static bool ValidateSignature(TElXMLDOMElement element) // this should be in separate unit test project
{
using (var X509KeyData = new TElXMLKeyInfoX509Data(true))
{
using (var stream = new FileStream(HostingEnvironment.MapPath("~/App_Data/hrinyorg-prod-public.cer"), FileMode.Open, FileAccess.Read))
LoadCertificate(stream, "", X509KeyData);
using (var verifier = new TElXMLVerifier())
{
verifier.KeyData = X509KeyData;
verifier.Load(element);
return(verifier.ValidateSignature());
}
}
}
public Stream Sign(Stream inputStream, Encoding encoding, string signatureXPath, IDictionary<string, string> signatureXPathNamespaces)
{
using (MemoryStream mInputStream = new MemoryStream())
{
inputStream.CopyTo(mInputStream);
mInputStream.Position = 0;
//Load xml in TElXMLDOMDocument
using (TElXMLDOMDocument xmlDocument = new TElXMLDOMDocument())
{
xmlDocument.LoadFromStream(mInputStream, encoding.HeaderName, true);
using (TElXMLKeyInfoX509Data x509KeyData = new TElXMLKeyInfoX509Data(false))
using (TElWinCertStorage winCertStorage = new TElWinCertStorage())
using (TElX509Certificate x509Certificate = GetX509Certificate(winCertStorage))
{
if (x509Certificate == null)
{
throw new Exception("Certificate not found.");
}
x509KeyData.IncludeKeyValue = true;
x509KeyData.Certificate = x509Certificate;
using (TElXMLSigner xmlSigner = GetXmlSigner(x509KeyData, GetXmlReference(xmlDocument)))
{
//Save signature value to definedxml node
TElXMLNamespaceMap map = new TElXMLNamespaceMap();
foreach (var ns in signatureXPathNamespaces)
{
map.AddNamespace(ns.Key, ns.Value);
}
TElXMLDOMNode signatureNode = xmlDocument.SelectNodes(signatureXPath, map)[0];
xmlSigner.Save(ref signatureNode);
MemoryStream outputStream = new MemoryStream();
xmlDocument.SaveToStream(outputStream, SBXMLDefs.Unit.xcmNone, encoding.HeaderName);
return outputStream;
}
}
}
}
}
private static void LoadCertificate(FileStream F, string Password, TElXMLKeyInfoX509Data X509KeyData)
{
int CertFormat;
X509KeyData.Certificate = new TElX509Certificate();
try
{
CertFormat = TElX509Certificate.DetectCertFileFormat(F);
F.Position = 0;
switch (CertFormat)
{
case SBX509.Unit.cfDER:
{
X509KeyData.Certificate.LoadFromStream(F, 0);
break;
}
case SBX509.Unit.cfPEM:
{
X509KeyData.Certificate.LoadFromStreamPEM(F, Password, 0);
break;
}
case SBX509.Unit.cfPFX:
{
X509KeyData.Certificate.LoadFromStreamPFX(F, Password, 0);
break;
}
default:
{
X509KeyData.Certificate.Dispose();
X509KeyData.Certificate = null;
break;
}
}
}
catch
{
X509KeyData.Certificate.Dispose();
X509KeyData.Certificate = null;
}
}
public void SignInPlace(Stream inputStream)
{
TElOfficeDocument officeDocument = new TElOfficeDocument();
officeDocument.Open(inputStream, false);
using (TElWinCertStorage winCertStorage = new TElWinCertStorage())
{
using (TElXMLKeyInfoX509Data x509KeyData = new TElXMLKeyInfoX509Data(false))
{
TElX509Certificate x509Certificate = GetX509Certificate(winCertStorage);
if (x509Certificate == null)
{
throw new Exception("Certificate not found.");
}
x509KeyData.IncludeKeyValue = true;
x509KeyData.Certificate = x509Certificate;
if (officeDocument.OpenXMLDocument != null)
{
TElOfficeOpenXMLSignatureHandler openXMLSigHandler = new TElOfficeOpenXMLSignatureHandler();
officeDocument.AddSignature(openXMLSigHandler, true);
openXMLSigHandler.AddDocument();
openXMLSigHandler.Sign(x509Certificate);
