public override object EncodeCMS(X509Certificate2 certificate, string xmlFilePath)
{
XmlDocument Document = new XmlDocument();
Document.PreserveWhitespace = true;
XmlTextReader XmlFile = new XmlTextReader(xmlFilePath);
Document.Load(XmlFile);
XmlFile.Close();
XmlNodeList SignaturesList = Document.GetElementsByTagName("Signature");
// Remove existing signatures, this is not a countersigning.
for (int i = 0; i < SignaturesList.Count; i++)
{
SignaturesList[i].ParentNode.RemoveChild(SignaturesList[i]);
i--;
}
SignedXml SignedXml = new SignedXml(Document);
SignedXml.SigningKey = certificate.PrivateKey;
Reference Reference = new Reference();
Reference.Uri = "";
XmlDsigEnvelopedSignatureTransform EnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
Reference.AddTransform(EnvelopedSignatureTransform);
SignedXml.AddReference(Reference);
KeyInfo Key = new KeyInfo();
Key.AddClause(new KeyInfoX509Data(certificate));
SignedXml.KeyInfo = Key;
SignedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement XmlDigitalSignature = SignedXml.GetXml();
return XmlDigitalSignature;
}
// Sign an XML file.
// This document cannot be verified unless the verifying
// code has the key with which it was signed.
public static void SignXml(XmlDocument xmlDoc, RSA Key)
{
// Check arguments.
if (xmlDoc == null)
throw new ArgumentException("xmlDoc");
if (Key == null)
throw new ArgumentException("Key");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
private static string SignXml(XmlDocument unsignedXml,
AsymmetricAlgorithm key)
{
if (unsignedXml.DocumentElement == null)
{
throw new ArgumentNullException("unsignedXml");
}
// Create a reference to be signed. Blank == Everything
var emptyReference = new Reference { Uri = "" };
// Add an enveloped transformation to the reference.
var envelope = new XmlDsigEnvelopedSignatureTransform();
emptyReference.AddTransform(envelope);
var signedXml = new SignedXml(unsignedXml) { SigningKey = key };
signedXml.AddReference(emptyReference);
signedXml.ComputeSignature();
var digitalSignature = signedXml.GetXml();
unsignedXml.DocumentElement.AppendChild(
unsignedXml.ImportNode(digitalSignature, true));
var signedXmlOut = new StringBuilder();
using (var swOut = new StringWriter(signedXmlOut))
{
unsignedXml.Save(swOut);
}
return signedXmlOut.ToString();
}
public static void Sign(this XmlDocument xmlDocument, X509Certificate2 cert)
{
if(xmlDocument == null)
{
throw new ArgumentNullException("xmlDocument");
}
if (cert == null)
{
throw new ArgumentNullException("cert");
}
var signedXml = new SignedXml(xmlDocument);
signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;
var reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signedXml.GetXml(), true));
}
/// <summary>
/// Adds a digital signature to the outgoing request message, before sending it to Acquirer.
/// </summary>
/// <param name="requestXml">
/// The unsigned request XML message.
/// </param>
/// <returns>
/// The request message, including digital signature.
/// </returns>
public string SignRequestXml(XDocument requestXml)
{
XmlDocument document = ToXmlDocument(requestXml);
RSACryptoServiceProvider key = ExtractPrivateKeyFrom(acceptantPrivateCertificate);
var signedXml = new SignedXml(document) { SigningKey = key };
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
// Add a signing reference, the uri is empty and so the whole document is signed.
var reference = new Reference { DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256" };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.Uri = "";
signedXml.AddReference(reference);
// Add the certificate as key info. Because of this, the certificate
// with the public key will be added in the signature part.
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoName(acceptantPrivateCertificate.Thumbprint));
signedXml.KeyInfo = keyInfo;
// Generate the signature.
signedXml.ComputeSignature();
XmlElement xmlSignature = signedXml.GetXml();
document.DocumentElement.AppendChild(document.ImportNode(xmlSignature, true));
// Check that outgoing signature is valid. Private certificate also contains public part.
