// Sign an XML file and save the signature in a new file. This method does not // save the public key within the XML file. This file cannot be verified unless // the verifying code has the key with which it was signed. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Load the passed XML file using its name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
static void Main(string[] args) { if (args.Length != 4) { Console.WriteLine("Usage: cra.exe cert-file cert-password input-path output-path"); return; } String certFile = args[0]; String password = args[1]; String input = args[2]; String output = args[3]; X509Certificate2 cert = new X509Certificate2(certFile, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(input); var XmlToSign = new XmlDocument(); XmlToSign.LoadXml(xmlDoc.DocumentElement["Body"].OuterXml); SignedXml signedXml = new SignedXml(XmlToSign); signedXml.SigningKey = cert.PrivateKey; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement["Body"].AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); xmlDoc.Save(output); }
// Třída podepíše certifikátem dokument XML // Pokud je již dokument podepsaný, přidá se další podpis public XmlDocument Sign(XmlDocument doc, X509Certificate2 cert) { // před podepisováním z dokumentu odstraníme komentáře (.NET s nimi má problémy pokud se kombinují s XPath transformacemi) XmlDocument strippedDoc = RemoveComments(doc); // definice mapování prefixů na jmenné prostory XmlNamespaceManager manager = new XmlNamespaceManager(strippedDoc.NameTable); manager.AddNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#"); // zjištění kolik podpisů již v dokumentu je int signatures = strippedDoc.SelectNodes("//dsig:Signature", manager).Count; // objekt sloužící pro vytvoření podpisu SignedXml signedXml = new SignedXml(strippedDoc); // podepisovat budeme privátním klíčem z certifikátu signedXml.SigningKey = cert.PrivateKey; // podepisovat budeme pomocí RSA-SHA256 signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; // reference na podepisovaný dokument ("" znamená celý dokument) Reference reference = new Reference(); reference.Uri = ""; // pro výpočet otisku se bude používat SHA-256 reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // digitální podpis bude přímo součástí dokumentu XML (tzv. "enveloped signature") XmlDsigEnvelopedSignatureTransform envTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envTransform); // navíc budeme používat XPath transoformaci, která dovoluje přidat několik podpisů najednou XmlDsigXPathTransform xpathTransform = new XmlDsigXPathTransform(); // příprava definice XPath transformace jako struktura XML signature XmlDocument transformBody = new XmlDocument(); // podoba XPath filtru se liší podle počtu podpisů if (signatures == 0) transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature)</dsig:XPath>"); else transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature) or not(ancestor-or-self::dsig:Signature/preceding-sibling::dsig:Signature[" + signatures + "])</dsig:XPath>"); // načtení definice XPath transformace do objektu xpathTransform.LoadInnerXml(transformBody.SelectNodes("/*[1]")); // přidání XPath transformace reference.AddTransform(xpathTransform); // přidání reference do podpisu signedXml.AddReference(reference); // přidání certifikátu do podpisu KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; // výpočet podpisu signedXml.ComputeSignature(); // získání XML reprezentace podpisu XmlElement xmlSignature = signedXml.GetXml(); // k podpisu přidáme identifikátor, tak jak doporučuje standard ISDOC xmlSignature.SetAttribute("Id", "Signature-" + (signatures + 1)); // XML dokument pro podepsaný výsledek XmlDocument result = new XmlDocument(); // bílé znaky musíme zachovat, jinak se špatně spočte hash result.PreserveWhitespace = true; // načtení původního dokumentu result.AppendChild(result.ImportNode(strippedDoc.DocumentElement, true)); // připojení podpisu na konec dokumentu XML result.DocumentElement.AppendChild(result.ImportNode(xmlSignature, true)); return result; }
//------------------------------------------------------------------------------------------- private string SignXML(string xml) { // Signing XML Documents: http://msdn.microsoft.com/en-us/library/ms229745.aspx var rsaKey = new RSACryptoServiceProvider(); string sales_licensekeys_privatekey = ConfigurationManager.AppSettings["sales_licensekeys_privatekey"]; if (!File.Exists(sales_licensekeys_privatekey)) throw new Exception("The private signing key is missing"); rsaKey.FromXmlString(System.IO.File.ReadAllText(sales_licensekeys_privatekey)); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xml); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = rsaKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // set to "" to sign the entire doc XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); MemoryStream ms = new MemoryStream(); XmlTextWriter writer = new XmlTextWriter(ms, new UTF8Encoding(false)); writer = new XmlTextWriter(ms, new UTF8Encoding(false)); //writer.Formatting = Formatting.Indented; doc.WriteContentTo(writer); writer.Flush(); ms.Position = 0; StreamReader reader = new StreamReader(ms); return reader.ReadToEnd(); }
/// <summary> /// Retornos: /// Assinar : 0 - Assinatura realizada com sucesso /// 1 - Erro: Problema ao acessar o certificado digital /// 2 - Problemas no certificado digital /// 3 - XML mal formado + exceção /// 4 - A tag de assinatura %refUri% inexiste /// 5 - A tag de assinatura %refUri% não é unica /// 6 - Erro Ao assinar o documento - ID deve ser string %RefUri(Atributo)% /// 7 - Erro: Ao assinar o documento - %exceção% /// /// XMLStringAssinado : string XML assinada /// /// XMLDocAssinado : XMLDocument do XML assinado /// </summary> /// <param name="xmlNfe">Documento XML a ser assinado</param> /// <param name="refUri">Referência da URI a ser assinada (Ex.: infCanc, infCTe, infInut, etc.)</param> /// <param name="x509Cert">certificado digital a ser utilizado na assinatura digital</param> /// <returns></returns> public int Assinar(ref XmlDocument doc, string refUri, X509Certificate2 x509Cert) { int resultado = 0; msgResultado = "Assinatura realizada com sucesso"; try { // certificado para ser utilizado na assinatura string _xnome = ""; if (x509Cert != null) { _xnome = x509Cert.Subject.ToString(); } string x = x509Cert.GetKeyAlgorithm().ToString(); // Format the document to ignore white spaces. doc.PreserveWhitespace = true; // Recarrega XML para fazer o calculo do digest corretamente XmlDocument docTemp = new XmlDocument(); docTemp.LoadXml(doc.InnerXml.ToString()); doc = docTemp; // Load the passed XML file using it's name. try { // Verifica se a tag a ser assinada existe é única int qtdeRefUri = doc.GetElementsByTagName(refUri).Count; if (qtdeRefUri == 0) { // a URI indicada não existe resultado = 4; msgResultado = "A tag de assinatura " + refUri.Trim() + " inexiste"; } // Existe mais de uma tag a ser assinada else { if (qtdeRefUri > 1) { // existe mais de uma URI indicada resultado = 5; msgResultado = "A tag de assinatura " + refUri.Trim() + " não é única."; } else { try { // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document signedXml.SigningKey = x509Cert.PrivateKey; if (x509Cert.PrivateKey == null) { throw new Exception("Chave privada nula."); } // Create a reference to be signed Reference reference = new Reference(); // pega o uri que deve ser assinada XmlElement e = (XmlElement)doc.GetElementsByTagName(refUri).Item(0); XmlAttributeCollection _Uri = e.Attributes; foreach (XmlAttribute _atributo in _Uri) { if (_atributo.Name == "Id") { reference.Uri = "#" + _atributo.InnerText; break; } } // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a new KeyInfo object KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(x509Cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. e.ParentNode.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); } catch (Exception caught) { resultado = 7; msgResultado = "Erro: Ao assinar o documento - " + caught.Message; } } } } catch (Exception caught) { resultado = 3; msgResultado = "Erro: XML mal formado - " + caught.Message; } } catch (Exception caught) { resultado = 1; msgResultado = "Erro: Problema ao acessar o certificado digital" + caught.Message; } return(resultado); }
public static void FirmaXML(string RutaXml, string nombrexml) { try { //Declaro variable XMLDocument XmlDocument xmlDoc = new XmlDocument(); // Cargo el documento en el xmlDoc xmlDoc.PreserveWhitespace = true; //var PathServer = ConfigurationManager.AppSettings["XmlServidor"]; var PathServer = @"C:\Users\Public\Documents\ArchivosXml"; string pathXml = PathServer + @"\sonna_judith_vega_solis.p12"; xmlDoc.Load(@RutaXml); //string soapSecNS = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; //Obtengo la firma en el Certificado X509 X509Certificate2 uidCert = new X509Certificate2(pathXml, "Sonnav67", X509KeyStorageFlags.DefaultKeySet); //string nombre = uidCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.DnsName,true); //Console.WriteLine(nombre); //Inicializo el RSA RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)uidCert.PrivateKey; //Agrego el SgnedXml que permite firmar el xml SignedXml signedXml = new SignedXml(xmlDoc); // Add the key to the SignedXml document. signedXml.SigningKey = rsaKey; signedXml.Signature.Id = newID("Signature"); //Agregamos el metodo de firmado signedXml.SignedInfo.SignatureMethod = XmlDsigRSASHA1Url; signedXml.SignedInfo.Id = newID("Signature-SignedInfo"); // Create a reference to be signed. Reference reference = new Reference(); //reference.Id = newID("#Certificate"); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data clause = new KeyInfoX509Data(); clause.AddSubjectName(uidCert.Subject); clause.AddCertificate(uidCert); keyInfo.AddClause(clause); keyInfo.Id = newID("Certificate1"); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); Boolean respuesta = signedXml.CheckSignature(); System.Console.WriteLine(respuesta); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); //XmlElement signature = signedXml.GetXml(); foreach (XmlNode node in xmlDigitalSignature.SelectNodes( "descendant-or-self::*[namespace-uri()='http://www.w3.org/2000/09/xmldsig#']")) { node.Prefix = "ds"; } System.Console.WriteLine(signedXml.GetXml().InnerXml); // Append the element to the XML document. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); //Preguntar sobre el directorio if (!Directory.Exists(PathServer + @"\Firmados\")) { Directory.CreateDirectory(PathServer + @"\Firmados\"); } xmlDoc.Save(@PathServer + @"\Firmados\" + @"\" + nombrexml + ".xml"); } catch (Exception e) { Console.WriteLine(e.Message); } finally { System.Console.ReadLine(); } }
