public static XmlElement SignWithXAdES(X509Certificate2 signingCertificate, XmlDocument xmlDocument) { var signedXml = new XadesSignedXml(xmlDocument); signedXml.Signature.Id = SignatureId; signedXml.SigningKey = signingCertificate.PrivateKey; var signatureReference = new Reference { Uri = "", }; signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(signatureReference); var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(signingCertificate)); signedXml.KeyInfo = keyInfo; AddXAdESProperties(xmlDocument, signedXml, signingCertificate); signedXml.ComputeSignature(); return(signedXml.GetXml()); }
private void ComputeSignature() { try { _xadesSignedXml.ComputeSignature(); _xadesSignedXml.SignatureValueId = _signatureValueId; } catch (Exception exception) { throw new Exception("Ha ocurrido durante el proceso de firmado: " + exception.Message); } }
public void Run() { /* * 1. Получаем сертификат от клиента * 2. Формируем объект xades из сертификата от клиента * 3. Подписываем исходное сообщение * 4. Вычисляем хеш от SignedInfo и отправляем его для подписи клиенту * 5. Изменяем подписанное сообщение - подменяем подпись */ var originalDoc = new XmlDocument() { PreserveWhitespace = true }; originalDoc.LoadXml(_xmlStr); // 1. Получаем сертификат от клиента XadesInfo xadesInfo = GetClientXadesInfo(); // 2. Формируем объект xades из сертификата от клиента XadesSignedXml xadesSignedXml = GetXadesSignedXml(xadesInfo, originalDoc); // 3. Подписываем исходное сообщение серверным сертификатом xadesSignedXml.ComputeSignature(); // 4. Вычисляем хеш от SignedInfo и отправляем его для подписи клиенту HashAlgorithm hash; xadesSignedXml.GetSignedInfoHash(out hash); var signature = _client.GetSignedHash(Convert.ToBase64String(hash.Hash)); // 5. Изменяем подписанное сообщение - подменяем подпись xadesSignedXml.Signature.SignatureValue = Convert.FromBase64String(signature); GisSignatureHelper.InjectSignatureToOriginalDoc(xadesSignedXml, originalDoc); Console.WriteLine("Получившееся сообщение:"); Console.WriteLine(originalDoc.OuterXml); Assert.IsFalse(originalDoc.OuterXml.Contains("unstructuredName")); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="sigDocument"></param> /// <param name="parameters"></param> public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("Es necesario un certificado válido para la firma."); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument counterSigDocument = new SignatureDocument(); counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone(); counterSigDocument.Document.PreserveWhitespace = true; XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document); SetSignatureId(counterSignature); counterSignature.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference(); _refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId; _refContent.Id = "Reference-" + Guid.NewGuid().ToString(); _refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature"; _refContent.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(_refContent); _dataFormat = new DataObjectFormat(); _dataFormat.MimeType = "text/xml"; _dataFormat.Encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + counterSignature.Signature.Id; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference(); referenceKeyInfo.Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id; referenceKeyInfo.Uri = "#KeyInfoId-" + counterSignature.Signature.Id; counterSignature.AddReference(referenceKeyInfo); XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString(); counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id; AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = parameters.DigestMethod.URI; } counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = sigDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); sigDocument.XadesSignature.UnsignedProperties = unsignedProperties; UpdateXadesSignature(sigDocument); counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone(); counterSigDocument.Document.PreserveWhitespace = true; XmlElement signatureElement = (XmlElement)sigDocument.Document.SelectSingleNode("//*[@Id='" + counterSignature.Signature.Id + "']"); counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document); counterSigDocument.XadesSignature.LoadXml(signatureElement); return(counterSigDocument); }