VerifyDocumentSignature(document, acceptantPrivateCertificate);
return GetContentsFrom(document);
}
/// <summary>
/// Use an X509 certificate to append a computed signature to an XML serialized Response
/// </summary>
/// <param name="XMLSerializedSAMLResponse"></param>
/// <param name="ReferenceURI">Assertion ID from SAML Response</param>
/// <param name="SigningCert">X509 Certificate for signing</param>
/// <remarks>Referenced this article:
/// http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature
/// </remarks>
public static void AppendSignatureToXMLDocument(ref XmlDocument XMLSerializedSAMLResponse, String ReferenceURI, X509Certificate2 SigningCert)
{
XmlNamespaceManager ns = new XmlNamespaceManager(XMLSerializedSAMLResponse.NameTable);
ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
XmlElement xeAssertion = XMLSerializedSAMLResponse.DocumentElement.SelectSingleNode("saml:Assertion", ns) as XmlElement;
//SignedXml signedXML = new SignedXml(XMLSerializedSAMLResponse);
SignedXml signedXML = new SignedXml(xeAssertion);
signedXML.SigningKey = SigningCert.PrivateKey;
signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference();
reference.Uri = ReferenceURI;
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXML.AddReference(reference);
signedXML.ComputeSignature();
XmlElement signature = signedXML.GetXml();
XmlElement xeResponse = XMLSerializedSAMLResponse.DocumentElement;
xeResponse.AppendChild(signature);
}
public static string Sign(string xml, X509Certificate2 certificate)
{
if (xml == null) throw new ArgumentNullException("xml");
if (certificate == null) throw new ArgumentNullException("certificate");
if (!certificate.HasPrivateKey) throw new ArgumentException("certificate", "Certificate should have a private key");
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(xml);
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = certificate.PrivateKey;
// Attach certificate KeyInfo
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Attach transforms
var reference = new Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false));
reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false));
signedXml.AddReference(reference);
// Compute signature
signedXml.ComputeSignature();
var signatureElement = signedXml.GetXml();
// Add signature to bundle
doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true));
return doc.OuterXml;
}
public static void Sign(this XmlDocument xmlDocument, X509Certificate2 cert)
{
if (xmlDocument == null)
{
throw new ArgumentNullException("xmlDocument");
}
if (cert == null)
{
throw new ArgumentNullException("cert");
}
var signedXml = new SignedXml(xmlDocument);
// The transform XmlDsigExcC14NTransform and canonicalization method XmlDsigExcC14NTransformUrl is important for partially signed XML files
// see: http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.xmldsigexcc14ntransformurl(v=vs.110).aspx
// The reference URI has to be set correctly to avoid assertion injections
// For both, the ID/Reference and the Transform/Canonicalization see as well:
// https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf section 5.4.2 and 5.4.3
signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
var reference = new Reference { Uri = "#" + xmlDocument.DocumentElement.GetAttribute("ID") };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signedXml.GetXml(), true));
}
public XmlDocument assinaturaXmlEnviar(XmlDocument _xml)
{
XmlDocument xmlDocAss = _xml;
try
{
if (cert == null)
throw new Exception("Nao foi encontrado o certificado: " + config.configNFCe.NomeCertificadoDigital);
Reference reference = new Reference();
SignedXml docXML = new SignedXml(xmlDocAss);
docXML.SigningKey = cert.PrivateKey;
XmlAttributeCollection uri = xmlDocAss.GetElementsByTagName("infNFe").Item(0).Attributes;
foreach (XmlAttribute atributo in uri)
{
if (atributo.Name == "Id")
reference.Uri = "#" + atributo.InnerText;
}
XmlDsigEnvelopedSignatureTransform envelopedSigntature = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(envelopedSigntature);
XmlDsigC14NTransform c14Transform = new XmlDsigC14NTransform();
reference.AddTransform(c14Transform);
docXML.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(cert));
docXML.KeyInfo = keyInfo;
docXML.ComputeSignature();
XmlElement xmlDigitalSignature = docXML.GetXml();
foreach (var _nfe in xmlDocAss.GetElementsByTagName("NFe").Cast<XmlElement>())
_nfe.AppendChild(xmlDocAss.ImportNode(xmlDigitalSignature, true));
xmlDocAss.PreserveWhitespace = true;
return xmlDocAss;
}
catch (Exception e)
{
Utils.Logger.getInstance.error(e);