static XmlDocument SignXmlFile( XmlDocument doc, AsymmetricAlgorithm Key, X509Certificate Certificate, string DigestMethod = SignedXml.XmlDsigGost3411_2012_256Url) { // Создаем объект SignedXml по XML документу. SignedXml signedXml = new SignedXml(doc); // Добавляем ключ в SignedXml документ. signedXml.SigningKey = Key; // Создаем ссылку на node для подписи. // При подписи всего документа проставляем "". Reference reference = new Reference(); reference.Uri = ""; // Явно проставляем алгоритм хэширования, // по умолчанию SHA1. reference.DigestMethod = DigestMethod; // Добавляем transform на подписываемые данные // для удаления вложенной подписи. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Добавляем СМЭВ трансформ. // начиная с .NET 4.5.1 для проверки подписи, необходимо добавить этот трансформ в довернные: // signedXml.SafeCanonicalizationMethods.Add("urn://smev-gov-ru/xmldsig/transform"); XmlDsigSmevTransform smev = new XmlDsigSmevTransform(); reference.AddTransform(smev); // Добавляем transform для канонизации. XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // Добавляем ссылку на подписываемые данные signedXml.AddReference(reference); // Создаем объект KeyInfo. KeyInfo keyInfo = new KeyInfo(); // Добавляем сертификат в KeyInfo keyInfo.AddClause(new KeyInfoX509Data(Certificate)); // Добавляем KeyInfo в SignedXml. signedXml.KeyInfo = keyInfo; // Можно явно проставить алгоритм подписи: ГОСТ Р 34.10. // Если сертификат ключа подписи ГОСТ Р 34.10 // и алгоритм ключа подписи не задан, то будет использован // XmlDsigGost3410Url // signedXml.SignedInfo.SignatureMethod = // CPSignedXml.XmlDsigGost3410_2012_256Url; // Вычисляем подпись. signedXml.ComputeSignature(); // Получаем XML представление подписи и сохраняем его // в отдельном node. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Добавляем node подписи в XML документ. doc.DocumentElement.AppendChild(doc.ImportNode( xmlDigitalSignature, true)); // При наличии стартовой XML декларации ее удаляем // (во избежание повторного сохранения) if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } return(doc); }
/// <summary> /// Creates a new pending request for the current session. /// </summary> /// <param name="landingUrl">The landing page of the SignResponse</param> /// <param name="language">The language of the e-contract.be pages, <c>null</c> for the default language</param> /// <param name="properties">Additional properties (location, role, visibility info, ...) for the signature request</param> /// <param name="authorization">The optional authorization that the signer must match too to be authorized</param> /// <returns>The base64 encoded PendingRequest, to be used as value for the "PendingRequest"-input</returns> public string GeneratePendingRequest(Uri landingUrl, string language, SignatureRequestProperties properties, Authorization authorization) { if (landingUrl == null) { throw new ArgumentNullException("landingUrl"); } //Prepare browser post message (to return) var pendingRequest = new PendingRequest() { OptionalInputs = new OptionalInputs() { AdditionalProfile = "urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing", ResponseID = this.ServerId, MessageID = new AttributedURIType() { Value = this.ClientId }, Timestamp = new TimestampType() { Created = new AttributedDateTime() { Value = DateTime.UtcNow }, Expires = new AttributedDateTime() { Value = DateTime.UtcNow.AddMinutes(10) } }, ReplyTo = new EndpointReferenceType() { Address = new AttributedURIType() { Value = landingUrl.AbsoluteUri } }, ReturnSignerIdentity = new ReturnSignerIdentity(), Language = string.IsNullOrEmpty(language) ? null : language, VisibleSignatureConfiguration = properties?.Configuration, Policy = authorization?.Policy }, }; //Prepare Sign var pendingRequestXml = new XmlDocument() { PreserveWhitespace = true }; using (var pendingRequestWriter = pendingRequestXml.CreateNavigator().AppendChild()) { requestSerializer.Serialize(pendingRequestWriter, pendingRequest); } var signedXml = new SignedXml(pendingRequestXml); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigHMACSHA1Url; var docRef = new Reference("") { DigestMethod = "http://www.w3.org/2000/09/xmldsig#sha1" }; docRef.AddTransform(new XmlDsigEnvelopedSignatureTransform()); docRef.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(docRef); //Add Key Info var keyRefXml = new XmlDocument() { PreserveWhitespace = true }; if (null == tRefSerializer) { tRefSerializer = new XmlSerializer(typeof(SecurityTokenReferenceType), null, new Type[0], new XmlRootAttribute("SecurityTokenReference"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); } using (var keyRefXmlWriter = keyRefXml.CreateNavigator().AppendChild()) { tRefSerializer.Serialize(keyRefXmlWriter, this.KeyReference); } signedXml.KeyInfo = new KeyInfo(); signedXml.KeyInfo.AddClause(new KeyInfoNode(keyRefXml.DocumentElement)); //Compute signature signedXml.ComputeSignature(new HMACSHA1(this.KeyValue)); //Append signature to document var nsmgr = new XmlNamespaceManager(pendingRequestXml.NameTable); nsmgr.AddNamespace("async", "urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:1.0"); nsmgr.AddNamespace("dss", "urn:oasis:names:tc:dss:1.0:core:schema"); pendingRequestXml.SelectSingleNode("/async:PendingRequest/dss:OptionalInputs", nsmgr).AppendChild(signedXml.GetXml()); trace.TraceEvent(TraceEventType.Information, 0, "Generated pending request"); msgTrace.TraceData(TraceEventType.Information, 0, pendingRequestXml.CreateNavigator()); //Serialize and encode var stream = new MemoryStream(); pendingRequestXml.Save(stream); return(Convert.ToBase64String(stream.ToArray())); }
/// <summary> /// Đây là ví dụ ký một Thẻ, chúng ta có thể ký nhiều thẻ bằng cách tạo nhiều Reference /// SignedXml signer = new SignedXml(doc); /// signer.AddReference(new Reference("#tag1")); /// signer.AddReference(new Reference("#tag3")); /// </summary> /// <param name="xmldoc"></param> /// <param name="cert">Certificate này phải chứa Private Key</param> /// <param name="uri">chứa URI tới dữ liệu cần ký: nếu Uri="" tức là ký toàn bộ tài liệu</param> /// <returns></returns> public static string Sign(XmlDocument xmldoc, X509Certificate2 cert, string uri) { const bool c14 = true; if (xmldoc == null || cert == null) { return(null); } if (String.IsNullOrEmpty(uri)) { throw new Exception("Chưa cung cấp thông tin id thẻ invoiceData"); } if (!uri.StartsWith("#")) { uri = "#" + uri; } if (!cert.HasPrivateKey) { throw new Exception("Chứng thư không có khóa bí mật"); } // Creating the XML signing object. SignedXml sxml = new SignedXml(xmldoc); KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(cert)); // Add the KeyInfo object to the SignedXml object. sxml.KeyInfo = keyInfo; sxml.SigningKey = cert.PrivateKey; // Set the canonicalization method for the document. sxml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; // No comments. ////============================Add SignatureProperties===========================// // Create an empty reference (not enveloped) for the XPath // transformation. Reference r = new Reference(uri); // Create the XPath transform and add it to the reference list. r.AddTransform(new XmlDsigEnvelopedSignatureTransform()); if (c14) { XmlDsigC14NTransform c14t = new XmlDsigC14NTransform(); r.AddTransform(c14t); } Reference reference = new Reference("#AMadeUpTimeStamp"); // Create the XPath transform and add it to the reference list. reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); if (c14) { XmlDsigC14NTransform c14t = new XmlDsigC14NTransform(); reference.AddTransform(c14t); } ////============================Add SignatureProperties===========================// // Add the reference to the SignedXml object. sxml.AddReference(r); sxml.Signature.Id = "seller"; // Compute the signature. sxml.ComputeSignature(); // Get the signature XML and add it to the document element. XmlElement sig = sxml.GetXml(); xmldoc.DocumentElement.AppendChild(sig); return(xmldoc.OuterXml); }
/// <summary> /// Obtém a assinatura de um objeto serializável /// </summary> /// <typeparam name="T"></typeparam> /// <param name="objeto"></param> /// <param name="id"></param> /// <param name="certificadoDigital">Informe o certificado digital</param> /// <param name="manterDadosEmCache">Validador para manter o certificado em cache</param> /// <param name="signatureMethod"></param> /// <param name="digestMethod"></param> /// <param name="cfgServicoRemoverAcentos"></param> /// <returns>Retorna um objeto do tipo Classes.Assinatura.Signature, contendo a assinatura do objeto passado como parâmetro</returns> public static Signature ObterAssinatura <T>(T objeto, string id, X509Certificate2 certificadoDigital, bool manterDadosEmCache = false, string signatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1", string digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1", bool cfgServicoRemoverAcentos = false) where T : class { var objetoLocal = objeto; if (id == null) { throw new Exception("Não é possível assinar um objeto evento sem sua respectiva Id!"); } try { var documento = new XmlDocument { PreserveWhitespace = true }; documento.LoadXml(cfgServicoRemoverAcentos ? FuncoesXml.ClasseParaXmlString(objetoLocal).RemoverAcentos() : FuncoesXml.ClasseParaXmlString(objetoLocal)); var docXml = new SignedXml(documento) { SigningKey = certificadoDigital.PrivateKey }; docXml.SignedInfo.SignatureMethod = signatureMethod; var reference = new Reference { Uri = "#" + id, DigestMethod = digestMethod }; // adicionando EnvelopedSignatureTransform a referencia var envelopedSigntature = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envelopedSigntature); var c14Transform = new XmlDsigC14NTransform(); reference.AddTransform(c14Transform); docXml.AddReference(reference); // carrega o certificado em KeyInfoX509Data para adicionar a KeyInfo var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(certificadoDigital)); docXml.KeyInfo = keyInfo; docXml.ComputeSignature(); //// recuperando a representação do XML assinado var xmlDigitalSignature = docXml.GetXml(); var assinatura = FuncoesXml.XmlStringParaClasse <Signature>(xmlDigitalSignature.OuterXml); return(assinatura); } finally { //Marcos Gerene 04/08/2018 - o objeto certificadoDigital nunca será nulo, porque se ele for nulo nem as configs para criar ele teria. //Se não mantém os dados do certificado em cache libera o certificado, chamando o método reset. //if (!manterDadosEmCache & certificadoDigital == null) // certificadoDigital.Reset(); } }
