2 // SignedXmlTest.cs - NUnit Test Cases for SignedXml
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2005, 2008 Novell, Inc (http://www.novell.com)
12 using System.Globalization;
14 using System.Security.Cryptography;
15 using System.Security.Cryptography.X509Certificates;
16 using System.Security.Cryptography.Xml;
20 using NUnit.Framework;
22 namespace MonoTests.System.Security.Cryptography.Xml {
24 public class SignedXmlEx : SignedXml {
26 // required to test protected GetPublicKey in SignedXml
27 public AsymmetricAlgorithm PublicGetPublicKey ()
29 return base.GetPublicKey ();
34 public class SignedXmlTest {
36 private const string signature = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>CTnnhjxUQHJmD+t1MjVXrOW+MCA=</DigestValue></Reference></SignedInfo><SignatureValue>dbFt6Zw3vR+Xh7LbM/vuifyFA7gPh/NlDM2Glz/SJBsveISieuTBpZlk/zavAeuXR/Nu0Ztt4OP4tCOg09a2RNlrTP0dhkeEfL1jTzpnVaLHuQbCiwOWCgbRif7Xt7N12FuiHYb3BltP/YyXS4E12NxlGlqnDiFA1v/mkK5+C1o=</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><RSAKeyValue><Modulus>hEfTJNa2idz2u+fSYDDG4Lx/xuk4aBbvOPVNqgc1l9Y8t7Pt+ZyF+kkF3uUl8Y0700BFGAsprnhwrWENK+PGdtvM5796ZKxCCa0ooKkofiT4355HqK26hpV8dvj38vq/rkJe1jHZgkTKa+c/0vjcYZOI/RT/IZv9JfXxVWLuLxk=</Modulus><Exponent>EQ==</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\" xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ObjectListTag xmlns=\"\" /></Object></Signature>";
39 public void StaticValues ()
41 Assert.AreEqual ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", SignedXml.XmlDsigCanonicalizationUrl, "XmlDsigCanonicalizationUrl");
42 Assert.AreEqual ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", SignedXml.XmlDsigCanonicalizationWithCommentsUrl, "XmlDsigCanonicalizationWithCommentsUrl");
43 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#dsa-sha1", SignedXml.XmlDsigDSAUrl, "XmlDsigDSAUrl");
44 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#hmac-sha1", SignedXml.XmlDsigHMACSHA1Url, "XmlDsigHMACSHA1Url");
45 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#minimal", SignedXml.XmlDsigMinimalCanonicalizationUrl, "XmlDsigMinimalCanonicalizationUrl");
46 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#", SignedXml.XmlDsigNamespaceUrl, "XmlDsigNamespaceUrl");
47 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#rsa-sha1", SignedXml.XmlDsigRSASHA1Url, "XmlDsigRSASHA1Url");
48 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#sha1", SignedXml.XmlDsigSHA1Url, "XmlDsigSHA1Url");
52 public void Constructor_Empty ()
54 XmlDocument doc = new XmlDocument ();
55 doc.LoadXml (signature);
56 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
57 XmlElement xel = (XmlElement) xnl [0];
59 SignedXml sx = new SignedXml (doc);
61 Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
65 public void Constructor_XmlDocument ()
67 XmlDocument doc = new XmlDocument ();
68 doc.LoadXml (signature);
69 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
70 XmlElement xel = (XmlElement) xnl [0];
72 SignedXml sx = new SignedXml (doc);
73 sx.LoadXml (doc.DocumentElement);
74 Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
78 [Ignore ("2.0 throws a NullReferenceException - reported as FDBK25892")]
79 // http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx?feedbackid=02dd9730-d1ad-4170-8c82-36858c55fbe2
80 [ExpectedException (typeof (ArgumentNullException))]
81 public void Constructor_XmlDocument_Null ()
83 XmlDocument doc = null;
84 SignedXml sx = new SignedXml (doc);
88 public void Constructor_XmlElement ()
90 XmlDocument doc = new XmlDocument ();
91 doc.LoadXml (signature);
92 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
93 XmlElement xel = (XmlElement) xnl [0];
95 SignedXml sx = new SignedXml (doc.DocumentElement);
97 Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
101 public void Constructor_XmlElement_WithoutLoadXml ()
103 XmlDocument doc = new XmlDocument ();
104 doc.LoadXml (signature);
105 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
106 XmlElement xel = (XmlElement) xnl [0];
108 SignedXml sx = new SignedXml (doc.DocumentElement);
109 Assert.IsTrue (!sx.CheckSignature (), "!CheckSignature");
110 // SignedXml (XmlElement) != SignedXml () + LoadXml (XmlElement)
114 [ExpectedException (typeof (ArgumentNullException))]
115 public void Constructor_XmlElement_Null ()
117 XmlElement xel = null;
118 SignedXml sx = new SignedXml (xel);
121 // sample from MSDN (url)
122 public SignedXml MSDNSample ()
124 // Create example data to sign.
125 XmlDocument document = new XmlDocument ();
126 XmlNode node = document.CreateNode (XmlNodeType.Element, "", "MyElement", "samples");
127 node.InnerText = "This is some text";
128 document.AppendChild (node);
130 // Create the SignedXml message.
131 SignedXml signedXml = new SignedXml ();
133 // Create a data object to hold the data to sign.
134 DataObject dataObject = new DataObject ();
135 dataObject.Data = document.ChildNodes;
136 dataObject.Id = "MyObjectId";
138 // Add the data object to the signature.
139 signedXml.AddObject (dataObject);
141 // Create a reference to be able to package everything into the
143 Reference reference = new Reference ();
144 reference.Uri = "#MyObjectId";
146 // Add it to the message.
147 signedXml.AddReference (reference);
153 [ExpectedException (typeof (CryptographicException))]
154 public void SignatureMethodMismatch ()
156 SignedXml signedXml = MSDNSample ();
158 RSA key = RSA.Create ();
159 signedXml.SigningKey = key;
160 signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigHMACSHA1Url;
163 KeyInfo keyInfo = new KeyInfo ();
164 keyInfo.AddClause (new RSAKeyValue (key));
165 signedXml.KeyInfo = keyInfo;
167 Assert.IsNotNull (signedXml.SignatureMethod, "SignatureMethod");
168 // Compute the signature - causes unsupported algorithm by the key.
169 signedXml.ComputeSignature ();
173 public void AsymmetricRSASignature ()
175 SignedXml signedXml = MSDNSample ();
177 RSA key = RSA.Create ();
178 signedXml.SigningKey = key;
181 KeyInfo keyInfo = new KeyInfo ();
182 keyInfo.AddClause (new RSAKeyValue (key));
183 signedXml.KeyInfo = keyInfo;
185 Assert.AreEqual (1, signedXml.KeyInfo.Count, "KeyInfo");
186 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
187 Assert.IsNull (signedXml.SignatureMethod, "SignatureMethod");
188 Assert.IsNull (signedXml.SignatureValue, "SignatureValue");
189 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
191 // Compute the signature.
192 signedXml.ComputeSignature ();
194 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
195 Assert.AreEqual (SignedXml.XmlDsigRSASHA1Url, signedXml.SignatureMethod, "SignatureMethod");
196 Assert.AreEqual (128, signedXml.SignatureValue.Length, "SignatureValue");
197 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
199 // Get the XML representation of the signature.
200 XmlElement xmlSignature = signedXml.GetXml ();
202 // LAMESPEC: we must reload the signature or it won't work
203 // MS framework throw a "malformed element"
204 SignedXml vrfy = new SignedXml ();
205 vrfy.LoadXml (xmlSignature);
207 // assert that we can verify our own signature
208 Assert.IsTrue (vrfy.CheckSignature (), "RSA-Compute/Verify");
211 // The same as MSDNSample(), but adding a few attributes
212 public SignedXml MSDNSampleMixedCaseAttributes ()
214 // Create example data to sign.
215 XmlDocument document = new XmlDocument ();
216 XmlNode node = document.CreateNode (XmlNodeType.Element, "", "MyElement", "samples");
217 node.InnerText = "This is some text";
218 XmlAttribute a1 = document.CreateAttribute ("Aa");
219 XmlAttribute a2 = document.CreateAttribute ("Bb");
220 XmlAttribute a3 = document.CreateAttribute ("aa");
221 XmlAttribute a4 = document.CreateAttribute ("bb");
226 node.Attributes.Append (a1);
227 node.Attributes.Append (a2);
228 node.Attributes.Append (a3);
229 node.Attributes.Append (a4);
230 document.AppendChild (node);
232 // Create the SignedXml message.
233 SignedXml signedXml = new SignedXml ();
235 // Create a data object to hold the data to sign.
236 DataObject dataObject = new DataObject ();
237 dataObject.Data = document.ChildNodes;
238 dataObject.Id = "MyObjectId";
240 // Add the data object to the signature.
241 signedXml.AddObject (dataObject);
243 // Create a reference to be able to package everything into the
245 Reference reference = new Reference ();
246 reference.Uri = "#MyObjectId";
248 // Add it to the message.
249 signedXml.AddReference (reference);
254 public string AsymmetricRSAMixedCaseAttributes ()
256 SignedXml signedXml = MSDNSampleMixedCaseAttributes ();
258 RSA key = RSA.Create ();
259 signedXml.SigningKey = key;
262 KeyInfo keyInfo = new KeyInfo ();
263 keyInfo.AddClause (new RSAKeyValue (key));
264 signedXml.KeyInfo = keyInfo;
266 // Compute the signature.
267 signedXml.ComputeSignature ();
269 // Get the XML representation of the signature.
