2 // SignedXmlTest.cs - NUnit Test Cases for SignedXml
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2005, 2008 Novell, Inc (http://www.novell.com)
12 using System.Globalization;
14 using System.Security.Cryptography;
15 using System.Security.Cryptography.X509Certificates;
16 using System.Security.Cryptography.Xml;
20 using NUnit.Framework;
22 namespace MonoTests.System.Security.Cryptography.Xml {
24 public class SignedXmlEx : SignedXml {
26 // required to test protected GetPublicKey in SignedXml
27 public AsymmetricAlgorithm PublicGetPublicKey ()
29 return base.GetPublicKey ();
34 /// This class is for testing purposes only. It allows to reproduce an error
35 /// that happens when an unsupported signing key is being used
36 /// while computing a signature.
38 internal sealed class CustomAsymmetricAlgorithm : AsymmetricAlgorithm {
42 /// This class is for testing purposes only. It allows to reproduce an error
43 /// that happens when the hash algorithm cannot be created.
45 public sealed class BadHashAlgorithmSignatureDescription : SignatureDescription {
46 public BadHashAlgorithmSignatureDescription ()
48 KeyAlgorithm = RSA.Create ().GetType ().FullName;
49 DigestAlgorithm = SHA1.Create ().GetType ().FullName;
50 FormatterAlgorithm = typeof (RSAPKCS1SignatureFormatter).FullName;
51 DeformatterAlgorithm = typeof (RSAPKCS1SignatureDeformatter).FullName;
54 public override HashAlgorithm CreateDigest ()
61 /// This class is for testing purposes only.
62 /// It represents a correctly defined custom signature description.
64 public sealed class RsaPkcs1Sha512SignatureDescription : SignatureDescription {
65 private const string Sha512HashAlgorithm = "SHA512";
67 public RsaPkcs1Sha512SignatureDescription ()
69 KeyAlgorithm = RSA.Create ().GetType ().FullName;
70 DigestAlgorithm = SHA512.Create ().GetType ().FullName;
71 FormatterAlgorithm = typeof (RSAPKCS1SignatureFormatter).FullName;
72 DeformatterAlgorithm = typeof (RSAPKCS1SignatureDeformatter).FullName;
75 public override AsymmetricSignatureFormatter CreateFormatter (AsymmetricAlgorithm key)
77 var formatter = new RSAPKCS1SignatureFormatter (key);
78 formatter.SetHashAlgorithm (Sha512HashAlgorithm);
83 public override AsymmetricSignatureDeformatter CreateDeformatter (AsymmetricAlgorithm key)
85 var deformatter = new RSAPKCS1SignatureDeformatter (key);
86 deformatter.SetHashAlgorithm (Sha512HashAlgorithm);
93 public class SignedXmlTest {
94 private const string XmlDsigNamespacePrefix = "ds";
96 private const string signature = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>CTnnhjxUQHJmD+t1MjVXrOW+MCA=</DigestValue></Reference></SignedInfo><SignatureValue>dbFt6Zw3vR+Xh7LbM/vuifyFA7gPh/NlDM2Glz/SJBsveISieuTBpZlk/zavAeuXR/Nu0Ztt4OP4tCOg09a2RNlrTP0dhkeEfL1jTzpnVaLHuQbCiwOWCgbRif7Xt7N12FuiHYb3BltP/YyXS4E12NxlGlqnDiFA1v/mkK5+C1o=</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><RSAKeyValue><Modulus>hEfTJNa2idz2u+fSYDDG4Lx/xuk4aBbvOPVNqgc1l9Y8t7Pt+ZyF+kkF3uUl8Y0700BFGAsprnhwrWENK+PGdtvM5796ZKxCCa0ooKkofiT4355HqK26hpV8dvj38vq/rkJe1jHZgkTKa+c/0vjcYZOI/RT/IZv9JfXxVWLuLxk=</Modulus><Exponent>EQ==</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\" xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ObjectListTag xmlns=\"\" /></Object></Signature>";
99 public void StaticValues ()
101 Assert.AreEqual ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", SignedXml.XmlDsigCanonicalizationUrl, "XmlDsigCanonicalizationUrl");
102 Assert.AreEqual ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", SignedXml.XmlDsigCanonicalizationWithCommentsUrl, "XmlDsigCanonicalizationWithCommentsUrl");
103 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#dsa-sha1", SignedXml.XmlDsigDSAUrl, "XmlDsigDSAUrl");
104 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#hmac-sha1", SignedXml.XmlDsigHMACSHA1Url, "XmlDsigHMACSHA1Url");
105 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#minimal", SignedXml.XmlDsigMinimalCanonicalizationUrl, "XmlDsigMinimalCanonicalizationUrl");
106 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#", SignedXml.XmlDsigNamespaceUrl, "XmlDsigNamespaceUrl");
107 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#rsa-sha1", SignedXml.XmlDsigRSASHA1Url, "XmlDsigRSASHA1Url");
108 Assert.AreEqual ("http://www.w3.org/2000/09/xmldsig#sha1", SignedXml.XmlDsigSHA1Url, "XmlDsigSHA1Url");
112 public void Constructor_Empty ()
114 XmlDocument doc = new XmlDocument ();
115 doc.LoadXml (signature);
116 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
117 XmlElement xel = (XmlElement) xnl [0];
119 SignedXml sx = new SignedXml (doc);
121 Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
125 public void Constructor_XmlDocument ()
127 XmlDocument doc = new XmlDocument ();
128 doc.LoadXml (signature);
129 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
130 XmlElement xel = (XmlElement) xnl [0];
132 SignedXml sx = new SignedXml (doc);
133 sx.LoadXml (doc.DocumentElement);
134 Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
138 [Ignore ("2.0 throws a NullReferenceException - reported as FDBK25892")]
139 // http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx?feedbackid=02dd9730-d1ad-4170-8c82-36858c55fbe2
140 [ExpectedException (typeof (ArgumentNullException))]
141 public void Constructor_XmlDocument_Null ()
143 XmlDocument doc = null;
144 SignedXml sx = new SignedXml (doc);
148 public void Constructor_XmlElement ()
150 XmlDocument doc = new XmlDocument ();
151 doc.LoadXml (signature);
152 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
153 XmlElement xel = (XmlElement) xnl [0];
155 SignedXml sx = new SignedXml (doc.DocumentElement);
157 Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
161 public void Constructor_XmlElement_WithoutLoadXml ()
163 XmlDocument doc = new XmlDocument ();
164 doc.LoadXml (signature);
165 XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
166 XmlElement xel = (XmlElement) xnl [0];
168 SignedXml sx = new SignedXml (doc.DocumentElement);
169 Assert.IsTrue (!sx.CheckSignature (), "!CheckSignature");
170 // SignedXml (XmlElement) != SignedXml () + LoadXml (XmlElement)
174 [ExpectedException (typeof (ArgumentNullException))]
175 public void Constructor_XmlElement_Null ()
177 XmlElement xel = null;
178 SignedXml sx = new SignedXml (xel);
181 // sample from MSDN (url)
182 public SignedXml MSDNSample ()
184 // Create example data to sign.
185 XmlDocument document = new XmlDocument ();
186 XmlNode node = document.CreateNode (XmlNodeType.Element, "", "MyElement", "samples");
187 node.InnerText = "This is some text";
188 document.AppendChild (node);
190 // Create the SignedXml message.
191 SignedXml signedXml = new SignedXml ();
193 // Create a data object to hold the data to sign.
194 DataObject dataObject = new DataObject ();
195 dataObject.Data = document.ChildNodes;
196 dataObject.Id = "MyObjectId";
198 // Add the data object to the signature.
199 signedXml.AddObject (dataObject);
201 // Create a reference to be able to package everything into the
203 Reference reference = new Reference ();
204 reference.Uri = "#MyObjectId";
206 // Add it to the message.
207 signedXml.AddReference (reference);
213 [ExpectedException (typeof (CryptographicException))]
214 public void SignatureMethodMismatch ()
216 SignedXml signedXml = MSDNSample ();
218 RSA key = RSA.Create ();
219 signedXml.SigningKey = key;
220 signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigHMACSHA1Url;
223 KeyInfo keyInfo = new KeyInfo ();
224 keyInfo.AddClause (new RSAKeyValue (key));
225 signedXml.KeyInfo = keyInfo;
227 Assert.IsNotNull (signedXml.SignatureMethod, "SignatureMethod");
228 // Compute the signature - causes unsupported algorithm by the key.
229 signedXml.ComputeSignature ();
233 public void AsymmetricRSASignature ()
235 SignedXml signedXml = MSDNSample ();
237 RSA key = RSA.Create ();
238 signedXml.SigningKey = key;
241 KeyInfo keyInfo = new KeyInfo ();
242 keyInfo.AddClause (new RSAKeyValue (key));
243 signedXml.KeyInfo = keyInfo;
245 Assert.AreEqual (1, signedXml.KeyInfo.Count, "KeyInfo");
246 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
247 Assert.IsNull (signedXml.SignatureMethod, "SignatureMethod");
248 Assert.IsNull (signedXml.SignatureValue, "SignatureValue");
249 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
251 // Compute the signature.
252 signedXml.ComputeSignature ();
254 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
255 Assert.AreEqual (SignedXml.XmlDsigRSASHA1Url, signedXml.SignatureMethod, "SignatureMethod");
256 Assert.AreEqual (128, signedXml.SignatureValue.Length, "SignatureValue");
257 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
259 // Get the XML representation of the signature.
260 XmlElement xmlSignature = signedXml.GetXml ();
262 // LAMESPEC: we must reload the signature or it won't work
263 // MS framework throw a "malformed element"
264 SignedXml vrfy = new SignedXml ();
265 vrfy.LoadXml (xmlSignature);
267 // assert that we can verify our own signature
268 Assert.IsTrue (vrfy.CheckSignature (), "RSA-Compute/Verify");
271 // The same as MSDNSample(), but adding a few attributes
272 public SignedXml MSDNSampleMixedCaseAttributes ()
274 // Create example data to sign.
275 XmlDocument document = new XmlDocument ();
276 XmlNode node = document.CreateNode (XmlNodeType.Element, "", "MyElement", "samples");
277 node.InnerText = "This is some text";
278 XmlAttribute a1 = document.CreateAttribute ("Aa");
279 XmlAttribute a2 = document.CreateAttribute ("Bb");
280 XmlAttribute a3 = document.CreateAttribute ("aa");
281 XmlAttribute a4 = document.CreateAttribute ("bb");
286 node.Attributes.Append (a1);
287 node.Attributes.Append (a2);
288 node.Attributes.Append (a3);
289 node.Attributes.Append (a4);
290 document.AppendChild (node);
292 // Create the SignedXml message.
293 SignedXml signedXml = new SignedXml ();
295 // Create a data object to hold the data to sign.
296 DataObject dataObject = new DataObject ();
297 dataObject.Data = document.ChildNodes;
298 dataObject.Id = "MyObjectId";
300 // Add the data object to the signature.
301 signedXml.AddObject (dataObject);
303 // Create a reference to be able to package everything into the
305 Reference reference = new Reference ();
306 reference.Uri = "#MyObjectId";
308 // Add it to the message.
