mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.12.0.220

Browse Source 
Former-commit-id: c477e03582759447177c6d4bf412cd2355aad476
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-04-24 09:31:23 +00:00
parent 8bd104cef2
commit 8fc30896db
1200 changed files with 29534 additions and 26161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
mcs/class/System.Security/Makefile
View File

@@ -8,6 +8,7 @@ MONO_SECURITY=Mono.Security
endif
LIBRARY = System.Security.dll
API_BIN_REFS := System.Numerics
LIB_REFS = secxml/System bare/System.Xml $(MONO_SECURITY)
KEYFILE = ../msfinal.pub
LIB_MCS_FLAGS = \
@@ -28,10 +29,6 @@ EXTRA_DISTFILES = \
RESX_RESOURCE_STRING = ../../../external/corefx/src/System.Security.Cryptography.Xml/src/Resources/Strings.resx
ifdef MOBILE_PROFILE
NO_TEST = yes
endif
include ../../build/library.make
$(build_lib): $(secxml_libdir)/System.dll $(MONO_SECURITY_DLL)

285
mcs/class/System.Security/System.Security.Cryptography.Xml/KeyInfoX509Data.cs
View File

@@ -1,285 +0,0 @@
//
// KeyInfoX509Data.cs - KeyInfoX509Data implementation for XML Signature
//
// Authors:
// Sebastien Pouliot <sebastien@ximian.com>
// Atsushi Enomoto (atsushi@ximian.com)
// Tim Coleman (tim@timcoleman.com)
//
// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) Tim Coleman, 2004
// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System.Collections;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
using System.Xml;
namespace System.Security.Cryptography.Xml {
public class KeyInfoX509Data : KeyInfoClause {
private byte[] x509crl;
private ArrayList IssuerSerialList;
private ArrayList SubjectKeyIdList;
private ArrayList SubjectNameList;
private ArrayList X509CertificateList;
public KeyInfoX509Data ()
{
}
public KeyInfoX509Data (byte[] rgbCert)
{
AddCertificate (new X509Certificate (rgbCert));
}
public KeyInfoX509Data (X509Certificate cert)
{
AddCertificate (cert);
}
#if SECURITY_DEP
public KeyInfoX509Data (X509Certificate cert, X509IncludeOption includeOption)
{
if (cert == null)
throw new ArgumentNullException ("cert");
switch (includeOption) {
case X509IncludeOption.None:
case X509IncludeOption.EndCertOnly:
AddCertificate (cert);
break;
case X509IncludeOption.ExcludeRoot:
AddCertificatesChainFrom (cert, false);
break;
case X509IncludeOption.WholeChain:
AddCertificatesChainFrom (cert, true);
break;
}
}
// this gets complicated because we must:
// 1. build the chain using a X509Certificate2 class;
// 2. test for root using the Mono.Security.X509.X509Certificate class;
// 3. add the certificates as X509Certificate instances;
private void AddCertificatesChainFrom (X509Certificate cert, bool root)
{
X509Chain chain = new X509Chain ();
chain.Build (new X509Certificate2 (cert));
foreach (X509ChainElement ce in chain.ChainElements) {
byte[] rawdata = ce.Certificate.RawData;
if (!root) {
// exclude root
Mono.Security.X509.X509Certificate mx = new Mono.Security.X509.X509Certificate (rawdata);
if (mx.IsSelfSigned)
rawdata = null;
}
if (rawdata != null)
AddCertificate (new X509Certificate (rawdata));
}
}
#endif
public ArrayList Certificates {
get { return X509CertificateList; }
}
public byte[] CRL {
get { return x509crl; }
set { x509crl = value; }
}
public ArrayList IssuerSerials {
get { return IssuerSerialList; }
}
public ArrayList SubjectKeyIds {
get { return SubjectKeyIdList; }
}
public ArrayList SubjectNames {
get { return SubjectNameList; }
}
public void AddCertificate (X509Certificate certificate)
{
if (certificate == null)
throw new ArgumentNullException ("certificate");
if (X509CertificateList == null)
X509CertificateList = new ArrayList ();
X509CertificateList.Add (certificate);
}
public void AddIssuerSerial (string issuerName, string serialNumber)
{
if (issuerName == null)
throw new ArgumentException ("issuerName");
if (IssuerSerialList == null)
IssuerSerialList = new ArrayList ();
X509IssuerSerial xis = new X509IssuerSerial (issuerName, serialNumber);
IssuerSerialList.Add (xis);
}
public void AddSubjectKeyId (byte[] subjectKeyId)
{
if (SubjectKeyIdList == null)
SubjectKeyIdList = new ArrayList ();
SubjectKeyIdList.Add (subjectKeyId);
}
[ComVisible (false)]
public void AddSubjectKeyId (string subjectKeyId)
{
if (SubjectKeyIdList == null)
SubjectKeyIdList = new ArrayList ();
byte[] id = null;
if (subjectKeyId != null)
id = Convert.FromBase64String (subjectKeyId);
SubjectKeyIdList.Add (id);
}
public void AddSubjectName (string subjectName)
{
if (SubjectNameList == null)
SubjectNameList = new ArrayList ();
SubjectNameList.Add (subjectName);
}
public override XmlElement GetXml ()
{
XmlDocument document = new XmlDocument ();
XmlElement xel = document.CreateElement (XmlSignature.ElementNames.X509Data, XmlSignature.NamespaceURI);
// FIXME: hack to match MS implementation
xel.SetAttribute ("xmlns", XmlSignature.NamespaceURI);
// <X509IssuerSerial>
if ((IssuerSerialList != null) && (IssuerSerialList.Count > 0)) {
foreach (X509IssuerSerial iser in IssuerSerialList) {
XmlElement isl = document.CreateElement (XmlSignature.ElementNames.X509IssuerSerial, XmlSignature.NamespaceURI);
XmlElement xin = document.CreateElement (XmlSignature.ElementNames.X509IssuerName, XmlSignature.NamespaceURI);
xin.InnerText = iser.IssuerName;
isl.AppendChild (xin);
XmlElement xsn = document.CreateElement (XmlSignature.ElementNames.X509SerialNumber, XmlSignature.NamespaceURI);
xsn.InnerText = iser.SerialNumber;
isl.AppendChild (xsn);
xel.AppendChild (isl);
}
}
// <X509SKI>
if ((SubjectKeyIdList != null) && (SubjectKeyIdList.Count > 0)) {
foreach (byte[] skid in SubjectKeyIdList) {
XmlElement ski = document.CreateElement (XmlSignature.ElementNames.X509SKI, XmlSignature.NamespaceURI);
ski.InnerText = Convert.ToBase64String (skid);
xel.AppendChild (ski);
}
}
// <X509SubjectName>
if ((SubjectNameList != null) && (SubjectNameList.Count > 0)) {
foreach (string subject in SubjectNameList) {
XmlElement sn = document.CreateElement (XmlSignature.ElementNames.X509SubjectName, XmlSignature.NamespaceURI);
sn.InnerText = subject;
xel.AppendChild (sn);
}
}
// <X509Certificate>
if ((X509CertificateList != null) && (X509CertificateList.Count > 0)) {
foreach (X509Certificate x509 in X509CertificateList) {
XmlElement cert = document.CreateElement (XmlSignature.ElementNames.X509Certificate, XmlSignature.NamespaceURI);
cert.InnerText = Convert.ToBase64String (x509.GetRawCertData ());
xel.AppendChild (cert);
}
}
// only one <X509CRL>
if (x509crl != null) {
XmlElement crl = document.CreateElement (XmlSignature.ElementNames.X509CRL, XmlSignature.NamespaceURI);
crl.InnerText = Convert.ToBase64String (x509crl);
xel.AppendChild (crl);
}
return xel;
}
public override void LoadXml (XmlElement element)
{
if (element == null)
throw new ArgumentNullException ("element");
if (IssuerSerialList != null)
IssuerSerialList.Clear ();
if (SubjectKeyIdList != null)
SubjectKeyIdList.Clear ();
if (SubjectNameList != null)
SubjectNameList.Clear ();
if (X509CertificateList != null)
X509CertificateList.Clear ();
x509crl = null;
if ((element.LocalName != XmlSignature.ElementNames.X509Data) || (element.NamespaceURI != XmlSignature.NamespaceURI))
throw new CryptographicException ("element");
XmlElement [] xnl = null;
// <X509IssuerSerial>
xnl = XmlSignature.GetChildElements (element, XmlSignature.ElementNames.X509IssuerSerial);
if (xnl != null) {
for (int i=0; i < xnl.Length; i++) {
XmlElement xel = (XmlElement) xnl[i];
XmlElement issuer = XmlSignature.GetChildElement (xel, XmlSignature.ElementNames.X509IssuerName, XmlSignature.NamespaceURI);
XmlElement serial = XmlSignature.GetChildElement (xel, XmlSignature.ElementNames.X509SerialNumber, XmlSignature.NamespaceURI);
AddIssuerSerial (issuer.InnerText, serial.InnerText);
}
}
// <X509SKI>
xnl = XmlSignature.GetChildElements (element, XmlSignature.ElementNames.X509SKI);
if (xnl != null) {
for (int i=0; i < xnl.Length; i++) {
byte[] skid = Convert.FromBase64String (xnl[i].InnerXml);
AddSubjectKeyId (skid);
}
}
// <X509SubjectName>
xnl = XmlSignature.GetChildElements (element, XmlSignature.ElementNames.X509SubjectName);
if (xnl != null) {
for (int i=0; i < xnl.Length; i++) {
AddSubjectName (xnl[i].InnerXml);
}
}
// <X509Certificate>
xnl = XmlSignature.GetChildElements (element, XmlSignature.ElementNames.X509Certificate);
if (xnl != null) {
for (int i=0; i < xnl.Length; i++) {
byte[] cert = Convert.FromBase64String (xnl[i].InnerXml);
AddCertificate (new X509Certificate (cert));
}
}
// only one <X509CRL>
XmlElement x509el = XmlSignature.GetChildElement (element, XmlSignature.ElementNames.X509CRL, XmlSignature.NamespaceURI);
if (x509el != null) {
x509crl = Convert.FromBase64String (x509el.InnerXml);
}
}
}
}

119
mcs/class/System.Security/System.Security.Cryptography.Xml/Manifest.cs
View File