270 XmlElement xmlSignature = signedXml.GetXml ();
272 StringWriter sw = new StringWriter ();
273 XmlWriter w = new XmlTextWriter (sw);
274 xmlSignature.WriteTo (w);
275 return sw.ToString ();
278 // Example output from Windows for AsymmetricRSAMixedCaseAttributes()
279 private const string AsymmetricRSAMixedCaseAttributesResult = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>0j1xLsePFtuRHfXEnVdTSLWtAm4=</DigestValue></Reference></SignedInfo><SignatureValue>hmrEBgns5Xx14aDhzqOyIh0qLNMUldtW8+fNPcvtD/2KtEhNZQGctnhs90CRa1NZ08TqzW2pUaEwmqvMAtF4v8KtWzC/zTuc1jH6nxQvQSQo0ABhuXdu7/hknZkXJ4yKBbdgbKjAsKfULwbWrP/PacLPoYfCO+wXSrt+wLMTTWU=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>4h/rHDr54r6SZWk2IPCeHX7N+wR1za0VBLshuS6tq3RSWap4PY2BM8VdbKH2T9RzyZoiHufjng+1seUx430iMsXisOLUkPP+yGtMQOSZ3CQHAa+IYA+fplXipixI0rV1J1wJNXQm3HxXQqKWpIv5fkwBtj8o2k6CWMgPNgFCnxc=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement Aa=\"one\" Bb=\"two\" aa=\"three\" bb=\"four\" xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
282 public void AsymmetricRSAMixedCaseAttributesVerifyWindows ()
284 XmlDocument doc = new XmlDocument ();
285 doc.LoadXml (AsymmetricRSAMixedCaseAttributesResult);
287 SignedXml v1 = new SignedXml ();
288 v1.LoadXml (doc.DocumentElement);
289 Assert.IsTrue (v1.CheckSignature ());
293 public void AsymmetricDSASignature ()
295 SignedXml signedXml = MSDNSample ();
297 DSA key = DSA.Create ();
298 signedXml.SigningKey = key;
301 KeyInfo keyInfo = new KeyInfo ();
302 keyInfo.AddClause (new DSAKeyValue (key));
303 signedXml.KeyInfo = keyInfo;
305 Assert.AreEqual (1, signedXml.KeyInfo.Count, "KeyInfo");
306 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
307 Assert.IsNull (signedXml.SignatureMethod, "SignatureMethod");
308 Assert.IsNull (signedXml.SignatureValue, "SignatureValue");
309 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
311 // Compute the signature.
312 signedXml.ComputeSignature ();
314 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
315 Assert.AreEqual (SignedXml.XmlDsigDSAUrl, signedXml.SignatureMethod, "SignatureMethod");
316 Assert.AreEqual (40, signedXml.SignatureValue.Length, "SignatureValue");
317 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
319 // Get the XML representation of the signature.
320 XmlElement xmlSignature = signedXml.GetXml ();
322 // LAMESPEC: we must reload the signature or it won't work
323 // MS framework throw a "malformed element"
324 SignedXml vrfy = new SignedXml ();
325 vrfy.LoadXml (xmlSignature);
327 // assert that we can verify our own signature
328 Assert.IsTrue (vrfy.CheckSignature (), "DSA-Compute/Verify");
332 public void SymmetricHMACSHA1Signature ()
334 SignedXml signedXml = MSDNSample ();
336 // Compute the signature.
337 byte[] secretkey = Encoding.Default.GetBytes ("password");
338 HMACSHA1 hmac = new HMACSHA1 (secretkey);
339 Assert.AreEqual (0, signedXml.KeyInfo.Count, "KeyInfo");
340 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
341 Assert.IsNull (signedXml.SignatureMethod, "SignatureMethod");
342 Assert.IsNull (signedXml.SignatureValue, "SignatureValue");
343 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
345 signedXml.ComputeSignature (hmac);
347 Assert.AreEqual (0, signedXml.KeyInfo.Count, "KeyInfo");
348 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
349 Assert.AreEqual (SignedXml.XmlDsigHMACSHA1Url, signedXml.SignatureMethod, "SignatureMethod");
350 Assert.AreEqual (20, signedXml.SignatureValue.Length, "SignatureValue");
351 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
353 // Get the XML representation of the signature.
354 XmlElement xmlSignature = signedXml.GetXml ();
356 // LAMESPEC: we must reload the signature or it won't work
357 // MS framework throw a "malformed element"
358 SignedXml vrfy = new SignedXml ();
359 vrfy.LoadXml (xmlSignature);
361 // assert that we can verify our own signature
362 Assert.IsTrue (vrfy.CheckSignature (hmac), "HMACSHA1-Compute/Verify");
366 [ExpectedException (typeof (CryptographicException))]
367 public void SymmetricMACTripleDESSignature ()
369 SignedXml signedXml = MSDNSample ();
370 // Compute the signature.
371 byte[] secretkey = Encoding.Default.GetBytes ("password");
372 MACTripleDES hmac = new MACTripleDES (secretkey);
373 signedXml.ComputeSignature (hmac);
376 // Using empty constructor
377 // LAMESPEC: The two other constructors don't seems to apply in verifying signatures
379 public void AsymmetricRSAVerify ()
381 string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>A6XuE8Cy9iOffRXaW9b0+dUcMUJQnlmwLsiqtQnADbCtZXnXAaeJ6nGnQ4Mm0IGi0AJc7/2CoJReXl7iW4hltmFguG1e3nl0VxCyCTHKGOCo1u8R3K+B1rTaenFbSxs42EM7/D9KETsPlzfYfis36yM3PqatiCUOsoMsAiMGzlc=</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><RSAKeyValue><Modulus>tI8QYIpbG/m6JLyvP+S3X8mzcaAIayxomyTimSh9UCpEucRnGvLw0P73uStNpiF7wltTZA1HEsv+Ha39dY/0j/Wiy3RAodGDRNuKQao1wu34aNybZ673brbsbHFUfw/o7nlKD2xO84fbajBZmKtBBDy63NHt+QL+grSrREPfCTM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
382 XmlDocument doc = new XmlDocument ();
385 SignedXml v1 = new SignedXml ();
386 v1.LoadXml (doc.DocumentElement);
387 Assert.IsTrue (v1.CheckSignature (), "RSA-CheckSignature()");
389 SignedXml v2 = new SignedXml ();
390 v2.LoadXml (doc.DocumentElement);
391 AsymmetricAlgorithm key = null;
392 bool vrfy = v2.CheckSignatureReturningKey (out key);
393 Assert.IsTrue (vrfy, "RSA-CheckSignatureReturningKey()");
395 SignedXml v3 = new SignedXml ();
396 v3.LoadXml (doc.DocumentElement);
397 Assert.IsTrue (v3.CheckSignature (key), "RSA-CheckSignature(key)");
400 // Using empty constructor
401 // LAMESPEC: The two other constructors don't seems to apply in verifying signatures
403 public void AsymmetricDSAVerify ()
405 string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#dsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><DSAKeyValue><P>iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=</P><Q>u4sowiJMHilNRojtdmIuQY2YnB8=</Q><G>SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=</G><Y>XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=</Y><J>vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBY</J><Seed>sqzn8J6fd2gtEyq6YOqiUSHgPE8=</Seed><PgenCounter>sQ==</PgenCounter></DSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
406 XmlDocument doc = new XmlDocument ();
409 SignedXml v1 = new SignedXml ();
410 v1.LoadXml (doc.DocumentElement);
411 Assert.IsTrue (v1.CheckSignature (), "DSA-CheckSignature()");
413 SignedXml v2 = new SignedXml ();
414 v2.LoadXml (doc.DocumentElement);
415 AsymmetricAlgorithm key = null;
416 bool vrfy = v2.CheckSignatureReturningKey (out key);
417 Assert.IsTrue (vrfy, "DSA-CheckSignatureReturningKey()");
419 SignedXml v3 = new SignedXml ();
420 v3.LoadXml (doc.DocumentElement);
421 Assert.IsTrue (v3.CheckSignature (key), "DSA-CheckSignature(key)");
425 public void SymmetricHMACSHA1Verify ()
427 string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#hmac-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>e2RxYr5yGbvTqZLCFcgA2RAC0yE=</SignatureValue><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
428 XmlDocument doc = new XmlDocument ();
431 SignedXml v1 = new SignedXml ();
432 v1.LoadXml (doc.DocumentElement);
434 byte[] secretkey = Encoding.Default.GetBytes ("password");
435 HMACSHA1 hmac = new HMACSHA1 (secretkey);
437 Assert.IsTrue (v1.CheckSignature (hmac), "HMACSHA1-CheckSignature(key)");
441 // adapted from http://bugzilla.ximian.com/show_bug.cgi?id=52084
442 public void GetIdElement ()
444 XmlDocument doc = new XmlDocument ();
445 doc.LoadXml (signature);
447 SignedXml v1 = new SignedXml ();
448 v1.LoadXml (doc.DocumentElement);
449 Assert.IsTrue (v1.CheckSignature (), "CheckSignature");
451 XmlElement xel = v1.GetIdElement (doc, "MyObjectId");
452 Assert.IsTrue (xel.InnerXml.StartsWith ("<ObjectListTag"), "GetIdElement");
456 public void GetPublicKey ()
458 XmlDocument doc = new XmlDocument ();
459 doc.LoadXml (signature);
461 SignedXmlEx sxe = new SignedXmlEx ();
462 sxe.LoadXml (doc.DocumentElement);
464 AsymmetricAlgorithm aa1 = sxe.PublicGetPublicKey ();
465 Assert.IsTrue ((aa1 is RSA), "First Public Key is RSA");
467 AsymmetricAlgorithm aa2 = sxe.PublicGetPublicKey ();
468 Assert.IsNull (aa2, "Second Public Key is null");
471 // [ExpectedException (typeof (ArgumentNullException))]
472 public void AddObject_Null ()
474 SignedXml sx = new SignedXml ();
475 // still no ArgumentNullExceptions for this one
480 [ExpectedException (typeof (ArgumentNullException))]
481 public void AddReference_Null ()
483 SignedXml sx = new SignedXml ();
484 sx.AddReference (null);
487 [ExpectedException (typeof (CryptographicException))]
488 public void GetXml_WithoutInfo ()
490 SignedXml sx = new SignedXml ();
491 XmlElement xel = sx.GetXml ();
495 [ExpectedException (typeof (ArgumentNullException))]
496 public void LoadXml_Null ()
498 SignedXml sx = new SignedXml ();
503 public void SigningKeyName ()
505 SignedXmlEx sxe = new SignedXmlEx ();
506 Assert.IsNull (sxe.SigningKeyName, "SigningKeyName");
507 sxe.SigningKeyName = "mono";
508 Assert.AreEqual ("mono", sxe.SigningKeyName, "SigningKeyName");
512 public void CheckSignatureEmptySafe ()
518 // empty keyinfo passes...