309 signedXml.AddReference (reference);
314 public string AsymmetricRSAMixedCaseAttributes ()
316 SignedXml signedXml = MSDNSampleMixedCaseAttributes ();
318 RSA key = RSA.Create ();
319 signedXml.SigningKey = key;
322 KeyInfo keyInfo = new KeyInfo ();
323 keyInfo.AddClause (new RSAKeyValue (key));
324 signedXml.KeyInfo = keyInfo;
326 // Compute the signature.
327 signedXml.ComputeSignature ();
329 // Get the XML representation of the signature.
330 XmlElement xmlSignature = signedXml.GetXml ();
332 StringWriter sw = new StringWriter ();
333 XmlWriter w = new XmlTextWriter (sw);
334 xmlSignature.WriteTo (w);
335 return sw.ToString ();
338 // Example output from Windows for AsymmetricRSAMixedCaseAttributes()
339 private const string AsymmetricRSAMixedCaseAttributesResult = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>0j1xLsePFtuRHfXEnVdTSLWtAm4=</DigestValue></Reference></SignedInfo><SignatureValue>hmrEBgns5Xx14aDhzqOyIh0qLNMUldtW8+fNPcvtD/2KtEhNZQGctnhs90CRa1NZ08TqzW2pUaEwmqvMAtF4v8KtWzC/zTuc1jH6nxQvQSQo0ABhuXdu7/hknZkXJ4yKBbdgbKjAsKfULwbWrP/PacLPoYfCO+wXSrt+wLMTTWU=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>4h/rHDr54r6SZWk2IPCeHX7N+wR1za0VBLshuS6tq3RSWap4PY2BM8VdbKH2T9RzyZoiHufjng+1seUx430iMsXisOLUkPP+yGtMQOSZ3CQHAa+IYA+fplXipixI0rV1J1wJNXQm3HxXQqKWpIv5fkwBtj8o2k6CWMgPNgFCnxc=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement Aa=\"one\" Bb=\"two\" aa=\"three\" bb=\"four\" xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
342 public void AsymmetricRSAMixedCaseAttributesVerifyWindows ()
344 XmlDocument doc = new XmlDocument ();
345 doc.LoadXml (AsymmetricRSAMixedCaseAttributesResult);
347 SignedXml v1 = new SignedXml ();
348 v1.LoadXml (doc.DocumentElement);
349 Assert.IsTrue (v1.CheckSignature ());
353 public void AsymmetricDSASignature ()
355 SignedXml signedXml = MSDNSample ();
357 DSA key = DSA.Create ();
358 signedXml.SigningKey = key;
361 KeyInfo keyInfo = new KeyInfo ();
362 keyInfo.AddClause (new DSAKeyValue (key));
363 signedXml.KeyInfo = keyInfo;
365 Assert.AreEqual (1, signedXml.KeyInfo.Count, "KeyInfo");
366 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
367 Assert.IsNull (signedXml.SignatureMethod, "SignatureMethod");
368 Assert.IsNull (signedXml.SignatureValue, "SignatureValue");
369 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
371 // Compute the signature.
372 signedXml.ComputeSignature ();
374 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
375 Assert.AreEqual (SignedXml.XmlDsigDSAUrl, signedXml.SignatureMethod, "SignatureMethod");
376 Assert.AreEqual (40, signedXml.SignatureValue.Length, "SignatureValue");
377 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
379 // Get the XML representation of the signature.
380 XmlElement xmlSignature = signedXml.GetXml ();
382 // LAMESPEC: we must reload the signature or it won't work
383 // MS framework throw a "malformed element"
384 SignedXml vrfy = new SignedXml ();
385 vrfy.LoadXml (xmlSignature);
387 // assert that we can verify our own signature
388 Assert.IsTrue (vrfy.CheckSignature (), "DSA-Compute/Verify");
392 public void SymmetricHMACSHA1Signature ()
394 SignedXml signedXml = MSDNSample ();
396 // Compute the signature.
397 byte[] secretkey = Encoding.Default.GetBytes ("password");
398 HMACSHA1 hmac = new HMACSHA1 (secretkey);
399 Assert.AreEqual (0, signedXml.KeyInfo.Count, "KeyInfo");
400 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
401 Assert.IsNull (signedXml.SignatureMethod, "SignatureMethod");
402 Assert.IsNull (signedXml.SignatureValue, "SignatureValue");
403 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
405 signedXml.ComputeSignature (hmac);
407 Assert.AreEqual (0, signedXml.KeyInfo.Count, "KeyInfo");
408 Assert.IsNull (signedXml.SignatureLength, "SignatureLength");
409 Assert.AreEqual (SignedXml.XmlDsigHMACSHA1Url, signedXml.SignatureMethod, "SignatureMethod");
410 Assert.AreEqual (20, signedXml.SignatureValue.Length, "SignatureValue");
411 Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
413 // Get the XML representation of the signature.
414 XmlElement xmlSignature = signedXml.GetXml ();
416 // LAMESPEC: we must reload the signature or it won't work
417 // MS framework throw a "malformed element"
418 SignedXml vrfy = new SignedXml ();
419 vrfy.LoadXml (xmlSignature);
421 // assert that we can verify our own signature
422 Assert.IsTrue (vrfy.CheckSignature (hmac), "HMACSHA1-Compute/Verify");
426 [ExpectedException (typeof (CryptographicException))]
427 public void SymmetricMACTripleDESSignature ()
429 SignedXml signedXml = MSDNSample ();
430 // Compute the signature.
431 byte[] secretkey = Encoding.Default.GetBytes ("password");
432 MACTripleDES hmac = new MACTripleDES (secretkey);
433 signedXml.ComputeSignature (hmac);
436 // Using empty constructor
437 // LAMESPEC: The two other constructors don't seems to apply in verifying signatures
439 public void AsymmetricRSAVerify ()
441 string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>A6XuE8Cy9iOffRXaW9b0+dUcMUJQnlmwLsiqtQnADbCtZXnXAaeJ6nGnQ4Mm0IGi0AJc7/2CoJReXl7iW4hltmFguG1e3nl0VxCyCTHKGOCo1u8R3K+B1rTaenFbSxs42EM7/D9KETsPlzfYfis36yM3PqatiCUOsoMsAiMGzlc=</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><RSAKeyValue><Modulus>tI8QYIpbG/m6JLyvP+S3X8mzcaAIayxomyTimSh9UCpEucRnGvLw0P73uStNpiF7wltTZA1HEsv+Ha39dY/0j/Wiy3RAodGDRNuKQao1wu34aNybZ673brbsbHFUfw/o7nlKD2xO84fbajBZmKtBBDy63NHt+QL+grSrREPfCTM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
442 XmlDocument doc = new XmlDocument ();
445 SignedXml v1 = new SignedXml ();
446 v1.LoadXml (doc.DocumentElement);
447 Assert.IsTrue (v1.CheckSignature (), "RSA-CheckSignature()");
449 SignedXml v2 = new SignedXml ();
450 v2.LoadXml (doc.DocumentElement);
451 AsymmetricAlgorithm key = null;
452 bool vrfy = v2.CheckSignatureReturningKey (out key);
453 Assert.IsTrue (vrfy, "RSA-CheckSignatureReturningKey()");
455 SignedXml v3 = new SignedXml ();
456 v3.LoadXml (doc.DocumentElement);
457 Assert.IsTrue (v3.CheckSignature (key), "RSA-CheckSignature(key)");
460 // Using empty constructor
461 // LAMESPEC: The two other constructors don't seems to apply in verifying signatures
463 public void AsymmetricDSAVerify ()
465 string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#dsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><DSAKeyValue><P>iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=</P><Q>u4sowiJMHilNRojtdmIuQY2YnB8=</Q><G>SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=</G><Y>XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=</Y><J>vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBY</J><Seed>sqzn8J6fd2gtEyq6YOqiUSHgPE8=</Seed><PgenCounter>sQ==</PgenCounter></DSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
466 XmlDocument doc = new XmlDocument ();
469 SignedXml v1 = new SignedXml ();
470 v1.LoadXml (doc.DocumentElement);
471 Assert.IsTrue (v1.CheckSignature (), "DSA-CheckSignature()");
473 SignedXml v2 = new SignedXml ();
474 v2.LoadXml (doc.DocumentElement);
475 AsymmetricAlgorithm key = null;
476 bool vrfy = v2.CheckSignatureReturningKey (out key);
477 Assert.IsTrue (vrfy, "DSA-CheckSignatureReturningKey()");
479 SignedXml v3 = new SignedXml ();
480 v3.LoadXml (doc.DocumentElement);
481 Assert.IsTrue (v3.CheckSignature (key), "DSA-CheckSignature(key)");
485 public void SymmetricHMACSHA1Verify ()
487 string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#hmac-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>e2RxYr5yGbvTqZLCFcgA2RAC0yE=</SignatureValue><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";
488 XmlDocument doc = new XmlDocument ();
491 SignedXml v1 = new SignedXml ();
492 v1.LoadXml (doc.DocumentElement);
494 byte[] secretkey = Encoding.Default.GetBytes ("password");
495 HMACSHA1 hmac = new HMACSHA1 (secretkey);
497 Assert.IsTrue (v1.CheckSignature (hmac), "HMACSHA1-CheckSignature(key)");
501 // adapted from http://bugzilla.ximian.com/show_bug.cgi?id=52084
502 public void GetIdElement ()
504 XmlDocument doc = new XmlDocument ();
505 doc.LoadXml (signature);
507 SignedXml v1 = new SignedXml ();
508 v1.LoadXml (doc.DocumentElement);
509 Assert.IsTrue (v1.CheckSignature (), "CheckSignature");
511 XmlElement xel = v1.GetIdElement (doc, "MyObjectId");
512 Assert.IsTrue (xel.InnerXml.StartsWith ("<ObjectListTag"), "GetIdElement");
516 public void GetPublicKey ()
518 XmlDocument doc = new XmlDocument ();
519 doc.LoadXml (signature);
521 SignedXmlEx sxe = new SignedXmlEx ();
522 sxe.LoadXml (doc.DocumentElement);
524 AsymmetricAlgorithm aa1 = sxe.PublicGetPublicKey ();
525 Assert.IsTrue ((aa1 is RSA), "First Public Key is RSA");
527 AsymmetricAlgorithm aa2 = sxe.PublicGetPublicKey ();
528 Assert.IsNull (aa2, "Second Public Key is null");
531 // [ExpectedException (typeof (ArgumentNullException))]
532 public void AddObject_Null ()
534 SignedXml sx = new SignedXml ();
535 // still no ArgumentNullExceptions for this one
540 [ExpectedException (typeof (ArgumentNullException))]
541 public void AddReference_Null ()
543 SignedXml sx = new SignedXml ();
544 sx.AddReference (null);
547 [ExpectedException (typeof (CryptographicException))]
548 public void GetXml_WithoutInfo ()
550 SignedXml sx = new SignedXml ();
551 XmlElement xel = sx.GetXml ();
555 [ExpectedException (typeof (ArgumentNullException))]
556 public void LoadXml_Null ()
558 SignedXml sx = new SignedXml ();
563 public void SigningKeyName ()
565 SignedXmlEx sxe = new SignedXmlEx ();
566 Assert.IsNull (sxe.SigningKeyName, "SigningKeyName");
567 sxe.SigningKeyName = "mono";
568 Assert.AreEqual ("mono", sxe.SigningKeyName, "SigningKeyName");
572 public void CheckSignatureEmptySafe ()
578 // empty keyinfo passes...