return null;
throw new Exception(e.ToString());
}
}
static void Main(string[] args)
{
X509Store store = new X509Store("MY", StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
var x509 = collection.Find(X509FindType.FindBySubjectName, "note-oberdan.pca.com.br", true);
X509Certificate2 cert = x509[0];
RSA rsa = (RSA)cert.PrivateKey;
XmlDocument doc = new XmlDocument();
doc.InnerXml = "<teste vl=\"1\"></teste>";
SignedXml SignedDocument = new SignedXml();
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new System.Security.Cryptography.Xml.KeyInfoX509Data(cert));
SignedDocument = new System.Security.Cryptography.Xml.SignedXml(doc);
//Seta chaves
SignedDocument.SigningKey = rsa;
SignedDocument.KeyInfo = keyInfo;
//Cria referencia
Reference reference = new Reference();
reference.Uri = String.Empty;
//Adiciona transformacao a referencia
reference.AddTransform(new
System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new
System.Security.Cryptography.Xml.XmlDsigC14NTransform(false));
//Adiciona referencia ao xml
SignedDocument.AddReference(reference);
//Calcula Assinatura
SignedDocument.ComputeSignature();
//Pega representação da assinatura
XmlElement xmlDigitalSignature = SignedDocument.GetXml();
//Adiciona ao doc XML
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
doc.Save(@"C:\testes\ExemploAssinaturaXML\ExemploAssinaturaXML\xmlAssinado3.xml");
}
internal static XmlElement GetXmlDigitalSignature(XmlDocument doc, AsymmetricAlgorithm key) {
if(IsDebugEnabled)
log.Debug("암호화된 Xml 문서를 만듭니다...");
var signedXml = new SignedXml(doc) { SigningKey = key };
var reference = new Reference { Uri = string.Empty };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
return signedXml.GetXml();
}
public string AssinarComCertificado(string textXML, X509Certificate2 certificado)
{
try
{
string xmlString = textXML;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = false;
doc.LoadXml(xmlString);
Reference reference = new Reference();
reference.Uri = "";
XmlDocument documentoNovo = new XmlDocument();
documentoNovo.LoadXml(doc.OuterXml);
SignedXml signedXml = new SignedXml(documentoNovo);
signedXml.SigningKey = certificado.PrivateKey;
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigC14NTransform c14 = new XmlDsigC14NTransform();
reference.AddTransform(c14);
signedXml.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certificado));
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
XmlNode sign = doc.ImportNode(xmlDigitalSignature, true);
doc.ChildNodes.Item(0).AppendChild(sign);
XmlDocument XMLDoc = new XmlDocument();
XMLDoc.PreserveWhitespace = false;
XMLDoc = doc;
return XMLDoc.OuterXml;
} catch (Exception error)
{
throw new Exception(error.Message);
}
}
public static XmlDocument SignDocument(XmlDocument doc)
{
////////////////
string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713";
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);
X509Certificate2 signingCertificate = GetCertificate();
//
/* add the following lines of code after var signingCertificate = GetCertificate();*/
CspParameters cspParams = new CspParameters(24);
//cspParams.KeyContainerName = "XML_DISG_RSA_KEY";
RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams);
var strKey = signingCertificate.PrivateKey.ToXmlString(true);
key.FromXmlString(strKey);
/*assign the new key to signer's SigningKey */
//metadataSigner.SigningKey = key;
//
SignedXml signer = new SignedXml(doc);
signer.SigningKey = key;//signingCertificate.PrivateKey;
signer.KeyInfo = new KeyInfo();
signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
signer.SignedInfo.SignatureMethod = signatureMethod;
XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();
Reference signatureReference = new Reference("#FATCA");
signatureReference.Uri = signatureReferenceURI;
signatureReference.AddTransform(envelopeTransform);
signatureReference.AddTransform(cn14Transform);
signatureReference.DigestMethod = digestMethod;
signer.AddReference(signatureReference);
signer.ComputeSignature();
XmlElement signatureElement = signer.GetXml();
doc.DocumentElement.AppendChild(signer.GetXml());
return doc;
}
/// <summary>
/// Firma un archivo XML con un certificado
/// </summary>
public void SignXmlDocument(XmlDocument objXMLDocument, X509Certificate2 objCertificate, string strReferenceToSign = "")
{ SignedXml objSignedXml = new SignedXml(objXMLDocument);
// Añade la clave al documento SignedXml
objSignedXml.SigningKey = (RSACryptoServiceProvider) objCertificate.PrivateKey;
// Asigna el identificador de referencia
if (!string.IsNullOrWhiteSpace(strReferenceToSign))