@@ -1,119 +0,0 @@
//
// Manifest.cs - Manifest implementation for XML Signature
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// (C) 2004 Novell (http://www.novell.com)
//
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System.Collections;
using System.Xml;
namespace System.Security.Cryptography.Xml {
internal class Manifest {
private ArrayList references;
private string id;
private XmlElement element;
public Manifest ()
{
references = new ArrayList ();
}
public Manifest (XmlElement xel) : this ()
{
LoadXml (xel);
}
public string Id {
get { return id; }
set {
element = null;
id = value;
}
}
public ArrayList References {
get { return references; }
}
public void AddReference (Reference reference)
{
references.Add (reference);
}
public XmlElement GetXml ()
{
if (element != null)
return element;
XmlDocument document = new XmlDocument ();
XmlElement xel = document.CreateElement (XmlSignature.ElementNames.SignedInfo, XmlSignature.NamespaceURI);
if (id != null)
xel.SetAttribute (XmlSignature.AttributeNames.Id, id);
// we add References afterward so we don't end up with extraneous
// xmlns="..." in each reference elements.
foreach (Reference r in references) {
XmlNode xn = r.GetXml ();
XmlNode newNode = document.ImportNode (xn, true);
xel.AppendChild (newNode);
}
return xel;
}
private string GetAttribute (XmlElement xel, string attribute)
{
XmlAttribute xa = xel.Attributes [attribute];
return ((xa != null) ? xa.InnerText : null);
}
public void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlSignature.ElementNames.Manifest) || (value.NamespaceURI != XmlSignature.NamespaceURI))
throw new CryptographicException ();
id = GetAttribute (value, XmlSignature.AttributeNames.Id);
for (int i = 0; i < value.ChildNodes.Count; i++) {
XmlNode n = value.ChildNodes [i];
if (n.NodeType == XmlNodeType.Element &&
n.LocalName == XmlSignature.ElementNames.Reference &&
n.NamespaceURI == XmlSignature.NamespaceURI) {
Reference r = new Reference ();
r.LoadXml ((XmlElement) n);
AddReference (r);
}
}
element = value;
}
}
}

221
mcs/class/System.Security/System.Security.Cryptography.Xml/Signature.cs
View File

@@ -1,221 +0,0 @@
//
// Signature.cs - Signature implementation for XML Signature
//
// Author:
// Sebastien Pouliot (spouliot@motus.com)
// Tim Coleman (tim@timcoleman.com)
//
// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) Tim Coleman, 2004
//
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System.Collections;
using System.Security.Cryptography;
using System.Xml;
namespace System.Security.Cryptography.Xml {
public class Signature {
static XmlNamespaceManager dsigNsmgr;
static Signature ()
{
dsigNsmgr = new XmlNamespaceManager (new NameTable ());
dsigNsmgr.AddNamespace ("xd", XmlSignature.NamespaceURI);
}
private ArrayList list;
private SignedInfo info;
private KeyInfo key;
private string id;
private byte[] signature;
private XmlElement element;
public Signature ()
{
list = new ArrayList ();
}
public string Id {
get { return id; }
set {
element = null;
id = value;
}
}
public KeyInfo KeyInfo {
get { return key; }
set {
element = null;
key = value;
}
}
public IList ObjectList {
get { return list; }
set { list = ArrayList.Adapter (value); }
}
public byte[] SignatureValue {
get { return signature; }
set {
element = null;
signature = value;
}
}
public SignedInfo SignedInfo {
get { return info; }
set {
element = null;
info = value;
}
}
public void AddObject (DataObject dataObject)
{
list.Add (dataObject);
}
public XmlElement GetXml ()
{
return GetXml (null);
}
internal XmlElement GetXml (XmlDocument document)
{
if (element != null)
return element;
if (info == null)
throw new CryptographicException ("SignedInfo");
if (signature == null)
throw new CryptographicException ("SignatureValue");
if (document == null)
document = new XmlDocument ();
XmlElement xel = document.CreateElement (XmlSignature.ElementNames.Signature, XmlSignature.NamespaceURI);
if (id != null)
xel.SetAttribute (XmlSignature.AttributeNames.Id, id);
XmlNode xn = info.GetXml ();
XmlNode newNode = document.ImportNode (xn, true);
xel.AppendChild (newNode);
if (signature != null) {
XmlElement sv = document.CreateElement (XmlSignature.ElementNames.SignatureValue, XmlSignature.NamespaceURI);
sv.InnerText = Convert.ToBase64String (signature);
xel.AppendChild (sv);
}
if (key != null) {
xn = key.GetXml ();
newNode = document.ImportNode (xn, true);
xel.AppendChild (newNode);
}
if (list.Count > 0) {
foreach (DataObject obj in list) {
xn = obj.GetXml ();
newNode = document.ImportNode (xn, true);
xel.AppendChild (newNode);
}
}
return xel;
}
private string GetAttribute (XmlElement xel, string attribute)
{
XmlAttribute xa = xel.Attributes [attribute];
return ((xa != null) ? xa.InnerText : null);
}
public void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName == XmlSignature.ElementNames.Signature) && (value.NamespaceURI == XmlSignature.NamespaceURI)) {
id = GetAttribute (value, XmlSignature.AttributeNames.Id);
// LAMESPEC: This library is totally useless against eXtensibly Marked-up document.
int i = NextElementPos (value.ChildNodes, 0, XmlSignature.ElementNames.SignedInfo, XmlSignature.NamespaceURI, true);
XmlElement sinfo = (XmlElement) value.ChildNodes [i];
info = new SignedInfo ();
info.LoadXml (sinfo);
i = NextElementPos (value.ChildNodes, ++i, XmlSignature.ElementNames.SignatureValue, XmlSignature.NamespaceURI, true);
XmlElement sigValue = (XmlElement) value.ChildNodes [i];
signature = Convert.FromBase64String (sigValue.InnerText);
// signature isn't required: <element ref="ds:KeyInfo" minOccurs="0"/>
i = NextElementPos (value.ChildNodes, ++i, XmlSignature.ElementNames.KeyInfo, XmlSignature.NamespaceURI, false);
if (i > 0) {
XmlElement kinfo = (XmlElement) value.ChildNodes [i];
key = new KeyInfo ();
key.LoadXml (kinfo);
}
XmlNodeList xnl = value.SelectNodes ("xd:Object", dsigNsmgr);
foreach (XmlElement xn in xnl) {
DataObject obj = new DataObject ();
obj.LoadXml (xn);
AddObject (obj);
}
}
else
throw new CryptographicException ("Malformed element: Signature.");
// if invalid
if (info == null)
throw new CryptographicException ("SignedInfo");
if (signature == null)
throw new CryptographicException ("SignatureValue");
}
private int NextElementPos (XmlNodeList nl, int pos, string name, string ns, bool required)
{
while (pos < nl.Count) {
if (nl [pos].NodeType == XmlNodeType.Element) {
if (nl [pos].LocalName != name || nl [pos].NamespaceURI != ns) {
if (required)
throw new CryptographicException ("Malformed element " + name);
else
return -2;
}
else
return pos;
}
else
pos++;
}
if (required)
throw new CryptographicException ("Malformed element " + name);
return -1;
}
}
}