519 sx = new SignedXml ();
520 sx.KeyInfo = new KeyInfo ();
521 Assert.IsTrue (!sx.CheckSignature ());
523 // with empty KeyInfoName
524 kic = new KeyInfoName ();
528 Assert.IsTrue (!sx.CheckSignature ());
532 public void CheckSignatureEmpty ()
534 SignedXml sx = new SignedXml ();
535 Assert.IsTrue (!sx.CheckSignature ());
539 [ExpectedException (typeof (CryptographicException))]
540 public void ComputeSignatureNoSigningKey ()
542 XmlDocument doc = new XmlDocument ();
543 doc.LoadXml ("<foo/>");
544 SignedXml signedXml = new SignedXml (doc);
546 Reference reference = new Reference ();
549 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
550 reference.AddTransform (env);
551 signedXml.AddReference (reference);
553 signedXml.ComputeSignature ();
557 [ExpectedException (typeof (CryptographicException))]
558 public void ComputeSignatureMissingReferencedObject ()
560 XmlDocument doc = new XmlDocument ();
561 doc.LoadXml ("<foo/>");
562 SignedXml signedXml = new SignedXml (doc);
563 DSA key = DSA.Create ();
564 signedXml.SigningKey = key;
566 Reference reference = new Reference ();
567 reference.Uri = "#bleh";
569 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
570 reference.AddTransform (env);
571 signedXml.AddReference (reference);
573 signedXml.ComputeSignature ();
577 public void DataReferenceToNonDataObject ()
579 XmlDocument doc = new XmlDocument ();
580 doc.LoadXml ("<foo Id='id:1'/>");
581 SignedXml signedXml = new SignedXml (doc);
582 DSA key = DSA.Create ();
583 signedXml.SigningKey = key;
585 Reference reference = new Reference ();
586 reference.Uri = "#id:1";
588 XmlDsigC14NTransform t = new XmlDsigC14NTransform ();
589 reference.AddTransform (t);
590 signedXml.AddReference (reference);
592 signedXml.ComputeSignature ();
596 public void SignElementWithoutPrefixedNamespace ()
598 string input = "<Action xmlns='urn:foo'>http://tempuri.org/IFoo/Echo</Action>";
599 string expected = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" /><Reference URI=""#_1""><Transforms><Transform Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>zdFEZB8rNzvpNG/gFEJBWk/M5Nk=</DigestValue></Reference></SignedInfo><SignatureValue>+OyGVzrHjmKSDWLNyvgx8pjbPfM=</SignatureValue><Object Id=""_1""><Action xmlns=""urn:foo"">http://tempuri.org/IFoo/Echo</Action></Object></Signature>";
601 byte [] key = Convert.FromBase64String (
602 "1W5EigVnbnRjGLbg99ElieOmuUgYO+KcwMJtE35SAGI=");
603 Transform t = new XmlDsigC14NTransform ();
604 Assert.AreEqual (expected, SignWithHMACSHA1 (input, key, t), "#1");
605 // The second result should be still identical.
606 Assert.AreEqual (expected, SignWithHMACSHA1 (input, key, t), "#2");
610 public void SignElementWithPrefixedNamespace ()
612 string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>";
613 string expected = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" /><Reference URI=""#_1""><Transforms><Transform Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>6i5FlqkEfJOdUaOMCK7xn0I0HDg=</DigestValue></Reference></SignedInfo><SignatureValue>tASp+e2A0xqcm02jKg5TGqlhKpI=</SignatureValue><Object Id=""_1""><a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action></Object></Signature>";
615 byte [] key = Convert.FromBase64String (
616 "1W5EigVnbnRjGLbg99ElieOmuUgYO+KcwMJtE35SAGI=");
617 Assert.AreEqual (SignWithHMACSHA1 (input, key), expected);
620 string SignWithHMACSHA1 (string input, byte [] key)
622 return SignWithHMACSHA1 (input, key, new XmlDsigC14NTransform ());
625 string SignWithHMACSHA1 (string input, byte [] key, Transform transform)
627 XmlDocument doc = new XmlDocument ();
629 SignedXml sxml = new SignedXml (doc);
631 HMACSHA1 keyhash = new HMACSHA1 (key);
632 DataObject d = new DataObject ();
633 //d.Data = doc.SelectNodes ("//*[local-name()='Body']/*");
634 d.Data = doc.SelectNodes ("//*[local-name()='Action']");
637 Reference r = new Reference ("#_1");
638 r.AddTransform (transform);
639 r.DigestMethod = SignedXml.XmlDsigSHA1Url;
640 sxml.SignedInfo.AddReference (r);
641 sxml.ComputeSignature (keyhash);
642 StringWriter sw = new StringWriter ();
643 XmlWriter w = new XmlTextWriter (sw);
644 sxml.GetXml ().WriteTo (w);
646 return sw.ToString ();
650 public void GetIdElement_Null ()
652 SignedXml sign = new SignedXml ();
653 Assert.IsNull (sign.GetIdElement (null, "value"));
654 Assert.IsNull (sign.GetIdElement (new XmlDocument (), null));
658 [Category ("NotWorking")] // bug #79483
659 public void DigestValue_CRLF ()
661 XmlDocument doc = CreateSomeXml ("\r\n");
662 XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
663 transform.LoadInput (doc);
664 Stream s = (Stream) transform.GetOutput ();
665 string output = Stream2String (s);
666 Assert.AreEqual ("<person>
\n <birthplace>Brussels</birthplace>
\n</person>", output, "#1");
670 HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
671 byte[] digest = hash.ComputeHash (s);
672 Assert.AreEqual ("IKbfdK2/DMfXyezCf5QggVCXfk8=", Convert.ToBase64String (digest), "#2");
674 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
675 SignedXml signedXml = new SignedXml (doc);
676 signedXml.SigningKey = cert.PrivateKey;
677 signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
679 Reference reference = new Reference ();
682 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
683 reference.AddTransform (env);
684 signedXml.AddReference (reference);
686 KeyInfo keyInfo = new KeyInfo ();
687 KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
688 x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
689 x509KeyInfo.AddCertificate (cert);
690 keyInfo.AddClause (x509KeyInfo);
691 signedXml.KeyInfo = keyInfo;
693 signedXml.ComputeSignature ();
695 digest = reference.DigestValue;
696 Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");
698 Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"
699 + "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
700 + "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
701 + "<Reference URI=\"\">"
703 + "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
705 + "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
706 + "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
708 + "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
712 public void DigestValue_LF ()
714 XmlDocument doc = CreateSomeXml ("\n");
715 XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
716 transform.LoadInput (doc);
717 Stream s = (Stream) transform.GetOutput ();
718 string output = Stream2String (s);
719 Assert.AreEqual ("<person>\n <birthplace>Brussels</birthplace>\n</person>", output, "#1");
723 HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
724 byte[] digest = hash.ComputeHash (s);
725 Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2");
727 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
728 SignedXml signedXml = new SignedXml (doc);
729 signedXml.SigningKey = cert.PrivateKey;
730 signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
732 Reference reference = new Reference ();
735 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
736 reference.AddTransform (env);
737 signedXml.AddReference (reference);
