private void AddSignedSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters ) { XmlDocument xmlDocument; Cert cert; SystemX509.X509Certificate2 x509Cert; x509Cert = DotNetUtilities.ToX509Certificate2(parameters.SigningCertificate); xmlDocument = new XmlDocument(); cert = new Cert(); cert.IssuerSerial.X509IssuerName = x509Cert.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber; cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; cert.CertDigest.DigestValue = x509Cert.GetCertHash(); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); signedSignatureProperties.SigningTime = parameters.SigningDate; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; DataObjectFormat newDataObjectFormat = new DataObjectFormat(); //TODO jbonilla - Replace Description with text parameter newDataObjectFormat.Description = "Generado con 'intisign'"; newDataObjectFormat.MimeType = "text/xml"; newDataObjectFormat.ObjectReferenceAttribute = "#xml_ref_id"; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); }
/** * Generic validate function. Validates known types of xml signature. * @param fileName name of the signature file to be validated */ public static void validate(String fileName) { Context context = new Context(Conn.ROOT_DIR + "efatura\\config\\"); // add external resolver to resolve policies context.addExternalResolver(getPolicyResolver()); XMLSignature signature = XMLSignature.parse( new FileDocument(new FileInfo(fileName)), context); ECertificate cert = signature.SigningCertificate; ValidationSystem vs; if (cert.isMaliMuhurCertificate()) { ValidationPolicy policy = new ValidationPolicy(); String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy-malimuhur.xml"; policy = PolicyReader.readValidationPolicy(policyPath); vs = CertificateValidation.createValidationSystem(policy); context.setCertValidationSystem(vs); } else { ValidationPolicy policy = new ValidationPolicy(); String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy.xml"; policy = PolicyReader.readValidationPolicy(policyPath); vs = CertificateValidation.createValidationSystem(policy); context.setCertValidationSystem(vs); } // no params, use the certificate in key info ValidationResult result = signature.verify(); String sonuc = result.toXml(); Console.WriteLine(result.toXml()); // Assert.True(result.Type == ValidationResultType.VALID,"Cant verify " + fileName); UnsignedSignatureProperties usp = signature.QualifyingProperties.UnsignedSignatureProperties; if (usp != null) { IList <XMLSignature> counterSignatures = usp.AllCounterSignatures; foreach (XMLSignature counterSignature in counterSignatures) { ValidationResult counterResult = signature.verify(); Console.WriteLine(counterResult.toXml()); //Assert.True(counterResult.Type == ValidationResultType.VALID, // "Cant verify counter signature" + fileName + " : "+counterSignature.Id); } } }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = sigDocument.Document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now; if (!string.IsNullOrEmpty(_mimeType)) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = _mimeType; newDataObjectFormat.Encoding = _encoding; newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } }
private void AddSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, string mimeType, X509Certificate2 certificado) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = certificado.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(certificado.SerialNumber); DigestUtil.SetCertDigest(_signCertificate.GetRawCertData(), _refsMethodUri, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (!string.IsNullOrEmpty(_policyId)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = _policyId; } if (!string.IsNullOrEmpty(_policyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = _document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = _policyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(_policyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(PolicyHash); } signedSignatureProperties.SigningTime = DateTime.Now; if (!string.IsNullOrEmpty(mimeType)) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = mimeType; newDataObjectFormat.ObjectReferenceAttribute = "#" + _objectReference; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } }
/** * Validate function for parallel signatures * @param fileName name of the signature file to be validated */ public static void validateParallel(String fileName) { Context context = new Context(Conn.ROOT_DIR + "efatura\\config\\"); // add external resolver to resolve policies context.addExternalResolver(getPolicyResolver()); List <XMLSignature> xmlSignatures = new List <XMLSignature>(); // get signature as signed document in order to be able to validate parallel ones SignedDocument sd = new SignedDocument(new FileDocument(new FileInfo(fileName)), context); xmlSignatures.AddRange(sd.getRootSignatures()); foreach (var xmlSignature in xmlSignatures) { // no params, use the certificate in key info ValidationResult result = xmlSignature.verify(); Console.WriteLine(result.toXml()); Assert.True(result.getType() == ValidationResultType.VALID, "Cant verify " + fileName); UnsignedSignatureProperties usp = xmlSignature.QualifyingProperties.UnsignedSignatureProperties; if (usp != null) { IList <XMLSignature> counterSignatures = usp.AllCounterSignatures; foreach (XMLSignature counterSignature in counterSignatures) { ValidationResult counterResult = xmlSignature.verify(); Console.WriteLine(counterResult.toXml()); Assert.True(counterResult.getType() == ValidationResultType.VALID, "Cant verify counter signature" + fileName + " : " + counterSignature.Id); } } } }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = sigDocument.Document.CreateElement(XadesSignedXml.XmlXadesPrefix, "SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now; if (_dataFormat != null) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = _dataFormat.MimeType; newDataObjectFormat.Encoding = _dataFormat.Encoding; newDataObjectFormat.Description = _dataFormat.Description; newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id; if (_dataFormat.ObjectIdentifier != null) { newDataObjectFormat.ObjectIdentifier.Identifier.IdentifierUri = _dataFormat.ObjectIdentifier.Identifier.IdentifierUri; } signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } if (parameters.SignerRole != null && (parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0)) { signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole(); foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles) { signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole() { PkiData = certifiedRole.GetRawCertData() }); } foreach (string claimedRole in parameters.SignerRole.ClaimedRoles) { signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole() { InnerText = claimedRole }); } } foreach (SignatureCommitment signatureCommitment in parameters.SignatureCommitments) { CommitmentTypeIndication cti = new CommitmentTypeIndication(); cti.CommitmentTypeId.Identifier.IdentifierUri = signatureCommitment.CommitmentType.URI; cti.AllSignedDataObjects = true; foreach (XmlElement signatureCommitmentQualifier in signatureCommitment.CommitmentTypeQualifiers) { CommitmentTypeQualifier ctq = new CommitmentTypeQualifier(); ctq.AnyXmlElement = signatureCommitmentQualifier; cti.CommitmentTypeQualifiers.CommitmentTypeQualifierCollection.Add(ctq); } signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(cti); } if (parameters.SignatureProductionPlace != null) { signedSignatureProperties.SignatureProductionPlace.City = parameters.SignatureProductionPlace.City; signedSignatureProperties.SignatureProductionPlace.StateOrProvince = parameters.SignatureProductionPlace.StateOrProvince; signedSignatureProperties.SignatureProductionPlace.PostalCode = parameters.SignatureProductionPlace.PostalCode; signedSignatureProperties.SignatureProductionPlace.CountryName = parameters.SignatureProductionPlace.CountryName; } }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { var certificateIssuerName = !string.IsNullOrEmpty(parameters.CertificateIssuerName) ? parameters.CertificateIssuerName : createValidIssuerName(parameters.Signer.Certificate); Cert cert = new Cert(); cert.IssuerSerial.X509IssuerName = certificateIssuerName; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyDescription)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Description = parameters.SignaturePolicyInfo.PolicyDescription; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier sigPolicyQualifier = new SigPolicyQualifier(); sigPolicyQualifier.AnyXmlElement = sigDocument.Document.CreateElement("SPURI", "http://uri.etsi.org/01903/v1.3.2#"); sigPolicyQualifier.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(sigPolicyQualifier); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = (parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now); if (parameters.SignerRole != null && (parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0)) { signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole(); foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles) { signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole { PkiData = certifiedRole.GetRawCertData() }); } foreach (string claimedRole in parameters.SignerRole.ClaimedRoles) { signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole { InnerText = claimedRole }); } } }