private void CreateCrypto(string pyt, ref XmlDocument doc, TextBox textBoxName) { XmlTextReader gf = new XmlTextReader(pyt); string buff = doc.OuterXml; int j = 0; //Проверка есть ли уже криптография for (int i = 0; i < buff.Length; i++) { string sig = "Signature"; char a = buff[i]; char b = sig[j]; if (buff[i] == sig[j]) { string str = ""; for (int k = 0; k < sig.Length; k++) { str += buff[i + k]; } //j++; if (str == sig) { MessageBox.Show("Ключ уже создан"); goto BB; } } } DSA Key = DSA.Create(); string xmls = Key.ToXmlString(false); XmlElement xmlElement = doc.CreateElement("KEy"); xmlElement.InnerText = xmls; doc.DocumentElement.AppendChild(xmlElement); dris.Key = Key; SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = Key; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } gf.Close(); XmlTextWriter xmltw = new XmlTextWriter(pyt, System.Text.Encoding.UTF8); doc.WriteTo(xmltw); xmltw.Close(); BB :; if (gf.ReadState != ReadState.Closed) { gf.Close(); } //XmlDocument doc = new XmlDocument(); //doc.PreserveWhitespace = false; //XmlTextReader gf = new XmlTextReader(pyt); //doc.Load(gf); //string buff = doc.OuterXml; //int j = 0; ////Проверка есть ли уже криптография //for(int i =0;i<buff.Length;i++) //{ // string sig = "Signature"; // char a = buff[i]; // char b = sig[j]; // if(buff[i]==sig[j]) // { // string str = ""; // for(int k=0;k<sig.Length;k++) // { // str += buff[i + k]; // } // //j++; // if(str == sig) // { // MessageBox.Show("Ключ уже создан"); // goto BB; // } // } //} //DSA Key = DSA.Create(); //dris.Key = Key; //SignedXml signedXml = new SignedXml(doc); //signedXml.SigningKey = Key; //Signature XMLSignature = signedXml.Signature; //Reference reference = new Reference(""); //XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); //reference.AddTransform(env); //XMLSignature.SignedInfo.AddReference(reference); //KeyInfo keyInfo = new KeyInfo(); //keyInfo.AddClause(new DSAKeyValue((DSA)Key)); //XMLSignature.KeyInfo = keyInfo; //signedXml.ComputeSignature(); //XmlElement xmlDigitalSignature = signedXml.GetXml(); //doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); ////DSA dfs = DSA.Create(); ////dfs.FromXmlString(""); //XmlElement ssdw = doc.CreateElement("Key", Key.SignatureAlgorithm); //doc.DocumentElement.AppendChild(ssdw); //if (doc.FirstChild is XmlDeclaration) //{ // doc.RemoveChild(doc.FirstChild); //} //gf.Close(); ////doc.Save(pyt); //XmlTextWriter xmltw = new XmlTextWriter(pyt, System.Text.Encoding.UTF8); //doc.WriteTo(xmltw); //xmltw.Close(); //BB:; //// }
public string FirmarXml(string tramaXml) { // Vamos a firmar el XML con la ruta del certificado que está como serializado. var certificate = new X509Certificate2(); certificate.Import(Convert.FromBase64String(RutaCertificadoDigital), PasswordCertificado, X509KeyStorageFlags.MachineKeySet); var xmlDoc = new XmlDocument(); string resultado; using (var documento = new MemoryStream(Convert.FromBase64String(tramaXml))) { xmlDoc.PreserveWhitespace = true; xmlDoc.Load(documento); int tipo; if (TipoDocumento == 1 || TipoDocumento == 2 || TipoDocumento == 3 || TipoDocumento == 4) { tipo = 1; } else { tipo = 0; } var nodoExtension = xmlDoc.GetElementsByTagName("ExtensionContent", EspacioNombres.ext) .Item(tipo); if (nodoExtension == null) { throw new InvalidOperationException("No se pudo encontrar el nodo ExtensionContent en el XML"); } nodoExtension.RemoveAll(); // Creamos el objeto SignedXml. var signedXml = new SignedXml(xmlDoc) { SigningKey = (RSA)certificate.PrivateKey }; signedXml.SigningKey = certificate.PrivateKey; var xmlSignature = signedXml.Signature; var env = new XmlDsigEnvelopedSignatureTransform(); var reference = new Reference(string.Empty); reference.AddTransform(env); xmlSignature.SignedInfo.AddReference(reference); var keyInfo = new KeyInfo(); var x509Data = new KeyInfoX509Data(certificate); x509Data.AddSubjectName(certificate.Subject); keyInfo.AddClause(x509Data); xmlSignature.KeyInfo = keyInfo; xmlSignature.Id = "SignatureErickOrlando"; signedXml.ComputeSignature(); // Recuperamos el valor Hash de la firma para este documento. if (reference.DigestValue != null) { DigestValue = Convert.ToBase64String(reference.DigestValue); } ValorFirma = Convert.ToBase64String(signedXml.SignatureValue); nodoExtension.AppendChild(signedXml.GetXml()); var settings = new XmlWriterSettings() { Encoding = Encoding.GetEncoding("ISO-8859-1") }; using (var memDoc = new MemoryStream()) { using (var writer = XmlWriter.Create(memDoc, settings)) { xmlDoc.WriteTo(writer); } resultado = Convert.ToBase64String(memDoc.ToArray()); } } return(resultado); }
/// <summary> /// Signs a XML file (enveloping signature) using a digital certificate /// </summary> /// <param name="encodingPath">Used for non-xml, the root path of the document being signed, used for temporary encoding file</param> /// <param name="signatureType">This will be XML or Non-XML</param> /// <param name="xml">The XML data to sign represented as byte array</param> /// <param name="certFile">The certificate file to use for signing</param> /// <param name="certPassword">The certificate password</param> /// <param name="signWithSha256">Sign the document using SHA-256</param> /// <returns>The signed data represented as byte array</returns> private static byte[] SignEnvelopingXml(XmlSignatureType signatureType, byte[] xml, string certFile, string certPassword, bool signWithSha256, string encodingPath = "") { if (xml == null || xml.Length == 0) { // invalid XML array throw new Exception("Nothing to sign!"); } // load certificate X509Certificate2 certificate = LoadSigningCertificate(certFile, certPassword, signWithSha256); if (!certificate.HasPrivateKey) { // invalid certificate throw new Exception("Specified certificate not suitable for signing!"); } //If this is NOT XML, then we have to convert it and stick it in XML first if (signatureType == XmlSignatureType.NonXML) { //base64 encode it string strEncodedImage; strEncodedImage = System.Convert.ToBase64String(xml, 0, xml.Length); //create a small xml file and put the encoded Image data inside // Create an XmlWriterSettings object with the correct options. XmlWriter writer = null; XmlWriterSettings settings = new XmlWriterSettings(); settings.Indent = true; settings.IndentChars = ("\t"); settings.OmitXmlDeclaration = false; settings.NewLineHandling = NewLineHandling.Replace; settings.CloseOutput = true; string metadataFileName = encodingPath + "\\TempEncoded.xml"; // Create the XmlWriter object and write some content. writer = XmlWriter.Create(metadataFileName, settings); writer.WriteStartElement("Wrapper", ""); writer.WriteString(strEncodedImage); writer.WriteEndElement(); //Close the XmlTextWriter. writer.WriteEndDocument(); writer.Close(); writer.Flush(); xml = File.ReadAllBytes(encodingPath + "\\TempEncoded.xml"); } using (MemoryStream stream = new MemoryStream(xml)) { // go to the beginning of the stream stream.Flush(); stream.Position = 0; // create new XmlDocument from stream XmlDocument doc = new XmlDocument() { PreserveWhitespace = true }; doc.Load(stream); // create transform (for canonicalization method & reference) XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); // create new SignedXml from XmlDocument SignedXml signed = GenerateSignedXml(doc, certificate, signWithSha256); signed.SignedInfo.CanonicalizationMethod = transform.Algorithm; // get nodes (use XPath to include FATCA declaration) XmlNodeList nodes = doc.DocumentElement.SelectNodes("/*"); // define data object DataObject dataObject = new DataObject() { Data = nodes, Id = "FATCA" }; // add the data we are signing as a sub-element (object) of the signature element signed.AddObject(dataObject); // create reference Reference reference = new Reference(string.Format("#{0}", dataObject.Id)); reference.AddTransform(transform); if (signWithSha256) { // SHA-256 digest reference.DigestMethod = RSAPKCS1SHA256SignatureDescription.ReferenceDigestMethod; } // add reference to document signed.AddReference(reference); // include KeyInfo object & compute signature signed.KeyInfo = CreateKeyInfoFromCertificate(certificate); signed.ComputeSignature(); // get signature XmlElement xmlDigitalSignature = signed.GetXml(); // XML declaration string xmlDeclaration = string.Empty; if (doc.FirstChild is XmlDeclaration) { // include declaration xmlDeclaration = doc.FirstChild.OuterXml; } // return signature as byte array return(Encoding.UTF8.GetBytes(string.Concat(xmlDeclaration, xmlDigitalSignature.OuterXml))); } }