officeDocument.Flush();
}
else if (officeDocument.BinaryDocument != null)
{
TElOfficeBinaryCryptoAPISignatureHandler BinCryptoAPISigHandler = new TElOfficeBinaryCryptoAPISignatureHandler();
officeDocument.AddSignature(BinCryptoAPISigHandler, true);
BinCryptoAPISigHandler.ExpireTime = DateTime.UtcNow.AddYears(100);
BinCryptoAPISigHandler.Sign(x509Certificate);
officeDocument.Flush();
}
else
{
throw new FormatException();
}
}
}
}
private TElXMLSigner GetXmlSigner(TElXMLKeyInfoX509Data x509KeyData, TElXMLReference xmlReference)
{
//Init TElXMLSigner object
TElXMLSigner xmlSigner = new TElXMLSigner();
xmlSigner.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
xmlSigner.SignatureType = SBXMLSec.Unit.xstEnveloped;
xmlSigner.SignatureMethodType = SBXMLSec.Unit.xmtSig;
xmlSigner.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
xmlSigner.IncludeKey = true;
xmlSigner.KeyData = x509KeyData;
xmlSigner.References = new TElXMLReferenceList();
xmlSigner.References.Add(xmlReference);
//Sign xmlReference
xmlSigner.UpdateReferencesDigest();
xmlSigner.GenerateSignature();
xmlSigner.Signature.SignaturePrefix = String.Empty;
xmlSigner.Signature.ID = Guid.NewGuid().ToString();
return xmlSigner;
}
public async Task <object> SignXMLAsync(string accessToken, string base_URL, InputSignatureAdvanced inputSignatureAdvanced)
{
SBUtils.Unit.SetLicenseKey("03D250F599AFD170E8A7410AFE3EAAC635E687187762F9936518B7FA6AEDDB215DF3177560DD647433BEE43711D31EC2B6818C0797C464E7F077467EABB466DE8F21CE77A054C9D3B04B0BA859B4BE8E8B7FCD50D07E2A4CD96240FA1468D8F03CBDE4EB1D2070A4294D2426881EEFBDFFAA7A76747B30A2E0564CA06CD673089318BFBA530E88A26F6FF76E46FE2A5A65C0FBAACB09F9804BC287412E49EE832058643D8A59B8398C7637C3EDE91660E6B696F32AD416F606DB215A2FFF214B5DF58DE27687362740B591D7F3D2D33CE6A3D1601521408511476FA81D374CA32D0443BD710D4D732A8C398A953047EEAB4A62237813DA11FC5E0EBFF1E69A9D");
pin = inputSignatureAdvanced.PIN; otp = inputSignatureAdvanced.OTP; credentialsID = inputSignatureAdvanced.credentialsID; access_token = accessToken; baseURL = base_URL; hashAlgo = inputSignatureAdvanced.hashAlgo; signAlgo = inputSignatureAdvanced.signAlgo;
OutputError error = new OutputError()
{
error = "error_pades_signature",
error_description = "error"
};
TElXMLDOMDocument document = new TElXMLDOMDocument();
TElXMLDOMDocument signedDocument = new TElXMLDOMDocument();
try
{
var filePath = Path.GetTempFileName();
if (inputSignatureAdvanced.documentStream.Length > 0)
{
using (Stream stream = new FileStream(filePath, FileMode.Create))
{
Stream memoryStream = new MemoryStream(inputSignatureAdvanced.documentStream);
await memoryStream.CopyToAsync(stream);
stream.Position = 0;
document.LoadFromStream(stream, "ISO-8859-1", true);
TElXMLSigner Signer = new TElXMLSigner(null);
TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
TElXMLReference Ref = new TElXMLReference();
Ref.URI = "";
Ref.URINode = document.DocumentElement;
Ref.TransformChain.AddEnvelopedSignatureTransform();
if (hashAlgo == "2.16.840.1.101.3.4.2.1")
{
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA256;
}
else
{
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
}
Signer.References.Add(Ref);
TElX509Certificate Cert = LoadCertificate(credentialsID, accessToken);
X509Data.Certificate = Cert;
Signer.KeyData = X509Data;
Signer.UpdateReferencesDigest();