579 sx = new SignedXml ();
580 sx.KeyInfo = new KeyInfo ();
581 Assert.IsTrue (!sx.CheckSignature ());
583 // with empty KeyInfoName
584 kic = new KeyInfoName ();
588 Assert.IsTrue (!sx.CheckSignature ());
592 public void CheckSignatureEmpty ()
594 SignedXml sx = new SignedXml ();
595 Assert.IsTrue (!sx.CheckSignature ());
599 [ExpectedException (typeof (CryptographicException))]
600 public void ComputeSignatureNoSigningKey ()
602 XmlDocument doc = new XmlDocument ();
603 doc.LoadXml ("<foo/>");
604 SignedXml signedXml = new SignedXml (doc);
606 Reference reference = new Reference ();
609 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
610 reference.AddTransform (env);
611 signedXml.AddReference (reference);
613 signedXml.ComputeSignature ();
617 [ExpectedException (typeof (CryptographicException))]
618 public void ComputeSignatureMissingReferencedObject ()
620 XmlDocument doc = new XmlDocument ();
621 doc.LoadXml ("<foo/>");
622 SignedXml signedXml = new SignedXml (doc);
623 DSA key = DSA.Create ();
624 signedXml.SigningKey = key;
626 Reference reference = new Reference ();
627 reference.Uri = "#bleh";
629 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
630 reference.AddTransform (env);
631 signedXml.AddReference (reference);
633 signedXml.ComputeSignature ();
637 public void DataReferenceToNonDataObject ()
639 XmlDocument doc = new XmlDocument ();
640 doc.LoadXml ("<foo Id='id:1'/>");
641 SignedXml signedXml = new SignedXml (doc);
642 DSA key = DSA.Create ();
643 signedXml.SigningKey = key;
645 Reference reference = new Reference ();
646 reference.Uri = "#id:1";
648 XmlDsigC14NTransform t = new XmlDsigC14NTransform ();
649 reference.AddTransform (t);
650 signedXml.AddReference (reference);
652 signedXml.ComputeSignature ();
656 public void SignElementWithoutPrefixedNamespace ()
658 string input = "<Action xmlns='urn:foo'>http://tempuri.org/IFoo/Echo</Action>";
659 string expected = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" /><Reference URI=""#_1""><Transforms><Transform Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>zdFEZB8rNzvpNG/gFEJBWk/M5Nk=</DigestValue></Reference></SignedInfo><SignatureValue>+OyGVzrHjmKSDWLNyvgx8pjbPfM=</SignatureValue><Object Id=""_1""><Action xmlns=""urn:foo"">http://tempuri.org/IFoo/Echo</Action></Object></Signature>";
661 byte [] key = Convert.FromBase64String (
662 "1W5EigVnbnRjGLbg99ElieOmuUgYO+KcwMJtE35SAGI=");
663 Transform t = new XmlDsigC14NTransform ();
664 Assert.AreEqual (expected, SignWithHMACSHA1 (input, key, t), "#1");
665 // The second result should be still identical.
666 Assert.AreEqual (expected, SignWithHMACSHA1 (input, key, t), "#2");
670 public void SignElementWithPrefixedNamespace ()
672 string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>";
673 string expected = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" /><Reference URI=""#_1""><Transforms><Transform Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>6i5FlqkEfJOdUaOMCK7xn0I0HDg=</DigestValue></Reference></SignedInfo><SignatureValue>tASp+e2A0xqcm02jKg5TGqlhKpI=</SignatureValue><Object Id=""_1""><a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action></Object></Signature>";
675 byte [] key = Convert.FromBase64String (
676 "1W5EigVnbnRjGLbg99ElieOmuUgYO+KcwMJtE35SAGI=");
677 Assert.AreEqual (SignWithHMACSHA1 (input, key), expected);
680 string SignWithHMACSHA1 (string input, byte [] key)
682 return SignWithHMACSHA1 (input, key, new XmlDsigC14NTransform ());
685 string SignWithHMACSHA1 (string input, byte [] key, Transform transform)
687 XmlDocument doc = new XmlDocument ();
689 SignedXml sxml = new SignedXml (doc);
691 HMACSHA1 keyhash = new HMACSHA1 (key);
692 DataObject d = new DataObject ();
693 //d.Data = doc.SelectNodes ("//*[local-name()='Body']/*");
694 d.Data = doc.SelectNodes ("//*[local-name()='Action']");
697 Reference r = new Reference ("#_1");
698 r.AddTransform (transform);
699 r.DigestMethod = SignedXml.XmlDsigSHA1Url;
700 sxml.SignedInfo.AddReference (r);
701 sxml.ComputeSignature (keyhash);
702 StringWriter sw = new StringWriter ();
703 XmlWriter w = new XmlTextWriter (sw);
704 sxml.GetXml ().WriteTo (w);
706 return sw.ToString ();
710 public void GetIdElement_Null ()
712 SignedXml sign = new SignedXml ();
713 Assert.IsNull (sign.GetIdElement (null, "value"));
714 Assert.IsNull (sign.GetIdElement (new XmlDocument (), null));
718 [Category ("NotWorking")] // bug #79483
719 public void DigestValue_CRLF ()
721 XmlDocument doc = CreateSomeXml ("\r\n");
722 XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
723 transform.LoadInput (doc);
724 Stream s = (Stream) transform.GetOutput ();
725 string output = Stream2String (s);
726 Assert.AreEqual ("<person>
\n <birthplace>Brussels</birthplace>
\n</person>", output, "#1");
730 HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
731 byte[] digest = hash.ComputeHash (s);
732 Assert.AreEqual ("IKbfdK2/DMfXyezCf5QggVCXfk8=", Convert.ToBase64String (digest), "#2");
734 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
735 SignedXml signedXml = new SignedXml (doc);
736 signedXml.SigningKey = cert.PrivateKey;
737 signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
739 Reference reference = new Reference ();
742 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
743 reference.AddTransform (env);
744 signedXml.AddReference (reference);
746 KeyInfo keyInfo = new KeyInfo ();
747 KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
748 x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
749 x509KeyInfo.AddCertificate (cert);
750 keyInfo.AddClause (x509KeyInfo);
751 signedXml.KeyInfo = keyInfo;
753 signedXml.ComputeSignature ();
755 digest = reference.DigestValue;
756 Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");
758 Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"
759 + "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
760 + "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
761 + "<Reference URI=\"\">"
763 + "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
765 + "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
766 + "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
768 + "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
772 public void DigestValue_LF ()
774 XmlDocument doc = CreateSomeXml ("\n");
775 XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform ();
776 transform.LoadInput (doc);
777 Stream s = (Stream) transform.GetOutput ();
778 string output = Stream2String (s);
779 Assert.AreEqual ("<person>\n <birthplace>Brussels</birthplace>\n</person>", output, "#1");
783 HashAlgorithm hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1CryptoServiceProvider");
784 byte[] digest = hash.ComputeHash (s);
785 Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#2");
787 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
788 SignedXml signedXml = new SignedXml (doc);
789 signedXml.SigningKey = cert.PrivateKey;
790 signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
792 Reference reference = new Reference ();
795 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
796 reference.AddTransform (env);
797 signedXml.AddReference (reference);
799 KeyInfo keyInfo = new KeyInfo ();
800 KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
801 x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
802 x509KeyInfo.AddCertificate (cert);
803 keyInfo.AddClause (x509KeyInfo);
804 signedXml.KeyInfo = keyInfo;
806 signedXml.ComputeSignature ();
808 digest = reference.DigestValue;
809 Assert.AreEqual ("e3dsi1xK8FAx1vsug7J203JbEAU=", Convert.ToBase64String (digest), "#3");
811 Assert.AreEqual ("<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"
812 + "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />"
813 + "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />"
814 + "<Reference URI=\"\">"
816 + "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />"
818 + "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />"
819 + "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>"
821 + "</SignedInfo>", signedXml.SignedInfo.GetXml ().OuterXml, "#4");
825 [Category ("NotWorking")] // bug #79483