// Třída podepíše certifikátem dokument XML // Pokud je již dokument podepsaný, přidá se další podpis public XmlDocument Sign(XmlDocument doc, X509Certificate2 cert) { // před podepisováním z dokumentu odstraníme komentáře (.NET s nimi má problémy pokud se kombinují s XPath transformacemi) XmlDocument strippedDoc = RemoveComments(doc); // definice mapování prefixů na jmenné prostory XmlNamespaceManager manager = new XmlNamespaceManager(strippedDoc.NameTable); manager.AddNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#"); // zjištění kolik podpisů již v dokumentu je int signatures = strippedDoc.SelectNodes("//dsig:Signature", manager).Count; // objekt sloužící pro vytvoření podpisu SignedXml signedXml = new SignedXml(strippedDoc); // podepisovat budeme privátním klíčem z certifikátu signedXml.SigningKey = cert.PrivateKey; // podepisovat budeme pomocí RSA-SHA256 signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; // reference na podepisovaný dokument ("" znamená celý dokument) Reference reference = new Reference(); reference.Uri = ""; // pro výpočet otisku se bude používat SHA-256 reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // digitální podpis bude přímo součástí dokumentu XML (tzv. "enveloped signature") XmlDsigEnvelopedSignatureTransform envTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envTransform); // navíc budeme používat XPath transoformaci, která dovoluje přidat několik podpisů najednou XmlDsigXPathTransform xpathTransform = new XmlDsigXPathTransform(); // příprava definice XPath transformace jako struktura XML signature XmlDocument transformBody = new XmlDocument(); // podoba XPath filtru se liší podle počtu podpisů if (signatures == 0) { transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature)</dsig:XPath>"); } else { transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature) or not(ancestor-or-self::dsig:Signature/preceding-sibling::dsig:Signature[" + signatures + "])</dsig:XPath>"); } // načtení definice XPath transformace do objektu xpathTransform.LoadInnerXml(transformBody.SelectNodes("/*[1]")); // přidání XPath transformace reference.AddTransform(xpathTransform); // přidání reference do podpisu signedXml.AddReference(reference); // přidání certifikátu do podpisu KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; // výpočet podpisu signedXml.ComputeSignature(); // získání XML reprezentace podpisu XmlElement xmlSignature = signedXml.GetXml(); // k podpisu přidáme identifikátor, tak jak doporučuje standard ISDOC xmlSignature.SetAttribute("Id", "Signature-" + (signatures + 1)); // XML dokument pro podepsaný výsledek XmlDocument result = new XmlDocument(); // bílé znaky musíme zachovat, jinak se špatně spočte hash result.PreserveWhitespace = true; // načtení původního dokumentu result.AppendChild(result.ImportNode(strippedDoc.DocumentElement, true)); // připojení podpisu na konec dokumentu XML result.DocumentElement.AppendChild(result.ImportNode(xmlSignature, true)); return(result); }
private static string AddSignature(X509Certificate2 certificate, string xml, bool useFingerprint, bool addReferenceURI) { var doc = new XmlDocument { PreserveWhitespace = true }; try { doc.LoadXml(xml); } catch (Exception) { return(xml); } // document is empty, parse issue, etc if (doc.DocumentElement == null) { return(xml); } // already has a signature on the root element if (doc.DocumentElement["Signature", SignedXml.XmlDsigNamespaceUrl] != null) { return(xml); } var rsaKey = (RSACryptoServiceProvider)certificate.PrivateKey; var ki = new KeyInfo(); if (useFingerprint) { ki.AddClause(new KeyInfoName(certificate.Thumbprint)); } else { ki.AddClause(new KeyInfoX509Data(certificate)); } var signedXml = new SignedXml(doc) { SigningKey = rsaKey }; var reference = new Reference("") { DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256" }; if (addReferenceURI) { reference.Uri = "#_a75adf55-01d7-40cc-929f-dbd8372ebdfc"; } reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.Signature.SignedInfo.AddReference(reference); signedXml.Signature.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.Signature.SignedInfo.SignatureMethod = XmlDsigRsaSha256Url; signedXml.Signature.KeyInfo = ki; signedXml.ComputeSignature(); var signature = signedXml.GetXml().CloneNode(true); doc.DocumentElement.AppendChild(doc.ImportNode(signature, true)); return(doc.OuterXml); }
/// <summary> /// O método assina digitalmente o arquivo XML passado por parâmetro e /// grava o XML assinado com o mesmo nome, sobreponto o XML informado por parâmetro. /// Disponibiliza também uma propriedade com uma string do xml assinado (this.vXmlStringAssinado) /// </summary> /// <param name="conteudoXML">Conteúdo do XML</param> /// <param name="tagAssinatura">Nome da tag onde é para ficar a assinatura</param> /// <param name="tagAtributoId">Nome da tag que tem o atributo ID, tag que vai ser assinada</param> /// <param name="x509Cert">Certificado a ser utilizado na assinatura</param> /// <param name="empresa">Índice da empresa que está solicitando a assinatura</param> /// <param name="algorithmType">Tipo de algoritimo para assinatura do XML.</param> /// <remarks> /// Autor: Wandrey Mundin Ferreira /// Data: 04/06/2008 /// </remarks> private void Assinar(XmlDocument conteudoXML, string tagAssinatura, string tagAtributoId, X509Certificate2 x509Cert, int empresa, AlgorithmType algorithmType, bool comURI) { try { if (conteudoXML.GetElementsByTagName(tagAssinatura).Count == 0) { throw new Exception("A tag de assinatura " + tagAssinatura.Trim() + " não existe no XML. (Código do Erro: 5)"); } else if (conteudoXML.GetElementsByTagName(tagAtributoId).Count == 0) { throw new Exception("A tag de assinatura " + tagAtributoId.Trim() + " não existe no XML. (Código do Erro: 4)"); } // Existe mais de uma tag a ser assinada else { XmlNodeList lists = conteudoXML.GetElementsByTagName(tagAssinatura); XmlNode listRPS = null; /// Esta condição foi feita especificamente para prefeitura de Governador Valadares pois o AtribudoID e o Elemento assinado devem possuir o mesmo nome. /// Talvez tenha que ser reavaliado. #region Governador Valadares if (tagAssinatura.Equals(tagAtributoId) && Empresas.Configuracoes[empresa].UnidadeFederativaCodigo == 3127701) { foreach (XmlNode item in lists) { if (listRPS == null) { listRPS = item; } if (item.Name.Equals(tagAssinatura)) { lists = item.ChildNodes; break; } } } #endregion Governador Valadares foreach (XmlNode nodes in lists) { foreach (XmlNode childNodes in nodes.ChildNodes) { if (!childNodes.Name.Equals(tagAtributoId)) { continue; } // Create a reference to be signed Reference reference = new Reference(); reference.Uri = ""; // pega o uri que deve ser assinada XmlElement childElemen = (XmlElement)childNodes; if (comURI) { if (childElemen.GetAttributeNode("Id") != null) { reference.Uri = "#" + childElemen.GetAttributeNode("Id").Value; } else if (childElemen.GetAttributeNode("id") != null) { reference.Uri = "#" + childElemen.GetAttributeNode("id").Value; } } // Create a SignedXml object. SignedXml signedXml = new SignedXml(conteudoXML); #if _fw46 //A3 if (!String.IsNullOrEmpty(Empresas.Configuracoes[empresa].CertificadoPIN) && clsX509Certificate2Extension.IsA3(x509Cert) && !Empresas.Configuracoes[empresa].CertificadoPINCarregado) { x509Cert.SetPinPrivateKey(Empresas.Configuracoes[empresa].CertificadoPIN); Empresas.Configuracoes[empresa].CertificadoPINCarregado = true; } if (algorithmType.Equals(AlgorithmType.Sha256)) { signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; signedXml.SigningKey = x509Cert.GetRSAPrivateKey(); } #endif if (algorithmType.Equals(AlgorithmType.Sha1)) { signedXml.SigningKey = x509Cert.PrivateKey; } // Add an enveloped transformation to the reference. reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigC14NTransform()); // Add the reference to the SignedXml object. signedXml.AddReference(reference); #if _fw46 if (algorithmType.Equals(AlgorithmType.Sha256)) { reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; } #endif // Create a new KeyInfo object KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(x509Cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); if (tagAssinatura.Equals(tagAtributoId) && Empresas.Configuracoes[empresa].UnidadeFederativaCodigo == 3127701) { ///Desenvolvido especificamente para prefeitura de governador valadares listRPS.AppendChild(conteudoXML.ImportNode(xmlDigitalSignature, true)); } else { // Gravar o elemento no documento XML nodes.AppendChild(conteudoXML.ImportNode(xmlDigitalSignature, true)); } } } } } catch (CryptographicException ex) { #region #10316 /* * Solução para o problema do certificado do tipo A3 * Marcelo * 29/07/2013 */ AssinaturaValida = false; if (clsX509Certificate2Extension.IsA3(x509Cert)) { x509Cert = Empresas.ResetCertificado(empresa); if (!TesteCertificado) { throw new Exception("O certificado deverá ser reiniciado.\r\n Retire o certificado.\r\nAguarde o LED terminar de piscar.\r\n Recoloque o certificado e informe o PIN novamente.\r\n" + ex.ToString());// #12342 concatenar com a mensagem original } } else { throw; } #endregion #10316 } catch { throw; } }
private static XmlDocument SignXml() { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.Load(".\\certificates\\samlRequestTemplate.xml"); X509Certificate2 certificate = CertificateHelper.GetCertificate(".\\certificates\\HuaweiCA.p12", "Pr0d1234"); //AsymmetricAlgorithm key = certificate.PrivateKey; AsymmetricAlgorithm key = certificate.PrivateKey; XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable); ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); ns.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); XmlElement issuerNode = (XmlElement)xmlDoc.DocumentElement.SelectSingleNode("saml:Issuer", ns); SignedXml signedXml = new SignedXml(xmlDoc.DocumentElement); signedXml.SigningKey = key; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; KeyInfo keyInfo = new KeyInfo(); //XmlDocument keyDoc = new XmlDocument(); //keyDoc.LoadXml(certificate.PublicKey.Key.ToXmlString(false)); //keyInfo.LoadXml(keyDoc.DocumentElement); keyInfo.AddClause(new KeyInfoX509Data(certificate)); signedXml.KeyInfo = keyInfo; string refId = xmlDoc.DocumentElement.GetAttribute("ID"); Reference reference = new Reference(); reference.Uri = "#" + refId; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform(); env2.InclusiveNamespacesPrefixList = "#default code ds kind rw saml samlp typens"; reference.AddTransform(env2); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.InsertAfter(xmlDoc.ImportNode(xmlDigitalSignature, true), issuerNode); //xmlDoc.NameTable.Add("samlp"); //XmlElement nameIDPolicyElem = xmlDoc.CreateElement("samlp", "NameIDPolicy", "urn:oasis:names:tc:SAML:2.0:protocol"); //nameIDPolicyElem.SetAttribute("AllowCreate", "False"); //xmlDoc.DocumentElement.AppendChild(nameIDPolicyElem); xmlDoc.Save("samleRequestCSharp.xml"); return(xmlDoc); }