objSignedXml.AddReference(GetReference(strReferenceToSign));
// Añade la información de los parámetros de firma
objSignedXml.Signature.KeyInfo = GetKeyInfoFromCertificate(objCertificate);
// Calcula la firma
objSignedXml.ComputeSignature();
// Añade el elemento firmado al documento XML
objXMLDocument.DocumentElement.AppendChild(objXMLDocument.ImportNode(objSignedXml.GetXml(), true));
}
public static XmlElement GenerateSignature(XmlDocument licenseDocument, IPrivateCryptoKey privateKey)
{
using (var privateKeyProvider = new RsaPrivateKeyProvider())
{
var reference = new Reference { Uri = string.Empty };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
var signedXml = new SignedXml(licenseDocument) { SigningKey = privateKeyProvider.Recreate(privateKey) };
signedXml.AddReference(reference);
signedXml.ComputeSignature();
return signedXml.GetXml();
}
}
public void Sign(XmlDocument message, MessageType messageType)
{
XmlNode mainNode = this.getMainNode(message, messageType);
if (mainNode == null) return;
SetCryptoConfig.SetAlgorithm();
SignedXml signedXml = new SignedXml(message);
signedXml.SigningKey = this.settings.CryptoProvider;
signedXml.AddReference(this.getReference(mainNode));
signedXml.KeyInfo = this.getKeyInfo();
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
mainNode.AppendChild(xmlDigitalSignature);
}
public bool Execute()
{
Console.Out.WriteLine("Signing xml file");
Console.Out.WriteLine("input file = {0}", _inputFile);
Console.Out.WriteLine("output file = {0}", _signatureFile);
Console.Out.WriteLine("key file = {0}", _keyFile);
using (var key = new RSACryptoServiceProvider())
{
key.FromXmlString(File.ReadAllText(_keyFile));
var doc = new XmlDocument {PreserveWhitespace = true};
doc.Load(new XmlTextReader(_inputFile));
var signedXml = new SignedXml(doc) {SigningKey = key};
var xmlSignature = signedXml.Signature;
var reference = new Reference("");
var env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
xmlSignature.SignedInfo.AddReference(reference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
xmlSignature.KeyInfo = keyInfo;
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
using (var writer = new XmlTextWriter(_signatureFile, new UTF8Encoding(false)))
{
var signatureDocument = new XmlDocument();
var importNode = signatureDocument.ImportNode(xmlDigitalSignature, true);
signatureDocument.AppendChild(importNode);
signatureDocument.WriteTo(writer);
writer.Close();
}
}
Console.Out.WriteLine("done");
return true;
}
private static void AddSignatureToXmlDocument(XmlDocument toSign, X509Certificate2 cert)
{
var signedXml = new SignedXml(toSign);
signedXml.SigningKey = cert.PrivateKey;
var reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
toSign.DocumentElement.AppendChild(toSign.ImportNode(xmlDigitalSignature, true));
if (toSign.FirstChild is XmlDeclaration) {
toSign.RemoveChild(toSign.FirstChild);
}
}
public string GenerateSignedXml(LicenseDetails details)
{
if (details == null)
throw new ArgumentNullException("details");
string rawXml;
var serializer = new XmlSerializer(typeof (LicenseDetails));
using (var stream = new MemoryStream())
{
serializer.Serialize(stream, details);
stream.Position = 0;
using (var streamReader = new StreamReader(stream))
rawXml = streamReader.ReadToEnd();
}
// Sign the xml
var doc = new XmlDocument();
TextReader reader = new StringReader(rawXml);
doc.Load(reader);
var signedXml = new SignedXml(doc);
signedXml.SigningKey = _key;
var reference = new Reference { Uri = "" };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var signature = signedXml.GetXml();
if (doc.DocumentElement != null)
doc.DocumentElement.AppendChild(doc.ImportNode(signature, true));
if (doc.FirstChild is XmlDeclaration)
doc.RemoveChild(doc.FirstChild);
// Return the resulting xml
using (var stringWriter = new StringWriter())
using (var xmlTextWriter = XmlWriter.Create(stringWriter))
{
doc.WriteTo(xmlTextWriter);
xmlTextWriter.Flush();
return stringWriter.GetStringBuilder().ToString();
}
}
/// <summary>
/// Sign
/// </summary>
/// <param name="input">The input.</param>
/// <param name="output">The output.</param>
/// <param name="certificate">The certificate.</param>
public override void Sign(Stream input, Stream output, X509Certificate2 certificate)
{
CheckInputOutputAndCertificate(input, output, certificate);
using (var rsaKey = (RSACryptoServiceProvider)certificate.PrivateKey)
{
var xmlDoc = new XmlDocument { PreserveWhitespace = true };
xmlDoc.Load(input);
var signedXml = new SignedXml(xmlDoc) {SigningKey = rsaKey};
var envelope = new XmlDsigEnvelopedSignatureTransform();