219
mcs/class/System.Security/System.Security.Cryptography.Xml/SignedInfo.cs
View File

@@ -1,219 +0,0 @@
//
// SignedInfo.cs - SignedInfo implementation for XML Signature
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
// Tim Coleman (tim@timcoleman.com)
//
// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) Tim Coleman, 2004
// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System.Collections;
using System.Runtime.InteropServices;
using System.Xml;
namespace System.Security.Cryptography.Xml {
public class SignedInfo : ICollection, IEnumerable {
private ArrayList references;
private string c14nMethod;
private string id;
private string signatureMethod;
private string signatureLength;
private XmlElement element;
public SignedInfo()
{
references = new ArrayList ();
c14nMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
}
public string CanonicalizationMethod {
get { return c14nMethod; }
set {
c14nMethod = value;
element = null;
}
}
[ComVisible (false)]
[MonoTODO]
public Transform CanonicalizationMethodObject {
get { throw new NotImplementedException (); }
}
// documented as not supported (and throwing exception)
public int Count {
get { throw new NotSupportedException (); }
}
public string Id {
get { return id; }
set {
element = null;
id = value;
}
}
// documented as not supported (and throwing exception)
public bool IsReadOnly {
get { throw new NotSupportedException (); }
}
// documented as not supported (and throwing exception)
public bool IsSynchronized {
get { throw new NotSupportedException (); }
}
// Manipulating this array never affects GetXml() when
// LoadXml() was used.
// (Actually, there is no way to detect modification.)
public ArrayList References {
get { return references; }
}
public string SignatureLength {
get { return signatureLength; }
set {
element = null;
signatureLength = value;
}
}
public string SignatureMethod {
get { return signatureMethod; }
set {
element = null;
signatureMethod = value;
}
}
// documented as not supported (and throwing exception)
public object SyncRoot {
get { throw new NotSupportedException (); }
}
public void AddReference (Reference reference)
{
references.Add (reference);
}
// documented as not supported (and throwing exception)
public void CopyTo (Array array, int index)
{
throw new NotSupportedException ();
}
public IEnumerator GetEnumerator ()
{
return references.GetEnumerator ();
}
public XmlElement GetXml ()
{
if (element != null)
return element;
if (signatureMethod == null)
throw new CryptographicException ("SignatureMethod");
if (references.Count == 0)
throw new CryptographicException ("References empty");
XmlDocument document = new XmlDocument ();
XmlElement xel = document.CreateElement (XmlSignature.ElementNames.SignedInfo, XmlSignature.NamespaceURI);
if (id != null)
xel.SetAttribute (XmlSignature.AttributeNames.Id, id);
if (c14nMethod != null) {
XmlElement c14n = document.CreateElement (XmlSignature.ElementNames.CanonicalizationMethod, XmlSignature.NamespaceURI);
c14n.SetAttribute (XmlSignature.AttributeNames.Algorithm, c14nMethod);
xel.AppendChild (c14n);
}
if (signatureMethod != null) {
XmlElement sm = document.CreateElement (XmlSignature.ElementNames.SignatureMethod, XmlSignature.NamespaceURI);
sm.SetAttribute (XmlSignature.AttributeNames.Algorithm, signatureMethod);
if (signatureLength != null) {
XmlElement hmac = document.CreateElement (XmlSignature.ElementNames.HMACOutputLength, XmlSignature.NamespaceURI);
hmac.InnerText = signatureLength;
sm.AppendChild (hmac);
}
xel.AppendChild (sm);
}
// This check is only done when element is created here.
if (references.Count == 0)
throw new CryptographicException ("At least one Reference element is required in SignedInfo.");
// we add References afterward so we don't end up with extraneous
// xmlns="..." in each reference elements.
foreach (Reference r in references) {
XmlNode xn = r.GetXml ();
XmlNode newNode = document.ImportNode (xn, true);
xel.AppendChild (newNode);
}
return xel;
}
private string GetAttribute (XmlElement xel, string attribute)
{
XmlAttribute xa = xel.Attributes [attribute];
return ((xa != null) ? xa.InnerText : null);
}
public void LoadXml (XmlElement value)
{
if (value == null)
throw new ArgumentNullException ("value");
if ((value.LocalName != XmlSignature.ElementNames.SignedInfo) || (value.NamespaceURI != XmlSignature.NamespaceURI))
throw new CryptographicException ();
id = GetAttribute (value, XmlSignature.AttributeNames.Id);
c14nMethod = XmlSignature.GetAttributeFromElement (value, XmlSignature.AttributeNames.Algorithm, XmlSignature.ElementNames.CanonicalizationMethod);
XmlElement sm = XmlSignature.GetChildElement (value, XmlSignature.ElementNames.SignatureMethod, XmlSignature.NamespaceURI);
if (sm != null) {
signatureMethod = sm.GetAttribute (XmlSignature.AttributeNames.Algorithm);
XmlElement length = XmlSignature.GetChildElement (sm, XmlSignature.ElementNames.HMACOutputLength, XmlSignature.NamespaceURI);
if (length != null) {
signatureLength = length.InnerText;
}
}
for (int i = 0; i < value.ChildNodes.Count; i++) {
XmlNode n = value.ChildNodes [i];
if (n.NodeType == XmlNodeType.Element &&
n.LocalName == XmlSignature.ElementNames.Reference &&
n.NamespaceURI == XmlSignature.NamespaceURI) {
Reference r = new Reference ();
r.LoadXml ((XmlElement) n);
AddReference (r);
}
}
element = value;
}
}
}