826 public void SignedXML_CRLF_Invalid ()
828 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
830 XmlDocument doc = new XmlDocument ();
831 doc.LoadXml (string.Format (CultureInfo.InvariantCulture,
833 " <birthplace>Brussels</birthplace>{0}" +
834 "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
836 "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" +
837 "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" +
838 "<Reference URI=\"\">" +
840 "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" +
842 "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" +
843 "<DigestValue>IKbfdK2/DMfXyezCf5QggVCXfk8=</DigestValue>" +
847 "JuSd68PyARsZqGKSo5xX5yYHDuu6whHEhoXqxxFmGeEdvkKY2bgroWJ1ZTGHGr" +
848 "VI7mtG3h0w1ibOKdltm9j4lZaZWo87CAJiJ2syeLbMyIVSw6OyZEsiFF/VqLKK" +
849 "4T4AO6q7HYsC55zJrOvL1j9IIr8zBnJfvBdKckf0lczYbXc=" +
850 "</SignatureValue>" +
853 "<X509Certificate>" +
854 "MIIBozCCAQygAwIBAgIQHc+8iURSTUarmg4trmrnGTANBgkqhkiG9w0BAQUFAD" +
855 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcyNjUxWhgPMjA5MDAxMjEw" +
856 "ODI2NTFaMA8xDTALBgNVBAMTBE1vbm8wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMI" +
857 "GHAoGBAJhFB1KHv2WzsHqih9Mvm3KffEOSMv+sh1mPW3sWI/95VOOVqJnhemMM" +
858 "s82phSbNZeoPHny4btbykbRRaRQv94rtIM6geJR1e2c5mfJWtHSq3EYQarHC68" +
859 "cAZvCAmQZGa1eQRNRqcTSKX8yfqH0SouIE9ohJtpiluNe+Xgk5fKv3AgERMA0G" +
860 "CSqGSIb3DQEBBQUAA4GBAE6pqSgK8QKRHSh6YvYs9oRh1n8iREco7QmZCFj7UB" +
861 "kn/QgJ9mKsT8o12VnYHqBCEwBNaT1ay3z/SR4/Z383zuu4Y6xxjqOqnM6gtwUV" +
862 "u5/0hvz+ThtuTjItG6Ny5JkLZZQt/XbI5kg920t9jq3vbHBMuX2HxivwQe5sug" +
864 "</X509Certificate>" +
865 "<X509Certificate>" +
866 "MIIBpTCCAQ6gAwIBAgIQXo6Lr3rrSkW4xmNPRbHMbjANBgkqhkiG9w0BAQUFAD" +
867 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcxNDE4WhgPMjA5MDAxMjEw" +
868 "ODE0MThaMBExDzANBgNVBAMTBk1pZ3VlbDCBnTANBgkqhkiG9w0BAQEFAAOBiw" +
869 "AwgYcCgYEArCkeSZ6U3U3Fm2qSuQsM7xvvsSzZGQLPDUHFQ/BZxA7LiGRfXbmO" +
870 "yPkkYRYItXdy0yDl/8rAjelaL8jQ4me6Uexyeq+5xEgHn9VbNJny5apGNi4kF1" +
871 "8DR5DK9Zme9d6icusgW8krv3//5SVE8ao7X5qrIOGS825eCJL73YWbxKkCAREw" +
872 "DQYJKoZIhvcNAQEFBQADgYEASqBgYTkIJpDO28ZEXnF5Q/G3xDR/MxhdcrCISJ" +
873 "tDbuGVZzK+xhFhiYD5Q1NiGhD4oDIVJPwKmZH4L3YP96iSh6RdtO27V05ET/X5" +
874 "yWMKdeIsq6r9jXXv7NaWTmvNfMLKLNgEBCJ00+wN0u4xHUC7yCJc0KNQ3fjDLU" +
876 "</X509Certificate>" +
880 "</person>", "\r\n"));
882 SignedXml signedXml = new SignedXml (doc);
883 XmlNodeList nodeList = doc.GetElementsByTagName ("Signature");
884 signedXml.LoadXml ((XmlElement) nodeList [0]);
885 Assert.IsTrue (!signedXml.CheckSignature (), "#2");
889 [Category ("NotWorking")] // bug #79483
890 public void SignedXML_CRLF_Valid ()
892 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
894 XmlDocument doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NTransformUrl, "\r\n");
895 Assert.AreEqual (string.Format (CultureInfo.InvariantCulture, "<person>{0}" +
896 " <birthplace>Brussels</birthplace>{0}" +
897 "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
899 "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" +
900 "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" +
901 "<Reference URI=\"\">" +
903 "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" +
905 "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" +
906 "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>" +
910 "X29nbkOR/Xk3KwsEpEvpDOqfI6/NTtiewIxNqKMrPCoM0HLawK5HKsCw3lL07C" +
911 "8SwqvoXJL9VS05gsSia85YCB8NPDeHuHY3CPGT7DVpgeHFA0oefMnOi8IAqKD2" +
912 "nx29A222u5OmwbDO0qFqbtsgvIFiP5YJg04cwmnqs+eL+WA=" +
913 "</SignatureValue>" +
916 "<X509Certificate>" +
917 "MIIBozCCAQygAwIBAgIQHc+8iURSTUarmg4trmrnGTANBgkqhkiG9w0BAQUFAD" +
918 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcyNjUxWhgPMjA5MDAxMjEw" +
919 "ODI2NTFaMA8xDTALBgNVBAMTBE1vbm8wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMI" +
920 "GHAoGBAJhFB1KHv2WzsHqih9Mvm3KffEOSMv+sh1mPW3sWI/95VOOVqJnhemMM" +
921 "s82phSbNZeoPHny4btbykbRRaRQv94rtIM6geJR1e2c5mfJWtHSq3EYQarHC68" +
922 "cAZvCAmQZGa1eQRNRqcTSKX8yfqH0SouIE9ohJtpiluNe+Xgk5fKv3AgERMA0G" +
923 "CSqGSIb3DQEBBQUAA4GBAE6pqSgK8QKRHSh6YvYs9oRh1n8iREco7QmZCFj7UB" +
924 "kn/QgJ9mKsT8o12VnYHqBCEwBNaT1ay3z/SR4/Z383zuu4Y6xxjqOqnM6gtwUV" +
925 "u5/0hvz+ThtuTjItG6Ny5JkLZZQt/XbI5kg920t9jq3vbHBMuX2HxivwQe5sug" +
927 "</X509Certificate>" +
928 "<X509Certificate>" +
929 "MIIBpTCCAQ6gAwIBAgIQXo6Lr3rrSkW4xmNPRbHMbjANBgkqhkiG9w0BAQUFAD" +
930 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcxNDE4WhgPMjA5MDAxMjEw" +
931 "ODE0MThaMBExDzANBgNVBAMTBk1pZ3VlbDCBnTANBgkqhkiG9w0BAQEFAAOBiw" +
932 "AwgYcCgYEArCkeSZ6U3U3Fm2qSuQsM7xvvsSzZGQLPDUHFQ/BZxA7LiGRfXbmO" +
933 "yPkkYRYItXdy0yDl/8rAjelaL8jQ4me6Uexyeq+5xEgHn9VbNJny5apGNi4kF1" +
934 "8DR5DK9Zme9d6icusgW8krv3//5SVE8ao7X5qrIOGS825eCJL73YWbxKkCAREw" +
935 "DQYJKoZIhvcNAQEFBQADgYEASqBgYTkIJpDO28ZEXnF5Q/G3xDR/MxhdcrCISJ" +
936 "tDbuGVZzK+xhFhiYD5Q1NiGhD4oDIVJPwKmZH4L3YP96iSh6RdtO27V05ET/X5" +
937 "yWMKdeIsq6r9jXXv7NaWTmvNfMLKLNgEBCJ00+wN0u4xHUC7yCJc0KNQ3fjDLU" +
939 "</X509Certificate>" +
943 "</person>", "\r\n"), doc.OuterXml, "#1");
947 [Ignore ("This is a bad test case which should basically just check the computed signature value instead of comparing XML document literal string, and thus caused inconsistency between .NET 1.1 and .NET 2.0. Not deleting this test case, to easily find the reason for potentially happening regression in the future (which should not waste time).")]
948 public void SignedXML_LF_Valid ()
950 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
952 XmlDocument doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NTransformUrl, "\n");
953 Assert.AreEqual (string.Format (CultureInfo.InvariantCulture, "<person>{0}" +
954 " <birthplace>Brussels</birthplace>{0}" +
955 "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
957 "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />" +
958 "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />" +
959 "<Reference URI=\"\">" +
961 "<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />" +
963 "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />" +
964 "<DigestValue>e3dsi1xK8FAx1vsug7J203JbEAU=</DigestValue>" +
968 "X29nbkOR/Xk3KwsEpEvpDOqfI6/NTtiewIxNqKMrPCoM0HLawK5HKsCw3lL07C" +
969 "8SwqvoXJL9VS05gsSia85YCB8NPDeHuHY3CPGT7DVpgeHFA0oefMnOi8IAqKD2" +
970 "nx29A222u5OmwbDO0qFqbtsgvIFiP5YJg04cwmnqs+eL+WA=" +
971 "</SignatureValue>" +
974 "<X509Certificate>" +
975 "MIIBozCCAQygAwIBAgIQHc+8iURSTUarmg4trmrnGTANBgkqhkiG9w0BAQUFAD" +
976 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcyNjUxWhgPMjA5MDAxMjEw" +
977 "ODI2NTFaMA8xDTALBgNVBAMTBE1vbm8wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMI" +
978 "GHAoGBAJhFB1KHv2WzsHqih9Mvm3KffEOSMv+sh1mPW3sWI/95VOOVqJnhemMM" +
979 "s82phSbNZeoPHny4btbykbRRaRQv94rtIM6geJR1e2c5mfJWtHSq3EYQarHC68" +
980 "cAZvCAmQZGa1eQRNRqcTSKX8yfqH0SouIE9ohJtpiluNe+Xgk5fKv3AgERMA0G" +
981 "CSqGSIb3DQEBBQUAA4GBAE6pqSgK8QKRHSh6YvYs9oRh1n8iREco7QmZCFj7UB" +
982 "kn/QgJ9mKsT8o12VnYHqBCEwBNaT1ay3z/SR4/Z383zuu4Y6xxjqOqnM6gtwUV" +
983 "u5/0hvz+ThtuTjItG6Ny5JkLZZQt/XbI5kg920t9jq3vbHBMuX2HxivwQe5sug" +
985 "</X509Certificate>" +
986 "<X509Certificate>" +
987 "MIIBpTCCAQ6gAwIBAgIQXo6Lr3rrSkW4xmNPRbHMbjANBgkqhkiG9w0BAQUFAD" +
988 "ARMQ8wDQYDVQQDEwZOb3ZlbGwwIBcNMDYwOTIxMDcxNDE4WhgPMjA5MDAxMjEw" +
989 "ODE0MThaMBExDzANBgNVBAMTBk1pZ3VlbDCBnTANBgkqhkiG9w0BAQEFAAOBiw" +
990 "AwgYcCgYEArCkeSZ6U3U3Fm2qSuQsM7xvvsSzZGQLPDUHFQ/BZxA7LiGRfXbmO" +
991 "yPkkYRYItXdy0yDl/8rAjelaL8jQ4me6Uexyeq+5xEgHn9VbNJny5apGNi4kF1" +
992 "8DR5DK9Zme9d6icusgW8krv3//5SVE8ao7X5qrIOGS825eCJL73YWbxKkCAREw" +
993 "DQYJKoZIhvcNAQEFBQADgYEASqBgYTkIJpDO28ZEXnF5Q/G3xDR/MxhdcrCISJ" +
994 "tDbuGVZzK+xhFhiYD5Q1NiGhD4oDIVJPwKmZH4L3YP96iSh6RdtO27V05ET/X5" +
995 "yWMKdeIsq6r9jXXv7NaWTmvNfMLKLNgEBCJ00+wN0u4xHUC7yCJc0KNQ3fjDLU" +
997 "</X509Certificate>" +
1001 "</person>", "\n"), doc.OuterXml, "#1");
1004 [Test] // part of bug #79454
1005 public void MultipleX509Certificates ()
1007 XmlDocument doc = null;
1008 X509Certificate2 cert = new X509Certificate2 (_pkcs12, "mono");
1010 doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NTransformUrl, "\n");
1011 Assert.IsTrue (VerifySignedXml (doc), "#1");
