//throws XMLSecurityException /** * This will sign the XRD using the provided Private Key. The * signature will be kept in DOM. DOM will be created if it doesn't exist * already. * @param oKey - The private key to sign the descriptor with. * @throws XMLSecurityException */ public void sign(PrivateKey oKey) { // build up the DOM (stored in moElem for future use) getDOM(); // before signing, make sure that the document is properly normalized // this is separate from the XMLDSig canonicalization and is more for attributes, namespaces, etc. moElem.OwnerDocument.Normalize(); XmlElement oAssertionElem = DOMUtils.getFirstChildElement( moElem, Tags.NS_SAML, Tags.TAG_ASSERTION); if (oAssertionElem == null) { throw new XMLSecurityException( "Cannot create signature. No SAML Assertion attached to descriptor."); } XmlElement oSubjectElem = DOMUtils.getFirstChildElement( oAssertionElem, Tags.NS_SAML, Tags.TAG_SUBJECT); if (oSubjectElem == null) { throw new XMLSecurityException( "Cannot create signature. SAML Assertion has no subject."); } // make sure the id attribute is present string sID = moElem.getAttributeNS(Tags.NS_XML, Tags.ATTR_ID_LOW); if ((sID == null) || (sID.Equals(""))) { throw new XMLSecurityException( "Cannot create signature. ID is missing for " + moElem.LocalName); } // Set the DOM so that it can be signed DOM3Utils.bestEffortSetIDAttr(moElem, Tags.NS_XML, Tags.ATTR_ID_LOW); // Build the empty signature. XmlDocument oDoc = moElem.getOwnerDocument(); XMLSignature oSig = new XMLSignature( oDoc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); // add all the transforms to the signature string[] oTransforms = new string[] { Transforms.TRANSFORM_ENVELOPED_SIGNATURE, Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS }; Transforms oTrans = new Transforms(oSig.getDocument()); for (int i = 0; i < oTransforms.Length; i++) { oTrans.addTransform(oTransforms[i]); } oSig.addDocument("#" + sID, oTrans); // now finally sign the thing oSig.sign(oKey); // now sub in this element XmlElement oSigElem = oSig.getElement(); // insert the signature in the right place oAssertionElem.InsertBefore(oSigElem, oSubjectElem); }