[] canonicalizedElement = ApplyTransform(clonedElement, transform); msResult.Write(canonicalizedElement, 0, canonicalizedElement.Length); } } return(msResult.ToArray()); } }
private Stream ApplyTransform (Transform t, XmlDocument input) { // These transformer modify input document, which should // not affect to the input itself. if (t is XmlDsigXPathTransform || t is XmlDsigEnvelopedSignatureTransform || t is XmlDecryptionTransform ) input = (XmlDocument) input.Clone (); t.LoadInput (input); if (t is XmlDsigEnvelopedSignatureTransform) // It returns XmlDocument for XmlDocument input. return CanonicalizeOutput (t.GetOutput ()); object obj = t.GetOutput (); if (obj is Stream) return (Stream) obj; else if (obj is XmlDocument) { MemoryStream ms = new MemoryStream (); XmlTextWriter xtw = new XmlTextWriter (ms, Encoding.UTF8); ((XmlDocument) obj).WriteTo (xtw); xtw.Flush (); // Rewind to the start of the stream ms.Position = 0; return ms; } else if (obj == null) { throw new NotImplementedException ("This should not occur. Transform is " + t + "."); } else { // e.g. XmlDsigXPathTransform returns XmlNodeList return CanonicalizeOutput (obj); } }
public void AddTransform (Transform transform) { chain.Add (transform); }
/// <summary> /// Log the canonicalized data /// </summary> /// <param name="signedXml">SignedXml object doing the signing or verification</param> /// <param name="canonicalizationTransform">transform canonicalizing the input</param> internal static void LogCanonicalizedOutput(SignedXml signedXml, Transform canonicalizationTransform) { Debug.Assert(signedXml != null, "signedXml != null"); Debug.Assert(canonicalizationTransform != null, "canonicalizationTransform != null"); if (VerboseLoggingEnabled) { using (StreamReader reader = new StreamReader(canonicalizationTransform.GetOutput(typeof(Stream)) as Stream)) { string logMessage = String.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_CanonicalizedOutput"), reader.ReadToEnd()); WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.CanonicalizedData, logMessage); } } }
/// <summary> /// Log that canonicalization has begun on input data /// </summary> /// <param name="signedXml">SignedXml object doing the signing or verification</param> /// <param name="canonicalizationTransform">transform canonicalizing the input</param> internal static void LogBeginCanonicalization(SignedXml signedXml, Transform canonicalizationTransform) { Debug.Assert(signedXml != null, "signedXml != null"); Debug.Assert(canonicalizationTransform != null, "canonicalizationTransform != null"); if (InformationLoggingEnabled) { string logMessage = String.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_BeginCanonicalization"), canonicalizationTransform.Algorithm, canonicalizationTransform.GetType().Name); WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.BeginCanonicalization, logMessage); } if (VerboseLoggingEnabled) { string canonicalizationSettings = String.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_CanonicalizationSettings"), canonicalizationTransform.Resolver.GetType(), canonicalizationTransform.BaseURI); WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.BeginCanonicalization, canonicalizationSettings); } }
private static Stream TransformXml(Transform xForm, Object source) { (new PermissionSet(PermissionState.Unrestricted)).Assert(); // Blessed try { // transform xForm.LoadInput(source); } finally { PermissionSet.RevertAssert(); } return (Stream)xForm.GetOutput(); }
public void LoadXml(XmlElement value) { if (value == null) { throw new ArgumentNullException("value"); } XmlElement element = value; if (!element.LocalName.Equals("SignedInfo")) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo"); } XmlNamespaceManager nsmgr = new XmlNamespaceManager(value.OwnerDocument.NameTable); nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); this.m_id = System.Security.Cryptography.Xml.Utils.GetAttribute(element, "Id", "http://www.w3.org/2000/09/xmldsig#"); XmlElement element2 = element.SelectSingleNode("ds:CanonicalizationMethod", nsmgr) as XmlElement; if (element2 == null) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/CanonicalizationMethod"); } this.m_canonicalizationMethod = System.Security.Cryptography.Xml.Utils.GetAttribute(element2, "Algorithm", "http://www.w3.org/2000/09/xmldsig#"); this.m_canonicalizationMethodTransform = null; if (element2.ChildNodes.Count > 0) { this.CanonicalizationMethodObject.LoadInnerXml(element2.ChildNodes); } XmlElement element3 = element.SelectSingleNode("ds:SignatureMethod", nsmgr) as XmlElement; if (element3 == null) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo/SignatureMethod"); } this.m_signatureMethod = System.Security.Cryptography.Xml.Utils.GetAttribute(element3, "Algorithm", "http://www.w3.org/2000/09/xmldsig#"); XmlElement element4 = element3.SelectSingleNode("ds:HMACOutputLength", nsmgr) as XmlElement; if (element4 != null) { this.m_signatureLength = element4.InnerXml; } this.m_references.Clear(); XmlNodeList list = element.SelectNodes("ds:Reference", nsmgr); if (list != null) { foreach (XmlNode node in list) { XmlElement element5 = node as XmlElement; Reference reference = new Reference(); this.AddReference(reference); reference.LoadXml(element5); } } this.m_cachedXml = element; }
