/// <summary>
/// Inserta un contenido XML para generar una firma enveloping.
/// </summary>
/// <param name="xmlDocument"></param>
public void SetContentEveloping(XmlDocument xmlDocument)
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml();
XmlDocument doc = (XmlDocument)xmlDocument.Clone();
doc.PreserveWhitespace = true;
if (doc.ChildNodes[0].NodeType == XmlNodeType.XmlDeclaration)
{
doc.RemoveChild(doc.ChildNodes[0]);
}
//Add an object
string dataObjectId = "DataObject-" + Guid.NewGuid().ToString();
System.Security.Cryptography.Xml.DataObject dataObject = new System.Security.Cryptography.Xml.DataObject();
dataObject.Data = doc.ChildNodes;
dataObject.Id = dataObjectId;
_xadesSignedXml.AddObject(dataObject);
reference.Id = "Reference-" + Guid.NewGuid().ToString();
reference.Uri = "#" + dataObjectId;
reference.Type = SignedXml.XmlDsigNamespaceUrl + "Object";
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
reference.AddTransform(transform);
_objectReference = reference.Id;
_mimeType = "text/xml";
_xadesSignedXml.AddReference(reference);
_document = null;
}
public static string Sign(string xml, X509Certificate2 x509)
{
// Wczytaj.
XmlDocument doc = new XmlDocument
{
PreserveWhitespace = true
};
doc.LoadXml(xml);
// SignedXml object
XadesSignedXml signedXml = new XadesSignedXml(doc);
signedXml.Signature.Id = "ID-1234";
signedXml.SigningKey = x509.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
// dodaj referencję na dokument
Reference reference = new Reference("#Dokument");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
// dodaj KeyInfo
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(x509)); // ??? WholeChain ???
signedXml.KeyInfo = keyInfo;
//
XadesObject xo = new XadesObject();
{
Cert cert = new Cert();
cert.IssuerSerial.X509IssuerName = x509.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = x509.SerialNumber;
{
SHA1 cryptoServiceProvider = new SHA1CryptoServiceProvider();
cert.CertDigest.DigestValue = cryptoServiceProvider.ComputeHash(x509.RawData);
cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
}
xo.QualifyingProperties.Target = "#" + signedXml.Signature.Id;
xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Now;
xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true;
xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
DataObjectFormat dof = new DataObjectFormat
{
ObjectReferenceAttribute = "#Dokument",
Description = "Dokument w formacie xml [XML]",
Encoding = SignedXml.XmlDsigBase64TransformUrl, // ...xmldsig/#base64
MimeType = "text/plain"
};
xo.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Add(dof);
}
signedXml.AddXadesObject(xo);
//// W dokumentacji 2.9.9.a, Id dla <ds:Object> ma mieć wartość "Dokument", ale nie ma tego w przykładach
var data = new DataObject("Dokument", "text/xml", "", doc.DocumentElement);
signedXml.AddObject(data);
// Podpisz
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
return(xmlDigitalSignature.OuterXml);
}
private static void AddXAdESProperties(XmlDocument document, XadesSignedXml xadesSignedXml, X509Certificate2 signingCertificate)
{
var parametersSignature = new Reference
{
Uri = $"#{SignaturePropertiesId}",
Type = XadesSignedXml.XmlDsigSignatureProperties,
};
xadesSignedXml.AddReference(parametersSignature);
// <Object>
var objectNode = document.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl);
// <Object><QualifyingProperties>
var qualifyingPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "QualifyingProperties", XadesSignedXml.XadesNamespaceUrl);
qualifyingPropertiesNode.SetAttribute("Target", $"#{SignatureId}");
objectNode.AppendChild(qualifyingPropertiesNode);
// <Object><QualifyingProperties><SignedProperties>
var signedPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedProperties", XadesSignedXml.XadesNamespaceUrl);
signedPropertiesNode.SetAttribute("Id", SignaturePropertiesId);
qualifyingPropertiesNode.AppendChild(signedPropertiesNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties>
var signedSignaturePropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedSignatureProperties", XadesSignedXml.XadesNamespaceUrl);
signedPropertiesNode.AppendChild(signedSignaturePropertiesNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> </SigningTime>
var signingTime = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningTime", XadesSignedXml.XadesNamespaceUrl);
signingTime.InnerText = $"{DateTime.UtcNow.ToString("s")}Z";
signedSignaturePropertiesNode.AppendChild(signingTime);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate>
var signingCertificateNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningCertificate", XadesSignedXml.XadesNamespaceUrl);
signedSignaturePropertiesNode.AppendChild(signingCertificateNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert>
var certNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Cert", XadesSignedXml.XadesNamespaceUrl);
signingCertificateNode.AppendChild(certNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest>
var certDigestNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CertDigest", XadesSignedXml.XadesNamespaceUrl);
certNode.AppendChild(certDigestNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod>
var digestMethod = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl);
var digestMethodAlgorithmAtribute = document.CreateAttribute("Algorithm");
digestMethodAlgorithmAtribute.InnerText = SignedXml.XmlDsigSHA1Url;
digestMethod.Attributes.Append(digestMethodAlgorithmAtribute);
certDigestNode.AppendChild(digestMethod);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod>
var digestValue = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl);
digestValue.InnerText = Convert.ToBase64String(signingCertificate.GetCertHash());
certDigestNode.AppendChild(digestValue);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial>
var issuerSerialNode = document.CreateElement(XadesSignedXml.XadesPrefix, "IssuerSerial", XadesSignedXml.XadesNamespaceUrl);
certNode.AppendChild(issuerSerialNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509IssuerName>
var x509IssuerName = document.CreateElement("X509IssuerName", SignedXml.XmlDsigNamespaceUrl);
x509IssuerName.InnerText = signingCertificate.Issuer;
issuerSerialNode.AppendChild(x509IssuerName);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509SerialNumber>
var x509SerialNumber = document.CreateElement("X509SerialNumber", SignedXml.XmlDsigNamespaceUrl);
x509SerialNumber.InnerText = ToDecimalString(signingCertificate.SerialNumber);
issuerSerialNode.AppendChild(x509SerialNumber);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties>
var signedDataObjectPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedDataObjectProperties", XadesSignedXml.XadesNamespaceUrl);
signedPropertiesNode.AppendChild(signedDataObjectPropertiesNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication>
var commitmentTypeIndicationNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeIndication", XadesSignedXml.XadesNamespaceUrl);
signedDataObjectPropertiesNode.AppendChild(commitmentTypeIndicationNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId>
var commitmentTypeIdNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeId", XadesSignedXml.XadesNamespaceUrl);
commitmentTypeIndicationNode.AppendChild(commitmentTypeIdNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId><Identifier>
var identifierNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Identifier", XadesSignedXml.XadesNamespaceUrl);
identifierNode.InnerText = XadesSignedXml.XadesProofOfApproval;
commitmentTypeIdNode.AppendChild(identifierNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><AllSignedDataObjects>
var allSignedDataObjectsNode = document.CreateElement(XadesSignedXml.XadesPrefix, "AllSignedDataObjects", XadesSignedXml.XadesNamespaceUrl);
commitmentTypeIndicationNode.AppendChild(allSignedDataObjectsNode);
var dataObject = new DataObject();
dataObject.Data = qualifyingPropertiesNode.SelectNodes(".");
xadesSignedXml.AddObject(dataObject);
}