private bool WriteLicenseToFile(string appDir, bool spfold, int version) { var str1 = string.Format("{0}-{1}-{2}-{3}-{4}", "U3", "AAAA", "AAAA", "AAAA", "AAAA"); var byteList1 = new List <byte>(); byteList1.AddRange(Encoding.ASCII.GetBytes(string.Format("{0}-{1}", str1, "NUUN"))); if (version != 20172) { List <string> stringList = new List <string>() { "<root>", " <TimeStamp2 Value=\"cn/lkLOZ3vFvbQ==\"/>", " <TimeStamp Value=\"jWj8PXAeZMPzUw==\"/>", " <License id=\"Terms\">", " <ClientProvidedVersion Value=\"\"/>", string.Format(" <DeveloperData Value=\"{0}\"/>", (object)Convert.ToBase64String(byteList1.ToArray())), " <Features>" }; foreach (var num in LicHeader.ReadAll()) { stringList.Add(string.Format(" <Feature Value=\"{0}\"/>", (object)num)); } stringList.Add(" </Features>"); if (version < 500) { stringList.Add(" <LicenseVersion Value=\"4.x\"/>"); } if (version >= 500 && version < 2017) { stringList.Add(" <LicenseVersion Value=\"5.x\"/>"); } if (version == 2017) { stringList.Add(" <LicenseVersion Value=\"2017.x\"/>"); } if (version == 20171) { stringList.Add(" <LicenseVersion Value=\"6.x\"/>"); } stringList.Add(" <MachineBindings>"); stringList.Add(" </MachineBindings>"); stringList.Add(" <MachineID Value=\"\"/>"); stringList.Add(" <SerialHash Value=\"\"/>"); stringList.Add(string.Format(" <SerialMasked Value=\"{0}-XXXX\"/>", (object)str1)); DateTime now = DateTime.Now; stringList.Add(string.Format(" <StartDate Value=\"{0}T00:00:00\"/>", (object)now.AddDays(-1.0).ToString("yyyy-MM-dd"))); stringList.Add(" <StopDate Value=\"\"/>"); stringList.Add(string.Format(" <UpdateDate Value=\"{0}T00:00:00\"/>", (object)now.AddYears(10).ToString("yyyy-MM-dd"))); stringList.Add(" </License>"); stringList.Add(""); stringList.Add("<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"); stringList.Add("<SignedInfo>"); stringList.Add("<CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments\"/>"); stringList.Add("<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>"); stringList.Add("<Reference URI=\"#Terms\">"); stringList.Add("<Transforms>"); stringList.Add("<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>"); stringList.Add("</Transforms>"); stringList.Add("<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>"); stringList.Add("<DigestValue>oeMc1KScgy617DHMPTxbYhqNjIM=</DigestValue>"); stringList.Add("</Reference>"); stringList.Add("</SignedInfo>"); stringList.Add("<SignatureValue>WuzMPTi0Ko1vffk9gf9ds/iU0b0K8UHaLpi4kWgm6q1am5MPTYYnzH1InaSWuzYo"); stringList.Add("EpJThKspOZdO0JISeEolNdJVf3JpsY55OsD8UaruvhwZn4r9pLeNSC7SzQ1rvAWP"); stringList.Add("h77XaHizhVVs15w6NYevP27LTxbZaem5L8Zs+34VKXQFeG4g0dEI/Jhl70TqE0CS"); stringList.Add("YNF+D0zqEtyMNHsh0Rq/vPLSzPXUN12jfPLZ3dO9B+9/mG7Ljd6emZjjLZUVuSKQ"); stringList.Add("uKxN5jlHZsm2kRMudijICV6YOWMPT+oZePlCg+BJQg5/xcN5aYVBDZhNeuNwQL1H"); stringList.Add("MPT/GJPxVuETgd9k8c4uDg==</SignatureValue>"); stringList.Add("</Signature>"); stringList.Add("</root>"); string str2 = ""; if (version < 500) { str2 = "Unity_v4.x.ulf"; } if (version >= 500 && version < 2017) { str2 = "Unity_v5.x.ulf"; } if (version == 2017) { str2 = "Unity_v2017.x.ulf"; } if (version == 20171) { str2 = "Unity_lic.ulf"; } var path = string.Empty; if (spfold) { path = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData) + "\\Unity"; if (!Directory.Exists(path)) { try { Directory.CreateDirectory(path); } catch (Exception ex) { spfold = false; var num = (int)MessageBox.Show(ex.Message, string.Empty, MessageBoxButtons.OK); } } } if (spfold) { if (File.Exists(path + "/" + str2)) { spfold = TestAtr(path + "/" + str2); if (spfold && MessageBox.Show(string.Format("Replace the \"{0}\\{1}\"?", path, str2), string.Empty, MessageBoxButtons.YesNo, MessageBoxIcon.Question) != System.Windows.Forms.DialogResult.OK) { stringList.Clear(); return(true); } } if (spfold) { try { if (version < 500) { str2 = "Unity_v4.x.ulf"; } if (version >= 500 && version < 2017) { str2 = "Unity_v5.x.ulf"; } if (version == 2017) { str2 = "Unity_v2017.x.ulf"; } if (version == 20171) { str2 = "Unity_lic.ulf"; } if (str2 == "Unity_lic.ulf") { using (FileStream fileStream = new FileStream(path + "/" + str2, FileMode.Append)) { foreach (object obj in stringList) { byte[] bytes = Encoding.ASCII.GetBytes(string.Format("{0}\r", obj)); fileStream.Write(bytes, 0, bytes.Length); } fileStream.Flush(); fileStream.Close(); } } else { File.WriteAllLines(path + "/" + str2, (IEnumerable <string>)stringList); } } catch (Exception ex) { spfold = false; int num = (int)MessageBox.Show(ex.Message, string.Empty, MessageBoxButtons.OK); } } } if (!spfold) { if (File.Exists(appDir + "/" + str2)) { if (TestAtr(appDir + "/" + str2)) { if (MessageBox.Show(string.Format("Replace the \"{0}\\{1}\"?", appDir, str2), string.Empty, MessageBoxButtons.YesNo, MessageBoxIcon.Question) != System.Windows.Forms.DialogResult.OK) { stringList.Clear(); return(true); } } else { stringList.Clear(); return(false); } } try { if (version < 500) { str2 = "Unity_v4.x.ulf"; } if (version >= 500 && version < 2017) { str2 = "Unity_v5.x.ulf"; } if (version == 2017) { str2 = "Unity_v2017.x.ulf"; } if (version == 20171) { str2 = "Unity_lic.ulf"; } if (str2 == "Unity_lic.ulf") { using (FileStream fileStream = new FileStream(path + "/" + str2, FileMode.Append)) { foreach (object obj in stringList) { byte[] bytes = Encoding.ASCII.GetBytes(string.Format("{0}\r", obj)); fileStream.Write(bytes, 0, bytes.Length); } fileStream.Flush(); fileStream.Close(); } } else { File.WriteAllLines(path + "/" + str2, (IEnumerable <string>)stringList); } } catch (Exception ex) { stringList.Clear(); int num = (int)MessageBox.Show(ex.Message, string.Empty, MessageBoxButtons.OK); return(false); } } stringList.Clear(); return(true); } string s = string.Format("{0}-{1}-{2}-{3}-{4}-{5}", "U3", "AAAA", "AAAA", "AAAA", "AAAA", "AAAA"); int[] numArray = LicHeader.ReadAll(); if (s.Length != 27) { int num = (int)MessageBox.Show("Invalid Key must be \"27\" chars.", string.Empty, MessageBoxButtons.OK); return(false); } string path2 = "Unity_lic.ulf"; string str3 = s.Remove(s.Length - 4, 4) + "XXXX"; string base64String = Convert.ToBase64String(((IEnumerable <byte>)((IEnumerable <byte>) new byte[4] { (byte)1, (byte)0, (byte)0, (byte)0 }).Concat <byte>((IEnumerable <byte>)Encoding.ASCII.GetBytes(s)).ToArray <byte>()).ToArray <byte>()); string str4 = "6.x"; string str5 = "false"; string str6 = ""; DateTime dateTime = DateTime.UtcNow; dateTime = dateTime.AddDays(-1.0); string str7 = dateTime.ToString("s", (IFormatProvider)CultureInfo.InvariantCulture); Dictionary <string, string> dictionary = new Dictionary <string, string>(); string str8 = ""; string str9 = ""; string str10 = ""; string str11 = ""; dateTime = DateTime.UtcNow; dateTime = dateTime.AddYears(10); string str12 = dateTime.ToString("s", (IFormatProvider)CultureInfo.InvariantCulture); MemoryStream memoryStream = new MemoryStream(); XmlWriterSettings settings = new XmlWriterSettings() { Indent = true, IndentChars = " ", NewLineChars = "\n", OmitXmlDeclaration = true, Encoding = Encoding.ASCII }; using (XmlWriter xmlWriter = XmlWriter.Create((Stream)memoryStream, settings)) { xmlWriter.WriteStartElement("root"); xmlWriter.WriteStartElement("License"); xmlWriter.WriteAttributeString("id", "Terms"); xmlWriter.WriteStartElement("AlwaysOnline"); xmlWriter.WriteAttributeString("Value", str5); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("ClientProvidedVersion"); xmlWriter.WriteAttributeString("Value", str6); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("DeveloperData"); xmlWriter.WriteAttributeString("Value", base64String); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("Features"); foreach (int num in numArray) { xmlWriter.WriteStartElement("Feature"); xmlWriter.WriteAttributeString("Value", num.ToString()); xmlWriter.WriteEndElement(); } xmlWriter.WriteFullEndElement(); xmlWriter.WriteStartElement("InitialActivationDate"); xmlWriter.WriteAttributeString("Value", str7); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("LicenseVersion"); xmlWriter.WriteAttributeString("Value", str4); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("MachineBindings"); foreach (KeyValuePair <string, string> keyValuePair in dictionary) { xmlWriter.WriteStartElement("Binding"); xmlWriter.WriteAttributeString("Key", keyValuePair.Key); xmlWriter.WriteAttributeString("Value", keyValuePair.Value); xmlWriter.WriteEndElement(); } xmlWriter.WriteFullEndElement(); xmlWriter.WriteStartElement("MachineID"); xmlWriter.WriteAttributeString("Value", str8); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("SerialHash"); xmlWriter.WriteAttributeString("Value", str9); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("SerialMasked"); xmlWriter.WriteAttributeString("Value", str3); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("StartDate"); xmlWriter.WriteAttributeString("Value", str10); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("StopDate"); xmlWriter.WriteAttributeString("Value", str11); xmlWriter.WriteEndElement(); xmlWriter.WriteStartElement("UpdateDate"); xmlWriter.WriteAttributeString("Value", str12); xmlWriter.WriteEndElement(); xmlWriter.WriteEndElement(); xmlWriter.WriteEndElement(); xmlWriter.Flush(); } memoryStream.Position = 0L; XmlDocument document = new XmlDocument() { PreserveWhitespace = true }; document.Load((Stream)memoryStream); SignedXml signedXml = new SignedXml(document) { SigningKey = (AsymmetricAlgorithm) new RSACryptoServiceProvider() }; Reference reference = new Reference() { Uri = "#Terms" }; reference.AddTransform((System.Security.Cryptography.Xml.Transform) new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(reference); signedXml.ComputeSignature(); StringBuilder output = new StringBuilder(); using (XmlWriter w = XmlWriter.Create(output, settings)) { XmlDocument xmlDocument1 = new XmlDocument(); string innerXml = document.InnerXml; xmlDocument1.InnerXml = innerXml; XmlDocument xmlDocument2 = xmlDocument1; XmlElement documentElement = xmlDocument2.DocumentElement; if (documentElement != null) { XmlNode newChild = xmlDocument2.ImportNode((XmlNode)signedXml.GetXml(), true); documentElement.AppendChild(newChild); } xmlDocument2.Save(w); w.Flush(); } string contents = output.Replace(" />", "/>").ToString(); string str13 = spfold ? Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "Unity") : appDir; string path1 = Path.Combine(str13, path2); try { Directory.CreateDirectory(str13); if (File.Exists(path1) && this.TestAtr(path1) && MessageBox.Show(string.Format("Replace the \"{0}\"?", (object)path1), string.Empty, MessageBoxButtons.YesNo, MessageBoxIcon.Question) != System.Windows.Forms.DialogResult.OK) { return(true); } File.WriteAllText(path1, contents); } catch (Exception ex) { int num = (int)MessageBox.Show(ex.Message, string.Empty, MessageBoxButtons.OK); return(false); } return(true); }