739 KeyInfo keyInfo = new KeyInfo ();
740 KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
741 x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
742 x509KeyInfo.AddCertificate (cert);
743 keyInfo.AddClause (x509KeyInfo);
744 signedXml.KeyInfo = keyInfo;
746 signedXml.ComputeSignature ();
748 digest = reference.DigestValue;
749 Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");
751 Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"
752 + "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
753 + "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
754 + "<Reference URI=\"\">"
756 + "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
758 + "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
759 + "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
761 + "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
765 [Category ("NotWorking")] // bug #79483
766 public void SignedXML_CRLF_Invalid ()
768 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
770 XmlDocument doc = new XmlDocument ();
771 doc.LoadXml (string.Format (CultureInfo.InvariantCulture,
773 " <birthplace>Brussels</birthplace>{0}" +
774 "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
776 "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" +
777 "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" +
778 "<Reference URI=\"\">" +
780 "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" +
782 "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" +
783 "<DigestValue>IKbfdK2/DMfXyezCf5QggVCXfk8=</DigestValue>" +
787 "JuSd68PyARsZqGKSo5xX5yYHDuu6whHEhoXqxxFmGeEdvkKY2bgroWJ1ZTGHGr" +
788 "VI7mtG3h0w1ibOKdltm9j4lZaZWo87CAJiJ2syeLbMyIVSw6OyZEsiFF/VqLKK" +
789 "4T4AO6q7HYsC55zJrOvL1j9IIr8zBnJfvBdKckf0lczYbXc=" +
790 "</SignatureValue>" +
793 "<X509Certificate>" +
794 "MIIBozCCAQygAwIBAgIQHc+8iURSTUarmg4trmrnGTANBgkqhkiG9w0BAQUFAD" +
795 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcyNjUxWhgPMjA5MDAxMjEw" +
796 "ODI2NTFaMA8xDTALBgNVBAMTBE1vbm8wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMI" +
797 "GHAoGBAJhFB1KHv2WzsHqih9Mvm3KffEOSMv+sh1mPW3sWI/95VOOVqJnhemMM" +
798 "s82phSbNZeoPHny4btbykbRRaRQv94rtIM6geJR1e2c5mfJWtHSq3EYQarHC68" +
799 "cAZvCAmQZGa1eQRNRqcTSKX8yfqH0SouIE9ohJtpiluNe+Xgk5fKv3AgERMA0G" +
800 "CSqGSIb3DQEBBQUAA4GBAE6pqSgK8QKRHSh6YvYs9oRh1n8iREco7QmZCFj7UB" +
801 "kn/QgJ9mKsT8o12VnYHqBCEwBNaT1ay3z/SR4/Z383zuu4Y6xxjqOqnM6gtwUV" +
802 "u5/0hvz+ThtuTjItG6Ny5JkLZZQt/XbI5kg920t9jq3vbHBMuX2HxivwQe5sug" +
804 "</X509Certificate>" +
805 "<X509Certificate>" +
806 "MIIBpTCCAQ6gAwIBAgIQXo6Lr3rrSkW4xmNPRbHMbjANBgkqhkiG9w0BAQUFAD" +
807 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcxNDE4WhgPMjA5MDAxMjEw" +
808 "ODE0MThaMBExDzANBgNVBAMTBk1pZ3VlbDCBnTANBgkqhkiG9w0BAQEFAAOBiw" +
809 "AwgYcCgYEArCkeSZ6U3U3Fm2qSuQsM7xvvsSzZGQLPDUHFQ/BZxA7LiGRfXbmO" +
810 "yPkkYRYItXdy0yDl/8rAjelaL8jQ4me6Uexyeq+5xEgHn9VbNJny5apGNi4kF1" +
811 "8DR5DK9Zme9d6icusgW8krv3//5SVE8ao7X5qrIOGS825eCJL73YWbxKkCAREw" +
812 "DQYJKoZIhvcNAQEFBQADgYEASqBgYTkIJpDO28ZEXnF5Q/G3xDR/MxhdcrCISJ" +
813 "tDbuGVZzK+xhFhiYD5Q1NiGhD4oDIVJPwKmZH4L3YP96iSh6RdtO27V05ET/X5" +
814 "yWMKdeIsq6r9jXXv7NaWTmvNfMLKLNgEBCJ00+wN0u4xHUC7yCJc0KNQ3fjDLU" +
816 "</X509Certificate>" +
820 "</person>", "\r\n"));
822 SignedXml signedXml = new SignedXml (doc);
823 XmlNodeList nodeList = doc.GetElementsByTagName ("Signature");
824 signedXml.LoadXml ((XmlElement) nodeList [0]);
825 Assert.IsTrue (!signedXml.CheckSignature (), "#2");
829 [Category ("NotWorking")] // bug #79483
830 public void SignedXML_CRLF_Valid ()
832 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
834 XmlDocument doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NTransformUrl, "\r\n");
835 Assert.AreEqual (string.Format (CultureInfo.InvariantCulture, "<person>{0}" +
836 " <birthplace>Brussels</birthplace>{0}" +
837 "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
839 "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" +
840 "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" +
841 "<Reference URI=\"\">" +
843 "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" +
845 "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" +
846 "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>" +
850 "X29nbkOR/Xk3KwsEpEvpDOqfI6/NTtiewIxNqKMrPCoM0HLawK5HKsCw3lL07C" +
851 "8SwqvoXJL9VS05gsSia85YCB8NPDeHuHY3CPGT7DVpgeHFA0oefMnOi8IAqKD2" +
852 "nx29A222u5OmwbDO0qFqbtsgvIFiP5YJg04cwmnqs+eL+WA=" +
853 "</SignatureValue>" +
856 "<X509Certificate>" +
857 "MIIBozCCAQygAwIBAgIQHc+8iURSTUarmg4trmrnGTANBgkqhkiG9w0BAQUFAD" +
858 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcyNjUxWhgPMjA5MDAxMjEw" +
859 "ODI2NTFaMA8xDTALBgNVBAMTBE1vbm8wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMI" +
860 "GHAoGBAJhFB1KHv2WzsHqih9Mvm3KffEOSMv+sh1mPW3sWI/95VOOVqJnhemMM" +
861 "s82phSbNZeoPHny4btbykbRRaRQv94rtIM6geJR1e2c5mfJWtHSq3EYQarHC68" +
862 "cAZvCAmQZGa1eQRNRqcTSKX8yfqH0SouIE9ohJtpiluNe+Xgk5fKv3AgERMA0G" +
863 "CSqGSIb3DQEBBQUAA4GBAE6pqSgK8QKRHSh6YvYs9oRh1n8iREco7QmZCFj7UB" +
864 "kn/QgJ9mKsT8o12VnYHqBCEwBNaT1ay3z/SR4/Z383zuu4Y6xxjqOqnM6gtwUV" +
865 "u5/0hvz+ThtuTjItG6Ny5JkLZZQt/XbI5kg920t9jq3vbHBMuX2HxivwQe5sug" +
867 "</X509Certificate>" +
868 "<X509Certificate>" +
869 "MIIBpTCCAQ6gAwIBAgIQXo6Lr3rrSkW4xmNPRbHMbjANBgkqhkiG9w0BAQUFAD" +
870 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcxNDE4WhgPMjA5MDAxMjEw" +
871 "ODE0MThaMBExDzANBgNVBAMTBk1pZ3VlbDCBnTANBgkqhkiG9w0BAQEFAAOBiw" +
872 "AwgYcCgYEArCkeSZ6U3U3Fm2qSuQsM7xvvsSzZGQLPDUHFQ/BZxA7LiGRfXbmO" +
873 "yPkkYRYItXdy0yDl/8rAjelaL8jQ4me6Uexyeq+5xEgHn9VbNJny5apGNi4kF1" +
874 "8DR5DK9Zme9d6icusgW8krv3//5SVE8ao7X5qrIOGS825eCJL73YWbxKkCAREw" +
875 "DQYJKoZIhvcNAQEFBQADgYEASqBgYTkIJpDO28ZEXnF5Q/G3xDR/MxhdcrCISJ" +
876 "tDbuGVZzK+xhFhiYD5Q1NiGhD4oDIVJPwKmZH4L3YP96iSh6RdtO27V05ET/X5" +
877 "yWMKdeIsq6r9jXXv7NaWTmvNfMLKLNgEBCJ00+wN0u4xHUC7yCJc0KNQ3fjDLU" +
879 "</X509Certificate>" +
883 "</person>", "\r\n"), doc.OuterXml, "#1");
887 [Ignore ("This is a bad test case which should basically just check the computed signature value instead of comparing XML document literal string, and thus caused inconsistency between .NET 1.1 and .NET 2.0. Not deleting this test case, to easily find the reason for potentially happening regression in the future (which should not waste time).")]
888 public void SignedXML_LF_Valid ()
890 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
892 XmlDocument doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NTransformUrl, "\n");
893 Assert.AreEqual (string.Format (CultureInfo.InvariantCulture, "<person>{0}" +
894 " <birthplace>Brussels</birthplace>{0}" +
895 "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
897 "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" +
898 "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" +
899 "<Reference URI=\"\">" +
901 "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" +
903 "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" +
904 "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>" +
908 "X29nbkOR/Xk3KwsEpEvpDOqfI6/NTtiewIxNqKMrPCoM0HLawK5HKsCw3lL07C" +
