private void AddSignedSignatureProperties(SignedSignatureProperties signedSignatureProperties,
SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties,
SignatureParameters parameters
)
{
XmlDocument xmlDocument;
Cert cert;
SystemX509.X509Certificate2 x509Cert;
x509Cert = DotNetUtilities.ToX509Certificate2(parameters.SigningCertificate);
xmlDocument = new XmlDocument();
cert = new Cert();
cert.IssuerSerial.X509IssuerName = x509Cert.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber;
cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
cert.CertDigest.DigestValue = x509Cert.GetCertHash();
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
signedSignatureProperties.SigningTime = parameters.SigningDate;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true;
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
//TODO jbonilla - Replace Description with text parameter
newDataObjectFormat.Description = "Generado con 'intisign'";
newDataObjectFormat.MimeType = "text/xml";
newDataObjectFormat.ObjectReferenceAttribute = "#xml_ref_id";
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
/**
* Generic validate function. Validates known types of xml signature.
* @param fileName name of the signature file to be validated
*/
public static void validate(String fileName)
{
Context context = new Context(Conn.ROOT_DIR + "efatura\\config\\");
// add external resolver to resolve policies
context.addExternalResolver(getPolicyResolver());
XMLSignature signature = XMLSignature.parse(
new FileDocument(new FileInfo(fileName)),
context);
ECertificate cert = signature.SigningCertificate;
ValidationSystem vs;
if (cert.isMaliMuhurCertificate())
{
ValidationPolicy policy = new ValidationPolicy();
String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy-malimuhur.xml";
policy = PolicyReader.readValidationPolicy(policyPath);
vs = CertificateValidation.createValidationSystem(policy);
context.setCertValidationSystem(vs);
}
else
{
ValidationPolicy policy = new ValidationPolicy();
String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy.xml";
policy = PolicyReader.readValidationPolicy(policyPath);
vs = CertificateValidation.createValidationSystem(policy);
context.setCertValidationSystem(vs);
}
// no params, use the certificate in key info
ValidationResult result = signature.verify();
String sonuc = result.toXml();
Console.WriteLine(result.toXml());
// Assert.True(result.Type == ValidationResultType.VALID,"Cant verify " + fileName);
UnsignedSignatureProperties usp = signature.QualifyingProperties.UnsignedSignatureProperties;
if (usp != null)
{
IList <XMLSignature> counterSignatures = usp.AllCounterSignatures;
foreach (XMLSignature counterSignature in counterSignatures)
{
ValidationResult counterResult = signature.verify();
Console.WriteLine(counterResult.toXml());
//Assert.True(counterResult.Type == ValidationResultType.VALID,
// "Cant verify counter signature" + fileName + " : "+counterSignature.Id);
}
}
}
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters)
{
Cert cert;
cert = new Cert();
cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString();
DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest);
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
if (parameters.SignaturePolicyInfo != null)
{
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier;
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri))
{
SigPolicyQualifier spq = new SigPolicyQualifier();
spq.AnyXmlElement = sigDocument.Document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri);
spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq);
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash);
}
}
signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now;
if (!string.IsNullOrEmpty(_mimeType))
{
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
newDataObjectFormat.MimeType = _mimeType;
newDataObjectFormat.Encoding = _encoding;
newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id;
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
}
private void AddSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties, string mimeType, X509Certificate2 certificado)
{
Cert cert;
cert = new Cert();
cert.IssuerSerial.X509IssuerName = certificado.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(certificado.SerialNumber);
DigestUtil.SetCertDigest(_signCertificate.GetRawCertData(), _refsMethodUri, cert.CertDigest);
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
if (!string.IsNullOrEmpty(_policyId))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = _policyId;
}
if (!string.IsNullOrEmpty(_policyUri))
{
SigPolicyQualifier spq = new SigPolicyQualifier();
spq.AnyXmlElement = _document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri);
spq.AnyXmlElement.InnerText = _policyUri;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq);
}
if (!string.IsNullOrEmpty(_policyHash))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(PolicyHash);
}
signedSignatureProperties.SigningTime = DateTime.Now;
if (!string.IsNullOrEmpty(mimeType))
{
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
newDataObjectFormat.MimeType = mimeType;
newDataObjectFormat.ObjectReferenceAttribute = "#" + _objectReference;
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
}
/**
* Validate function for parallel signatures
* @param fileName name of the signature file to be validated
*/
public static void validateParallel(String fileName)
{
Context context = new Context(Conn.ROOT_DIR + "efatura\\config\\");
// add external resolver to resolve policies
context.addExternalResolver(getPolicyResolver());
List <XMLSignature> xmlSignatures = new List <XMLSignature>();