Signer.OnRemoteSign += new TSBXMLRemoteSignEvent(XAdESHandler_OnRemoteSign);
Signer.GenerateSignature();
TElXMLDOMNode node = document.ChildNodes.get_Item(0);
Signer.SaveEnveloped(document.DocumentElement);
var signedMemory = new MemoryStream();
document.SaveToStream(signedMemory);
OutputAdvancedSignature output = new OutputAdvancedSignature()
{
signedDocument = signedMemory.GetBuffer()
};
Signer.Dispose();
X509Data.Dispose();
return(output);
}
catch (Exception ex)
{
return(error);
}
}
}
else
{
return(error);
}
}
catch (Exception ex)
{
return(error);
}
}
private static void SignElement(string absoluteCertFilePath, string password, object element)
{
TElXMLSigner Signer;
TElXAdESSigner XAdESSigner = null;
TElXMLKeyInfoRSAData RSAKeyData = null;
TElXMLKeyInfoX509Data X509KeyData = null;
TElXMLKeyInfoPGPData PGPKeyData = null;
FileStream F;
TElXMLDOMNode SigNode;
TElXMLReferenceList Refs = new TElXMLReferenceList();
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
if ((TElXMLDOMNode)element is TElXMLDOMDocument)
{
Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
Ref.URI = "";
}
else
if ((TElXMLDOMNode)element is TElXMLDOMElement)
{
Ref.URINode = (TElXMLDOMNode)element;
TElXMLDOMElement El = (TElXMLDOMElement)element;
if (El.GetAttribute("ID") != "")
{
Ref.URI = "#" + El.GetAttribute("ID");
}
else
if (El.ParentNode is TElXMLDOMDocument)
{
Ref.URI = "";
}
else
{
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
}
else
{
Ref.URINode = (TElXMLDOMNode)element;
Ref.URI = ((TElXMLDOMNode)element).LocalName;
}
Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
Ref.TransformChain.Add(new TElXMLC14NTransform());
Refs.Add(Ref);
Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5;
Signer.References = Refs;
Signer.KeyName = String.Empty;
Signer.IncludeKey = false;
Signer.OnFormatElement += FormatElement;
Signer.OnFormatText += FormatText;
if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
{
TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = password;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);
try
{
// trying to load file as RSA key material
RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
}
catch { }
if (!RSAKeyData.RSAKeyMaterial.SecretKey)
{
// trying to load file as Certificate
F.Position = 0;
LoadCertificate(F, password, X509KeyData);
}
if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
(X509KeyData.Certificate == null))
{
// trying to load file as PGP key
F.Position = 0;
PGPKeyData.SecretKey = new TElPGPSecretKey();
PGPKeyData.SecretKey.Passphrase = password;
try
{
((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
}
catch
{
PGPKeyData.SecretKey = null;
}
}
F.Close();
if (RSAKeyData.RSAKeyMaterial.SecretKey)
{
Signer.KeyData = RSAKeyData;
}
else if (X509KeyData.Certificate != null)
{
if (!X509KeyData.Certificate.PrivateKeyExists)
{
throw new Exception("The selected certificate doesn''t contain a private key");
}
Signer.KeyData = X509KeyData;
}
else if (PGPKeyData.SecretKey != null)
{
Signer.KeyData = PGPKeyData;
}
Signer.UpdateReferencesDigest();
Signer.GenerateSignature();
SigNode = (TElXMLDOMNode)element;
if (SigNode is TElXMLDOMDocument)
{
SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;
}
try
{
// If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
// If the signature type is enveloped, the signature is placed as a child of the passed node.