909 "8SwqvoXJL9VS05gsSia85YCB8NPDeHuHY3CPGT7DVpgeHFA0oefMnOi8IAqKD2" +
910 "nx29A222u5OmwbDO0qFqbtsgvIFiP5YJg04cwmnqs+eL+WA=" +
911 "</SignatureValue>" +
914 "<X509Certificate>" +
915 "MIIBozCCAQygAwIBAgIQHc+8iURSTUarmg4trmrnGTANBgkqhkiG9w0BAQUFAD" +
916 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcyNjUxWhgPMjA5MDAxMjEw" +
917 "ODI2NTFaMA8xDTALBgNVBAMTBE1vbm8wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMI" +
918 "GHAoGBAJhFB1KHv2WzsHqih9Mvm3KffEOSMv+sh1mPW3sWI/95VOOVqJnhemMM" +
919 "s82phSbNZeoPHny4btbykbRRaRQv94rtIM6geJR1e2c5mfJWtHSq3EYQarHC68" +
920 "cAZvCAmQZGa1eQRNRqcTSKX8yfqH0SouIE9ohJtpiluNe+Xgk5fKv3AgERMA0G" +
921 "CSqGSIb3DQEBBQUAA4GBAE6pqSgK8QKRHSh6YvYs9oRh1n8iREco7QmZCFj7UB" +
922 "kn/QgJ9mKsT8o12VnYHqBCEwBNaT1ay3z/SR4/Z383zuu4Y6xxjqOqnM6gtwUV" +
923 "u5/0hvz+ThtuTjItG6Ny5JkLZZQt/XbI5kg920t9jq3vbHBMuX2HxivwQe5sug" +
925 "</X509Certificate>" +
926 "<X509Certificate>" +
927 "MIIBpTCCAQ6gAwIBAgIQXo6Lr3rrSkW4xmNPRbHMbjANBgkqhkiG9w0BAQUFAD" +
928 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcxNDE4WhgPMjA5MDAxMjEw" +
929 "ODE0MThaMBExDzANBgNVBAMTBk1pZ3VlbDCBnTANBgkqhkiG9w0BAQEFAAOBiw" +
930 "AwgYcCgYEArCkeSZ6U3U3Fm2qSuQsM7xvvsSzZGQLPDUHFQ/BZxA7LiGRfXbmO" +
931 "yPkkYRYItXdy0yDl/8rAjelaL8jQ4me6Uexyeq+5xEgHn9VbNJny5apGNi4kF1" +
932 "8DR5DK9Zme9d6icusgW8krv3//5SVE8ao7X5qrIOGS825eCJL73YWbxKkCAREw" +
933 "DQYJKoZIhvcNAQEFBQADgYEASqBgYTkIJpDO28ZEXnF5Q/G3xDR/MxhdcrCISJ" +
934 "tDbuGVZzK+xhFhiYD5Q1NiGhD4oDIVJPwKmZH4L3YP96iSh6RdtO27V05ET/X5" +
935 "yWMKdeIsq6r9jXXv7NaWTmvNfMLKLNgEBCJ00+wN0u4xHUC7yCJc0KNQ3fjDLU" +
937 "</X509Certificate>" +
941 "</person>", "\n"), doc.OuterXml, "#1");
944 [Test] // part of bug #79454
945 public void MultipleX509Certificates ()
947 XmlDocument doc = null;
948 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
950 doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NTransformUrl, "\n");
951 Assert.IsTrue (VerifySignedXml (doc), "#1");
953 doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NWithCommentsTransformUrl, "\n");
954 Assert.IsTrue (VerifySignedXml (doc), "#2");
956 doc = CreateSignedXml (cert, SignedXml.XmlDsigCanonicalizationUrl, "\n");
957 Assert.IsTrue (VerifySignedXml (doc), "#3");
959 doc = CreateSignedXml (cert, SignedXml.XmlDsigCanonicalizationWithCommentsUrl, "\n");
960 Assert.IsTrue (VerifySignedXml (doc), "#4");
963 // creates a signed XML document with two certificates in the X509Data
964 // element, with the second being the one that should be used to verify
966 static XmlDocument CreateSignedXml (X509Certificate2 cert, string canonicalizationMethod, string lineFeed)
968 XmlDocument doc = CreateSomeXml (lineFeed);
970 SignedXml signedXml = new SignedXml (doc);
971 signedXml.SigningKey = cert.PrivateKey;
972 signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod;
974 Reference reference = new Reference ();
977 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
978 reference.AddTransform (env);
979 signedXml.AddReference (reference);
981 KeyInfo keyInfo = new KeyInfo ();
982 KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
983 x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
984 x509KeyInfo.AddCertificate (cert);
985 keyInfo.AddClause (x509KeyInfo);
986 signedXml.KeyInfo = keyInfo;
988 signedXml.ComputeSignature ();
989 XmlElement xmlDigitalSignature = signedXml.GetXml ();
991 doc.DocumentElement.AppendChild (doc.ImportNode (xmlDigitalSignature, true));
995 static bool VerifySignedXml (XmlDocument signedDoc)
997 SignedXml signedXml = new SignedXml (signedDoc);
998 XmlNodeList nodeList = signedDoc.GetElementsByTagName ("Signature");
999 signedXml.LoadXml ((XmlElement) nodeList [0]);
1000 return signedXml.CheckSignature ();
1003 static XmlDocument CreateSomeXml (string lineFeed)
1005 StringWriter sw = new StringWriter ();
1006 sw.NewLine = lineFeed;
1007 XmlTextWriter xtw = new XmlTextWriter (sw);
1008 xtw.Formatting = Formatting.Indented;
1009 xtw.WriteStartElement ("person");
1010 xtw.WriteElementString ("birthplace", "Brussels");
1011 xtw.WriteEndElement ();
1014 XmlDocument doc = new XmlDocument ();
1015 doc.PreserveWhitespace = true;
1016 doc.Load (new StringReader (sw.ToString ()));
1020 string Stream2String (Stream s)
1022 StringBuilder sb = new StringBuilder ();
1023 int b = s.ReadByte ();
1025 sb.Append (Convert.ToChar (b));
1028 return sb.ToString ();
1031 private static byte [] _cert = new byte [] {
1032 0x30, 0x82, 0x01, 0xa3, 0x30, 0x82, 0x01, 0x0c, 0xa0, 0x03, 0x02,
1033 0x01, 0x02, 0x02, 0x10, 0x1d, 0xcf, 0xbc, 0x89, 0x44, 0x52, 0x4d,
1034 0x46, 0xab, 0x9a, 0x0e, 0x2d, 0xae, 0x6a, 0xe7, 0x19, 0x30, 0x0d,
1035 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
1036 0x05, 0x00, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55,
1037 0x04, 0x03, 0x13, 0x06, 0x4e, 0x6f, 0x76, 0x65, 0x6c, 0x6c, 0x30,
1038 0x20, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x39, 0x32, 0x31, 0x30, 0x37,
1039 0x32, 0x36, 0x35, 0x31, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x39, 0x30,
1040 0x30, 0x31, 0x32, 0x31, 0x30, 0x38, 0x32, 0x36, 0x35, 0x31, 0x5a,
1041 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03,
1042 0x13, 0x04, 0x4d, 0x6f, 0x6e, 0x6f, 0x30, 0x81, 0x9d, 0x30, 0x0d,
1043 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1044 0x05, 0x00, 0x03, 0x81, 0x8b, 0x00, 0x30, 0x81, 0x87, 0x02, 0x81,
1045 0x81, 0x00, 0x98, 0x45, 0x07, 0x52, 0x87, 0xbf, 0x65, 0xb3, 0xb0,
1046 0x7a, 0xa2, 0x87, 0xd3, 0x2f, 0x9b, 0x72, 0x9f, 0x7c, 0x43, 0x92,
1047 0x32, 0xff, 0xac, 0x87, 0x59, 0x8f, 0x5b, 0x7b, 0x16, 0x23, 0xff,
1048 0x79, 0x54, 0xe3, 0x95, 0xa8, 0x99, 0xe1, 0x7a, 0x63, 0x0c, 0xb3,
1049 0xcd, 0xa9, 0x85, 0x26, 0xcd, 0x65, 0xea, 0x0f, 0x1e, 0x7c, 0xb8,
1050 0x6e, 0xd6, 0xf2, 0x91, 0xb4, 0x51, 0x69, 0x14, 0x2f, 0xf7, 0x8a,
1051 0xed, 0x20, 0xce, 0xa0, 0x78, 0x94, 0x75, 0x7b, 0x67, 0x39, 0x99,
1052 0xf2, 0x56, 0xb4, 0x74, 0xaa, 0xdc, 0x46, 0x10, 0x6a, 0xb1, 0xc2,
1053 0xeb, 0xc7, 0x00, 0x66, 0xf0, 0x80, 0x99, 0x06, 0x46, 0x6b, 0x57,
1054 0x90, 0x44, 0xd4, 0x6a, 0x71, 0x34, 0x8a, 0x5f, 0xcc, 0x9f, 0xa8,
1055 0x7d, 0x12, 0xa2, 0xe2, 0x04, 0xf6, 0x88, 0x49, 0xb6, 0x98, 0xa5,
1056 0xb8, 0xd7, 0xbe, 0x5e, 0x09, 0x39, 0x7c, 0xab, 0xf7, 0x02, 0x01,
1057 0x11, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1058 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4e, 0xa9,
1059 0xa9, 0x28, 0x0a, 0xf1, 0x02, 0x91, 0x1d, 0x28, 0x7a, 0x62, 0xf6,
1060 0x2c, 0xf6, 0x84, 0x61, 0xd6, 0x7f, 0x22, 0x44, 0x47, 0x28, 0xed,
1061 0x09, 0x99, 0x08, 0x58, 0xfb, 0x50, 0x19, 0x27, 0xfd, 0x08, 0x09,
1062 0xf6, 0x62, 0xac, 0x4f, 0xca, 0x35, 0xd9, 0x59, 0xd8, 0x1e, 0xa0,
1063 0x42, 0x13, 0x00, 0x4d, 0x69, 0x3d, 0x5a, 0xcb, 0x7c, 0xff, 0x49,
1064 0x1e, 0x3f, 0x67, 0x7f, 0x37, 0xce, 0xeb, 0xb8, 0x63, 0xac, 0x71,
1065 0x8e, 0xa3, 0xaa, 0x9c, 0xce, 0xa0, 0xb7, 0x05, 0x15, 0xbb, 0x9f,
1066 0xf4, 0x86, 0xfc, 0xfe, 0x4e, 0x1b, 0x6e, 0x4e, 0x32, 0x2d, 0x1b,
1067 0xa3, 0x72, 0xe4, 0x99, 0x0b, 0x65, 0x94, 0x2d, 0xfd, 0x76, 0xc8,
1068 0xe6, 0x48, 0x3d, 0xdb, 0x4b, 0x7d, 0x8e, 0xad, 0xef, 0x6c, 0x70,
1069 0x4c, 0xb9, 0x7d, 0x87, 0xc6, 0x2b, 0xf0, 0x41, 0xee, 0x6c, 0xba,
1070 0x08, 0xcf, 0x69, 0x31, 0x18 };