/// <summary> /// 该方法进行数字签名XML文件传递的参数和 ///写相同名称,sobreponto通过参数告知XML签署的XML。 ///它还提供了一个与物业签订XML字符串(this.vXmlStringAssinado) /// </summary> /// <param name="arqXmlAssinar">要签名XML文件名</param> /// <param name="tagAssinatura">标签名在得到签名</param> /// <param name="tagAtributoId">有将要签署的ID属性标记标签名称</param> /// <param name="x509Cert">在签名时使用证书</param> public void EncryptXmlDocument(string arqXmlAssinar, string tagAssinatura, string tagAtributoId, X509Certificate2 x509Cert) { StreamReader sr = null; try { //打开XML文件进行签名和阅读你的内容 sr = System.IO.File.OpenText(arqXmlAssinar); var xmlString = sr.ReadToEnd(); sr.Close(); sr = null; // 创建一个新的XML文档。 XmlDocument doc = new XmlDocument { PreserveWhitespace = false }; doc.LoadXml(xmlString); if (doc.GetElementsByTagName(tagAssinatura).Count == 0) { throw new Exception(tagAssinatura.Trim()); } if (doc.GetElementsByTagName(tagAtributoId).Count == 0) { throw new Exception(tagAtributoId.Trim()); } // 有多个标记进行签名 XmlNodeList lists = doc.GetElementsByTagName(tagAssinatura); foreach (XmlNode nodes in lists) { foreach (XmlNode childNodes in nodes.ChildNodes) { if (!childNodes.Name.Equals(tagAtributoId)) { continue; } if (childNodes.NextSibling != null && childNodes.NextSibling.Name.Equals("Signature")) { continue; } //创建要签名的引用 Reference reference = new Reference { Uri = "" }; //需要要签名的孩子 XmlElement childElemen = (XmlElement)childNodes; if (childElemen.GetAttributeNode("Id") != null) { var attributeNode = childElemen.GetAttributeNode("Id"); if (attributeNode != null) { reference.Uri = "#" + attributeNode.Value; } } else if (childElemen.GetAttributeNode("id") != null) { var attributeNode = childElemen.GetAttributeNode("id"); if (attributeNode != null) { reference.Uri = "#" + attributeNode.Value; } } XmlDocument documentoNovo = new XmlDocument(); documentoNovo.LoadXml(nodes.OuterXml); // 创建一个SignedXml对象。 SignedXml signedXml = new SignedXml(documentoNovo) { SigningKey = x509Cert.PrivateKey }; // 将密钥添加到签名的Xml文档 // 向引用添加包络变换。 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // 将引用添加到SignedXml对象。 signedXml.AddReference(reference); // 创建一个新的键入对象 KeyInfo keyInfo = new KeyInfo(); // 将证书加载到KeyInfoX509Data对象中 //并将它添加到KeyInfo对象。 keyInfo.AddClause(new KeyInfoX509Data(x509Cert)); //将KeyInfo对象添加到SignedXml对象。 signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); // 获取签名的XML表示并保存它到一个XmlElement对象。 XmlElement xmlDigitalSignature = signedXml.GetXml(); // 保存该元素的XML文档中 nodes.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); } } var xmlDoc = doc; // XML的更新字符串已经签约 var stringXmlAssinado = xmlDoc.OuterXml; // 编写XML高清签名 StreamWriter sw2 = System.IO.File.CreateText(arqXmlAssinar); sw2.Write(stringXmlAssinado); sw2.Close(); } catch (CryptographicException ex) { throw new CryptographicException(ex.Message); } catch (Exception e) { throw new Exception(e.Message); } finally { if (sr != null) { sr.Close(); } } }
// Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Specify a canonicalization method. signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl; // Set the InclusiveNamespacesPrefixList property. XmlDsigExcC14NWithCommentsTransform canMethod = (XmlDsigExcC14NWithCommentsTransform)signedXml.SignedInfo.CanonicalizationMethodObject; canMethod.InclusiveNamespacesPrefixList = "Sign"; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)Key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
/// <summary> /// Signs the specified xml document with the certificate found in /// the local machine matching the provided friendly name and /// referring to the specified target reference ID. /// </summary> /// <param name="certFriendlyName"> /// Friendly Name of the X509Certificate to be retrieved /// from the LocalMachine keystore and used to sign the xml document. /// Be sure to have appropriate permissions set on the keystore. /// </param> /// <param name="xml"> /// XML document to be signed. /// </param> /// <param name="targetReferenceId"> /// Reference element that will be specified as signed. /// </param> /// <param name="includePublicKey"> /// Flag to determine whether to include the public key in the /// signed xml. /// </param> /// <param name="signatureMethod">Identifier of the signature method.</param> /// <param name="digestMethod">Identifier of the digest method.</param> public void SignXml(string certFriendlyName, XmlDocument xml, string targetReferenceId, bool includePublicKey, string signatureMethod, string digestMethod) { if (string.IsNullOrEmpty(certFriendlyName)) { throw new Saml2Exception(Resources.SignedXmlInvalidCertFriendlyName); } if (xml == null) { throw new Saml2Exception(Resources.SignedXmlInvalidXml); } if (string.IsNullOrEmpty(targetReferenceId)) { throw new Saml2Exception(Resources.SignedXmlInvalidTargetRefId); } var cert = m_certificateFactory.GetCertificateByFriendlyName(certFriendlyName, m_logger); if (cert == null) { throw new Saml2Exception(Resources.SignedXmlCertNotFound); } using (var signingKey = cert.GetRSAPrivateKey()) { var signedXml = new SignedXml(xml) { SigningKey = signingKey }; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (signatureMethod != null) { signedXml.SignedInfo.SignatureMethod = signatureMethod; } if (includePublicKey) { var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; } var reference = new Reference { Uri = "#" + targetReferenceId }; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); if (digestMethod != null) { reference.DigestMethod = digestMethod; } signedXml.AddReference(reference); signedXml.ComputeSignature(); var xmlSignature = signedXml.GetXml(); var nsMgr = new XmlNamespaceManager(xml.NameTable); nsMgr.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsMgr.AddNamespace("saml", Saml2Constants.NamespaceSamlAssertion); nsMgr.AddNamespace("samlp", Saml2Constants.NamespaceSamlProtocol); var issuerNode = TryGetNode(xml, nsMgr, "saml:Issuer"); if (issuerNode != null) { RequireRootElement(xml).InsertAfter(xmlSignature, issuerNode); } else { // Insert as a child to the target reference id var targetNode = RequireNode(xml, nsMgr, "//*[@ID='" + targetReferenceId + "']"); targetNode.PrependChild(xmlSignature); } } }
public XmlDocument Assinar(string lsConteudoXML, string pUri, X509Certificate2 pCertificado, TipoAssinatura tipoassinatura, string idUri) { pUri = "Reinf"; //Abrir o arquivo XML a ser assinado e ler o seu conteúdo string vXMLString = lsConteudoXML; //if (!string.IsNullOrEmpty(pArqXMLAssinar)) //{ // using (StreamReader SR = File.OpenText(pArqXMLAssinar)) // { // vXMLString = SR.ReadToEnd(); // SR.Close(); // } //} //Atualizar atributos de retorno com conteúdo padrão this.vResultado = 0; this.vResultadoString = "Assinatura realizada com sucesso"; try { // Verifica o certificado a ser utilizado na assinatura string _xnome = ""; if (pCertificado != null) { _xnome = pCertificado.Subject.ToString(); } X509Certificate2 _X509Cert = new X509Certificate2(); X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectDistinguishedName, _xnome, false); if (collection1.Count == 0) { this.vResultado = 2; this.vResultadoString = "Problemas no certificado digital"; } else { // certificado ok _X509Cert = collection1[0]; string x; x = _X509Cert.GetKeyAlgorithm().ToString(); // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it’s name. try { doc.LoadXml(vXMLString); // Verifica se a tag a ser assinada existe é única int qtdeRefUri = doc.GetElementsByTagName(pUri).Count; if (qtdeRefUri == 0) { // a URI indicada não existe this.vResultado = 4; this.vResultadoString = "A tag de assinatura " + pUri.Trim() + " não existe"; } // Exsiste mais de uma tag a ser assinada else { if (qtdeRefUri > 1) { // existe mais de uma URI indicada this.vResultado = 5; this.vResultadoString = "A tag de assinatura " + pUri.Trim() + " não é unica"; } else { try { // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); #region Alteracao01 // if (!COM_Pin) && //clsX509Certificate2Extension.IsA3(x509Cert) && //!Empresas.Configuracoes[empresa].CertificadoPINCarregado) // { // x509Cert.SetPinPrivateKey(Empresas.Configuracoes[empresa].CertificadoPIN); // Empresas.Configuracoes[empresa].CertificadoPINCarregado = true; // } if (tipoassinatura == TipoAssinatura.Sha256) { signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; signedXml.SigningKey = _X509Cert.GetRSAPrivateKey(); } else { signedXml.SigningKey = _X509Cert.PrivateKey; } #endregion Alteracao01 // Add the key to the SignedXml document //signedXml.SigningKey = _X509Cert.PrivateKey; // Create a reference to be signed Reference reference = new Reference(); // pega o uri que deve ser assinada XmlAttributeCollection _Uri = doc.GetElementsByTagName(pUri).Item(0).Attributes; reference.Uri = "#" + idUri; //foreach (XmlAttribute _atributo in _Uri) //{ // if (_atributo.Name == "Id") // { // reference.Uri = "#" + _atributo.InnerText; // } //} // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); #region Alteracao2 if (tipoassinatura == TipoAssinatura.Sha256) { reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; } #endregion Alteracao2 // Create a new KeyInfo object KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(_X509Cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Gravar o elemento no documento XML doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); XMLDoc = new XmlDocument(); XMLDoc.PreserveWhitespace = false; XMLDoc = doc; // Atualizar a string do XML já assinada this.vXMLStringAssinado = XMLDoc.OuterXml; // Gravar o XML no HD //wob alterei //StreamWriter SW_2 = File.CreateText(pArqXMLAssinar); //SW_2.Write(this.vXMLStringAssinado); //SW_2.Close(); } catch (Exception caught) { this.vResultado = 6; this.vResultadoString = "Erro ao assinar o documento - " + caught.Message; } } } } catch (Exception caught) { this.vResultado = 3; this.vResultadoString = "XML mal formado - " + caught.Message; } } } catch (Exception caught) { this.vResultado = 1; this.vResultadoString = "Problema ao acessar o certificado digital" + caught.Message; } return(XMLDoc); }