var reference = new Reference {Uri = ""};
reference.AddTransform(envelope);
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
xmlDoc.Save(output);
}
}
// code outline borrowed from: http://blogs.msdn.com/shawnfa/archive/2003/11/12/57030.aspx
public static void Sign(XmlDocument doc, RSA key)
{
SignedXml signer = new SignedXml(doc);
// setup the key used to sign
signer.KeyInfo = new KeyInfo();
signer.KeyInfo.AddClause(new RSAKeyValue(key));
signer.SigningKey = key;
// create a reference to the root of the document
Reference orderRef = new Reference("");
orderRef.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signer.AddReference(orderRef);
// add transforms that only select the order items, type, and
// compute the signature, and add it to the document
signer.ComputeSignature();
doc.DocumentElement.PrependChild(signer.GetXml());
}
/// <summary>
/// Use an X509 certificate to append a computed signature to an XML serialized Response
/// </summary>
/// <param name="XMLSerializedSAMLResponse"></param>
/// <param name="ReferenceURI">Assertion ID from SAML Response</param>
/// <param name="SigningCert">X509 Certificate for signing</param>
/// <remarks>Referenced this article:
/// http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature
/// </remarks>
public static void AppendSignatureToXMLDocument(ref XmlDocument XMLSerializedSAMLResponse, String ReferenceURI, X509Certificate2 SigningCert)
{
SignedXml signedXML = new SignedXml(XMLSerializedSAMLResponse);
signedXML.SigningKey = SigningCert.PrivateKey;
signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference();
reference.Uri = "#" + ReferenceURI;
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXML.AddReference(reference);
signedXML.ComputeSignature();
XmlElement signature = signedXML.GetXml();
XmlElement xeResponse = XMLSerializedSAMLResponse.DocumentElement;
xeResponse.AppendChild(signature);
}
public static string SignXml(string xml)
{
var xmlDoc = new XmlDocument();
xmlDoc.LoadXml(xml);
var signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = (RSACryptoServiceProvider)TestCert.PrivateKey;
var reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(signedXml.GetXml(), true));
return xmlDoc.OuterXml;
}
public void ApplySignature(SamlResponse response, X509Certificate2 certificate, XmlDocument document)
{
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certificate));
var signedXml = new SignedXml(document)
{
SigningKey = certificate.PrivateKey,
KeyInfo = keyInfo
};
var reference = new Reference(AssertionIdPrefix + response.Id);
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xml = signedXml.GetXml();
document.FindChild(AssertionElem).AppendChild(xml);
}
public static string firmarDocumento(string documento, X509Certificate2 certificado)
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
String documento2 = documento;
doc.LoadXml(documento);
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = certificado.PrivateKey;
Signature XMLSignature = signedXml.Signature;
Reference reference = new Reference("");
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XMLSignature.SignedInfo.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue((RSA)certificado.PrivateKey));
keyInfo.AddClause(new KeyInfoX509Data(certificado));
XMLSignature.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
return doc.InnerXml;
}
public static void SignXmlDocument(Stream sourceXmlFile,
Stream destinationXmlFile, X509Certificate2 certificate)
{
// Carico il documento XML
XmlDocument doc = new XmlDocument();
doc.Load(sourceXmlFile);
// Preparo un DOMDocument che conterrà il risultato
XmlDocument outputDocument = new XmlDocument();
// Recupero un riferimento all'intero contenuto del documento XML
XmlNodeList elementsToSign = doc.SelectNodes(String.Format("/{0}", doc.DocumentElement.Name));
// Costruisco la firma
SignedXml signedXml = new SignedXml();
System.Security.Cryptography.Xml.DataObject dataSignature =
new System.Security.Cryptography.Xml.DataObject();
dataSignature.Data = elementsToSign;
dataSignature.Id = doc.DocumentElement.Name;
signedXml.AddObject(dataSignature);
Reference reference = new Reference();
reference.Uri = String.Format("#{0}", dataSignature.Id);
signedXml.AddReference(reference);
if ((certificate != null) && (certificate.HasPrivateKey))
{
signedXml.SigningKey = certificate.PrivateKey;
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certificate));
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
// Aggiungo la firma al nuovo documento di output
outputDocument.AppendChild(
outputDocument.ImportNode(signedXml.GetXml(), true));
