Verifying XML Signature in Powershell with PEM Certificate -


i trying create powershell script consume data in xml document. however, prior doing work need verify xml hasn't been tampered verifying signature.

i have copy of public key cert used sign xml in pem format, can not figure out how powershell use cert.

the closes have come getting work following code...

$path = "data.xml" $xmldata = new-object xml.xmldocument $xmldata.preservewhitespace = $true $xmldata.load($path)  add-type -assemblyname system.security $signedxml = new-object system.security.cryptography.xml.signedxml -argumentlist $xmldata  $xmlnodelist = $xmldata.entitiesdescriptor.signature  $xmlnodelist  $signedxml.loadxml($xmlnodelist)  $certpath = "cert.pem" $check = $signedxml.checksignature($certpath, $true) 

however, when runs following exception...

exception calling "checksignature" "2" argument(s): "signaturedescription not created signature algorithm supplied." @ line:34 char:1 + $check = $signedxml.checksignature($certpath, $true) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + categoryinfo : notspecified: (:) [], methodinvocationexception + fullyqualifiederrorid : cryptographicexception

any appreciated. thanks!

after intense additional searching found out signedxml not support http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 algorithm , had added hand. had add follow code before creating signedxml object...

add-type @'         public class rsapkcs1sha256signaturedescription : system.security.cryptography.signaturedescription             {                 public rsapkcs1sha256signaturedescription()                 {                     base.keyalgorithm = "system.security.cryptography.rsacryptoserviceprovider";                     base.digestalgorithm = "system.security.cryptography.sha256managed";                     base.formatteralgorithm = "system.security.cryptography.rsapkcs1signatureformatter";                     base.deformatteralgorithm = "system.security.cryptography.rsapkcs1signaturedeformatter";                 }                  public override system.security.cryptography.asymmetricsignaturedeformatter createdeformatter(system.security.cryptography.asymmetricalgorithm key)                 {                     system.security.cryptography.asymmetricsignaturedeformatter asymmetricsignaturedeformatter = (system.security.cryptography.asymmetricsignaturedeformatter)                         system.security.cryptography.cryptoconfig.createfromname(base.deformatteralgorithm);                     asymmetricsignaturedeformatter.setkey(key);                     asymmetricsignaturedeformatter.sethashalgorithm("sha256");                     return asymmetricsignaturedeformatter;                 }             } '@     $rsapkcs1sha256signaturedescription = new-object rsapkcs1sha256signaturedescription     [system.security.cryptography.cryptoconfig]::addalgorithm($rsapkcs1sha256signaturedescription.gettype(), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") 

this solution adapted c# example of same issue found @ http://geekswithblogs.net/mkoerner/archive/2013/07/12/saml2-federationmetadata-validation.aspx.


Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -