public static void AppendSignatureToXMLDocument(this XmlDocument xmlDoc, String referenceURI, X509Certificate2 certificate)
{
var sig = new PrefixedSignedXML(xmlDoc)
{
SigningKey = certificate.PrivateKey
};
var key = new RSACryptoServiceProvider();
// Add the key to the SignedXml xmlDocument.
sig.SigningKey = key;
// Create a reference to be signed.
var reference = new Reference {
Uri = "#" + referenceURI
};
// Add an enveloped transformation to the reference.
var env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
sig.AddReference(reference);
var path = Path.Combine(new DirectoryInfo(HttpContext.Current.Server.MapPath(@"~\")).Parent.FullName, "sign.crt");
var cert = X509Certificate2.CreateFromCertFile(path);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(cert));
sig.KeyInfo = keyInfo;
// Compute the signature.
sig.ComputeSignature();
var signature = sig.GetXml("ds");
var manager = new XmlNamespaceManager(xmlDoc.NameTable);
manager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
manager.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
manager.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
var node = xmlDoc.SelectSingleNode("/samlp:Response/saml:Assertion", manager);
//var manager = new XmlNamespaceManager(xmlDoc.NameTable);
//manager.AddNamespace("saml", SignedXml.XmlDsigNamespaceUrl);
//var xmlResponse = xmlDoc.SelectSingleNode("saml:Assertion", manager);
node.AppendChild(signature);
}
public static void AppendSignatureToXMLDocument(XmlDocument xmlDoc, String referenceURI, X509Certificate2 certificate)
{
xmlDoc.PreserveWhitespace = true;
var sig = new PrefixedSignedXML(xmlDoc)
{
SigningKey = certificate.PrivateKey
};
var key = new RSACryptoServiceProvider();
// Add the key to the SignedXml xmlDocument.
sig.SigningKey = key;
// Create a reference to be signed.
var reference = new Reference {
Uri = ""
};
// Add an enveloped transformation to the reference.
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
sig.AddReference(reference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certificate));
sig.KeyInfo = keyInfo;
// Compute the signature.
sig.ComputeSignature();
var signature = sig.GetXml("ds");
var manager = new XmlNamespaceManager(xmlDoc.NameTable);
manager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
manager.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
manager.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(signature, true));
//var node = xmlDoc.SelectSingleNode("/samlp:Response/saml:Assertion", manager);
////var manager = new XmlNamespaceManager(xmlDoc.NameTable);
////manager.AddNamespace("saml", SignedXml.XmlDsigNamespaceUrl);
////var xmlResponse = xmlDoc.SelectSingleNode("saml:Assertion", manager);
//node.AppendChild(signature);
}
public static void SignXml(XmlDocument xmlDoc, X509Certificate2 x509, string uri)
{
if (xmlDoc == null)
{
throw new ArgumentException("xmlDoc");
}
if (x509 == null)
{
throw new ArgumentException("x509");
}
PrefixedSignedXML signedXml = new PrefixedSignedXML(xmlDoc);
signedXml.SigningKey = x509.GetRSAPrivateKey();
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url;
Reference reference = new Reference();
reference.Uri = "#" + uri;
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
signedXml.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(x509));
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature("dsig");
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