public XmlDocument AssinaXML(string xml, string strUri, X509Certificate2 _X509Cert) { try { string x = _X509Cert.GetKeyAlgorithm().ToString(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = false; doc.LoadXml(xml); //Verifica se a tag a ser assinada existe e é única int qtdeRefUri = doc.GetElementsByTagName(strUri).Count; if (qtdeRefUri == 0) { //' a URI indicada não existe //Console.WriteLine("A tag de assinatura " + strUri + " não existe no XML. (Código do Erro: 4)"); //Throw New Exception("A tag de assinatura " & strUri.Trim() & " não existe no XML. (Código do Erro: 4)") //intResultado = 4; } else { if (doc.GetElementsByTagName("Signature").Count == 0) { SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = _X509Cert.PrivateKey; Reference reference = new Reference(); //pega o uri que deve ser assinada XmlAttributeCollection _Uri = doc.GetElementsByTagName(strUri).Item(0).Attributes; foreach (XmlAttribute _atributo in _Uri) { if (_atributo.Name == "Id") { reference.Uri = "#" + _atributo.InnerText; } } XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); signedXml.AddReference(reference); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(_X509Cert)); signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); if (strUri == "infNFe" || strUri == "infInut") { doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); } else if (strUri == "infEvento") { doc.GetElementsByTagName("evento").Item(0).AppendChild(doc.ImportNode(xmlDigitalSignature, true)); } /* * string caminho = strUri != "infEvento" ? @"C:\Documents and Settings\Renan\Desktop\gerarxmlASSINADO.xml" : @"C:\Documents and Settings\Renan\Desktop\new20Assinada - CCe.xml"; * using (XmlTextWriter xmlWriter = new XmlTextWriter(caminho, null)) * { * xmlWriter.Formatting = Formatting.None; * doc.Save(xmlWriter); * } */ } } return(doc); } catch (Exception) { throw; } }
// Sign an XML file and save the signature in a new file. public static void SignXmlFile(XmlDocument doc, string signedFileName, RSA key) { // Check the arguments. if (doc == null) { throw new ArgumentNullException("doc"); } if (signedFileName == null) { throw new ArgumentNullException("signedFileName"); } if (key == null) { throw new ArgumentNullException("key"); } // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc) { // Add the key to the SignedXml document. SigningKey = key }; // Create a reference to be signed. Reference reference = new Reference { Uri = string.Empty }; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue(key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. if (doc.DocumentElement != null) { doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); } if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(signedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
public string Sign(string xml, string nodeToSign, string certificateSerialNumber, string certificatePassword = null) { try { _log.Debug(""); _log.Debug("NOVA ASSINATURA"); _log.Debug(new string('-', 150)); _log.Debug(""); _log.Debug($"O conteúdo do XML é NULO ou Vazio? {string.IsNullOrEmpty(xml)}"); _log.Debug(""); _log.Debug($"nodeToSign: {nodeToSign}"); _log.Debug($"certificateSerialNumber: {certificateSerialNumber}"); _log.Debug($"certificatePassword: {certificatePassword}"); _log.Debug(""); _log.Debug($"XML Recebido:{Environment.NewLine}{Environment.NewLine}{xml}"); _log.Debug(""); if (string.IsNullOrEmpty(xml)) { throw new Exception("Conteúdo de XML inválido"); } xml = xml.NormalizeXml(); if (string.IsNullOrEmpty(xml)) { throw new Exception("O conteúdo do XML não foi informado"); } var doc = new XmlDocument(); try { doc.LoadXml(xml); } catch (Exception e) { _log.Error(e, "Erro ao carregar o Documento XML"); throw; } _log.Debug("Documento XML criado"); var nodes = doc.GetElementsByTagName(nodeToSign); if (nodes.Count == 0) { throw new Exception("Conteúdo de XML inválido"); } _log.Debug($"Tag {nodeToSign} encontrada"); var certificate = new CertificateRepository().GetBySerialNumber(certificateSerialNumber); if (certificate == null) { throw new Exception("Não foi possível encontrar o certificado"); } _log.Debug($"Certificado obtido: {certificate.Subject}"); foreach (XmlElement node in nodes) { _log.Debug("Adicionar tipo de criptografia a engine"); CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); _log.Debug("RSAPKCS1SHA256SignatureDescription adicionada"); var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(certificate)); _log.Debug("KeyInfo criado e cláusula adicionada"); var Key = (RSACryptoServiceProvider)certificate.PrivateKey; _log.Debug("key obtida"); var signedXml = new SignedXml(node) { SigningKey = Key, KeyInfo = keyInfo }; _log.Debug("SignedXML criado"); signedXml.SigningKey = ReadCard(Key, certificatePassword); signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; _log.Debug("SignedXML preparado"); var id = node.Attributes.GetNamedItem("Id").InnerText; _log.Debug($"ID #{id}"); var reference = new Reference($"#{id}"); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigC14NTransform(false)); reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; reference.Uri = ""; _log.Debug("Referências criadas"); signedXml.AddReference(reference); _log.Debug("Referências adicionadas"); _log.Debug("A criar assinatura"); signedXml.ComputeSignature(); _log.Debug("Assinatura criada"); var signature = signedXml.GetXml(); _log.Debug("A adicionar a assinatura no documento"); var eSocialNode = node.ParentNode; if (eSocialNode == null) { throw new Exception("Não foi possível encontrar o Nó do eSocial"); } eSocialNode.AppendChild(signature); _log.Debug("Assinatura adicionada"); } _log.Debug("Atualizando XML de saída"); var sb = new StringBuilder(); using (var writer = XmlWriter.Create(sb, new XmlWriterSettings { Indent = false })) doc.WriteTo(writer); _log.Debug($"XML Assinado:{Environment.NewLine}{Environment.NewLine}{doc.OuterXml}{Environment.NewLine}"); var signatureCount = doc.GetElementsByTagName("Signature").Count; _log.Debug($"Quantidade de assinaturas geradas: {signatureCount}"); return(doc.OuterXml); } catch (Exception e) { _log.Debug("Erro"); _log.Error(e, ""); throw; } }
// Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key) { // Check the arguments. if (FileName == null) { throw new ArgumentNullException("FileName"); } if (SignedFileName == null) { throw new ArgumentNullException("SignedFileName"); } if (Key == null) { throw new ArgumentNullException("Key"); } // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Get the signature object from the SignedXml object. Signature XMLSignature = signedXml.Signature; // Create a reference to be signed. Pass "" // to specify that all of the current XML // document should be signed. Reference reference = new Reference(""); // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the Reference object to the Signature object. XMLSignature.SignedInfo.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)Key)); // Add the KeyInfo object to the Reference object. XMLSignature.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
private static bool hashsignfile(string file) { try { if (selectedcert == null) { selectedcert = selectcert(); } string hash = hashfile(file); FileInfo info = new FileInfo(file); Directory.SetCurrentDirectory(info.Directory.FullName); System.IO.MemoryStream mxml = new System.IO.MemoryStream(); XmlWriter xwriter = XmlWriter.Create(mxml); xwriter.WriteStartDocument(); xwriter.WriteStartElement("DigiSig"); xwriter.WriteElementString("hash", hash); xwriter.WriteElementString("size", info.Length.ToString()); xwriter.WriteElementString("signtime", DateTime.Now.ToString()); xwriter.WriteElementString("creator", System.Security.Principal.WindowsIdentity.GetCurrent().Name); xwriter.WriteEndElement(); xwriter.WriteEndDocument(); xwriter.Flush(); mxml.Position = 0; XmlDocument xmldoc = new XmlDocument(); xmldoc.Load(mxml); /*CspParameters parms = new CspParameters(1); * parms.KeyContainerName = selectedcert; * RSACryptoServiceProvider csp = new RSACryptoServiceProvider(parms);*/ RSACryptoServiceProvider csp = (RSACryptoServiceProvider)selectedcert.PrivateKey; Reference r = new Reference(""); r.AddTransform(new XmlDsigEnvelopedSignatureTransform(false)); SignedXml sxml = new SignedXml(xmldoc); sxml.SigningKey = csp; sxml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; sxml.AddReference(r); sxml.ComputeSignature(); XmlElement sig = sxml.GetXml(); xmldoc.DocumentElement.AppendChild(sig); XmlTextWriter writer = new XmlTextWriter(file + ".sha", UTF8Encoding.UTF8); writer.Formatting = Formatting.Indented; xmldoc.WriteTo(writer); writer.Flush(); writer.Close(); //appLog.WriteEntry("Hashed File: "+file, System.Diagnostics.EventLogEntryType.Information); return(true); } catch (Exception e) { //appLog.WriteEntry(e.Message + e.StackTrace, System.Diagnostics.EventLogEntryType.Warning); //Console.WriteLine(e.Message + e.TargetSite); return(false); } }
// <Snippet2> // Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, DSA DSAKey) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the DSA key to the SignedXml document. signedXml.SigningKey = DSAKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add a transformation to the reference. Transform trns = new XmlDsigC14NTransform(); reference.AddTransform(trns); // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add a DSAKeyValue to the KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new DSAKeyValue((DSA)DSAKey)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
public static XmlDocument Assinar(XmlDocument docXML, string pUri, X509Certificate2 pCertificado) { try { // Load the certificate from the certificate store. X509Certificate2 cert = pCertificado; // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc = docXML; // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = cert.PrivateKey; // Create a reference to be signed. Reference reference = new Reference(); // pega o uri que deve ser assinada XmlAttributeCollection _Uri = doc.GetElementsByTagName(pUri).Item(0).Attributes; foreach (XmlAttribute _atributo in _Uri) { if (_atributo.Name == "Id") { reference.Uri = "#" + _atributo.InnerText; } } // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a new KeyInfo object. KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } return doc; } catch (Exception ex) { throw new Exception("Erro ao efetuar assinatura digital, detalhes: " + ex.Message); } }