1517
mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs
View File

File diff suppressed because it is too large Load Diff

56
mcs/class/System.Security/System.Security.Cryptography.Xml/X509IssuerSerial.cs
View File

@@ -1,56 +0,0 @@
//
// X509IssuerSerial.cs - X509IssuerSerial implementation for XML Encryption
//
// Author:
// Tim Coleman (tim@timcoleman.com)
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) Tim Coleman, 2004
// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
namespace System.Security.Cryptography.Xml {
public
struct X509IssuerSerial {
private string _issuerName;
private string _serialNumber;
internal X509IssuerSerial (string issuer, string serial)
{
_issuerName = issuer;
_serialNumber = serial;
}
public string IssuerName {
get { return _issuerName; }
set { _issuerName = value; }
}
public string SerialNumber {
get { return _serialNumber; }
set { _serialNumber = value; }
}
}
}

128
mcs/class/System.Security/System.Security.Cryptography.Xml/XmlSignature.cs
View File

@@ -1,128 +0,0 @@
//
// XmlSignature.cs: Handles Xml Signature
//
// Author:
// Sebastien Pouliot (spouliot@motus.com)
// Atsushi Enomoto (atsushi@ximian.com)
// Tim Coleman (tim@timcoleman.com)
//
// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) Tim Coleman, 2004
// (C) 2004 Novell Inc.
//
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.Collections;
using System.Xml;
namespace System.Security.Cryptography.Xml {
// following the design of WSE
internal class XmlSignature {
public class ElementNames {
public const string CanonicalizationMethod = "CanonicalizationMethod";
public const string DigestMethod = "DigestMethod";
public const string DigestValue = "DigestValue";
public const string DSAKeyValue = "DSAKeyValue";
public const string EncryptedKey = "EncryptedKey";
public const string HMACOutputLength = "HMACOutputLength";
public const string KeyInfo = "KeyInfo";
public const string KeyName = "KeyName";
public const string KeyValue = "KeyValue";
public const string Manifest = "Manifest";
public const string Object = "Object";
public const string Reference = "Reference";
public const string RetrievalMethod = "RetrievalMethod";
public const string RSAKeyValue = "RSAKeyValue";
public const string Signature = "Signature";
public const string SignatureMethod = "SignatureMethod";
public const string SignatureValue = "SignatureValue";
public const string SignedInfo = "SignedInfo";
public const string Transform = "Transform";
public const string Transforms = "Transforms";
public const string X509Data = "X509Data";
public const string X509IssuerSerial = "X509IssuerSerial";
public const string X509IssuerName = "X509IssuerName";
public const string X509SerialNumber = "X509SerialNumber";
public const string X509SKI = "X509SKI";
public const string X509SubjectName = "X509SubjectName";
public const string X509Certificate = "X509Certificate";
public const string X509CRL = "X509CRL";
public ElementNames () {}
}
public class AttributeNames {
public const string Algorithm = "Algorithm";
public const string Encoding = "Encoding";
public const string Id = "Id";
public const string MimeType = "MimeType";
public const string Type = "Type";
public const string URI = "URI";
public AttributeNames () {}
}
public class Uri {
public const string Manifest = "http://www.w3.org/2000/09/xmldsig#Manifest";
}
public const string NamespaceURI = "http://www.w3.org/2000/09/xmldsig#";
public const string Prefix = "ds";
public XmlSignature ()
{
}
public static XmlElement GetChildElement (XmlElement xel, string element, string ns)
{
for (int i = 0; i < xel.ChildNodes.Count; i++) {
XmlNode n = xel.ChildNodes [i];
if (n.NodeType == XmlNodeType.Element && n.LocalName == element && n.NamespaceURI == ns)
return n as XmlElement;
}
return null;
}
public static string GetAttributeFromElement (XmlElement xel, string attribute, string element)
{
XmlElement el = GetChildElement (xel, element, XmlSignature.NamespaceURI);
return el != null ? el.GetAttribute (attribute) : null;
}
public static XmlElement [] GetChildElements (XmlElement xel, string element)
{
ArrayList al = new ArrayList ();
for (int i = 0; i < xel.ChildNodes.Count; i++) {
XmlNode n = xel.ChildNodes [i];
if (n.NodeType == XmlNodeType.Element && n.LocalName == element && n.NamespaceURI == XmlSignature.NamespaceURI)
al.Add (n);
}
return al.ToArray (typeof (XmlElement)) as XmlElement [];
}
}
}