1013 doc = CreateSignedXml (cert, SignedXml.XmlDsigExcC14NWithCommentsTransformUrl, "\n");
1014 Assert.IsTrue (VerifySignedXml (doc), "#2");
1016 doc = CreateSignedXml (cert, SignedXml.XmlDsigCanonicalizationUrl, "\n");
1017 Assert.IsTrue (VerifySignedXml (doc), "#3");
1019 doc = CreateSignedXml (cert, SignedXml.XmlDsigCanonicalizationWithCommentsUrl, "\n");
1020 Assert.IsTrue (VerifySignedXml (doc), "#4");
1023 // creates a signed XML document with two certificates in the X509Data
1024 // element, with the second being the one that should be used to verify
1026 static XmlDocument CreateSignedXml (X509Certificate2 cert, string canonicalizationMethod, string lineFeed)
1028 XmlDocument doc = CreateSomeXml (lineFeed);
1030 SignedXml signedXml = new SignedXml (doc);
1031 signedXml.SigningKey = cert.PrivateKey;
1032 signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod;
1034 Reference reference = new Reference ();
1037 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform ();
1038 reference.AddTransform (env);
1039 signedXml.AddReference (reference);
1041 KeyInfo keyInfo = new KeyInfo ();
1042 KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data ();
1043 x509KeyInfo.AddCertificate (new X509Certificate2 (_cert));
1044 x509KeyInfo.AddCertificate (cert);
1045 keyInfo.AddClause (x509KeyInfo);
1046 signedXml.KeyInfo = keyInfo;
1048 signedXml.ComputeSignature ();
1049 XmlElement xmlDigitalSignature = signedXml.GetXml ();
1051 doc.DocumentElement.AppendChild (doc.ImportNode (xmlDigitalSignature, true));
1055 static bool VerifySignedXml (XmlDocument signedDoc)
1057 SignedXml signedXml = new SignedXml (signedDoc);
1058 XmlNodeList nodeList = signedDoc.GetElementsByTagName ("Signature");
1059 signedXml.LoadXml ((XmlElement) nodeList [0]);
1060 return signedXml.CheckSignature ();
1063 static XmlDocument CreateSomeXml (string lineFeed)
1065 StringWriter sw = new StringWriter ();
1066 sw.NewLine = lineFeed;
1067 XmlTextWriter xtw = new XmlTextWriter (sw);
1068 xtw.Formatting = Formatting.Indented;
1069 xtw.WriteStartElement ("person");
1070 xtw.WriteElementString ("birthplace", "Brussels");
1071 xtw.WriteEndElement ();
1074 XmlDocument doc = new XmlDocument ();
1075 doc.PreserveWhitespace = true;
1076 doc.Load (new StringReader (sw.ToString ()));
1080 string Stream2String (Stream s)
1082 StringBuilder sb = new StringBuilder ();
1083 int b = s.ReadByte ();
1085 sb.Append (Convert.ToChar (b));
1088 return sb.ToString ();
1091 private static byte [] _cert = new byte [] {
1092 0x30, 0x82, 0x01, 0xa3, 0x30, 0x82, 0x01, 0x0c, 0xa0, 0x03, 0x02,
1093 0x01, 0x02, 0x02, 0x10, 0x1d, 0xcf, 0xbc, 0x89, 0x44, 0x52, 0x4d,
1094 0x46, 0xab, 0x9a, 0x0e, 0x2d, 0xae, 0x6a, 0xe7, 0x19, 0x30, 0x0d,
1095 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
1096 0x05, 0x00, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55,
1097 0x04, 0x03, 0x13, 0x06, 0x4e, 0x6f, 0x76, 0x65, 0x6c, 0x6c, 0x30,
1098 0x20, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x39, 0x32, 0x31, 0x30, 0x37,
1099 0x32, 0x36, 0x35, 0x31, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x39, 0x30,
1100 0x30, 0x31, 0x32, 0x31, 0x30, 0x38, 0x32, 0x36, 0x35, 0x31, 0x5a,
1101 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03,
1102 0x13, 0x04, 0x4d, 0x6f, 0x6e, 0x6f, 0x30, 0x81, 0x9d, 0x30, 0x0d,
1103 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1104 0x05, 0x00, 0x03, 0x81, 0x8b, 0x00, 0x30, 0x81, 0x87, 0x02, 0x81,
1105 0x81, 0x00, 0x98, 0x45, 0x07, 0x52, 0x87, 0xbf, 0x65, 0xb3, 0xb0,
1106 0x7a, 0xa2, 0x87, 0xd3, 0x2f, 0x9b, 0x72, 0x9f, 0x7c, 0x43, 0x92,
1107 0x32, 0xff, 0xac, 0x87, 0x59, 0x8f, 0x5b, 0x7b, 0x16, 0x23, 0xff,
1108 0x79, 0x54, 0xe3, 0x95, 0xa8, 0x99, 0xe1, 0x7a, 0x63, 0x0c, 0xb3,
1109 0xcd, 0xa9, 0x85, 0x26, 0xcd, 0x65, 0xea, 0x0f, 0x1e, 0x7c, 0xb8,
1110 0x6e, 0xd6, 0xf2, 0x91, 0xb4, 0x51, 0x69, 0x14, 0x2f, 0xf7, 0x8a,
1111 0xed, 0x20, 0xce, 0xa0, 0x78, 0x94, 0x75, 0x7b, 0x67, 0x39, 0x99,
1112 0xf2, 0x56, 0xb4, 0x74, 0xaa, 0xdc, 0x46, 0x10, 0x6a, 0xb1, 0xc2,
1113 0xeb, 0xc7, 0x00, 0x66, 0xf0, 0x80, 0x99, 0x06, 0x46, 0x6b, 0x57,
1114 0x90, 0x44, 0xd4, 0x6a, 0x71, 0x34, 0x8a, 0x5f, 0xcc, 0x9f, 0xa8,
1115 0x7d, 0x12, 0xa2, 0xe2, 0x04, 0xf6, 0x88, 0x49, 0xb6, 0x98, 0xa5,
1116 0xb8, 0xd7, 0xbe, 0x5e, 0x09, 0x39, 0x7c, 0xab, 0xf7, 0x02, 0x01,
1117 0x11, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1118 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4e, 0xa9,
1119 0xa9, 0x28, 0x0a, 0xf1, 0x02, 0x91, 0x1d, 0x28, 0x7a, 0x62, 0xf6,
1120 0x2c, 0xf6, 0x84, 0x61, 0xd6, 0x7f, 0x22, 0x44, 0x47, 0x28, 0xed,
1121 0x09, 0x99, 0x08, 0x58, 0xfb, 0x50, 0x19, 0x27, 0xfd, 0x08, 0x09,
1122 0xf6, 0x62, 0xac, 0x4f, 0xca, 0x35, 0xd9, 0x59, 0xd8, 0x1e, 0xa0,
1123 0x42, 0x13, 0x00, 0x4d, 0x69, 0x3d, 0x5a, 0xcb, 0x7c, 0xff, 0x49,
1124 0x1e, 0x3f, 0x67, 0x7f, 0x37, 0xce, 0xeb, 0xb8, 0x63, 0xac, 0x71,
1125 0x8e, 0xa3, 0xaa, 0x9c, 0xce, 0xa0, 0xb7, 0x05, 0x15, 0xbb, 0x9f,
1126 0xf4, 0x86, 0xfc, 0xfe, 0x4e, 0x1b, 0x6e, 0x4e, 0x32, 0x2d, 0x1b,
1127 0xa3, 0x72, 0xe4, 0x99, 0x0b, 0x65, 0x94, 0x2d, 0xfd, 0x76, 0xc8,
1128 0xe6, 0x48, 0x3d, 0xdb, 0x4b, 0x7d, 0x8e, 0xad, 0xef, 0x6c, 0x70,
1129 0x4c, 0xb9, 0x7d, 0x87, 0xc6, 0x2b, 0xf0, 0x41, 0xee, 0x6c, 0xba,
1130 0x08, 0xcf, 0x69, 0x31, 0x18 };
1132 private static byte [] _pkcs12 = new byte [] {
1133 0x30, 0x82, 0x05, 0x8d, 0x02, 0x01, 0x03, 0x30, 0x82, 0x05, 0x47,
1134 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01,
1135 0xa0, 0x82, 0x05, 0x38, 0x04, 0x82, 0x05, 0x34, 0x30, 0x82, 0x05,
1136 0x30, 0x30, 0x82, 0x02, 0x3f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1137 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x02, 0x30, 0x30, 0x82,
1138 0x02, 0x2c, 0x02, 0x01, 0x00, 0x30, 0x82, 0x02, 0x25, 0x06, 0x09,
1139 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c,
1140 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01,
1141 0x03, 0x30, 0x0e, 0x04, 0x08, 0x6e, 0x0a, 0x50, 0x20, 0xc3, 0x11,
1142 0x49, 0x07, 0x02, 0x02, 0x07, 0xd0, 0x80, 0x82, 0x01, 0xf8, 0x74,
1143 0x40, 0x07, 0x44, 0x6b, 0x80, 0x46, 0xe1, 0x4e, 0x65, 0x5e, 0xf2,
1144 0xf6, 0x38, 0x90, 0xd1, 0x75, 0x24, 0xd9, 0x72, 0x92, 0x5b, 0x4a,
1145 0xb9, 0x9e, 0xbd, 0xab, 0xe2, 0xb8, 0x91, 0xc9, 0x48, 0x14, 0x88,
1146 0x61, 0x7d, 0x06, 0xf9, 0x24, 0x80, 0xb5, 0x36, 0xaf, 0xfe, 0xc0,
1147 0x59, 0x00, 0x39, 0x3f, 0x78, 0xc0, 0x57, 0xea, 0x1e, 0xcb, 0x29,
1148 0xa4, 0x5f, 0xba, 0x4b, 0xd9, 0xca, 0x95, 0xab, 0x55, 0x4a, 0x11,
1149 0x1a, 0xf8, 0xe9, 0xd4, 0xc0, 0x08, 0x55, 0xfb, 0x69, 0x09, 0x0d,
1150 0x5b, 0xed, 0x02, 0xcc, 0x55, 0xfe, 0x05, 0x2e, 0x45, 0xa7, 0x8d,
1151 0x63, 0x9a, 0xda, 0x6c, 0xc7, 0xe1, 0xcb, 0x5c, 0xa7, 0xd9, 0x9b,
1152 0x4a, 0xfb, 0x7d, 0x31, 0xe5, 0x89, 0x3e, 0xf2, 0x32, 0xc9, 0x78,
1153 0xd0, 0x66, 0x1e, 0x38, 0xc7, 0xbf, 0x41, 0xf9, 0xe7, 0xbd, 0xce,
1154 0x8b, 0xc3, 0x14, 0x19, 0x4b, 0xfa, 0x3a, 0xa2, 0x1f, 0xb0, 0xd4,
1155 0xfa, 0x33, 0x39, 0x12, 0xd9, 0x36, 0x7f, 0x7e, 0xf0, 0xc4, 0xdc,
1156 0xf0, 0xb5, 0x7a, 0x50, 0x2c, 0x99, 0x9d, 0x02, 0x40, 0xec, 0x6a,
1157 0x23, 0x83, 0x16, 0xec, 0x8f, 0x58, 0x14, 0xa0, 0xa0, 0x9c, 0xa0,
1158 0xe1, 0xd0, 0x6f, 0x54, 0x1a, 0x10, 0x47, 0x69, 0x6b, 0x55, 0x7f,
1159 0x67, 0x7d, 0xb8, 0x38, 0xa0, 0x40, 0x99, 0x13, 0xe8, 0x15, 0x73,
1160 0x8d, 0x18, 0x86, 0x29, 0x74, 0xec, 0x66, 0xa3, 0xb8, 0x14, 0x10,
1161 0x61, 0xef, 0xa5, 0x79, 0x89, 0x01, 0xaa, 0xf2, 0x1f, 0x0c, 0xdd,
1162 0x0d, 0x8c, 0xbb, 0x7a, 0x4e, 0x0f, 0x47, 0x91, 0x37, 0xa3, 0x8a,
1163 0x43, 0x0f, 0xeb, 0xc7, 0x9b, 0x8d, 0xaf, 0x39, 0xdf, 0x23, 0x1c,
1164 0xa4, 0xf7, 0x66, 0x1c, 0x61, 0x42, 0x24, 0x9a, 0x0a, 0x3a, 0x31,
1165 0x9c, 0x51, 0xa2, 0x30, 0xbe, 0x85, 0xa6, 0xe8, 0x18, 0xfa, 0x8b,
1166 0xff, 0xdd, 0xdc, 0x34, 0x46, 0x4f, 0x15, 0xde, 0xdb, 0xc4, 0xeb,
1167 0x62, 0x3b, 0x7c, 0x25, 0x1a, 0x13, 0x8b, 0xda, 0x3b, 0x59, 0x2a,
1168 0xb8, 0x50, 0xe3, 0x9f, 0x76, 0xfc, 0xe8, 0x00, 0xfc, 0xf7, 0xba,
1169 0xd2, 0x45, 0x92, 0x14, 0xb5, 0xe2, 0x93, 0x41, 0x09, 0xea, 0x5b,
1170 0x5e, 0xda, 0x66, 0x92, 0xd1, 0x93, 0x7a, 0xc0, 0xe1, 0x2f, 0xed,
1171 0x29, 0x78, 0x80, 0xff, 0x79, 0x0e, 0xda, 0x78, 0x7e, 0x71, 0xa4,
1172 0x31, 0x2f, 0xe9, 0x48, 0xab, 0xc9, 0x40, 0x7d, 0x63, 0x06, 0xd6,