1072 private static byte [] _pkcs12 = new byte [] {
1073 0x30, 0x82, 0x05, 0x8d, 0x02, 0x01, 0x03, 0x30, 0x82, 0x05, 0x47,
1074 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01,
1075 0xa0, 0x82, 0x05, 0x38, 0x04, 0x82, 0x05, 0x34, 0x30, 0x82, 0x05,
1076 0x30, 0x30, 0x82, 0x02, 0x3f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1077 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x02, 0x30, 0x30, 0x82,
1078 0x02, 0x2c, 0x02, 0x01, 0x00, 0x30, 0x82, 0x02, 0x25, 0x06, 0x09,
1079 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c,
1080 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01,
1081 0x03, 0x30, 0x0e, 0x04, 0x08, 0x6e, 0x0a, 0x50, 0x20, 0xc3, 0x11,
1082 0x49, 0x07, 0x02, 0x02, 0x07, 0xd0, 0x80, 0x82, 0x01, 0xf8, 0x74,
1083 0x40, 0x07, 0x44, 0x6b, 0x80, 0x46, 0xe1, 0x4e, 0x65, 0x5e, 0xf2,
1084 0xf6, 0x38, 0x90, 0xd1, 0x75, 0x24, 0xd9, 0x72, 0x92, 0x5b, 0x4a,
1085 0xb9, 0x9e, 0xbd, 0xab, 0xe2, 0xb8, 0x91, 0xc9, 0x48, 0x14, 0x88,
1086 0x61, 0x7d, 0x06, 0xf9, 0x24, 0x80, 0xb5, 0x36, 0xaf, 0xfe, 0xc0,
1087 0x59, 0x00, 0x39, 0x3f, 0x78, 0xc0, 0x57, 0xea, 0x1e, 0xcb, 0x29,
1088 0xa4, 0x5f, 0xba, 0x4b, 0xd9, 0xca, 0x95, 0xab, 0x55, 0x4a, 0x11,
1089 0x1a, 0xf8, 0xe9, 0xd4, 0xc0, 0x08, 0x55, 0xfb, 0x69, 0x09, 0x0d,
1090 0x5b, 0xed, 0x02, 0xcc, 0x55, 0xfe, 0x05, 0x2e, 0x45, 0xa7, 0x8d,
1091 0x63, 0x9a, 0xda, 0x6c, 0xc7, 0xe1, 0xcb, 0x5c, 0xa7, 0xd9, 0x9b,
1092 0x4a, 0xfb, 0x7d, 0x31, 0xe5, 0x89, 0x3e, 0xf2, 0x32, 0xc9, 0x78,
1093 0xd0, 0x66, 0x1e, 0x38, 0xc7, 0xbf, 0x41, 0xf9, 0xe7, 0xbd, 0xce,
1094 0x8b, 0xc3, 0x14, 0x19, 0x4b, 0xfa, 0x3a, 0xa2, 0x1f, 0xb0, 0xd4,
1095 0xfa, 0x33, 0x39, 0x12, 0xd9, 0x36, 0x7f, 0x7e, 0xf0, 0xc4, 0xdc,
1096 0xf0, 0xb5, 0x7a, 0x50, 0x2c, 0x99, 0x9d, 0x02, 0x40, 0xec, 0x6a,
1097 0x23, 0x83, 0x16, 0xec, 0x8f, 0x58, 0x14, 0xa0, 0xa0, 0x9c, 0xa0,
1098 0xe1, 0xd0, 0x6f, 0x54, 0x1a, 0x10, 0x47, 0x69, 0x6b, 0x55, 0x7f,
1099 0x67, 0x7d, 0xb8, 0x38, 0xa0, 0x40, 0x99, 0x13, 0xe8, 0x15, 0x73,
1100 0x8d, 0x18, 0x86, 0x29, 0x74, 0xec, 0x66, 0xa3, 0xb8, 0x14, 0x10,
1101 0x61, 0xef, 0xa5, 0x79, 0x89, 0x01, 0xaa, 0xf2, 0x1f, 0x0c, 0xdd,
1102 0x0d, 0x8c, 0xbb, 0x7a, 0x4e, 0x0f, 0x47, 0x91, 0x37, 0xa3, 0x8a,
1103 0x43, 0x0f, 0xeb, 0xc7, 0x9b, 0x8d, 0xaf, 0x39, 0xdf, 0x23, 0x1c,
1104 0xa4, 0xf7, 0x66, 0x1c, 0x61, 0x42, 0x24, 0x9a, 0x0a, 0x3a, 0x31,
1105 0x9c, 0x51, 0xa2, 0x30, 0xbe, 0x85, 0xa6, 0xe8, 0x18, 0xfa, 0x8b,
1106 0xff, 0xdd, 0xdc, 0x34, 0x46, 0x4f, 0x15, 0xde, 0xdb, 0xc4, 0xeb,
1107 0x62, 0x3b, 0x7c, 0x25, 0x1a, 0x13, 0x8b, 0xda, 0x3b, 0x59, 0x2a,
1108 0xb8, 0x50, 0xe3, 0x9f, 0x76, 0xfc, 0xe8, 0x00, 0xfc, 0xf7, 0xba,
1109 0xd2, 0x45, 0x92, 0x14, 0xb5, 0xe2, 0x93, 0x41, 0x09, 0xea, 0x5b,
1110 0x5e, 0xda, 0x66, 0x92, 0xd1, 0x93, 0x7a, 0xc0, 0xe1, 0x2f, 0xed,
1111 0x29, 0x78, 0x80, 0xff, 0x79, 0x0e, 0xda, 0x78, 0x7e, 0x71, 0xa4,
1112 0x31, 0x2f, 0xe9, 0x48, 0xab, 0xc9, 0x40, 0x7d, 0x63, 0x06, 0xd6,
1113 0xb5, 0x2b, 0x49, 0xba, 0x43, 0x56, 0x69, 0xc5, 0xc2, 0x85, 0x37,
1114 0xdb, 0xe7, 0x39, 0x87, 0x8d, 0x14, 0x15, 0x55, 0x76, 0x3f, 0x70,
1115 0xf6, 0xd7, 0x80, 0x82, 0x48, 0x02, 0x64, 0xe1, 0x73, 0x1a, 0xd9,
1116 0x35, 0x1a, 0x43, 0xf3, 0xde, 0xd4, 0x00, 0x9d, 0x49, 0x2b, 0xc6,
1117 0x66, 0x19, 0x3e, 0xb8, 0xcc, 0x43, 0xcc, 0xa8, 0x12, 0xa4, 0xad,
1118 0xcd, 0xe2, 0xe6, 0xb3, 0xdd, 0x7e, 0x80, 0x50, 0xc0, 0xb4, 0x0c,
1119 0x4c, 0xd2, 0x31, 0xf3, 0xf8, 0x49, 0x31, 0xbe, 0xf2, 0x7d, 0x60,
1120 0x38, 0xe0, 0x60, 0xdf, 0x7b, 0x58, 0xe0, 0xf9, 0x6e, 0x68, 0x79,
1121 0x33, 0xb2, 0x2a, 0x53, 0x4c, 0x5a, 0x9d, 0xb3, 0x81, 0x4b, 0x19,
1122 0x21, 0xe2, 0x3a, 0x42, 0x07, 0x25, 0x5a, 0xee, 0x1f, 0x5d, 0xa2,
1123 0xca, 0xf7, 0x2f, 0x3c, 0x9b, 0xb0, 0xbc, 0xe7, 0xaf, 0x8c, 0x2f,
1124 0x52, 0x43, 0x79, 0x94, 0xb0, 0xee, 0xc4, 0x53, 0x09, 0xc0, 0xc9,
1125 0x21, 0x39, 0x64, 0x82, 0xc3, 0x54, 0xb8, 0x65, 0xf8, 0xdc, 0xb3,
1126 0xdf, 0x4d, 0xc4, 0x63, 0x59, 0x14, 0x37, 0xd6, 0xba, 0xa3, 0x98,
1127 0xda, 0x99, 0x02, 0xdd, 0x7a, 0x87, 0x3e, 0x34, 0xb5, 0x4b, 0x0a,
1128 0xb4, 0x2d, 0xea, 0x19, 0x24, 0xd1, 0xc2, 0x9f, 0x30, 0x82, 0x02,
1129 0xe9, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
1130 0x01, 0xa0, 0x82, 0x02, 0xda, 0x04, 0x82, 0x02, 0xd6, 0x30, 0x82,
1131 0x02, 0xd2, 0x30, 0x82, 0x02, 0xce, 0x06, 0x0b, 0x2a, 0x86, 0x48,
1132 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x02,
1133 0xa6, 0x30, 0x82, 0x02, 0xa2, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86,
1134 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04,
1135 0x08, 0xe0, 0x21, 0x4f, 0x90, 0x7d, 0x86, 0x72, 0xc7, 0x02, 0x02,
1136 0x07, 0xd0, 0x04, 0x82, 0x02, 0x80, 0x92, 0xac, 0xe8, 0x52, 0xa6,
1137 0x3e, 0xed, 0x3d, 0xbc, 0x28, 0x5f, 0xb9, 0x45, 0x76, 0x27, 0x95,
1138 0xf8, 0x6a, 0xc5, 0x17, 0x97, 0x46, 0x58, 0xe9, 0x15, 0x7c, 0x68,
1139 0x62, 0x67, 0xb5, 0x2f, 0x1b, 0x64, 0x27, 0x9d, 0xfd, 0x67, 0x66,
1140 0x42, 0x21, 0x5c, 0xf4, 0x64, 0x37, 0xcc, 0xc0, 0x04, 0x01, 0x91,
1141 0x6c, 0x6b, 0x84, 0x96, 0xae, 0x04, 0xfe, 0xcc, 0x88, 0x6a, 0x84,
1142 0xd7, 0x59, 0x28, 0x78, 0xc9, 0xb4, 0xf6, 0x4d, 0x86, 0x8d, 0x59,
1143 0xc6, 0x74, 0x30, 0xca, 0x2f, 0x0a, 0xa7, 0x66, 0x99, 0xf4, 0x8f,
1144 0x44, 0x6d, 0x97, 0x3c, 0xd6, 0xdb, 0xd6, 0x31, 0x8c, 0xf7, 0x75,
1145 0xd9, 0x0b, 0xf5, 0xd2, 0x27, 0x80, 0x81, 0x28, 0x0f, 0x6b, 0x8b,
1146 0x45, 0x11, 0x08, 0x1d, 0x06, 0x31, 0x4d, 0x98, 0x68, 0xc9, 0x09,
1147 0x9b, 0x51, 0x84, 0x81, 0x74, 0x76, 0x57, 0x63, 0xb5, 0x38, 0xc8,
1148 0xe1, 0x96, 0xe4, 0xcd, 0xd4, 0xe8, 0xf8, 0x26, 0x88, 0x88, 0xaa,
1149 0xdf, 0x1b, 0xc6, 0x37, 0xb8, 0xc4, 0xe1, 0xcb, 0xc0, 0x71, 0x3d,
1150 0xd6, 0xd7, 0x8b, 0xc6, 0xec, 0x5f, 0x42, 0x86, 0xb0, 0x8d, 0x1c,
1151 0x49, 0xb9, 0xc6, 0x96, 0x11, 0xa5, 0xd6, 0xd2, 0xc0, 0x18, 0xca,
1152 0xe7, 0xf6, 0x93, 0xb4, 0xf5, 0x7a, 0xe4, 0xec, 0xa2, 0x90, 0xf8,
1153 0xef, 0x66, 0x0f, 0xa8, 0x52, 0x0c, 0x3f, 0x85, 0x4a, 0x76, 0x3a,
1154 0xb8, 0x5a, 0x2d, 0x03, 0x5d, 0x99, 0x70, 0xbb, 0x02, 0x1c, 0x77,
1155 0x43, 0x12, 0xd9, 0x1f, 0x7c, 0x6f, 0x69, 0x15, 0x17, 0x30, 0x51,
1156 0x7d, 0x53, 0xc2, 0x06, 0xe0, 0xd2, 0x31, 0x17, 0x2a, 0x98, 0xe3,
1157 0xe0, 0x20, 0xfb, 0x01, 0xfd, 0xd1, 0x1b, 0x50, 0x00, 0xad, 0x1d,
1158 0xff, 0xa1, 0xae, 0xd6, 0xac, 0x38, 0x8b, 0x71, 0x28, 0x44, 0x66,
1159 0x8c, 0xb6, 0x34, 0xc5, 0x86, 0xc9, 0x34, 0xda, 0x6c, 0x2a, 0xef,
1160 0x69, 0x3c, 0xb7, 0xbd, 0xa5, 0x05, 0x3c, 0x7c, 0xfb, 0x0c, 0x2d,
1161 0x49, 0x09, 0xdb, 0x91, 0x3b, 0x41, 0x2a, 0xe4, 0xfa, 0x4a, 0xc2,
1162 0xea, 0x9e, 0x6f, 0xc3, 0x46, 0x2a, 0x77, 0x83, 0x4e, 0x22, 0x01,
1163 0xfb, 0x0c, 0x2d, 0x5a, 0xcf, 0x8d, 0xa7, 0x55, 0x24, 0x7c, 0xda,
1164 0x9e, 0xd8, 0xbc, 0xf6, 0x81, 0x63, 0x8a, 0x36, 0xd0, 0x13, 0x74,
1165 0x30, 0x4d, 0xd8, 0x4e, 0xa6, 0x81, 0x71, 0x71, 0xff, 0x9f, 0xf3,
1166 0x8d, 0x75, 0xad, 0x6b, 0x93, 0x93, 0x8c, 0xf8, 0x7d, 0xa6, 0x62,
1167 0x9d, 0xf7, 0x86, 0x6f, 0xcb, 0x5b, 0x6f, 0xe5, 0xee, 0xcd, 0xb0,
1168 0xb2, 0xfd, 0x96, 0x2c, 0xde, 0xa0, 0xcf, 0x46, 0x8c, 0x66, 0x0e,
1169 0xf9, 0xa3, 0xdb, 0xfa, 0x8f, 0x1b, 0x54, 0x9d, 0x13, 0x13, 0x6b,
1170 0x97, 0x43, 0x97, 0x64, 0xec, 0x2a, 0xc5, 0xc0, 0x26, 0xab, 0xea,
1171 0x37, 0xd6, 0xcb, 0xb9, 0x83, 0x18, 0x53, 0x5a, 0xcd, 0x28, 0xb3,