15
mcs/class/System.Security/System.Security.dll.sources
View File

@@ -1,5 +1,5 @@
#include common_System.Security.dll.sources
corefx/SR.cs
Mono.Security.Cryptography/ManagedProtection.cs
Mono.Security.Cryptography/NativeDapiProtection.cs
System.Security.Cryptography/MemoryProtectionScope.cs
@@ -13,6 +13,8 @@ System.Security.Cryptography.Pkcs/SignerInfoEnumerator.cs
../System.Core/System.Security.Cryptography.X509Certificates/RSACertificateExtensions.cs
System.Security.Cryptography.X509Certificates/X509Certificate2UI.cs
System.Security.Cryptography.X509Certificates/X509SelectionFlag.cs
# System.Security.Cryptography.Xml
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/AncestralNamespaceContextManager.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/AttributeSortOrder.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/C14NAncestralNamespaceContextManager.cs
@@ -57,9 +59,8 @@ System.Security.Cryptography.X509Certificates/X509SelectionFlag.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoName.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoNode.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoRetrievalMethod.cs
System.Security.Cryptography.Xml/KeyInfoX509Data.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyReference.cs
System.Security.Cryptography.Xml/Manifest.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/MyXmlDocument.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/NamespaceFrame.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/NamespaceSortOrder.cs
@@ -72,8 +73,8 @@ System.Security.Cryptography.Xml/Manifest.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA384SignatureDescription.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA512SignatureDescription.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SignatureDescription.cs
System.Security.Cryptography.Xml/Signature.cs
System.Security.Cryptography.Xml/SignedInfo.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedInfo.cs
System.Security.Cryptography.Xml/SignedXml.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXmlDebugLog.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SymmetricKeyWrap.cs
@@ -90,8 +91,8 @@ System.Security.Cryptography.Xml/SignedXml.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlDsigXPathTransform.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlDsigXsltTransform.cs
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlLicenseTransform.cs
System.Security.Cryptography.Xml/XmlSignature.cs
../../build/common/MonoTODOAttribute.cs
# System.Security.Permissions
System.Security.Permissions/DataProtectionPermission.cs
System.Security.Permissions/DataProtectionPermissionAttribute.cs
System.Security.Permissions/DataProtectionPermissionFlags.cs

19
mcs/class/System.Security/Test/System.Security.Cryptography.Xml/EncryptedXmlTest.cs
View File

@@ -180,11 +180,22 @@ namespace MonoTests.System.Security.Cryptography.Xml
Assert.IsNull (ex.GetIdElement (null, "value"));
}
[Test]
public void GetIdElement_StringNull ()
[TestCase (null, TestName = "null")]
[TestCase ("", TestName = "empty")]
public void GetIdElement_WhenElementNameMustBeNonColonizedAndItIsNotProvided_ThrowsArgumentNullException (string elementName)
{
EncryptedXml ex = new EncryptedXml ();
Assert.IsNull (ex.GetIdElement (new XmlDocument (), null));
var sut = new EncryptedXml ();
var ex = Assert.Throws<ArgumentNullException> (() => sut.GetIdElement (new XmlDocument (), elementName), "Exception");
Assert.That (ex.ParamName, Is.EqualTo ("name"), "ParamName");
}
[Test]
public void GetIdElement_WhenElementNameMustBeNonColonizedAndItContainsColon_ReturnsNull ()
{
var sut = new EncryptedXml ();
Assert.That (sut.GetIdElement (new XmlDocument (), "t:test"), Is.Null);
}
[Test]

200
mcs/class/System.Security/Test/System.Security.Cryptography.Xml/SignedXmlTest.cs
View File