1173 0xb5, 0x2b, 0x49, 0xba, 0x43, 0x56, 0x69, 0xc5, 0xc2, 0x85, 0x37,
1174 0xdb, 0xe7, 0x39, 0x87, 0x8d, 0x14, 0x15, 0x55, 0x76, 0x3f, 0x70,
1175 0xf6, 0xd7, 0x80, 0x82, 0x48, 0x02, 0x64, 0xe1, 0x73, 0x1a, 0xd9,
1176 0x35, 0x1a, 0x43, 0xf3, 0xde, 0xd4, 0x00, 0x9d, 0x49, 0x2b, 0xc6,
1177 0x66, 0x19, 0x3e, 0xb8, 0xcc, 0x43, 0xcc, 0xa8, 0x12, 0xa4, 0xad,
1178 0xcd, 0xe2, 0xe6, 0xb3, 0xdd, 0x7e, 0x80, 0x50, 0xc0, 0xb4, 0x0c,
1179 0x4c, 0xd2, 0x31, 0xf3, 0xf8, 0x49, 0x31, 0xbe, 0xf2, 0x7d, 0x60,
1180 0x38, 0xe0, 0x60, 0xdf, 0x7b, 0x58, 0xe0, 0xf9, 0x6e, 0x68, 0x79,
1181 0x33, 0xb2, 0x2a, 0x53, 0x4c, 0x5a, 0x9d, 0xb3, 0x81, 0x4b, 0x19,
1182 0x21, 0xe2, 0x3a, 0x42, 0x07, 0x25, 0x5a, 0xee, 0x1f, 0x5d, 0xa2,
1183 0xca, 0xf7, 0x2f, 0x3c, 0x9b, 0xb0, 0xbc, 0xe7, 0xaf, 0x8c, 0x2f,
1184 0x52, 0x43, 0x79, 0x94, 0xb0, 0xee, 0xc4, 0x53, 0x09, 0xc0, 0xc9,
1185 0x21, 0x39, 0x64, 0x82, 0xc3, 0x54, 0xb8, 0x65, 0xf8, 0xdc, 0xb3,
1186 0xdf, 0x4d, 0xc4, 0x63, 0x59, 0x14, 0x37, 0xd6, 0xba, 0xa3, 0x98,
1187 0xda, 0x99, 0x02, 0xdd, 0x7a, 0x87, 0x3e, 0x34, 0xb5, 0x4b, 0x0a,
1188 0xb4, 0x2d, 0xea, 0x19, 0x24, 0xd1, 0xc2, 0x9f, 0x30, 0x82, 0x02,
1189 0xe9, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
1190 0x01, 0xa0, 0x82, 0x02, 0xda, 0x04, 0x82, 0x02, 0xd6, 0x30, 0x82,
1191 0x02, 0xd2, 0x30, 0x82, 0x02, 0xce, 0x06, 0x0b, 0x2a, 0x86, 0x48,
1192 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x02,
1193 0xa6, 0x30, 0x82, 0x02, 0xa2, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86,
1194 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04,
1195 0x08, 0xe0, 0x21, 0x4f, 0x90, 0x7d, 0x86, 0x72, 0xc7, 0x02, 0x02,
1196 0x07, 0xd0, 0x04, 0x82, 0x02, 0x80, 0x92, 0xac, 0xe8, 0x52, 0xa6,
1197 0x3e, 0xed, 0x3d, 0xbc, 0x28, 0x5f, 0xb9, 0x45, 0x76, 0x27, 0x95,
1198 0xf8, 0x6a, 0xc5, 0x17, 0x97, 0x46, 0x58, 0xe9, 0x15, 0x7c, 0x68,
1199 0x62, 0x67, 0xb5, 0x2f, 0x1b, 0x64, 0x27, 0x9d, 0xfd, 0x67, 0x66,
1200 0x42, 0x21, 0x5c, 0xf4, 0x64, 0x37, 0xcc, 0xc0, 0x04, 0x01, 0x91,
1201 0x6c, 0x6b, 0x84, 0x96, 0xae, 0x04, 0xfe, 0xcc, 0x88, 0x6a, 0x84,
1202 0xd7, 0x59, 0x28, 0x78, 0xc9, 0xb4, 0xf6, 0x4d, 0x86, 0x8d, 0x59,
1203 0xc6, 0x74, 0x30, 0xca, 0x2f, 0x0a, 0xa7, 0x66, 0x99, 0xf4, 0x8f,
1204 0x44, 0x6d, 0x97, 0x3c, 0xd6, 0xdb, 0xd6, 0x31, 0x8c, 0xf7, 0x75,
1205 0xd9, 0x0b, 0xf5, 0xd2, 0x27, 0x80, 0x81, 0x28, 0x0f, 0x6b, 0x8b,
1206 0x45, 0x11, 0x08, 0x1d, 0x06, 0x31, 0x4d, 0x98, 0x68, 0xc9, 0x09,
1207 0x9b, 0x51, 0x84, 0x81, 0x74, 0x76, 0x57, 0x63, 0xb5, 0x38, 0xc8,
1208 0xe1, 0x96, 0xe4, 0xcd, 0xd4, 0xe8, 0xf8, 0x26, 0x88, 0x88, 0xaa,
1209 0xdf, 0x1b, 0xc6, 0x37, 0xb8, 0xc4, 0xe1, 0xcb, 0xc0, 0x71, 0x3d,
1210 0xd6, 0xd7, 0x8b, 0xc6, 0xec, 0x5f, 0x42, 0x86, 0xb0, 0x8d, 0x1c,
1211 0x49, 0xb9, 0xc6, 0x96, 0x11, 0xa5, 0xd6, 0xd2, 0xc0, 0x18, 0xca,
1212 0xe7, 0xf6, 0x93, 0xb4, 0xf5, 0x7a, 0xe4, 0xec, 0xa2, 0x90, 0xf8,
1213 0xef, 0x66, 0x0f, 0xa8, 0x52, 0x0c, 0x3f, 0x85, 0x4a, 0x76, 0x3a,
1214 0xb8, 0x5a, 0x2d, 0x03, 0x5d, 0x99, 0x70, 0xbb, 0x02, 0x1c, 0x77,
1215 0x43, 0x12, 0xd9, 0x1f, 0x7c, 0x6f, 0x69, 0x15, 0x17, 0x30, 0x51,
1216 0x7d, 0x53, 0xc2, 0x06, 0xe0, 0xd2, 0x31, 0x17, 0x2a, 0x98, 0xe3,
1217 0xe0, 0x20, 0xfb, 0x01, 0xfd, 0xd1, 0x1b, 0x50, 0x00, 0xad, 0x1d,
1218 0xff, 0xa1, 0xae, 0xd6, 0xac, 0x38, 0x8b, 0x71, 0x28, 0x44, 0x66,
1219 0x8c, 0xb6, 0x34, 0xc5, 0x86, 0xc9, 0x34, 0xda, 0x6c, 0x2a, 0xef,
1220 0x69, 0x3c, 0xb7, 0xbd, 0xa5, 0x05, 0x3c, 0x7c, 0xfb, 0x0c, 0x2d,
1221 0x49, 0x09, 0xdb, 0x91, 0x3b, 0x41, 0x2a, 0xe4, 0xfa, 0x4a, 0xc2,
1222 0xea, 0x9e, 0x6f, 0xc3, 0x46, 0x2a, 0x77, 0x83, 0x4e, 0x22, 0x01,
1223 0xfb, 0x0c, 0x2d, 0x5a, 0xcf, 0x8d, 0xa7, 0x55, 0x24, 0x7c, 0xda,
1224 0x9e, 0xd8, 0xbc, 0xf6, 0x81, 0x63, 0x8a, 0x36, 0xd0, 0x13, 0x74,
1225 0x30, 0x4d, 0xd8, 0x4e, 0xa6, 0x81, 0x71, 0x71, 0xff, 0x9f, 0xf3,
1226 0x8d, 0x75, 0xad, 0x6b, 0x93, 0x93, 0x8c, 0xf8, 0x7d, 0xa6, 0x62,
1227 0x9d, 0xf7, 0x86, 0x6f, 0xcb, 0x5b, 0x6f, 0xe5, 0xee, 0xcd, 0xb0,
1228 0xb2, 0xfd, 0x96, 0x2c, 0xde, 0xa0, 0xcf, 0x46, 0x8c, 0x66, 0x0e,
1229 0xf9, 0xa3, 0xdb, 0xfa, 0x8f, 0x1b, 0x54, 0x9d, 0x13, 0x13, 0x6b,
1230 0x97, 0x43, 0x97, 0x64, 0xec, 0x2a, 0xc5, 0xc0, 0x26, 0xab, 0xea,
1231 0x37, 0xd6, 0xcb, 0xb9, 0x83, 0x18, 0x53, 0x5a, 0xcd, 0x28, 0xb3,
1232 0x3b, 0x9c, 0x13, 0xaa, 0x78, 0x6c, 0xcf, 0xe9, 0x75, 0x7c, 0x80,
1233 0x04, 0x05, 0x52, 0xda, 0x13, 0x41, 0xb0, 0x27, 0x0f, 0x82, 0xa3,
1234 0x81, 0xd8, 0xf7, 0xdc, 0x61, 0xbb, 0x98, 0x32, 0x5a, 0x88, 0xbf,
1235 0x49, 0xc1, 0x76, 0x83, 0xcd, 0xc4, 0xb4, 0xca, 0x8d, 0x36, 0x88,
1236 0xee, 0xdb, 0xc5, 0xf4, 0x13, 0x28, 0x4d, 0xae, 0x7a, 0x31, 0x3e,
1237 0x77, 0x19, 0xab, 0x11, 0x15, 0x29, 0xd4, 0xcf, 0xb4, 0x73, 0x36,
1238 0x92, 0x1e, 0x4e, 0x5d, 0x35, 0x57, 0x84, 0x45, 0x9d, 0x05, 0x3c,
1239 0x44, 0x86, 0x08, 0x0b, 0x90, 0x29, 0xf9, 0xe6, 0x48, 0xaf, 0xf4,
1240 0x62, 0xd2, 0x4d, 0x32, 0x1a, 0xe9, 0xbf, 0x3a, 0x7b, 0x25, 0x4a,
1241 0x03, 0xfb, 0x40, 0x1d, 0x71, 0x2c, 0x10, 0x54, 0xdc, 0xbf, 0xf4,
1242 0x50, 0x85, 0x15, 0x11, 0xb1, 0x2d, 0x03, 0x2c, 0xe4, 0x8a, 0xce,
1243 0xec, 0x6e, 0x46, 0x06, 0x13, 0x3c, 0x97, 0x8d, 0xdd, 0xf6, 0x1e,
1244 0x62, 0xb4, 0x8d, 0xfa, 0x2c, 0x86, 0x87, 0x64, 0x5e, 0xec, 0xc8,
1245 0x84, 0xd1, 0x3d, 0xc5, 0x76, 0x4a, 0x31, 0xd3, 0xdb, 0x34, 0x6e,
1246 0x8a, 0x49, 0xd6, 0x38, 0xbb, 0x05, 0xe9, 0x4d, 0xf1, 0xde, 0x3e,
1247 0xa4, 0x47, 0xdd, 0xe8, 0xa8, 0xf1, 0xba, 0x55, 0xce, 0xca, 0x5b,
1248 0x57, 0xd7, 0xc8, 0x9f, 0x09, 0xa3, 0x8e, 0x58, 0x83, 0x21, 0x0a,
1249 0x6e, 0xd3, 0x70, 0x9c, 0xb9, 0x7c, 0x52, 0x98, 0x53, 0xcb, 0xda,
1250 0x9d, 0xaf, 0xb7, 0x4b, 0xf7, 0x48, 0x91, 0x7e, 0x78, 0x20, 0x19,
1251 0xe3, 0x41, 0x9d, 0xc8, 0x68, 0x11, 0xfb, 0x5f, 0x6b, 0xc8, 0x09,
1252 0x74, 0xcb, 0x76, 0x08, 0xbc, 0x28, 0x63, 0x57, 0x04, 0xb0, 0x80,
1253 0xd1, 0x53, 0x60, 0x50, 0x44, 0xba, 0x80, 0x48, 0x5e, 0x0e, 0x9a,
1254 0xe5, 0x64, 0x26, 0x7a, 0x88, 0xb9, 0xc6, 0x33, 0x31, 0x15, 0x30,
1255 0x13, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
1256 0x15, 0x31, 0x06, 0x04, 0x04, 0x01, 0x00, 0x00, 0x00, 0x30, 0x3d,
1257 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
1258 0x05, 0x00, 0x04, 0x14, 0x32, 0x55, 0x07, 0xa2, 0x67, 0xf3, 0x76,
1259 0x4d, 0x0b, 0x6f, 0xa4, 0xa0, 0x7b, 0xce, 0x2f, 0xc5, 0xff, 0xbe,
1260 0x3e, 0x38, 0x04, 0x14, 0x52, 0xf8, 0xb3, 0xeb, 0xc3, 0xda, 0x79,
1261 0xfa, 0x75, 0x89, 0x67, 0x33, 0x01, 0xd0, 0xb0, 0x13, 0xfa, 0x11,
1262 0x94, 0xac, 0x02, 0x02, 0x07, 0xd0 };
1264 public SignedXml SignHMAC (string uri, KeyedHashAlgorithm mac, bool ok)
1266 string input = "<foo/>";
1268 XmlDocument doc = new XmlDocument ();
1269 doc.LoadXml (input);
1271 SignedXml sig = new SignedXml (doc);
1272 Reference r = new Reference ("");
1273 r.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1274 r.DigestMethod = uri;
1275 sig.AddReference (r);
1277 sig.ComputeSignature (mac);
1278 doc.DocumentElement.AppendChild (doc.ImportNode (sig.GetXml (), true));
1279 // doc.Save (System.Console.Out);
1281 sig.LoadXml (doc.DocumentElement ["Signature"]);
1282 Assert.AreEqual (ok, sig.CheckSignature (mac), "CheckSignature");
1286 static byte [] hmackey = new byte [0];
1287 private const string more256 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
1288 private const string more384 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
1289 private const string more512 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
1290 private const string moreripe = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
1293 public void SignHMAC_SHA256 ()
1295 SignedXml sign = SignHMAC (EncryptedXml.XmlEncSHA256Url, new HMACSHA256 (hmackey), true);
1296 Assert.AreEqual (more256, sign.SignatureMethod, "SignatureMethod");
1300 public void SignHMAC_SHA256_Bad ()
1302 SignedXml sign = SignHMAC (more256, new HMACSHA256 (hmackey), false);
1303 Assert.AreEqual (more256, sign.SignatureMethod, "SignatureMethod");
1307 public void VerifyHMAC_SHA256 ()
1309 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha256\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><DigestValue>sKG2hDPEHiPrzpd3QA8BZ0eMzMbSEPPMh9QqXgkP7Cs=</DigestValue></Reference></SignedInfo><SignatureValue>Faad3KInJdIpaGcBn5e04Zv080u45fSjAKqrgevdWQw=</SignatureValue></Signature></foo>";
1310 XmlDocument doc = new XmlDocument ();
