namespace System.Security.Cryptography.Xml {
public class SignedXml {
-
- public const string XmlDsigCanonicalizationUrl = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
- public const string XmlDsigCanonicalizationWithCommentsUrl = XmlDsigCanonicalizationUrl + "#WithComments";
- public const string XmlDsigDSAUrl = XmlDsigNamespaceUrl + "dsa-sha1";
- public const string XmlDsigHMACSHA1Url = XmlDsigNamespaceUrl + "hmac-sha1";
- public const string XmlDsigMinimalCanonicalizationUrl = XmlDsigNamespaceUrl + "minimal";
- public const string XmlDsigNamespaceUrl = "http://www.w3.org/2000/09/xmldsig#";
- public const string XmlDsigRSASHA1Url = XmlDsigNamespaceUrl + "rsa-sha1";
- public const string XmlDsigSHA1Url = XmlDsigNamespaceUrl + "sha1";
-
- public const string XmlDecryptionTransformUrl = "http://www.w3.org/2002/07/decrypt#XML";
- public const string XmlDsigBase64TransformUrl = XmlDsigNamespaceUrl + "base64";
- public const string XmlDsigC14NTransformUrl = XmlDsigCanonicalizationUrl;
- public const string XmlDsigC14NWithCommentsTransformUrl = XmlDsigCanonicalizationWithCommentsUrl;
- public const string XmlDsigEnvelopedSignatureTransformUrl = XmlDsigNamespaceUrl + "enveloped-signature";
- public const string XmlDsigExcC14NTransformUrl = "http://www.w3.org/2001/10/xml-exc-c14n#";
- public const string XmlDsigExcC14NWithCommentsTransformUrl = XmlDsigExcC14NTransformUrl + "WithComments";
- public const string XmlDsigXPathTransformUrl = "http://www.w3.org/TR/1999/REC-xpath-19991116";
- public const string XmlDsigXsltTransformUrl = "http://www.w3.org/TR/1999/REC-xslt-19991116";
- public const string XmlLicenseTransformUrl = "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform";
+ public const string XmlDsigNamespaceUrl = "http://www.w3.org/2000/09/xmldsig#";
+ public const string XmlDsigMinimalCanonicalizationUrl = "http://www.w3.org/2000/09/xmldsig#minimal";
+ public const string XmlDsigCanonicalizationUrl = XmlDsigC14NTransformUrl;
+ public const string XmlDsigCanonicalizationWithCommentsUrl = XmlDsigC14NWithCommentsTransformUrl;
+
+ public const string XmlDsigSHA1Url = "http://www.w3.org/2000/09/xmldsig#sha1";
+ public const string XmlDsigDSAUrl = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+ public const string XmlDsigRSASHA1Url = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+ public const string XmlDsigHMACSHA1Url = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+
+ public const string XmlDsigSHA256Url = "http://www.w3.org/2001/04/xmlenc#sha256";
+ public const string XmlDsigRSASHA256Url = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+
+ // Yes, SHA384 is in the xmldsig-more namespace even though all the other SHA variants are in xmlenc. That's the standard.
+ public const string XmlDsigSHA384Url = "http://www.w3.org/2001/04/xmldsig-more#sha384";
+ public const string XmlDsigRSASHA384Url = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
+
+ public const string XmlDsigSHA512Url = "http://www.w3.org/2001/04/xmlenc#sha512";
+ public const string XmlDsigRSASHA512Url = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+
+ public const string XmlDsigC14NTransformUrl = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+ public const string XmlDsigC14NWithCommentsTransformUrl = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
+ public const string XmlDsigExcC14NTransformUrl = "http://www.w3.org/2001/10/xml-exc-c14n#";
+ public const string XmlDsigExcC14NWithCommentsTransformUrl = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+ public const string XmlDsigBase64TransformUrl = "http://www.w3.org/2000/09/xmldsig#base64";
+ public const string XmlDsigXPathTransformUrl = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+ public const string XmlDsigXsltTransformUrl = "http://www.w3.org/TR/1999/REC-xslt-19991116";
+ public const string XmlDsigEnvelopedSignatureTransformUrl = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+ public const string XmlDecryptionTransformUrl = "http://www.w3.org/2002/07/decrypt#XML";
+ public const string XmlLicenseTransformUrl = "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform";
private EncryptedXml encryptedXml;
private XmlElement signatureElement;
private Hashtable hashes;
// FIXME: enable it after CAS implementation
- private XmlResolver xmlResolver = new XmlUrlResolver ();
+ internal XmlResolver _xmlResolver = new XmlUrlResolver ();
+ private bool _bResolverSet = true;
+ internal XmlElement _context;
private ArrayList manifests;
private IEnumerator _x509Enumerator;
m_signature = new Signature ();
