X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mcs%2Fclass%2FSystem.Security%2FSystem.Security.Cryptography.Xml%2FSignedXml.cs;h=84d13e83c14f5eadd2fc2cbbc3ecbffd57666cc3;hb=82bc0ca4ced9d49ed9e1a483b415760ba8653500;hp=05c2b091d98b229262f43bc1c25577656f0009a2;hpb=12461baf50da00c5d30f757af0e1891d7ebbef3b;p=mono.git diff --git a/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs b/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs index 05c2b091d98..84d13e83c14 100644 --- a/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs +++ b/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs @@ -43,26 +43,36 @@ using System.Security.Cryptography.X509Certificates; namespace System.Security.Cryptography.Xml { public class SignedXml { - - public const string XmlDsigCanonicalizationUrl = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; - public const string XmlDsigCanonicalizationWithCommentsUrl = XmlDsigCanonicalizationUrl + "#WithComments"; - public const string XmlDsigDSAUrl = XmlDsigNamespaceUrl + "dsa-sha1"; - public const string XmlDsigHMACSHA1Url = XmlDsigNamespaceUrl + "hmac-sha1"; - public const string XmlDsigMinimalCanonicalizationUrl = XmlDsigNamespaceUrl + "minimal"; - public const string XmlDsigNamespaceUrl = "http://www.w3.org/2000/09/xmldsig#"; - public const string XmlDsigRSASHA1Url = XmlDsigNamespaceUrl + "rsa-sha1"; - public const string XmlDsigSHA1Url = XmlDsigNamespaceUrl + "sha1"; - - public const string XmlDecryptionTransformUrl = "http://www.w3.org/2002/07/decrypt#XML"; - public const string XmlDsigBase64TransformUrl = XmlDsigNamespaceUrl + "base64"; - public const string XmlDsigC14NTransformUrl = XmlDsigCanonicalizationUrl; - public const string XmlDsigC14NWithCommentsTransformUrl = XmlDsigCanonicalizationWithCommentsUrl; - public const string XmlDsigEnvelopedSignatureTransformUrl = XmlDsigNamespaceUrl + "enveloped-signature"; - public const string XmlDsigExcC14NTransformUrl = "http://www.w3.org/2001/10/xml-exc-c14n#"; - public const string XmlDsigExcC14NWithCommentsTransformUrl = XmlDsigExcC14NTransformUrl + "WithComments"; - public const string XmlDsigXPathTransformUrl = "http://www.w3.org/TR/1999/REC-xpath-19991116"; - public const string XmlDsigXsltTransformUrl = "http://www.w3.org/TR/1999/REC-xslt-19991116"; - public const string XmlLicenseTransformUrl = "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform"; + public const string XmlDsigNamespaceUrl = "http://www.w3.org/2000/09/xmldsig#"; + public const string XmlDsigMinimalCanonicalizationUrl = "http://www.w3.org/2000/09/xmldsig#minimal"; + public const string XmlDsigCanonicalizationUrl = XmlDsigC14NTransformUrl; + public const string XmlDsigCanonicalizationWithCommentsUrl = XmlDsigC14NWithCommentsTransformUrl; + + public const string XmlDsigSHA1Url = "http://www.w3.org/2000/09/xmldsig#sha1"; + public const string XmlDsigDSAUrl = "http://www.w3.org/2000/09/xmldsig#dsa-sha1"; + public const string XmlDsigRSASHA1Url = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; + public const string XmlDsigHMACSHA1Url = "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; + + public const string XmlDsigSHA256Url = "http://www.w3.org/2001/04/xmlenc#sha256"; + public const string XmlDsigRSASHA256Url = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; + + // Yes, SHA384 is in the xmldsig-more namespace even though all the other SHA variants are in xmlenc. That's the standard. + public const string XmlDsigSHA384Url = "http://www.w3.org/2001/04/xmldsig-more#sha384"; + public const string XmlDsigRSASHA384Url = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"; + + public const string XmlDsigSHA512Url = "http://www.w3.org/2001/04/xmlenc#sha512"; + public const string XmlDsigRSASHA512Url = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; + + public const string XmlDsigC14NTransformUrl = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; + public const string XmlDsigC14NWithCommentsTransformUrl = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; + public const string XmlDsigExcC14NTransformUrl = "http://www.w3.org/2001/10/xml-exc-c14n#"; + public const string XmlDsigExcC14NWithCommentsTransformUrl = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; + public const string XmlDsigBase64TransformUrl = "http://www.w3.org/2000/09/xmldsig#base64"; + public const string XmlDsigXPathTransformUrl = "http://www.w3.org/TR/1999/REC-xpath-19991116"; + public const string XmlDsigXsltTransformUrl = "http://www.w3.org/TR/1999/REC-xslt-19991116"; + public const string XmlDsigEnvelopedSignatureTransformUrl = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; + public const string XmlDecryptionTransformUrl = "http://www.w3.org/2002/07/decrypt#XML"; + public const string XmlLicenseTransformUrl = "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform"; private EncryptedXml encryptedXml; @@ -74,7 +84,9 @@ namespace System.Security.Cryptography.Xml { private XmlElement signatureElement; private Hashtable hashes; // FIXME: enable it after CAS implementation - private XmlResolver xmlResolver = new XmlUrlResolver (); + internal XmlResolver _xmlResolver = new XmlUrlResolver (); + private bool _bResolverSet = true; + internal XmlElement _context; private ArrayList