@@ -253,7 +253,7 @@ namespace MonoTests.System.Security.Cryptography.Xml {
signedXml.ComputeSignature ();
Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
Assert.AreEqual (SignedXml.XmlDsigRSASHA1Url, signedXml.SignatureMethod, "SignatureMethod");
Assert.AreEqual (SignedXml.XmlDsigRSASHA256Url, signedXml.SignatureMethod, "SignatureMethod");
Assert.AreEqual (128, signedXml.SignatureValue.Length, "SignatureValue");
Assert.IsNull (signedXml.SigningKeyName, "SigningKeyName");
@@ -638,13 +638,13 @@ namespace MonoTests.System.Security.Cryptography.Xml {
public void DataReferenceToNonDataObject ()
{
XmlDocument doc = new XmlDocument ();
doc.LoadXml ("<foo Id='id:1'/>");
doc.LoadXml ("<foo Id='test'/>");
SignedXml signedXml = new SignedXml (doc);
DSA key = DSA.Create ();
signedXml.SigningKey = key;
Reference reference = new Reference ();
reference.Uri = "#id:1";
reference.Uri = "#test";
XmlDsigC14NTransform t = new XmlDsigC14NTransform ();
reference.AddTransform (t);
@@ -707,12 +707,30 @@ namespace MonoTests.System.Security.Cryptography.Xml {
return sw.ToString ();
}
[Test]
public void GetIdElement_Null ()
[TestCase (null, TestName = "null")]
[TestCase ("", TestName = "empty")]
public void GetIdElement_WhenElementNameMustBeNonColonizedAndItIsNotProvided_ThrowsArgumentNullException (string elementName)
{
SignedXml sign = new SignedXml ();
Assert.IsNull (sign.GetIdElement (null, "value"));
Assert.IsNull (sign.GetIdElement (new XmlDocument (), null));
var sut = new SignedXml ();
var ex = Assert.Throws<ArgumentNullException> (() => sut.GetIdElement (new XmlDocument (), elementName), "Exception");
Assert.That (ex.ParamName, Is.EqualTo ("name"), "ParamName");
}
[Test]
public void GetIdElement_WhenElementNameMustBeNonColonizedAndItContainsColon_ReturnsNull ()
{
var sut = new SignedXml ();
Assert.That (sut.GetIdElement (new XmlDocument (), "t:test"), Is.Null);
}
[Test]
public void GetIdElement_WhenXmlDocumentIsNotProvided_ReturnsNull ()
{
var sut = new SignedXml ();
Assert.That (sut.GetIdElement (null, "value"), Is.Null);
}
[Test]
@@ -789,6 +807,7 @@ namespace MonoTests.System.Security.Cryptography.Xml {
SignedXml signedXml = new SignedXml (doc);
signedXml.SigningKey = cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
Reference reference = new Reference ();
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
@@ -1408,13 +1427,6 @@ namespace MonoTests.System.Security.Cryptography.Xml {
// verify MS-generated signature
Assert.IsTrue (sign.CheckSignature (new HMACRIPEMD160 (hmackey)));
}
// CVE-2009-0217
// * a 0-length signature is the worse case - it accepts anything
// * between 1-7 bits length are considered invalid (not a multiple of 8)
// * a 8 bits signature would have one chance, out of 256, to be valid
// * and so on... until we hit (output-length / 2) or 80 bits (see ERRATUM)
static bool erratum = true; // xmldsig erratum for CVE-2009-0217
static SignedXml GetSignedXml (string xml)
{
@@ -1426,31 +1438,15 @@ namespace MonoTests.System.Security.Cryptography.Xml {
return sign;
}
static void CheckErratum (SignedXml signed, KeyedHashAlgorithm hmac, string message)
{
if (erratum) {
try {
signed.CheckSignature (hmac);
Assert.Fail (message + ": unexcepted success");
}
catch (CryptographicException) {
}
catch (Exception e) {
Assert.Fail (message + ": unexcepted " + e.ToString ());
}
} else {
Assert.IsTrue (signed.CheckSignature (hmac), message);
}
}
private void HmacMustBeMultipleOfEightBits (int bits)
[Test]
public void CheckSignature_WhenHmacOutputLengthIsNotMultipleOf8_ThrowsCryptographicException ()
{
string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
<SignedInfo>
<CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
<SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
<HMACOutputLength>{0}</HMACOutputLength>
<HMACOutputLength>81</HMACOutputLength>
</SignatureMethod>
<Reference URI=""#object"">
<DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
@@ -1463,96 +1459,41 @@ namespace MonoTests.System.Security.Cryptography.Xml {
<Object Id=""object"">some other text</Object>
</Signature>
";
SignedXml sign = GetSignedXml (String.Format (xml, bits));
// only multiple of 8 bits are supported
sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")));
var sut = GetSignedXml (xml);
sut.SignatureFormatValidator = null;
var ex = Assert.Throws<CryptographicException> (() => sut.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret"))), "Exception");
Assert.That (ex.Message, Is.StringContaining ("multiple of 8").IgnoreCase, "Message");
}
[Test]
public void HmacMustBeMultipleOfEightBits ()
public void CheckSignature_WhenDefaultSignatureFormatValidatorIsUsedAndSignatureUsesTruncatedHmac_ReturnsFalse ()
{
for (int i = 1; i < 160; i++) {
// The .NET framework only supports multiple of 8 bits
if (i % 8 == 0)
continue;
try {
HmacMustBeMultipleOfEightBits (i);
Assert.Fail ("Unexpected Success " + i.ToString ());
}
catch (CryptographicException) {
}
catch (Exception e) {
Assert.Fail ("Unexpected Exception " + i.ToString () + " : " + e.ToString ());
}
}
}
[Test]
[Category ("NotDotNet")] // will fail until a fix is available
public void VerifyHMAC_ZeroLength ()
{
string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
<SignedInfo>
<CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" />
<SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1"" >
<HMACOutputLength>0</HMACOutputLength>
</SignatureMethod>
<Reference URI=""#object"">
<DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" />
<DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
<Object Id=""object"">some other text</Object>
</Signature>
";
SignedXml sign = GetSignedXml (xml);
CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")), "1");
CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("")), "2");
CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("oops")), "3");
CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")), "4");
}
[Test]
[Category ("NotDotNet")] // will fail until a fix is available
public void VerifyHMAC_SmallerThanMinimumLength ()
{
// 72 is a multiple of 8 but smaller than the minimum of 80 bits
string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1""><HMACOutputLength>72</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>2dimB+P5Aw5K</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
SignedXml sign = GetSignedXml (xml);
CheckErratum (sign, new HMACSHA1 (Encoding.ASCII.GetBytes ("secret")), "72");
}
[Test]
public void VerifyHMAC_MinimumLength ()
{
// 80 bits is the minimum (and the half-size of HMACSHA1)
string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#hmac-sha1""><HMACOutputLength>80</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>jVQPtLj61zNYjw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
SignedXml sign = GetSignedXml (xml);
Assert.IsTrue (sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("secret"))));
}
[Test]
[Category ("NotDotNet")] // will fail until a fix is available
public void VerifyHMAC_SmallerHalfLength ()
{
// 80bits is smaller than the half-size of HMACSHA256
string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>80</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>vPtw7zKVV/JwQg==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
SignedXml sign = GetSignedXml (xml);
CheckErratum (sign, new HMACSHA256 (Encoding.ASCII.GetBytes ("secret")), "80");
}
[Test]
public void VerifyHMAC_HalfLength ()
{
// 128 is the half-size of HMACSHA256
// The HMAC output length is 128, which is a half of HMACSHA256 that we're going to use.
string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>128</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>aegpvkAwOL8gN/CjSnW6qw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
SignedXml sign = GetSignedXml (xml);
Assert.IsTrue (sign.CheckSignature (new HMACSHA256 (Encoding.ASCII.GetBytes ("secret"))));
var sut = GetSignedXml (xml);
// Although the XML Signature standard allows using truncated HMACs (with some limitations),
// .NET Framework, by default, doesn't allow using them, since it may result in security issues.
Assert.That (sut.CheckSignature (new HMACSHA256 (Encoding.ASCII.GetBytes ("secret"))), Is.False);
}
[Test]
public void CheckSignature_WhenDefaultSignatureFormatValidatorIsNotUsedAndSignatureUsesTruncatedHmac_ReturnsTrue ()
{
// The HMAC output length is 128, which is a half of HMACSHA256 that we're going to use.
string xml = @"<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#hmac-sha256""><HMACOutputLength>128</HMACOutputLength></SignatureMethod><Reference URI=""#object""><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>nz4GS0NbH2SrWlD/4fX313CoTzc=</DigestValue></Reference></SignedInfo><SignatureValue>aegpvkAwOL8gN/CjSnW6qw==</SignatureValue><Object Id=""object"">some other text</Object></Signature>";
var sut = GetSignedXml (xml);
// By default, .NET Framework doesn't allow using truncated HMACs, since it may lead to security issues.
// That being said, the XML Signature standard allows using truncated HMACs, but with some limitations.
// It's possible to use truncated HMACs by using a custom signature format validator, or not using it at all.
sut.SignatureFormatValidator = null;
Assert.That (sut.CheckSignature (new HMACSHA256 (Encoding.ASCII.GetBytes ("secret"))), Is.True);
}
[Test]
public void VerifyHMAC_FullLength ()
{
@@ -1562,8 +1503,7 @@ namespace MonoTests.System.Security.Cryptography.Xml {
}
[Test]
[ExpectedException (typeof (CryptographicException))]
public void VerifyHMAC_HMACOutputLength_Signature_Mismatch ()
public void CheckSignature_WhenSignatureLengthIsGreaterThanHmacOutputLength_ThrowsCryptographicException ()
{
string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
@@ -1582,13 +1522,15 @@ namespace MonoTests.System.Security.Cryptography.Xml {
<Object Id=""object"">some other text</Object>
</Signature>
";
SignedXml sign = GetSignedXml (xml);
sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")));
var sut = GetSignedXml (xml);
sut.SignatureFormatValidator = null;
var ex = Assert.Throws<CryptographicException> (() => sut.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue"))), "Exception");
Assert.That (ex.Message, Is.StringContaining ("length of the signature").IgnoreCase, "Message");
}
[Test]
[ExpectedException (typeof (FormatException))]
public void VerifyHMAC_HMACOutputLength_Invalid ()
public void CheckSignature_WhenHmacOutputLengthIsInvalid_ThrowsFormatException ()
{
string xml = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<Signature xmlns=""http://www.w3.org/2000/09/xmldsig#"">
@@ -1607,8 +1549,10 @@ namespace MonoTests.System.Security.Cryptography.Xml {
<Object Id=""object"">some other text</Object>
</Signature>
";
SignedXml sign = GetSignedXml (xml);
sign.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue")));
var sut = GetSignedXml (xml);
sut.SignatureFormatValidator = null;
Assert.Throws<FormatException> (() => sut.CheckSignature (new HMACSHA1 (Encoding.ASCII.GetBytes ("no clue"))));
}
[Test]
@@ -1628,7 +1572,7 @@ namespace MonoTests.System.Security.Cryptography.Xml {
}
[Test]
public void ComputeSignature_WhenSignatureMethodIsNotSpecifiedAndRsaSigningKeyIsUsed_UsesRsaSha1Algorithm ()
public void ComputeSignature_WhenSignatureMethodIsNotSpecifiedAndRsaSigningKeyIsUsed_UsesRsaSha256Algorithm ()
{
var unsignedXml = new XmlDocument ();
unsignedXml.LoadXml ("<test />");
@@ -1651,7 +1595,7 @@ namespace MonoTests.System.Security.Cryptography.Xml {
string.Format ("/{0}:SignedInfo/{0}:SignatureMethod", XmlDsigNamespacePrefix),
namespaceManager);
Assert.That (signatureMethodElement.Attributes["Algorithm"].Value, Is.EqualTo (SignedXml.XmlDsigRSASHA1Url));
Assert.That (signatureMethodElement.Attributes["Algorithm"].Value, Is.EqualTo (SignedXml.XmlDsigRSASHA256Url));
}
[Test]