outputDocument.Save(destinationXmlFile);
}
}
/// <summary>
/// 对传入xml文档对象进行签名
/// </summary>
/// <param name="privateKey">私钥</param>
/// <param name="signXmlDoc">待签名的xml文档对象</param>
/// <returns>返回签名后的xml文本</returns>
public static string Signature(string privateKey, string xmlString)
{
var _RSAProvider = new RSACryptoServiceProvider(keyLength);
_RSAProvider.FromXmlString(privateKey);
XmlDocument signXmlDoc = LoadXml(xmlString);
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(signXmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = _RSAProvider;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
signXmlDoc.DocumentElement.AppendChild(signXmlDoc.ImportNode(xmlDigitalSignature, true));
if (signXmlDoc.FirstChild is XmlDeclaration)
{
signXmlDoc.RemoveChild(signXmlDoc.FirstChild);
}
return FormatXml(signXmlDoc);
}
/// <summary>
/// Erzeugt für das übergebene XML-Dokument eine Signatur
/// und fügt diese in das Dokument ein
/// </summary>
/// <param name="doc"></param>
/// <returns></returns>
public XmlDocument SignDocument(XmlDocument doc)
{
// Erstelle eine Referenz für die Transformation und
// füge diese Referenz dem Signatur-Wrapper hinzu
Reference reference = new Reference();
reference.Uri = String.Empty;
XmlDsigEnvelopedSignatureTransform envelop = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(envelop);
// Erstelle den Signatur-Wrapper mit Schlüsselinformationen
SignedXml signedDoc = new SignedXml(doc);
signedDoc.SigningKey = rsa;
signedDoc.AddReference(reference);
// Berechne die Signatur
signedDoc.ComputeSignature();
// Füge die Signatur in das XML-Dokument ein und gebe es zurück
doc.DocumentElement.AppendChild(doc.ImportNode(signedDoc.GetXml(), true));
return doc;
}
static void Main(string[] args)
{
var xml = "<xml><a ID=\"foo\"><content>foo-content</content><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\" /></a><a ID=\"bar\"><content>bar-content</content><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\" /></a></xml>";
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(xml);
var key = new RSACryptoServiceProvider();
var sign = new SignedXml(xmlDocument);
var reference2 = new Reference("#bar");
reference2.AddTransform(new XmlDsigEnvelopedSignatureTransform());
sign.AddReference(reference2);
sign.SigningKey = key;
sign.ComputeSignature();
var barNode = (XmlElement)xmlDocument.SelectSingleNode("//*[@ID=\"bar\"]");
barNode.AppendChild(xmlDocument.ImportNode(sign.GetXml(), true));
var barSignature = barNode.ChildNodes.OfType<XmlElement>()
.Single(x => x.LocalName == "Signature" && x.HasChildNodes);
WriteLine("== Xml document ==");
WriteLine(xmlDocument.OuterXml);
WriteLine();
var verify = new SignedXml(xmlDocument);
verify.LoadXml(barSignature);
WriteLine("Check Signature: " + verify.CheckSignature(key));
WriteLine();
WriteLine("Reloading SignedXml and fixing signature index...");
verify.LoadXml(barSignature);
FixSignatureIndex(verify, barSignature);
WriteLine("Check Signature: " + verify.CheckSignature(key));
ReadLine();
}
public string SignXml(XmlDocument Document, X509Certificate2 cert)
{
SignedXml signedXml = new SignedXml(Document);
signedXml.SigningKey = cert.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env =
new XmlDsigEnvelopedSignatureTransform(true);
reference.AddTransform(env);
//canonicalize
XmlDsigC14NTransform c14t = new XmlDsigC14NTransform();
reference.AddTransform(c14t);
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(cert);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
Document.DocumentElement.AppendChild(
Document.ImportNode(xmlDigitalSignature, true));
return Document.OuterXml;
}
/// <summary>
/// Gera assinatura Digital do XML
/// </summary>
/// <param name="XMLString"></param>
/// <param name="RefUri"></param>
/// <param name="X509Cert"></param>
/// <returns></returns>
public int Assinar(string XMLString, string RefUri, X509Certificate2 X509Cert)
{
int resultado = 0;
msgResultado = "Assinatura realizada com sucesso";
try
{
// certificado para ser utilizado na assinatura
//
string _xnome = "";
bool bX509Cert = false;
if (X509Cert != null)
{
_xnome = X509Cert.Subject.ToString();
}
else
{
bX509Cert = true;
}
X509Certificate2 _X509Cert = new X509Certificate2();
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectDistinguishedName, (object)_xnome, true);
//if (collection1.Count == 0)
if (bX509Cert)
{
resultado = 2;
msgResultado = "Problemas no certificado digital";
}
else
{
// certificado ok
//_X509Cert = collection1[0];
_X509Cert = X509Cert;
string x;
x = _X509Cert.GetKeyAlgorithm().ToString();
// Create a new XML document.