internal static void LogCanonicalizedOutput(SignedXml signedXml, Transform canonicalizationTransform) { if (VerboseLoggingEnabled) { using (StreamReader reader = new StreamReader(canonicalizationTransform.GetOutput(typeof(Stream)) as Stream)) { string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_CanonicalizedOutput"), new object[] { reader.ReadToEnd() }); WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.CanonicalizedData, data); } } }
public void AddTransform(Transform transform) { this.TransformChain.Add(transform); }
public ValidationResult Validate(SignatureDocument sigDocument) { /* Los elementos que se validan son: * * 1. Las huellas de las referencias de la firma. * 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado. * 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo. * * La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto. */ ValidationResult result = new ValidationResult(); try { // Verifica las huellas de las referencias y la firma sigDocument.XadesSignature.CheckXmldsigSignature(); } catch (Exception ex) { result.IsValid = false; result.Message = "La verificación de la firma no ha sido satisfactoria"; return(result); } if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { // Se comprueba el sello de tiempo TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0]; TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData)); byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest(); //TODO: Verificare // Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.ObjectID.Id); Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id); System.Security.Cryptography.Xml.Transform transform = null; if (timeStamp.CanonicalizationMethod != null) { transform = CryptoConfig.CreateFromName(timeStamp.CanonicalizationMethod.Algorithm) as System.Security.Cryptography.Xml.Transform; } else { transform = new XmlDsigC14NTransform(); } ArrayList signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:SignatureValue"); byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths, transform), tsDigestMethod); if (!Arrays.AreEqual(tsHashValue, signatureValueHash)) { result.IsValid = false; result.Message = "La huella del sello de tiempo no se corresponde con la calculada"; return(result); } } result.IsValid = true; result.Message = "Verificación de la firma satisfactoria"; return(result); }
string SignWithHMACSHA1 (string input, byte [] key, Transform transform) { XmlDocument doc = new XmlDocument (); doc.LoadXml (input); SignedXml sxml = new SignedXml (doc); HMACSHA1 keyhash = new HMACSHA1 (key); DataObject d = new DataObject (); //d.Data = doc.SelectNodes ("//*[local-name()='Body']/*"); d.Data = doc.SelectNodes ("//*[local-name()='Action']"); d.Id = "_1"; sxml.AddObject (d); Reference r = new Reference ("#_1"); r.AddTransform (transform); r.DigestMethod = SignedXml.XmlDsigSHA1Url; sxml.SignedInfo.AddReference (r); sxml.ComputeSignature (keyhash); StringWriter sw = new StringWriter (); XmlWriter w = new XmlTextWriter (sw); sxml.GetXml ().WriteTo (w); w.Close (); return sw.ToString (); }
public void LoadXml(XmlElement value) { if (value == null) throw new ArgumentNullException("value"); // SignedInfo XmlElement signedInfoElement = value; if (!signedInfoElement.LocalName.Equals("SignedInfo")) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "SignedInfo"); XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable); nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); // Id attribute -- optional m_id = Utils.GetAttribute(signedInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl); // CanonicalizationMethod -- must be present XmlElement canonicalizationMethodElement = signedInfoElement.SelectSingleNode("ds:CanonicalizationMethod", nsm) as XmlElement; if (canonicalizationMethodElement == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/CanonicalizationMethod"); m_canonicalizationMethod = Utils.GetAttribute(canonicalizationMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl); m_canonicalizationMethodTransform = null; if (canonicalizationMethodElement.ChildNodes.Count > 0) this.CanonicalizationMethodObject.LoadInnerXml(canonicalizationMethodElement.ChildNodes); // SignatureMethod -- must be present XmlElement signatureMethodElement = signedInfoElement.SelectSingleNode("ds:SignatureMethod", nsm) as XmlElement; if (signatureMethodElement == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"),"SignedInfo/SignatureMethod"); m_signatureMethod = Utils.GetAttribute(signatureMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl); // Now get the output length if we are using a MAC algorithm XmlElement signatureLengthElement = signatureMethodElement.SelectSingleNode("ds:HMACOutputLength", nsm) as XmlElement; if (signatureLengthElement != null) m_signatureLength = signatureLengthElement.InnerXml; // flush out any reference that was there m_references.Clear(); XmlNodeList referenceNodes = signedInfoElement.SelectNodes("ds:Reference", nsm); if (referenceNodes != null) { foreach(XmlNode node in referenceNodes) { XmlElement referenceElement = node as XmlElement; Reference reference = new Reference(); AddReference(reference); reference.LoadXml(referenceElement); } } // Save away the cached value m_cachedXml = signedInfoElement; }