1313 SignedXml sign = new SignedXml (doc);
1314 sign.LoadXml (doc.DocumentElement ["Signature"]);
1316 // verify MS-generated signature
1317 Assert.IsTrue (sign.CheckSignature (new HMACSHA256 (hmackey)));
1321 public void SignHMAC_SHA512 ()
1323 SignedXml sign = SignHMAC (EncryptedXml.XmlEncSHA512Url, new HMACSHA512 (hmackey), true);
1324 Assert.AreEqual (more512, sign.SignatureMethod, "SignatureMethod");
1328 public void SignHMAC_SHA512_Bad ()
1330 SignedXml sign = SignHMAC (more512, new HMACSHA512 (hmackey), false);
1331 Assert.AreEqual (more512, sign.SignatureMethod, "SignatureMethod");
1335 public void VerifyHMAC_SHA512 ()
1337 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha512\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha512\" /><DigestValue>2dvMkpTUE8Z76ResJG9pwPpVJNYo7t6s2L02V81xUVJ0oF8yJ7v8CTojjuL76s0iVdBxAOhP80Ambd1YaSkwSw==</DigestValue></Reference></SignedInfo><SignatureValue>wFenihRlm1x5/n0cifdX/TDOYqlbg2oVIbD/gyrAc0Q2hiIUTtwfBIMY5rQhKcErSz6YNoIl8RBQBmww/0rv5g==</SignatureValue></Signature></foo>";
1338 XmlDocument doc = new XmlDocument ();
1341 SignedXml sign = new SignedXml (doc);
1342 sign.LoadXml (doc.DocumentElement ["Signature"]);
1344 // verify MS-generated signature
1345 Assert.IsTrue (sign.CheckSignature (new HMACSHA512 (hmackey)));
1349 public void SignHMAC_SHA384 ()
1351 // works as long as the string can be used by CryptoConfig to create
1352 // an instance of the required hash algorithm
1353 SignedXml sign = SignHMAC ("SHA384", new HMACSHA384 (hmackey), true);
1354 Assert.AreEqual (more384, sign.SignatureMethod, "SignatureMethod");
1358 public void SignHMAC_SHA384_Bad ()
1360 // we can't verity the signature if the URI is used
1361 SignedXml sign = SignHMAC (more384, new HMACSHA384 (hmackey), false);
1362 Assert.AreEqual (more384, sign.SignatureMethod, "SignatureMethod");
1366 public void VerifyHMAC_SHA384 ()
1368 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha384\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"SHA384\" /><DigestValue>kH9C0LeZocNVXhjfzpz00M5fc3WJf0QU8gxK4I7pAN7HN602yHo8yYDSlG14b5YS</DigestValue></Reference></SignedInfo><SignatureValue>LgydOfhv8nqpFLFPC+xg3ZnjC8D+V3mpzxv6GOdH1HDdw1r+LH/BFM2U7dntxgf0</SignatureValue></Signature></foo>";
1369 XmlDocument doc = new XmlDocument ();
1372 SignedXml sign = new SignedXml (doc);
1373 sign.LoadXml (doc.DocumentElement ["Signature"]);
1375 // verify MS-generated signature
1376 Assert.IsTrue (sign.CheckSignature (new HMACSHA384 (hmackey)));
1380 public void SignHMAC_RIPEMD160 ()
1382 // works as long as the string can be used by CryptoConfig to create
1383 // an instance of the required hash algorithm
1384 SignedXml sign = SignHMAC ("RIPEMD160", new HMACRIPEMD160 (hmackey), true);
1385 Assert.AreEqual (moreripe, sign.SignatureMethod, "SignatureMethod");
1389 public void SignHMAC_RIPEMD160_Bad ()
1391 // we can't verity the signature if the URI is used
1392 SignedXml sign = SignHMAC (moreripe, new HMACRIPEMD160 (hmackey), false);
1393 Assert.AreEqual (moreripe, sign.SignatureMethod, "SignatureMethod");
1397 public void VerifyHMAC_RIPEMD160 ()
1399 string xml = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><foo><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /></Transforms><DigestMethod Algorithm=\"RIPEMD160\" /><DigestValue>+uyqtoSDPvgrsXCl1KCimhFpOVw=</DigestValue></Reference></SignedInfo><SignatureValue>8E2m/A5lyU6mBug7uskBqpDHuvs=</SignatureValue></Signature></foo>";
1400 XmlDocument doc = new XmlDocument ();
1403 SignedXml sign = new SignedXml (doc);
1404 sign.LoadXml (doc.DocumentElement ["Signature"]);
1406 // verify MS-generated signature
1407 Assert.IsTrue (sign.CheckSignature (new HMACRIPEMD160 (hmackey)));
1410 // * a 0-length signature is the worse case - it accepts anything
1411 // * between 1-7 bits length are considered invalid (not a multiple of 8)
1412 // * a 8 bits signature would have one chance, out of 256, to be valid
1413 // * and so on... until we hit (output-length / 2) or 80 bits (see ERRATUM)
1415 static bool erratum = true; // xmldsig erratum for CVE-2009-0217
1417 static SignedXml GetSignedXml (string xml)
1419 XmlDocument doc = new XmlDocument ();
1422 SignedXml sign = new SignedXml (doc);
1423 sign.LoadXml (doc.DocumentElement);
1427 static void CheckErratum (SignedXml signed, KeyedHashAlgorithm hmac, string message)
1431 signed.CheckSignature (hmac);
1432 Assert.Fail (message + ": unexcepted success");
1434 catch (CryptographicException) {
1436 catch (Exception e) {
1437 Assert.Fail (message + ": unexcepted " + e.ToString ());
1440 Assert.IsTrue (signed.CheckSignature (hmac), message);
1444 private void HmacMustBeMultipleOfEightBits (int bits)
1446 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1447 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1449 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1450 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1451 <HMACOutputLength>{0}</HMACOutputLength>
1453 <Reference URI=""#object"">
1454 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1455 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1461 <Object Id=""object"">some other text</Object>
1464 SignedXml sign = GetSignedXml (String.Format (xml, bits));
1465 // only multiple of 8 bits are supported
1466 sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")));
1470 public void HmacMustBeMultipleOfEightBits ()
1472 for (int i = 1; i < 160; i++) {
1473 // The .NET framework only supports multiple of 8 bits
1478 HmacMustBeMultipleOfEightBits (i);
1479 Assert.Fail ("Unexpected Success " + i.ToString ());
1481 catch (CryptographicException) {
1483 catch (Exception e) {
1484 Assert.Fail ("Unexpected Exception " + i.ToString () + " : " + e.ToString ());
1490 [Category ("NotDotNet")] // will fail until a fix is available
1491 public void VerifyHMAC_ZeroLength ()
1493 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1494 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1496 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1497 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1498 <HMACOutputLength>0</HMACOutputLength>
1500 <Reference URI=""#object"">
1501 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1502 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1507 <Object Id=""object"">some other text</Object>
1510 SignedXml sign = GetSignedXml (xml);
1512 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")), "1");
1513 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("")), "2");
1514 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("oops")), "3");
1515 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")), "4");
1519 [Category ("NotDotNet")] // will fail until a fix is available
1520 public void VerifyHMAC_SmallerThanMinimumLength ()
1522 // 72 is a multiple of 8 but smaller than the minimum of 80 bits
1523 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1""><HMACOutputLength>72</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>2dimB+P5Aw5K</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1524 SignedXml sign = GetSignedXml (xml);
1525 CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")), "72");
1529 public void VerifyHMAC_MinimumLength ()
1531 // 80 bits is the minimum (and the half-size of HMACSHA1)
1532 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1""><HMACOutputLength>80</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>jVQPtLj61zNYjw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1533 SignedXml sign = GetSignedXml (xml);
1534 Assert.IsTrue (sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret"))));
1537 [Category ("NotDotNet")] // will fail until a fix is available
1538 public void VerifyHMAC_SmallerHalfLength ()
1540 // 80bits is smaller than the half-size of HMACSHA256
1541 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>80</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>vPtw7zKVV/JwQg==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1542 SignedXml sign = GetSignedXml (xml);
1543 CheckErratum (sign, new HMACSHA256 (Encoding.ASCII.GetBytes ("secret")), "80");
1547 public void VerifyHMAC_HalfLength ()