manifests; private IEnumerator _x509Enumerator; @@ -85,6 +97,7 @@ namespace System.Security.Cryptography.Xml { m_signature = new Signature (); m_signature.SignedInfo = new SignedInfo (); hashes = new Hashtable (2); // 98% SHA1 for now + _context = null; } public SignedXml (XmlDocument document) : this () @@ -92,6 +105,7 @@ namespace System.Security.Cryptography.Xml { if (document == null) throw new ArgumentNullException ("document"); envdoc = document; + _context = document.DocumentElement; } public SignedXml (XmlElement elem) : this () @@ -99,6 +113,7 @@ namespace System.Security.Cryptography.Xml { if (elem == null) throw new ArgumentNullException ("elem"); envdoc = new XmlDocument (); + _context = elem; envdoc.LoadXml (elem.OuterXml); } @@ -148,6 +163,22 @@ namespace System.Security.Cryptography.Xml { set { m_strSigningKeyName = value; } } + public XmlResolver Resolver + { + // This property only has a setter. The rationale for this is that we don't have a good value + // to return when it has not been explicitely set, as we are using XmlSecureResolver by default + set + { + _xmlResolver = value; + _bResolverSet = true; + } + } + + internal bool ResolverSet + { + get { return _bResolverSet; } + } + public void AddObject (DataObject dataObject) { m_signature.AddObject (dataObject); @@ -221,9 +252,9 @@ namespace System.Security.Cryptography.Xml { FixupNamespaceNodes (xel, doc.DocumentElement, false); } } - else if (xmlResolver != null) { + else if (_xmlResolver != null) { // TODO: need testing - Stream s = (Stream) xmlResolver.GetEntity (new Uri (r.Uri), null, typeof (Stream)); + Stream s = (Stream) _xmlResolver.GetEntity (new Uri (r.Uri), null, typeof (Stream)); doc.Load (s); } @@ -281,12 +312,12 @@ namespace System.Security.Cryptography.Xml { else if (r.Uri [0] == '#') { objectName = r.Uri.Substring (1); } - else if (xmlResolver != null) { + else if (_xmlResolver != null) { // TODO: test but doc says that Resolver = null -> no access try { // no way to know if valid without throwing an exception Uri uri = new Uri (r.Uri); - s = (Stream) xmlResolver.GetEntity (uri, null, typeof (Stream)); + s = (Stream) _xmlResolver.GetEntity (uri, null, typeof (Stream)); } catch { // may still be a local file (and maybe not xml) @@ -624,34 +655,36 @@ namespace System.Security.Cryptography.Xml { public void ComputeSignature () { - if (key != null) { - if (m_signature.SignedInfo.SignatureMethod == null) - // required before hashing - m_signature.SignedInfo.SignatureMethod = key.SignatureAlgorithm; - else if (m_signature.SignedInfo.SignatureMethod != key.SignatureAlgorithm) - throw new CryptographicException ("Specified SignatureAlgorithm is not supported by the signing key."); - DigestReferences (); - - AsymmetricSignatureFormatter signer = null; - // in need for a CryptoConfig factory - if (key is DSA) - signer = new DSASignatureFormatter (key); - else if (key is RSA) - signer = new RSAPKCS1SignatureFormatter (key); - - if (signer != null) { - SignatureDescription sd = (SignatureDescription) CryptoConfig.CreateFromName (m_signature.SignedInfo.SignatureMethod); - - HashAlgorithm hash = GetHash (sd.DigestAlgorithm, false); - // get the hash of the C14N SignedInfo element - byte[] digest = hash.ComputeHash (SignedInfoTransformed ()); - - signer.SetHashAlgorithm ("SHA1"); - m_signature.SignatureValue = signer.CreateSignature (digest); + DigestReferences (); + + if (key == null) + throw new CryptographicException (SR.Cryptography_Xml_LoadKeyFailed); + + // Check the signature algorithm associated with the key so that we can accordingly set the signature method + if (SignedInfo.SignatureMethod == null) { + if (key is DSA) { + SignedInfo.SignatureMethod = XmlDsigDSAUrl; + } else if (key is RSA) { + // Default to RSA-SHA1 + SignedInfo.SignatureMethod = XmlDsigRSASHA1Url; + } else { + throw new CryptographicException (SR.Cryptography_Xml_CreatedKeyFailed); } } - else - throw new CryptographicException ("signing key is not specified"); + + // See if there is a signature description class defined in the Config file + SignatureDescription signatureDescription = CryptoConfig.CreateFromName (SignedInfo.SignatureMethod) as SignatureDescription; + if (signatureDescription == null) + throw new CryptographicException (SR.Cryptography_Xml_SignatureDescriptionNotCreated); + + HashAlgorithm hashAlg = signatureDescription.CreateDigest (); + if (hashAlg == null) + throw new CryptographicException (SR.Cryptography_Xml_CreateHashAlgorithmFailed); + + byte[] hashvalue = hashAlg.ComputeHash (SignedInfoTransformed ()); + AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter (key); + + m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature (hashAlg); } public void ComputeSignature (KeyedHashAlgorithm macAlg) @@ -761,6 +794,11 @@ namespace System.Security.Cryptography.Xml { signatureElement = value; m_signature.LoadXml (value); + + if (_context == null) { + _context = value; + } + // Need to give the EncryptedXml object to the // XmlDecryptionTransform to give it a fighting // chance at decrypting the document. @@ -771,10 +809,5 @@ namespace System.Security.Cryptography.Xml { } } } - - [ComVisible (false)] - public XmlResolver Resolver { - set { xmlResolver = value; } - } } }