private String Assinar(Nota nota, X509Certificate2 x509Cert, String TagAssinatura, String URI = "") { string xmlString; using (var srReader = File.OpenText(nota.CaminhoFisico)) { xmlString = srReader.ReadToEnd(); } // Create a new XML document. var doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; doc.LoadXml(xmlString); XmlDocument xMLDoc; var reference = new Reference(); if (!String.IsNullOrEmpty(nota.NotaId)) { reference.Uri = "#" + TagAssinatura + nota.NotaId; } else if (!String.IsNullOrEmpty(URI)) { reference.Uri = URI; } // Create a SignedXml object. var signedXml = new SignedXml(doc); // Add the key to the SignedXml document signedXml.SigningKey = x509Cert.PrivateKey; // Add an enveloped transformation to the reference. var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); var c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a new KeyInfo object var keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(x509Cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. var xmlDigitalSignature = signedXml.GetXml(); // Gravar o elemento no documento XML var assinaturaNodes = doc.GetElementsByTagName(TagAssinatura); foreach (XmlNode nodes in assinaturaNodes) { nodes.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); break; } xMLDoc = new XmlDocument(); xMLDoc.PreserveWhitespace = false; xMLDoc = doc; // Atualizar a string do XML já assinada var StringXMLAssinado = xMLDoc.OuterXml; //Atualiza a nota assinada nota.ConteudoXml = StringXMLAssinado; // Gravar o XML Assinado no HD var SignedFile = nota.CaminhoFisico; var SW_2 = File.CreateText(SignedFile); SW_2.Write(StringXMLAssinado); SW_2.Close(); return(SignedFile); }
public static string Sign(string xml, X509Certificate2 certificate) { if (xml == null) throw new ArgumentNullException("xml"); if (certificate == null) throw new ArgumentNullException("certificate"); if (!certificate.HasPrivateKey) throw new ArgumentException("certificate", "Certificate should have a private key"); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xml); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = certificate.PrivateKey; // Attach certificate KeyInfo KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(keyInfoData); signedXml.KeyInfo = keyInfo; // Attach transforms var reference = new Reference(""); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false)); reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false)); signedXml.AddReference(reference); // Compute signature signedXml.ComputeSignature(); var signatureElement = signedXml.GetXml(); // Add signature to bundle doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true)); return doc.OuterXml; }
/// <summary> /// Signs the specified xml document with the certificate found in /// the local machine matching the provided friendly name and /// referring to the specified target reference ID. /// </summary> /// <param name="certFriendlyName"> /// Friendly Name of the X509Certificate to be retrieved /// from the LocalMachine keystore and used to sign the xml document. /// Be sure to have appropriate permissions set on the keystore. /// </param> /// <param name="xmlDoc"> /// XML document to be signed. /// </param> /// <param name="targetReferenceId"> /// Reference element that will be specified as signed. /// </param> /// <param name="includePublicKey"> /// Flag to determine whether to include the public key in the /// signed xml. /// </param> public void SignXml(string certFriendlyName, IXPathNavigable xmlDoc, string targetReferenceId, bool includePublicKey) { if (string.IsNullOrEmpty(certFriendlyName)) { throw new Saml2Exception(Resources.SignedXmlInvalidCertFriendlyName); } if (xmlDoc == null) { throw new Saml2Exception(Resources.SignedXmlInvalidXml); } if (string.IsNullOrEmpty(targetReferenceId)) { throw new Saml2Exception(Resources.SignedXmlInvalidTargetRefId); } X509Certificate2 cert = _certificateFactory.GetCertificateByFriendlyName(certFriendlyName); if (cert == null) { throw new Saml2Exception(Resources.SignedXmlCertNotFound); } var xml = (XmlDocument)xmlDoc; var signedXml = new SignedXml(xml); signedXml.SigningKey = cert.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (includePublicKey) { var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; } var reference = new Reference(); reference.Uri = "#" + targetReferenceId; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlSignature = signedXml.GetXml(); var nsMgr = new XmlNamespaceManager(xml.NameTable); nsMgr.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsMgr.AddNamespace("saml", Saml2Constants.NamespaceSamlAssertion); nsMgr.AddNamespace("samlp", Saml2Constants.NamespaceSamlProtocol); var root = RequireRootElement(xml); XmlNode issuerNode = root.SelectSingleNode("saml:Issuer", nsMgr); if (issuerNode != null) { root.InsertAfter(xmlSignature, issuerNode); } else { // Insert as a child to the target reference id XmlNode targetNode = root.SelectSingleNode("//*[@ID='" + targetReferenceId + "']", nsMgr); targetNode.PrependChild(xmlSignature); } }
public static XmlDocument SignXml(string XMLtext, string SubjectName, string privateKey) { if (null == XMLtext) { throw new ArgumentNullException("XMLtext"); } if (null == SubjectName) { throw new ArgumentNullException("SubjectName"); } // Load the certificate from the certificate store. X509Certificate2 cert = new X509Certificate2(StringToByteArray(SubjectName)); // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.LoadXml(XMLtext); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); RSA rsa = new RSACng(); rsa.ImportRSAPrivateKey(Convert.FromBase64String(privateKey), out _); // Add the key to the SignedXml document. signedXml.SigningKey = rsa; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a new KeyInfo object. KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. return(doc); }
// Sign an XML file.This document cannot be verified unless the verifying code has the key with which it was signed. public static void SignXml(XmlDocument doc, RSA key) { // Create a SignedXml object SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document signedXml.KeyInfo = new KeyInfo(); signedXml.KeyInfo.AddClause(new RSAKeyValue(key)); signedXml.SigningKey = key; // Create a reference to be signed Reference reference = new Reference(""); // reference.Uri = ""; // Add an enveloped transformation to the reference XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Set the KeyInfo to the SignedXml object // KeyInfo ki = new KeyInfo(); // ki.AddClause(new RSAKeyValue(key)); // signedXml.SigningKey = key; // signedXml.KeyInfo = ki; // Add the reference to the SignedXml object signedXml.AddReference(reference); // Compute the signature signedXml.ComputeSignature(); // Get the XML representation of the signature and save it to an XmlElement object. // XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document // doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); doc.DocumentElement.PrependChild(signedXml.GetXml()); }
// <Snippet2> // Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, string SubjectName) { if (null == FileName) { throw new ArgumentNullException("FileName"); } if (null == SignedFileName) { throw new ArgumentNullException("SignedFileName"); } if (null == SubjectName) { throw new ArgumentNullException("SubjectName"); } // Load the certificate from the certificate store. X509Certificate2 cert = GetCertificateBySubject(SubjectName); // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = cert.PrivateKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a new KeyInfo object. KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. using (XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false))) { doc.WriteTo(xmltw); xmltw.Close(); } }
// Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key, string XSLString) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Create an XmlDsigXPathTransform object using // the helper method 'CreateXPathTransform' defined // later in this sample. XmlDsigXsltTransform XsltTransform = CreateXsltTransform(XSLString); // Add the transform to the reference. reference.AddTransform(XsltTransform); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)Key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
/// <summary> /// Message signing /// </summary> public virtual byte[] Sign( ISignableMessage message, X509Configuration x509Configuration) { if (message == null) { throw new ArgumentNullException("message"); } if (x509Configuration == null || x509Configuration.SignatureCertificate == null ) { throw new ArgumentNullException("certificate"); } // first, serialize to XML var messageBody = this.messageSerializer.Serialize(message, new MessageSerializationParameters() { ShouldBase64Encode = false, ShouldDeflate = false }); var xml = new XmlDocument(); xml.LoadXml(messageBody); // sign the node with the id var reference = new Reference("#" + message.ID); var envelope = new XmlDsigEnvelopedSignatureTransform(true); reference.AddTransform(envelope); // canonicalization var c14 = new XmlDsigExcC14NTransform(); c14.Algorithm = SignedXml.XmlDsigExcC14NTransformUrl; reference.AddTransform(c14); // some more spells depending on SHA1 vs SHA256 var signed = new SignedXml(xml); signed.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; switch (x509Configuration.SignatureAlgorithm) { case SignatureAlgorithm.SHA1: signed.SigningKey = x509Configuration.SignatureCertificate.PrivateKey; signed.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url; reference.DigestMethod = SignedXml.XmlDsigSHA1Url; break; case SignatureAlgorithm.SHA256: signed.SigningKey = x509Configuration.SignatureCertificate.ToSha256PrivateKey(); signed.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url; reference.DigestMethod = SignedXml.XmlDsigSHA256Url; break; } if (x509Configuration.IncludeKeyInfo) { var key = new System.Security.Cryptography.Xml.KeyInfo(); var keyData = new KeyInfoX509Data(x509Configuration.SignatureCertificate); key.AddClause(keyData); signed.KeyInfo = key; } // show the reference signed.AddReference(reference); // create the signature signed.ComputeSignature(); var signature = signed.GetXml(); // insert the signature into the document var element = xml.DocumentElement.ChildNodes[0]; xml.DocumentElement.InsertAfter(xml.ImportNode(signature, true), element); // log new LoggerFactory().For(this).Debug(Event.SignedMessage, xml.OuterXml); // convert return(this.encoding.GetBytes(xml.OuterXml)); }