1549 // 128 is the half-size of HMACSHA256
1550 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>128</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>aegpvkAwOL8gN/CjSnW6qw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
1551 SignedXml sign = GetSignedXml (xml);
1552 Assert.IsTrue (sign.CheckSignature (new HMACSHA256 (Encoding.ASCII.GetBytes ("secret"))));
1555 public void VerifyHMAC_FullLength ()
1557 string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" /><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue></Reference></SignedInfo><SignatureValue>a0goL9esBUKPqtFYgpp2KST4huk=</SignatureValue><Object Id=""object"">some text</Object></Signature>";
1558 SignedXml sign = GetSignedXml (xml);
1559 Assert.IsTrue (sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret"))));
1563 [ExpectedException (typeof (CryptographicException))]
1564 public void VerifyHMAC_HMACOutputLength_Signature_Mismatch ()
1566 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1567 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1569 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1570 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1571 <HMACOutputLength>80</HMACOutputLength>
1573 <Reference URI=""#object"">
1574 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1575 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1580 <Object Id=""object"">some other text</Object>
1583 SignedXml sign = GetSignedXml (xml);
1584 sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")));
1588 [ExpectedException (typeof (FormatException))]
1589 public void VerifyHMAC_HMACOutputLength_Invalid ()
1591 string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
1592 <Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
1594 <CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
1595 <SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
1596 <HMACOutputLength>I wish this was not a string property</HMACOutputLength>
1598 <Reference URI=""#object"">
1599 <DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
1600 <DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
1605 <Object Id=""object"">some other text</Object>
1608 SignedXml sign = GetSignedXml (xml);
1609 sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")));
1613 public void ComputeSignature_WhenSigningKeyIsNotSpecified_ThrowsCryptographicException ()
1615 var unsignedXml = new XmlDocument ();
1616 unsignedXml.LoadXml ("<test />");
1618 var reference = new Reference { Uri = "" };
1619 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1621 var signedXml = new SignedXml (unsignedXml);
1622 signedXml.AddReference (reference);
1624 var ex = Assert.Throws<CryptographicException> (() => signedXml.ComputeSignature(), "Exception");
1625 Assert.That (ex.Message, Is.EqualTo (SR.Cryptography_Xml_LoadKeyFailed), "Message");
1629 public void ComputeSignature_WhenSignatureMethodIsNotSpecifiedAndRsaSigningKeyIsUsed_UsesRsaSha1Algorithm ()
1631 var unsignedXml = new XmlDocument ();
1632 unsignedXml.LoadXml ("<test />");
1634 var reference = new Reference { Uri = "" };
1635 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1637 var signedXml = new SignedXml (unsignedXml);
1638 signedXml.SigningKey = RSA.Create ();
1639 signedXml.AddReference (reference);
1641 signedXml.ComputeSignature ();
1643 var signature = signedXml.GetXml ();
1645 var namespaceManager = new XmlNamespaceManager (signature.OwnerDocument.NameTable);
1646 namespaceManager.AddNamespace ("ds", SignedXml.XmlDsigNamespaceUrl);
1648 var signatureMethodElement = signature.SelectSingleNode (
1649 string.Format ("/{0}:SignedInfo/{0}:SignatureMethod", XmlDsigNamespacePrefix),
1652 Assert.That (signatureMethodElement.Attributes["Algorithm"].Value, Is.EqualTo (SignedXml.XmlDsigRSASHA1Url));
1656 public void ComputeSignature_WhenSignatureMethodIsNotSpecifiedAndDsaSigningKeyIsUsed_UsesDsaSha1Algorithm ()
1658 var unsignedXml = new XmlDocument ();
1659 unsignedXml.LoadXml ("<test />");
1661 var reference = new Reference { Uri = "" };
1662 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1664 var signedXml = new SignedXml (unsignedXml);
1665 signedXml.SigningKey = DSA.Create ();
1666 signedXml.AddReference (reference);
1668 signedXml.ComputeSignature ();
1670 var signature = signedXml.GetXml ();
1672 var namespaceManager = new XmlNamespaceManager (signature.OwnerDocument.NameTable);
1673 namespaceManager.AddNamespace ("ds", SignedXml.XmlDsigNamespaceUrl);
1675 var signatureMethodElement = signature.SelectSingleNode (
1676 string.Format ("/{0}:SignedInfo/{0}:SignatureMethod", XmlDsigNamespacePrefix),
1679 Assert.That (signatureMethodElement.Attributes["Algorithm"].Value, Is.EqualTo (SignedXml.XmlDsigDSAUrl));
1683 public void ComputeSignature_WhenSignatureMethodIsNotSpecifiedAndNotSupportedSigningKeyIsUsed_ThrowsCryptographicException ()
1685 var unsignedXml = new XmlDocument ();
1686 unsignedXml.LoadXml ("<test />");
1688 var reference = new Reference { Uri = "" };
1689 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1691 var signedXml = new SignedXml (unsignedXml);
1692 signedXml.SigningKey = new CustomAsymmetricAlgorithm ();
1693 signedXml.AddReference (reference);
1695 var ex = Assert.Throws<CryptographicException> (() => signedXml.ComputeSignature (), "Exception");
1696 Assert.That (ex.Message, Is.EqualTo (SR.Cryptography_Xml_CreatedKeyFailed), "Message");
1700 public void ComputeSignature_WhenNotSupportedSignatureMethodIsSpecified_ThrowsCryptographicException ()
1702 var unsignedXml = new XmlDocument ();
1703 unsignedXml.LoadXml ("<test />");
1705 var reference = new Reference { Uri = "" };
1706 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1708 var signedXml = new SignedXml (unsignedXml);
1709 signedXml.SigningKey = RSA.Create ();
1710 signedXml.SignedInfo.SignatureMethod = "not supported signature method";
1711 signedXml.AddReference (reference);
1713 var ex = Assert.Throws<CryptographicException> (() => signedXml.ComputeSignature(), "Exception");
1714 Assert.That (ex.Message, Is.EqualTo (SR.Cryptography_Xml_SignatureDescriptionNotCreated), "Message");
1718 public void ComputeSignature_WhenNotSupportedSignatureHashAlgorithmIsSpecified_ThrowsCryptographicException ()
1720 const string algorithmName = "not supported signature hash algorithm";
1722 CryptoConfig.AddAlgorithm (typeof (BadHashAlgorithmSignatureDescription), algorithmName);
1724 var unsignedXml = new XmlDocument ();
1725 unsignedXml.LoadXml ("<test />");
1727 var reference = new Reference { Uri = "" };
1728 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1730 var signedXml = new SignedXml (unsignedXml);
1731 signedXml.SigningKey = RSA.Create ();
1732 signedXml.SignedInfo.SignatureMethod = algorithmName;
1733 signedXml.AddReference (reference);
1735 var ex = Assert.Throws<CryptographicException> (() => signedXml.ComputeSignature (), "Exception");
1736 Assert.That (ex.Message, Is.EqualTo (SR.Cryptography_Xml_CreateHashAlgorithmFailed), "Message");
1740 public void ComputeSignature_WhenCustomSignatureMethodIsSpecified_UsesCustomAlgorithm ()
1742 const string algorithmName = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
1744 CryptoConfig.AddAlgorithm (typeof (RsaPkcs1Sha512SignatureDescription), algorithmName);
1746 var unsignedXml = new XmlDocument ();
1747 unsignedXml.LoadXml ("<test />");
1749 var reference = new Reference { Uri = "" };
1750 reference.AddTransform (new XmlDsigEnvelopedSignatureTransform ());
1752 var signedXml = new SignedXml (unsignedXml);
1753 signedXml.SigningKey = RSA.Create ();
1754 signedXml.SignedInfo.SignatureMethod = algorithmName;
1755 signedXml.AddReference (reference);
1757 signedXml.ComputeSignature ();
1759 var signature = signedXml.GetXml ();
1761 var namespaceManager = new XmlNamespaceManager (signature.OwnerDocument.NameTable);
1762 namespaceManager.AddNamespace ("ds", SignedXml.XmlDsigNamespaceUrl);
1764 var signatureMethodElement = signature.SelectSingleNode (
1765 string.Format ("/{0}:SignedInfo/{0}:SignatureMethod", XmlDsigNamespacePrefix),
1768 Assert.That (signatureMethodElement.Attributes["Algorithm"].Value, Is.EqualTo (algorithmName));