m_signature.SignedInfo = new SignedInfo ();
hashes = new Hashtable (2); // 98% SHA1 for now
+ _context = null;
}
public SignedXml (XmlDocument document) : this ()
if (document == null)
throw new ArgumentNullException ("document");
envdoc = document;
+ _context = document.DocumentElement;
}
public SignedXml (XmlElement elem) : this ()
if (elem == null)
throw new ArgumentNullException ("elem");
envdoc = new XmlDocument ();
+ _context = elem;
envdoc.LoadXml (elem.OuterXml);
}
set { m_strSigningKeyName = value; }
}
+ public XmlResolver Resolver
+ {
+ // This property only has a setter. The rationale for this is that we don't have a good value
+ // to return when it has not been explicitely set, as we are using XmlSecureResolver by default
+ set
+ {
+ _xmlResolver = value;
+ _bResolverSet = true;
+ }
+ }
+
+ internal bool ResolverSet
+ {
+ get { return _bResolverSet; }
+ }
+
public void AddObject (DataObject dataObject)
{
m_signature.AddObject (dataObject);
FixupNamespaceNodes (xel, doc.DocumentElement, false);
}
}
- else if (xmlResolver != null) {
+ else if (_xmlResolver != null) {
// TODO: need testing
- Stream s = (Stream) xmlResolver.GetEntity (new Uri (r.Uri), null, typeof (Stream));
+ Stream s = (Stream) _xmlResolver.GetEntity (new Uri (r.Uri), null, typeof (Stream));
doc.Load (s);
}
else if (r.Uri [0] == '#') {
objectName = r.Uri.Substring (1);
}
- else if (xmlResolver != null) {
+ else if (_xmlResolver != null) {
// TODO: test but doc says that Resolver = null -> no access
try {
// no way to know if valid without throwing an exception
Uri uri = new Uri (r.Uri);
- s = (Stream) xmlResolver.GetEntity (uri, null, typeof (Stream));
+ s = (Stream) _xmlResolver.GetEntity (uri, null, typeof (Stream));
}
catch {
// may still be a local file (and maybe not xml)
public void ComputeSignature ()
{
- if (key != null) {
- if (m_signature.SignedInfo.SignatureMethod == null)
- // required before hashing
- m_signature.SignedInfo.SignatureMethod = key.SignatureAlgorithm;
- else if (m_signature.SignedInfo.SignatureMethod != key.SignatureAlgorithm)
- throw new CryptographicException ("Specified SignatureAlgorithm is not supported by the signing key.");
- DigestReferences ();
-
- AsymmetricSignatureFormatter signer = null;
- // in need for a CryptoConfig factory
- if (key is DSA)
- signer = new DSASignatureFormatter (key);
- else if (key is RSA)
- signer = new RSAPKCS1SignatureFormatter (key);
-
- if (signer != null) {
- SignatureDescription sd = (SignatureDescription) CryptoConfig.CreateFromName (m_signature.SignedInfo.SignatureMethod);
-
- HashAlgorithm hash = GetHash (sd.DigestAlgorithm, false);
- // get the hash of the C14N SignedInfo element
- byte[] digest = hash.ComputeHash (SignedInfoTransformed ());
-
- signer.SetHashAlgorithm ("SHA1");
- m_signature.SignatureValue = signer.CreateSignature (digest);
+ DigestReferences ();
+
+ if (key == null)
+ throw new CryptographicException (SR.Cryptography_Xml_LoadKeyFailed);
+
+ // Check the signature algorithm associated with the key so that we can accordingly set the signature method
+ if (SignedInfo.SignatureMethod == null) {
+ if (key is DSA) {
+ SignedInfo.SignatureMethod = XmlDsigDSAUrl;
+ } else if (key is RSA) {
+ // Default to RSA-SHA1
+ SignedInfo.SignatureMethod = XmlDsigRSASHA1Url;
+ } else {
+ throw new CryptographicException (SR.Cryptography_Xml_CreatedKeyFailed);
}
}
- else
- throw new CryptographicException ("signing key is not specified");
+
+ // See if there is a signature description class defined in the Config file
+ SignatureDescription signatureDescription = CryptoConfig.CreateFromName (SignedInfo.SignatureMethod) as SignatureDescription;
+ if (signatureDescription == null)
+ throw new CryptographicException (SR.Cryptography_Xml_SignatureDescriptionNotCreated);
+
+ HashAlgorithm hashAlg = signatureDescription.CreateDigest ();
+ if (hashAlg == null)
+ throw new CryptographicException (SR.Cryptography_Xml_CreateHashAlgorithmFailed);
+
+ byte[] hashvalue = hashAlg.ComputeHash (SignedInfoTransformed ());
+ AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter (key);
+
+ m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature (hashAlg);
}
public void ComputeSignature (KeyedHashAlgorithm macAlg)
signatureElement = value;
m_signature.LoadXml (value);
+
+ if (_context == null) {
+ _context = value;
+ }
+
// Need to give the EncryptedXml object to the
// XmlDecryptionTransform to give it a fighting
// chance at decrypting the document.
}
}
}
-
- [ComVisible (false)]
- public XmlResolver Resolver {
- set { xmlResolver = value; }
- }
}
}