// get signature as signed document in order to be able to validate parallel ones
SignedDocument sd = new SignedDocument(new FileDocument(new FileInfo(fileName)), context);
xmlSignatures.AddRange(sd.getRootSignatures());
foreach (var xmlSignature in xmlSignatures)
{
// no params, use the certificate in key info
ValidationResult result = xmlSignature.verify();
Console.WriteLine(result.toXml());
Assert.True(result.getType() == ValidationResultType.VALID, "Cant verify " + fileName);
UnsignedSignatureProperties usp = xmlSignature.QualifyingProperties.UnsignedSignatureProperties;
if (usp != null)
{
IList <XMLSignature> counterSignatures = usp.AllCounterSignatures;
foreach (XMLSignature counterSignature in counterSignatures)
{
ValidationResult counterResult = xmlSignature.verify();
Console.WriteLine(counterResult.toXml());
Assert.True(counterResult.getType() == ValidationResultType.VALID,
"Cant verify counter signature" + fileName + " : " + counterSignature.Id);
}
}
}
}
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters)
{
Cert cert;
cert = new Cert();
cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString();
DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest);
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
if (parameters.SignaturePolicyInfo != null)
{
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier;
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri))
{
SigPolicyQualifier spq = new SigPolicyQualifier();
spq.AnyXmlElement = sigDocument.Document.CreateElement(XadesSignedXml.XmlXadesPrefix, "SPURI", XadesSignedXml.XadesNamespaceUri);
spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq);
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash);
}
}
signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now;
if (_dataFormat != null)
{
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
newDataObjectFormat.MimeType = _dataFormat.MimeType;
newDataObjectFormat.Encoding = _dataFormat.Encoding;
newDataObjectFormat.Description = _dataFormat.Description;
newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id;
if (_dataFormat.ObjectIdentifier != null)
{
newDataObjectFormat.ObjectIdentifier.Identifier.IdentifierUri = _dataFormat.ObjectIdentifier.Identifier.IdentifierUri;
}
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
if (parameters.SignerRole != null &&
(parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0))
{
signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole();
foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles)
{
signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole()
{
PkiData = certifiedRole.GetRawCertData()
});
}
foreach (string claimedRole in parameters.SignerRole.ClaimedRoles)
{
signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole()
{
InnerText = claimedRole
});
}
}
foreach (SignatureCommitment signatureCommitment in parameters.SignatureCommitments)
{
CommitmentTypeIndication cti = new CommitmentTypeIndication();
cti.CommitmentTypeId.Identifier.IdentifierUri = signatureCommitment.CommitmentType.URI;
cti.AllSignedDataObjects = true;
foreach (XmlElement signatureCommitmentQualifier in signatureCommitment.CommitmentTypeQualifiers)
{
CommitmentTypeQualifier ctq = new CommitmentTypeQualifier();
ctq.AnyXmlElement = signatureCommitmentQualifier;
cti.CommitmentTypeQualifiers.CommitmentTypeQualifierCollection.Add(ctq);
}
signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(cti);
}
if (parameters.SignatureProductionPlace != null)
{
signedSignatureProperties.SignatureProductionPlace.City = parameters.SignatureProductionPlace.City;
signedSignatureProperties.SignatureProductionPlace.StateOrProvince = parameters.SignatureProductionPlace.StateOrProvince;
signedSignatureProperties.SignatureProductionPlace.PostalCode = parameters.SignatureProductionPlace.PostalCode;
signedSignatureProperties.SignatureProductionPlace.CountryName = parameters.SignatureProductionPlace.CountryName;
}
}
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters)
{
var certificateIssuerName = !string.IsNullOrEmpty(parameters.CertificateIssuerName) ?
parameters.CertificateIssuerName : createValidIssuerName(parameters.Signer.Certificate);
Cert cert = new Cert();
cert.IssuerSerial.X509IssuerName = certificateIssuerName;
cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString();
DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest);
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
if (parameters.SignaturePolicyInfo != null)
{
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier;
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyDescription))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Description = parameters.SignaturePolicyInfo.PolicyDescription;
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri))
{
SigPolicyQualifier sigPolicyQualifier = new SigPolicyQualifier();
sigPolicyQualifier.AnyXmlElement = sigDocument.Document.CreateElement("SPURI", "http://uri.etsi.org/01903/v1.3.2#");
sigPolicyQualifier.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(sigPolicyQualifier);
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash);
}
}
signedSignatureProperties.SigningTime = (parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now);
if (parameters.SignerRole != null && (parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0))
{
signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole();
foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles)
{
signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole
{
PkiData = certifiedRole.GetRawCertData()
});
}
foreach (string claimedRole in parameters.SignerRole.ClaimedRoles)
{
signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole
{
InnerText = claimedRole
});
}
}
}