9
mcs/class/System.Security/common_System.Security.dll.sources
View File

@@ -1,12 +1,18 @@
Assembly/AssemblyInfo.cs
corefx/SR.cs
../../build/common/Consts.cs
../../build/common/Locale.cs
../../build/common/MonoTODOAttribute.cs
# System.Security.Cryptography
System.Security.Cryptography/CryptographicAttribute.cs
System.Security.Cryptography/CryptographicAttributeCollection.cs
System.Security.Cryptography/CryptographicAttributeEnumerator.cs
System.Security.Cryptography/DataProtectionScope.cs
System.Security.Cryptography/ProtectedData.cs
# System.Security.Cryptography.Pkcs
System.Security.Cryptography.Pkcs/AlgorithmIdentifier.cs
System.Security.Cryptography.Pkcs/CmsRecipient.cs
System.Security.Cryptography.Pkcs/CmsRecipientCollection.cs
@@ -30,5 +36,6 @@ System.Security.Cryptography.Pkcs/SubjectIdentifier.cs
System.Security.Cryptography.Pkcs/SubjectIdentifierOrKey.cs
System.Security.Cryptography.Pkcs/SubjectIdentifierOrKeyType.cs
System.Security.Cryptography.Pkcs/SubjectIdentifierType.cs
System.Security.Cryptography.Xml/X509IssuerSerial.cs
# System.Security.Cryptography.Xml
../../../external/corefx/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/X509IssuerSerial.cs