XmlDocument doc = new XmlDocument();
// Format the document to ignore white spaces.
doc.PreserveWhitespace = false;
// Load the passed XML file using it's name.
try
{
doc.LoadXml(XMLString);
// Verifica se a tag a ser assinada existe é única
int qtdeRefUri = doc.GetElementsByTagName(RefUri).Count;
if (qtdeRefUri == 0)
{
// a URI indicada não existe
resultado = 4;
msgResultado = "A tag de assinatura " + RefUri.Trim() + " inexiste";
}
// Exsiste mais de uma tag a ser assinada
else
{
if (qtdeRefUri > 1)
{
// existe mais de uma URI indicada
resultado = 5;
msgResultado = "A tag de assinatura " + RefUri.Trim() + " não é unica";
}
else
{
try
{
//Claudinei - o.s. 23615 - 10/08/2009
//for (int i = 0; i < qtdeRefUri; i++)
{
//Fim - Claudinei - o.s. 23615 - 10/08/2009
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(doc);
//sTipoAssinatura = _X509Cert.PrivateKey.KeySize.ToString();
// Add the key to the SignedXml document
signedXml.SigningKey = _X509Cert.PrivateKey;
// Create a reference to be signed
Reference reference = new Reference();
// pega o uri que deve ser assinada
XmlAttributeCollection _Uri = doc.GetElementsByTagName(RefUri).Item(0).Attributes; //Claudinei - o.s. 23615 - 10/08/2009
foreach (XmlAttribute _atributo in _Uri)
{
if (_atributo.Name == "Id")
{
reference.Uri = "#" + _atributo.InnerText;
}
}
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigC14NTransform c14 = new XmlDsigC14NTransform();
reference.AddTransform(c14);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Create a new KeyInfo object
KeyInfo keyInfo = new KeyInfo();
// Load the certificate into a KeyInfoX509Data object
// and add it to the KeyInfo object.
keyInfo.AddClause(new KeyInfoX509Data(_X509Cert));
// Add the KeyInfo object to the SignedXml object.
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
//Claudinei - o.s. 23581 - 07/07/2009
/*
string teste = "";
//XmlNode xmlno = new XmlNode();
foreach (XmlNode xmlno in doc)
{
teste = xmlno.Name.ToString();
}
*/
//Fim - Claudinei - o.s. 23581 - 07/07/2009
//Danner - o.s. 23732 - 11/11/2009
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
//Fim - Danner - o.s. 23732 - 11/11/2009
XMLDoc = new XmlDocument();
XMLDoc.PreserveWhitespace = false;
XMLDoc = doc;
} //Claudinei - o.s. 23615 - 10/08/2009
}
catch (Exception caught)
{
resultado = 7;
msgResultado = "Erro: Ao assinar o documento - " + caught.Message;
}
}
}
}
catch (Exception caught)
{
resultado = 3;
msgResultado = "Erro: XML mal formado - " + caught.Message;
}
}
}
catch (Exception caught)
{
resultado = 1;
msgResultado = "Erro: Problema ao acessar o certificado digital" + caught.Message;
}
return resultado;
}
