teamktown/testValidationFault.ps1

## testValidationFault.ps1
function Update-SHA256AlgXmlDSigSupport
{

try
{

Add-Type @'
        public class RSAPKCS1SHA256SignatureDescription : System.Security.Cryptography.SignatureDescription
            {
                public RSAPKCS1SHA256SignatureDescription()
                {
                    base.KeyAlgorithm = "System.Security.Cryptography.RSACryptoServiceProvider";
                    base.DigestAlgorithm = "System.Security.Cryptography.SHA256Managed";
                    base.FormatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
                    base.DeformatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
                }

                public override System.Security.Cryptography.AsymmetricSignatureDeformatter CreateDeformatter(System.Security.Cryptography.AsymmetricAlgorithm key)
                {
                    System.Security.Cryptography.AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = (System.Security.Cryptography.AsymmetricSignatureDeformatter)
                        System.Security.Cryptography.CryptoConfig.CreateFromName(base.DeformatterAlgorithm);
                    asymmetricSignatureDeformatter.SetKey(key);
                    asymmetricSignatureDeformatter.SetHashAlgorithm("SHA256");
                    return asymmetricSignatureDeformatter;
                }
            }
'@
    $RSAPKCS1SHA256SignatureDescription = New-Object RSAPKCS1SHA256SignatureDescription
    [System.Security.Cryptography.CryptoConfig]::AddAlgorithm($RSAPKCS1SHA256SignatureDescription.GetType(), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")

}
catch{
Write-Host "Problem adding SHA256 as valid digital signature algorithm to System.Security.Cryptography.CryptoConfig." -MajorFault
}

}

function Verify-MetadataSignature {
param (
    [xml]$xmlMetadata
)
# check metadata signature
        # from http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.aspx
        Add-Type -AssemblyName System.Security

        $signatureNode = $xmlMetadata.EntitiesDescriptor.Signature
        $signedXml = New-Object System.Security.Cryptography.Xml.SignedXml($xmlMetadata)
        $signedXml.LoadXml($signatureNode)
        return $signedXml.CheckSignature()
}


    function testValidationFault
{

    param (
        [string]$LocalMetadataFile
    )


    process
    {


    try {

            Write-Host "Beginning run with  file we fetched and saved to disk"
            Update-SHA256AlgXmlDSigSupport
            $MetadataXML = new-object Xml.XmlDocument
            #
                        $MetadataXML.PreserveWhitespace = $true
                        $MetadataXML.Load($xmlMetadata)

            if (Verify-MetadataSignature $MetadataXML)
            {
                Write-Host "Successfully verified metadata signature!"
            }
            else
            {
                Write-Host "Metadata signature test did not pass. Aborting!"
            }


        }
        Catch
        {
            Throw $_
        }

    }

    }
	function Update-SHA256AlgXmlDSigSupport
	{

	try
	{

	Add-Type @'
	public class RSAPKCS1SHA256SignatureDescription : System.Security.Cryptography.SignatureDescription
	{
	public RSAPKCS1SHA256SignatureDescription()
	{
	base.KeyAlgorithm = "System.Security.Cryptography.RSACryptoServiceProvider";
	base.DigestAlgorithm = "System.Security.Cryptography.SHA256Managed";
	base.FormatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
	base.DeformatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
	}

	public override System.Security.Cryptography.AsymmetricSignatureDeformatter CreateDeformatter(System.Security.Cryptography.AsymmetricAlgorithm key)
	{
	System.Security.Cryptography.AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = (System.Security.Cryptography.AsymmetricSignatureDeformatter)
	System.Security.Cryptography.CryptoConfig.CreateFromName(base.DeformatterAlgorithm);
	asymmetricSignatureDeformatter.SetKey(key);
	asymmetricSignatureDeformatter.SetHashAlgorithm("SHA256");
	return asymmetricSignatureDeformatter;
	}
	}
	'@
	$RSAPKCS1SHA256SignatureDescription = New-Object RSAPKCS1SHA256SignatureDescription
	[System.Security.Cryptography.CryptoConfig]::AddAlgorithm($RSAPKCS1SHA256SignatureDescription.GetType(), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")

	}
	catch{
	Write-Host "Problem adding SHA256 as valid digital signature algorithm to System.Security.Cryptography.CryptoConfig." -MajorFault
	}

	}

	function Verify-MetadataSignature {
	param (
	[xml]$xmlMetadata
	)
	# check metadata signature
	# from http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.aspx
	Add-Type -AssemblyName System.Security

	$signatureNode = $xmlMetadata.EntitiesDescriptor.Signature
	$signedXml = New-Object System.Security.Cryptography.Xml.SignedXml($xmlMetadata)
	$signedXml.LoadXml($signatureNode)
	return $signedXml.CheckSignature()
	}



	function testValidationFault
	{

	param (
	[string]$LocalMetadataFile
	)


	process
	{


	try {

	Write-Host "Beginning run with file we fetched and saved to disk"
	Update-SHA256AlgXmlDSigSupport
	$MetadataXML = new-object Xml.XmlDocument
	#
	$MetadataXML.PreserveWhitespace = $true
	$MetadataXML.Load($xmlMetadata)

	if (Verify-MetadataSignature $MetadataXML)
	{
	Write-Host "Successfully verified metadata signature!"
	}
	else
	{
	Write-Host "Metadata signature test did not pass. Aborting!"
	}


	}
	Catch
	{
	Throw $_
	}

	}

	}