1172 0x3b, 0x9c, 0x13, 0xaa, 0x78, 0x6c, 0xcf, 0xe9, 0x75, 0x7c, 0x80,
1173 0x04, 0x05, 0x52, 0xda, 0x13, 0x41, 0xb0, 0x27, 0x0f, 0x82, 0xa3,
1174 0x81, 0xd8, 0xf7, 0xdc, 0x61, 0xbb, 0x98, 0x32, 0x5a, 0x88, 0xbf,
1175 0x49, 0xc1, 0x76, 0x83, 0xcd, 0xc4, 0xb4, 0xca, 0x8d, 0x36, 0x88,
1176 0xee, 0xdb, 0xc5, 0xf4, 0x13, 0x28, 0x4d, 0xae, 0x7a, 0x31, 0x3e,
1177 0x77, 0x19, 0xab, 0x11, 0x15, 0x29, 0xd4, 0xcf, 0xb4, 0x73, 0x36,
1178 0x92, 0x1e, 0x4e, 0x5d, 0x35, 0x57, 0x84, 0x45, 0x9d, 0x05, 0x3c,
1179 0x44, 0x86, 0x08, 0x0b, 0x90, 0x29, 0xf9, 0xe6, 0x48, 0xaf, 0xf4,
1180 0x62, 0xd2, 0x4d, 0x32, 0x1a, 0xe9, 0xbf, 0x3a, 0x7b, 0x25, 0x4a,
1181 0x03, 0xfb, 0x40, 0x1d, 0x71, 0x2c, 0x10, 0x54, 0xdc, 0xbf, 0xf4,
1182 0x50, 0x85, 0x15, 0x11, 0xb1, 0x2d, 0x03, 0x2c, 0xe4, 0x8a, 0xce,
1183 0xec, 0x6e, 0x46, 0x06, 0x13, 0x3c, 0x97, 0x8d, 0xdd, 0xf6, 0x1e,
1184 0x62, 0xb4, 0x8d, 0xfa, 0x2c, 0x86, 0x87, 0x64, 0x5e, 0xec, 0xc8,
1185 0x84, 0xd1, 0x3d, 0xc5, 0x76, 0x4a, 0x31, 0xd3, 0xdb, 0x34, 0x6e,
1186 0x8a, 0x49, 0xd6, 0x38, 0xbb, 0x05, 0xe9, 0x4d, 0xf1, 0xde, 0x3e,
1187 0xa4, 0x47, 0xdd, 0xe8, 0xa8, 0xf1, 0xba, 0x55, 0xce, 0xca, 0x5b,
1188 0x57, 0xd7, 0xc8, 0x9f, 0x09, 0xa3, 0x8e, 0x58, 0x83, 0x21, 0x0a,
1189 0x6e, 0xd3, 0x70, 0x9c, 0xb9, 0x7c, 0x52, 0x98, 0x53, 0xcb, 0xda,
1190 0x9d, 0xaf, 0xb7, 0x4b, 0xf7, 0x48, 0x91, 0x7e, 0x78, 0x20, 0x19,
1191 0xe3, 0x41, 0x9d, 0xc8, 0x68, 0x11, 0xfb, 0x5f, 0x6b, 0xc8, 0x09,
1192 0x74, 0xcb, 0x76, 0x08, 0xbc, 0x28, 0x63, 0x57, 0x04, 0xb0, 0x80,
1193 0xd1, 0x53, 0x60, 0x50, 0x44, 0xba, 0x80, 0x48, 0x5e, 0x0e, 0x9a,
1194 0xe5, 0x64, 0x26, 0x7a, 0x88, 0xb9, 0xc6, 0x33, 0x31, 0x15, 0x30,
1195 0x13, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
1196 0x15, 0x31, 0x06, 0x04, 0x04, 0x01, 0x00, 0x00, 0x00, 0x30, 0x3d,
1197 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
1198 0x05, 0x00, 0x04, 0x14, 0x32, 0x55, 0x07, 0xa2, 0x67, 0xf3, 0x76,
1199 0x4d, 0x0b, 0x6f, 0xa4, 0xa0, 0x7b, 0xce, 0x2f, 0xc5, 0xff, 0xbe,
1200 0x3e, 0x38, 0x04, 0x14, 0x52, 0xf8, 0xb3, 0xeb, 0xc3, 0xda, 0x79,
1201 0xfa, 0x75, 0x89, 0x67, 0x33, 0x01, 0xd0, 0xb0, 0x13, 0xfa, 0x11,
1202 0x94, 0xac, 0x02, 0x02, 0x07, 0xd0 };
1204 public SignedXml SignHMAC (string uri, KeyedHashAlgorithm mac, bool ok)
1206 string input = "<foo/>";
1208 XmlDocument doc = new XmlDocument ();
1209 doc.LoadXml (input);
1211 SignedXml sig = new SignedXml (doc);
1212 Reference r = new Reference ("");
1213 r.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1214 r.DigestMethod = uri;
1215 sig.AddReference (r);
1217 sig.ComputeSignature (mac);
1218 doc.DocumentElement.AppendChild (doc.ImportNode (sig.GetXml (), true));
1219 // doc.Save (System.Console.Out);
1221 sig.LoadXml (doc.DocumentElement ["Signature"]);
1222 Assert.AreEqual (ok, sig.CheckSignature (mac), "CheckSignature");
1226 static byte [] hmackey = new byte [0];
1227 private const string more256 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
1228 private const string more384 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
1229 private const string more512 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
1230 private const string moreripe = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
1233 public void SignHMAC_SHA256 ()
1235 SignedXml sign = SignHMAC (EncryptedXml.XmlEncSHA256Url, new HMACSHA256 (hmackey), true);
1236 Assert.AreEqual (more256, sign.SignatureMethod, "SignatureMethod");
1240 public void SignHMAC_SHA256_Bad ()
1242 SignedXml sign = SignHMAC (more256, new HMACSHA256 (hmackey), false);
1243 Assert.AreEqual (more256, sign.SignatureMethod, "SignatureMethod");
1247 public void VerifyHMAC_SHA256 ()
1249 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha256\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><DigestValue>sKG2hDPEHiPrzpd3QA8BZ0eMzMbSEPPMh9QqXgkP7Cs=</DigestValue></Reference></SignedInfo><SignatureValue>Faad3KInJdIpaGcBn5e04Zv080u45fSjAKqrgevdWQw=</SignatureValue></Signature></foo>";
1250 XmlDocument doc = new XmlDocument ();
1253 SignedXml sign = new SignedXml (doc);
1254 sign.LoadXml (doc.DocumentElement ["Signature"]);
1256 // verify MS-generated signature
1257 Assert.IsTrue (sign.CheckSignature (new HMACSHA256 (hmackey)));
1261 public void SignHMAC_SHA512 ()
1263 SignedXml sign = SignHMAC (EncryptedXml.XmlEncSHA512Url, new HMACSHA512 (hmackey), true);
1264 Assert.AreEqual (more512, sign.SignatureMethod, "SignatureMethod");
1268 public void SignHMAC_SHA512_Bad ()
1270 SignedXml sign = SignHMAC (more512, new HMACSHA512 (hmackey), false);
1271 Assert.AreEqual (more512, sign.SignatureMethod, "SignatureMethod");
1275 public void VerifyHMAC_SHA512 ()
1277 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha512\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha512\" /><DigestValue>2dvMkpTUE8Z76ResJG9pwPpVJNYo7t6s2L02V81xUVJ0oF8yJ7v8CTojjuL76s0iVdBxAOhP80Ambd1YaSkwSw==</DigestValue></Reference></SignedInfo><SignatureValue>wFenihRlm1x5/n0cifdX/TDOYqlbg2oVIbD/gyrAc0Q2hiIUTtwfBIMY5rQhKcErSz6YNoIl8RBQBmww/0rv5g==</SignatureValue></Signature></foo>";
1278 XmlDocument doc = new XmlDocument ();
1281 SignedXml sign = new SignedXml (doc);
1282 sign.LoadXml (doc.DocumentElement ["Signature"]);
1284 // verify MS-generated signature
1285 Assert.IsTrue (sign.CheckSignature (new HMACSHA512 (hmackey)));
1289 public void SignHMAC_SHA384 ()
1291 // works as long as the string can be used by CryptoConfig to create
1292 // an instance of the required hash algorithm
1293 SignedXml sign = SignHMAC ("SHA384", new HMACSHA384 (hmackey), true);
1294 Assert.AreEqual (more384, sign.SignatureMethod, "SignatureMethod");
1298 public void SignHMAC_SHA384_Bad ()
1300 // we can't verity the signature if the URI is used
1301 SignedXml sign = SignHMAC (more384, new HMACSHA384 (hmackey), false);
1302 Assert.AreEqual (more384, sign.SignatureMethod, "SignatureMethod");
1306 public void VerifyHMAC_SHA384 ()
1308 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha384\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"SHA384\" /><DigestValue>kH9C0LeZocNVXhjfzpz00M5fc3WJf0QU8gxK4I7pAN7HN602yHo8yYDSlG14b5YS</DigestValue></Reference></SignedInfo><SignatureValue>LgydOfhv8nqpFLFPC+xg3ZnjC8D+V3mpzxv6GOdH1HDdw1r+LH/BFM2U7dntxgf0</SignatureValue></Signature></foo>";
1309 XmlDocument doc = new XmlDocument ();
1312 SignedXml sign = new SignedXml (doc);
1313 sign.LoadXml (doc.DocumentElement ["Signature"]);
1315 // verify MS-generated signature
1316 Assert.IsTrue (sign.CheckSignature (new HMACSHA384 (hmackey)));
1320 public void SignHMAC_RIPEMD160 ()
1322 // works as long as the string can be used by CryptoConfig to create
1323 // an instance of the required hash algorithm
1324 SignedXml sign = SignHMAC ("RIPEMD160", new HMACRIPEMD160 (hmackey), true);
1325 Assert.AreEqual (moreripe, sign.SignatureMethod, "SignatureMethod");
1329 public void SignHMAC_RIPEMD160_Bad ()
1331 // we can't verity the signature if the URI is used
1332 SignedXml sign = SignHMAC (moreripe, new HMACRIPEMD160 (hmackey), false);
1333 Assert.AreEqual (moreripe, sign.SignatureMethod, "SignatureMethod");
1337 public void VerifyHMAC_RIPEMD160 ()
1339 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"RIPEMD160\" /><DigestValue>+uyqtoSDPvgrsXCl1KCimhFpOVw=</DigestValue></Reference></SignedInfo><SignatureValue>8E2m/A5lyU6mBug7uskBqpDHuvs=</SignatureValue></Signature></foo>";
1340 XmlDocument doc = new XmlDocument ();
1343 SignedXml sign = new SignedXml (doc);
1344 sign.LoadXml (doc.DocumentElement ["Signature"]);
1346 // verify MS-generated signature
1347 Assert.IsTrue (sign.CheckSignature (new HMACRIPEMD160 (hmackey)));
1350 // * a 0-length signature is the worse case - it accepts anything
1351 // * between 1-7 bits length are considered invalid (not a multiple of 8)
1352 // * a 8 bits signature would have one chance, out of 256, to be valid
1353 // * and so on... until we hit (output-length / 2) or 80 bits (see ERRATUM)
1355 static bool erratum = true; // xmldsig erratum for CVE-2009-0217
1357 static SignedXml GetSignedXml (string xml)
1359 XmlDocument doc = new XmlDocument ();
1362 SignedXml sign = new SignedXml (doc);
1363 sign.LoadXml (doc.DocumentElement);
1367 static void CheckErratum (SignedXml signed, KeyedHashAlgorithm hmac, string message)
1371 signed.CheckSignature (hmac);
1372 Assert.Fail (message + ": unexcepted success");
1374 catch (CryptographicException) {
1376 catch (Exception e) {
1377 Assert.Fail (message + ": unexcepted " + e.ToString ());
1380 Assert.IsTrue (signed.CheckSignature (hmac), message);
1384 private void HmacMustBeMultipleOfEightBits (int bits)
1386 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1387 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1389 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1390 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1391 <HMACOutputLength>{0}</HMACOutputLength>
1393 <Reference URI=""#object"">
1394 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1395 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1401 <Object Id=""object"">some other text</Object>
1404 SignedXml sign = GetSignedXml (String.Format (xml, bits));
1405 // only multiple of 8 bits are supported
1406 sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")));
1410 public void HmacMustBeMultipleOfEightBits ()
1412 for (int i = 1; i < 160; i++) {
1413 // The .NET framework only supports multiple of 8 bits
1418 HmacMustBeMultipleOfEightBits (i);
1419 Assert.Fail ("Unexpected Success " + i.ToString ());
1421 catch (CryptographicException) {
1423 catch (Exception e) {
1424 Assert.Fail ("Unexpected Exception " + i.ToString () + " : " + e.ToString ());
1430 [Category ("NotDotNet")] // will fail until a fix is available
1431 public void VerifyHMAC_ZeroLength ()
1433 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1434 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1436 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1437 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1438 <HMACOutputLength>0</HMACOutputLength>
1440 <Reference URI=""#object"">
1441 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1442 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1447 <Object Id=""object"">some other text</Object>
1450 SignedXml sign = GetSignedXml (xml);
1452 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")), "1");
1453 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("")), "2");
1454 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("oops")), "3");
1455 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")), "4");
1459 [Category ("NotDotNet")] // will fail until a fix is available
1460 public void VerifyHMAC_SmallerThanMinimumLength ()
1462 // 72 is a multiple of 8 but smaller than the minimum of 80 bits
1463 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1""><HMACOutputLength>72</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>2dimB+P5Aw5K</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1464 SignedXml sign = GetSignedXml (xml);
1465 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")), "72");
1469 public void VerifyHMAC_MinimumLength ()
1471 // 80 bits is the minimum (and the half-size of HMACSHA1)
1472 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1""><HMACOutputLength>80</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>jVQPtLj61zNYjw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1473 SignedXml sign = GetSignedXml (xml);
1474 Assert.IsTrue (sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret"))));
1477 [Category ("NotDotNet")] // will fail until a fix is available
1478 public void VerifyHMAC_SmallerHalfLength ()
1480 // 80bits is smaller than the half-size of HMACSHA256
1481 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>80</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>vPtw7zKVV/JwQg==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1482 SignedXml sign = GetSignedXml (xml);
1483 CheckErratum (sign, new HMACSHA256 (Encoding.ASCII.GetBytes ("secret")), "80");
1487 public void VerifyHMAC_HalfLength ()
1489 // 128 is the half-size of HMACSHA256
1490 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>128</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>aegpvkAwOL8gN/CjSnW6qw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1491 SignedXml sign = GetSignedXml (xml);
1492 Assert.IsTrue (sign.CheckSignature (new HMACSHA256 (Encoding.ASCII.GetBytes ("secret"))));
1495 public void VerifyHMAC_FullLength ()
1497 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" /><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue></Reference></SignedInfo><SignatureValue>a0goL9esBUKPqtFYgpp2KST4huk=</SignatureValue><Object Id=""object"">some text</Object></Signature>";
1498 SignedXml sign = GetSignedXml (xml);
1499 Assert.IsTrue (sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret"))));
1503 [ExpectedException (typeof (CryptographicException))]
1504 public void VerifyHMAC_HMACOutputLength_Signature_Mismatch ()
1506 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1507 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1509 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1510 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1511 <HMACOutputLength>80</HMACOutputLength>
1513 <Reference URI=""#object"">
1514 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1515 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1520 <Object Id=""object"">some other text</Object>
1523 SignedXml sign = GetSignedXml (xml);
1524 sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")));
1528 [ExpectedException (typeof (FormatException))]
1529 public void VerifyHMAC_HMACOutputLength_Invalid ()
1531 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1532 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1534 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1535 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1536 <HMACOutputLength>I wish this was not a string property</HMACOutputLength>
1538 <Reference URI=""#object"">
1539 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1540 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1545 <Object Id=""object"">some other text</Object>
1548 SignedXml sign = GetSignedXml (xml);
1549 sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")));