Signer.Save(ref SigNode);
}
catch (Exception E)
{
throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
}
}
finally
{
Signer.Dispose();
if (XAdESSigner != null)
{
XAdESSigner.Dispose();
}
if (X509KeyData != null)
{
X509KeyData.Dispose();
}
if (PGPKeyData != null)
{
PGPKeyData.Dispose();
}
}
}
private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
{
//var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);
TElXMLEncryptor Encryptor;
TElXMLKeyInfoSymmetricData SymKeyData;
TElXMLKeyInfoRSAData RSAKeyData;
TElXMLKeyInfoX509Data X509KeyData;
TElXMLKeyInfoPGPData PGPKeyData;
FileStream F;
TElXMLDOMNode EncNode;
Encryptor = new TElXMLEncryptor
{
EncryptKey = true,
EncryptionMethod = 1,
KeyName = String.Empty,
EncryptedDataType = 0,
KeyEncryptionType = 0,
KeyTransportMethod = 1,
KeyWrapMethod = 0
};
SymKeyData = new TElXMLKeyInfoSymmetricData(true);
// generate random Key & IV
SymKeyData.Key.Generate(32 * 8);
SymKeyData.Key.GenerateIV(16 * 8);
Encryptor.KeyData = SymKeyData;
// xetKeyTransport
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
F = new FileStream(certificate, FileMode.Open, FileAccess.Read);
PGPKeyData.PublicKey = new TElPGPPublicKey();
try
{
((TElPGPPublicKey)PGPKeyData.PublicKey).LoadFromStream(F);
}
catch
{
PGPKeyData.PublicKey.Dispose();
PGPKeyData.PublicKey = null;
}
F.Close();
Encryptor.KeyEncryptionKeyData = PGPKeyData;
//Encrypt Node
Encryptor.Encrypt(nodeToEnrypt);
// Save document
EncNode = Encryptor.Save(FXMLDocument);
//Replacing selected node with encrypted node
var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");
var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");
nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
encryptedAssertion.Attributes.Add(nsAttr);
encryptedAssertion.AppendChild(EncNode);
nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);
Encryptor.Dispose();
if (X509KeyData != null)
{
X509KeyData.Dispose();
}
if (PGPKeyData != null)
{
PGPKeyData.Dispose();
}
}
// this should be in separate unit test project
static bool ValidateSignature(TElXMLDOMElement element)
{
using (var X509KeyData = new TElXMLKeyInfoX509Data(true))
{
using (var stream = new FileStream(HostingEnvironment.MapPath("~/App_Data/hrinyorg-prod-public.cer"), FileMode.Open, FileAccess.Read))
LoadCertificate(stream, "", X509KeyData);
using (var verifier = new TElXMLVerifier())
{
verifier.KeyData = X509KeyData;
verifier.Load(element);
return verifier.ValidateSignature();
}
}
}
private static void SignElement(string absoluteCertFilePath, string password, object element)
{
TElXMLSigner Signer;
TElXAdESSigner XAdESSigner = null;
TElXMLKeyInfoRSAData RSAKeyData = null;
TElXMLKeyInfoX509Data X509KeyData = null;
TElXMLKeyInfoPGPData PGPKeyData = null;
FileStream F;
TElXMLDOMNode SigNode;
TElXMLReferenceList Refs = new TElXMLReferenceList();
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
if ((TElXMLDOMNode)element is TElXMLDOMDocument)
{
Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
Ref.URI = "";
}
else
if ((TElXMLDOMNode)element is TElXMLDOMElement)
{
Ref.URINode = (TElXMLDOMNode)element;
TElXMLDOMElement El = (TElXMLDOMElement)element;
if (El.GetAttribute("ID") != "")
Ref.URI = "#" + El.GetAttribute("ID");
else
if (El.ParentNode is TElXMLDOMDocument)
Ref.URI = "";
else
{
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
}
else
{
Ref.URINode = (TElXMLDOMNode)element;
Ref.URI = ((TElXMLDOMNode)element).LocalName;
}
Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
Ref.TransformChain.Add(new TElXMLC14NTransform());
Refs.Add(Ref);
Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5;
Signer.References = Refs;
Signer.KeyName = String.Empty;
Signer.IncludeKey = false;
Signer.OnFormatElement += FormatElement;
Signer.OnFormatText += FormatText;
if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
{
TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
Ref.URI = "#" + El.GetAttribute("Id");
}
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = password;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);
try
{
// trying to load file as RSA key material
RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
}
catch { }
if (!RSAKeyData.RSAKeyMaterial.SecretKey)
{
// trying to load file as Certificate
F.Position = 0;
LoadCertificate(F, password, X509KeyData);
}
if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
(X509KeyData.Certificate == null))
{
// trying to load file as PGP key
F.Position = 0;
PGPKeyData.SecretKey = new TElPGPSecretKey();
PGPKeyData.SecretKey.Passphrase = password;
try
{
((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
}
catch
{
PGPKeyData.SecretKey = null;
}
}
F.Close();
if (RSAKeyData.RSAKeyMaterial.SecretKey)
Signer.KeyData = RSAKeyData;
else if (X509KeyData.Certificate != null)
{
if (!X509KeyData.Certificate.PrivateKeyExists)
{
throw new Exception("The selected certificate doesn''t contain a private key");
}
Signer.KeyData = X509KeyData;
}
else if (PGPKeyData.SecretKey != null)
{
Signer.KeyData = PGPKeyData;
}
Signer.UpdateReferencesDigest();
Signer.GenerateSignature();
SigNode = (TElXMLDOMNode)element;
if (SigNode is TElXMLDOMDocument)
SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;
try
{
// If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
// If the signature type is enveloped, the signature is placed as a child of the passed node.
Signer.Save(ref SigNode);
}
catch (Exception E)
{
throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
}
}
finally
{
Signer.Dispose();
if (XAdESSigner != null)
XAdESSigner.Dispose();
if (X509KeyData != null)
X509KeyData.Dispose();
if (PGPKeyData != null)
PGPKeyData.Dispose();
}
}
private static void LoadCertificate(FileStream F, string Password, TElXMLKeyInfoX509Data X509KeyData)
{
int CertFormat;
X509KeyData.Certificate = new TElX509Certificate();
try
{
CertFormat = TElX509Certificate.DetectCertFileFormat(F);
F.Position = 0;
switch (CertFormat)
{
case SBX509.Unit.cfDER:
{
X509KeyData.Certificate.LoadFromStream(F, 0);
break;
}
case SBX509.Unit.cfPEM:
{
X509KeyData.Certificate.LoadFromStreamPEM(F, Password, 0);
break;
}
case SBX509.Unit.cfPFX:
{
X509KeyData.Certificate.LoadFromStreamPFX(F, Password, 0);
break;
}
default:
{
X509KeyData.Certificate.Dispose();
X509KeyData.Certificate = null;
break;
}
}
}
catch
{
X509KeyData.Certificate.Dispose();
X509KeyData.Certificate = null;
}
}
private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
{
//var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);
TElXMLEncryptor Encryptor;
TElXMLKeyInfoSymmetricData SymKeyData;
TElXMLKeyInfoRSAData RSAKeyData;
TElXMLKeyInfoX509Data X509KeyData;
TElXMLKeyInfoPGPData PGPKeyData;
FileStream F;
TElXMLDOMNode EncNode;
Encryptor = new TElXMLEncryptor
{
EncryptKey = true,
EncryptionMethod = 1,
KeyName = String.Empty,
EncryptedDataType = 0,
KeyEncryptionType = 0,
KeyTransportMethod = 1,
KeyWrapMethod = 0
};
SymKeyData = new TElXMLKeyInfoSymmetricData(true);
