Beispiel #1
0
        private byte[] CalculateHash(Reference reference, UriResolverDelegate resolver)
        {
            if (reference.Uri == null || reference.Uri.Length == 0 || reference.Uri[0] == '#')
            {
                return((byte[])_calculateHashValue.Invoke(reference, new object[] { _document, null }));
            }

            try
            {
                Stream stream;
                if (resolver != null)
                {
                    stream = resolver(Uri.UnescapeDataString(reference.Uri));
                }
                else
                {
                    using (WebClient wc = new WebClient())
                        stream = wc.OpenRead(reference.Uri);
                }
                return(XadesUtils.CalculateHash(stream, reference.TransformChain, reference.DigestMethod));
            }
            catch (Exception)
            {
                return(new byte[0]);
            }
        }
 /// <summary>
 /// Check signature policy hash
 /// </summary>
 /// <param name="stream"></param>
 /// <returns></returns>`
 public bool CheckPolicyHash(Stream stream)
 {
     byte[] digest = XadesUtils.CalculateHash(stream, PolicyTransformChain, PolicyDigestMethod);
     return(digest.SequenceEqual(PolicyDigest));
 }
        /// <summary>
        /// Create <SignedSignatureProperties>
        /// </summary>
        /// <param name="document"></param>
        /// <returns></returns>
        internal XmlElement CreateXadesSignatureProperties(XmlDocument document, X509Certificate2 certificate, SignatureType xadesVersion)
        {
            XmlElement signatureProperties = document.CreateElement("SignedSignatureProperties", Xades.XadesNamespaceUrl);

            // signing time; required for 1.1.1
            if (SigningTime.HasValue || xadesVersion < SignatureType.Xades132)
            {
                signatureProperties.CreateChild("SigningTime", Xades.XadesNamespaceUrl, (SigningTime ?? DateTime.Now).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ"));
            }
            // signing certificate; can be omitted >= 1.3.2
            if (IncludeSigningCertificate || xadesVersion < SignatureType.Xades132)
            {
                XmlElement signingCertificate = signatureProperties.CreateChild("SigningCertificate", Xades.XadesNamespaceUrl);
                XmlElement signingCert        = signingCertificate.CreateChild("Cert", Xades.XadesNamespaceUrl);
                // certificate digest
                HashAlgorithm hashAlg = CryptoConfig.CreateFromName(CertificateDigest) as HashAlgorithm;
                if (hashAlg == null)
                {
                    throw new CryptographicException("Invalid digest method");
                }
                DigestAlgAndValue certDigest = new DigestAlgAndValue()
                {
                    Algorithm = CertificateDigest, Digest = hashAlg.ComputeHash(certificate.RawData)
                };
                signingCert.AppendChild(certDigest.CreateXml(signingCert, "CertDigest", Xades.XadesNamespaceUrl));
                // certificate issuer
                XmlElement issuerSerial = signingCert.CreateChild("IssuerSerial", Xades.XadesNamespaceUrl);
                issuerSerial.CreateChild("X509IssuerName", SignedXml.XmlDsigNamespaceUrl, certificate.Issuer);
                issuerSerial.CreateChild("X509SerialNumber", SignedXml.XmlDsigNamespaceUrl, XadesUtils.ToDecimal(XadesUtils.HexToBytes(certificate.SerialNumber)));
            }
            // signature policy; can be omitted >= 1.3.2
            XmlElement sigPolicyId = PolicyId?.GetObjectIdentifier(document, "SigPolicyId", Xades.XadesNamespaceUrl);

            if (PolicyImplied || xadesVersion < SignatureType.Xades132 || sigPolicyId != null)
            {
                XmlElement signaturePolicyIdentifier = signatureProperties.CreateChild("SignaturePolicyIdentifier", Xades.XadesNamespaceUrl);
                // policy implied if specified (or policyid not specified)
                if (PolicyImplied || sigPolicyId == null)
                {
                    signaturePolicyIdentifier.CreateChild("SignaturePolicyImplied", Xades.XadesNamespaceUrl);
                }
                else if (sigPolicyId != null)
                {
                    XmlElement signaturePolicyId = signaturePolicyIdentifier.CreateChild("SignaturePolicyId", Xades.XadesNamespaceUrl);
                    signaturePolicyId.AppendChild(sigPolicyId);

                    if (PolicyTransformChain != null && PolicyTransformChain.Count > 0)
                    {
                        MethodInfo getXmlInfo = typeof(TransformChain).GetMethod("GetXml", BindingFlags.NonPublic | BindingFlags.Instance);
                        signaturePolicyId.AppendChild((XmlElement)getXmlInfo.Invoke(PolicyTransformChain, new object[] { document, SignedXml.XmlDsigNamespaceUrl }));
                    }

                    if (PolicyDigest == null)
                    {
                        CalculatePolicyHash(PolicyURIs.FirstOrDefault() ?? PolicyId.Identifier);
                    }

                    DigestAlgAndValue policyHash = new DigestAlgAndValue()
                    {
                        Algorithm = PolicyDigestMethod, Digest = PolicyDigest
                    };
                    policyHash.CreateXml(signaturePolicyId, "SigPolicyHash", Xades.XadesNamespaceUrl);

                    XmlElement sigPolicyQualifiers = document.CreateElement("SigPolicyQualifiers", Xades.XadesNamespaceUrl);
                    if (PolicyURIs != null && PolicyURIs.Count > 0)
                    {
                        foreach (string uri in PolicyURIs)
                        {
                            sigPolicyQualifiers.CreateChild("SigPolicyQualifier", Xades.XadesNamespaceUrl).CreateChild("SPURI", Xades.XadesNamespaceUrl, uri);
                        }
                    }
                    if (PolicyNotices != null && PolicyNotices.Count > 0)
                    {
                        foreach (PolicyUserNotice notice in PolicyNotices)
                        {
                            notice.CreateXml(sigPolicyQualifiers.CreateChild("SigPolicyQualifier", Xades.XadesNamespaceUrl));
                        }
                    }
                    if (sigPolicyQualifiers.ChildNodes.Count > 0)
                    {
                        signaturePolicyId.AppendChild(sigPolicyQualifiers);
                    }
                }
            }
            return(signatureProperties);
        }
 /// <summary>
 /// Update hash value from stream
 /// </summary>
 /// <param name="stream"></param>
 public void CalculatePolicyHash(Stream stream)
 {
     PolicyDigest = XadesUtils.CalculateHash(stream, PolicyTransformChain, PolicyDigestMethod);
 }