// generate random Key & IV
SymKeyData.Key.Generate(32 * 8);
SymKeyData.Key.GenerateIV(16 * 8);
Encryptor.KeyData = SymKeyData;
// xetKeyTransport
RSAKeyData = new TElXMLKeyInfoRSAData(true);
RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
X509KeyData = new TElXMLKeyInfoX509Data(true);
PGPKeyData = new TElXMLKeyInfoPGPData(true);
certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
F = new FileStream(certificate, FileMode.Open, FileAccess.Read);
PGPKeyData.PublicKey = new TElPGPPublicKey();
try
{
((TElPGPPublicKey) PGPKeyData.PublicKey).LoadFromStream(F);
}
catch
{
PGPKeyData.PublicKey.Dispose();
PGPKeyData.PublicKey = null;
}
F.Close();
Encryptor.KeyEncryptionKeyData = PGPKeyData;
//Encrypt Node
Encryptor.Encrypt(nodeToEnrypt);
// Save document
EncNode = Encryptor.Save(FXMLDocument);
//Replacing selected node with encrypted node
var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");
var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");
nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
encryptedAssertion.Attributes.Add(nsAttr);
encryptedAssertion.AppendChild(EncNode);
nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);
Encryptor.Dispose();
if (X509KeyData != null)
X509KeyData.Dispose();
if (PGPKeyData != null)
PGPKeyData.Dispose();
}
public MemoryStream SignXML(Stream stream, string accessToken, string OTP, string PIN, string credentialID, string base_URL, string hash_algo, string sign_algo)
{
var memory = new MemoryStream();
try
{
SBUtils.Unit.SetLicenseKey("03D250F599AFD170E8A7410AFE3EAAC635E687187762F9936518B7FA6AEDDB215DF3177560DD647433BEE43711D31EC2B6818C0797C464E7F077467EABB466DE8F21CE77A054C9D3B04B0BA859B4BE8E8B7FCD50D07E2A4CD96240FA1468D8F03CBDE4EB1D2070A4294D2426881EEFBDFFAA7A76747B30A2E0564CA06CD673089318BFBA530E88A26F6FF76E46FE2A5A65C0FBAACB09F9804BC287412E49EE832058643D8A59B8398C7637C3EDE91660E6B696F32AD416F606DB215A2FFF214B5DF58DE27687362740B591D7F3D2D33CE6A3D1601521408511476FA81D374CA32D0443BD710D4D732A8C398A953047EEAB4A62237813DA11FC5E0EBFF1E69A9D");
pin = PIN; otp = OTP; credentialsID = credentialID; access_token = accessToken; baseURL = base_URL; hashAlgo = hash_algo; signAlgo = sign_algo;
TElXMLDOMDocument document = new TElXMLDOMDocument();
TElXMLDOMDocument signedDocument = new TElXMLDOMDocument();
stream.Position = 0;
document.LoadFromStream(stream, "ISO-8859-1", true);
TElXMLSigner Signer = new TElXMLSigner(null);
TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
TElXMLReference Ref = new TElXMLReference();
Ref.URI = "";
Ref.URINode = document.DocumentElement;
Ref.TransformChain.AddEnvelopedSignatureTransform();
if (hashAlgo == "2.16.840.1.101.3.4.2.1")
{
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA256;
}
else
{
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
}
Signer.References.Add(Ref);
TElX509Certificate Cert = LoadCertificate(credentialsID, access_token);
X509Data.Certificate = Cert;
Signer.KeyData = X509Data;
Signer.UpdateReferencesDigest();
Signer.OnRemoteSign += new TSBXMLRemoteSignEvent(XAdESHandler_OnRemoteSign);
Signer.GenerateSignature();
TElXMLDOMNode node = document.ChildNodes.get_Item(0);
Signer.SaveEnveloped(document.DocumentElement);
// Signer.SaveEnveloping(node);
// Signer.SaveDetached(); - semnatura se salveaza separat
document.SaveToStream(memory);
return(memory);
}
finally
{
Signer.Dispose();
X509Data.Dispose();
}
}
catch (Exception ex) { return(memory); }
}