public static string Sign(string xml, X509Certificate2 x509) { // Wczytaj. XmlDocument doc = new XmlDocument { PreserveWhitespace = true }; doc.LoadXml(xml); // SignedXml object XadesSignedXml signedXml = new XadesSignedXml(doc); signedXml.Signature.Id = "ID-1234"; signedXml.SigningKey = x509.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url; // dodaj referencję na dokument Reference reference = new Reference("#Dokument"); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(reference); // dodaj KeyInfo KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(x509)); // ??? WholeChain ??? signedXml.KeyInfo = keyInfo; // XadesObject xo = new XadesObject(); { Cert cert = new Cert(); cert.IssuerSerial.X509IssuerName = x509.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = x509.SerialNumber; { SHA1 cryptoServiceProvider = new SHA1CryptoServiceProvider(); cert.CertDigest.DigestValue = cryptoServiceProvider.ComputeHash(x509.RawData); cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; } xo.QualifyingProperties.Target = "#" + signedXml.Signature.Id; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Now; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningCertificate.CertCollection.Add(cert); DataObjectFormat dof = new DataObjectFormat { ObjectReferenceAttribute = "#Dokument", Description = "Dokument w formacie xml [XML]", Encoding = SignedXml.XmlDsigBase64TransformUrl, // ...xmldsig/#base64 MimeType = "text/plain" }; xo.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Add(dof); } signedXml.AddXadesObject(xo); //// W dokumentacji 2.9.9.a, Id dla <ds:Object> ma mieć wartość "Dokument", ale nie ma tego w przykładach var data = new DataObject("Dokument", "text/xml", "", doc.DocumentElement); signedXml.AddObject(data); // Podpisz signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); return(xmlDigitalSignature.OuterXml); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="certificate"></param> /// <param name="signMethod"></param> public void CounterSign(X509Certificate2 certificate, SignMethod?signMethod = null) { SetSignatureId(); if (_xadesSignedXml == null) { throw new Exception("No hay ninguna firma XADES cargada previamente."); } if (certificate == null) { throw new Exception("Es necesario un certificado válido para la firma."); } if (signMethod.HasValue) { this.SignMethod = signMethod.Value; } _signCertificate = certificate; XadesSignedXml counterSignature = new XadesSignedXml(_document); SetCryptoServiceProvider(); counterSignature.SigningKey = _rsaKey; Reference reference = new Reference(); reference.Uri = "#" + _xadesSignedXml.SignatureValueId; reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Type = "http://uri.etsi.org/01903#CountersignedSignature"; reference.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(reference); _objectReference = reference.Id; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + _signatureId; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)_signCertificate)); keyInfo.AddClause(new RSAKeyValue((RSA)_rsaKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference(); referenceKeyInfo.Id = "ReferenceKeyInfo-" + _signatureId; referenceKeyInfo.Uri = "#KeyInfoId-" + _signatureId; counterSignature.AddReference(referenceKeyInfo); counterSignature.Signature.Id = _signatureId; counterSignature.SignatureValueId = _signatureValueId; XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString(); counterSignatureXadesObject.QualifyingProperties.Target = "#" + _signatureId; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + _signatureId; AddSignatureProperties(counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, "text/xml", _signCertificate); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = _refsMethodUri; } counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = _xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); _xadesSignedXml.UnsignedProperties = unsignedProperties; UpdateDocument(); _xadesSignedXml = new XadesSignedXml(_document); XmlNode xmlNode = _document.SelectSingleNode("//*[@Id='" + _signatureId + "']"); _xadesSignedXml.LoadXml((XmlElement)xmlNode); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="sigDocument"></param> /// <param name="parameters"></param> public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("A valid certificate is required for the signature"); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument counterSigDocument = new SignatureDocument { Document = (XmlDocument)sigDocument.Document.Clone() }; counterSigDocument.Document.PreserveWhitespace = true; XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document); SetSignatureId(counterSignature); counterSignature.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference { Uri = "#" + sigDocument.XadesSignature.SignatureValueId, Id = "Reference-" + Guid.NewGuid().ToString(), Type = "http://uri.etsi.org/01903#CountersignedSignature" }; _refContent.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(_refContent); _mimeType = "text/xml"; _encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo { Id = "KeyInfoId-" + counterSignature.Signature.Id }; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference { Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id, Uri = "#KeyInfoId-" + counterSignature.Signature.Id }; counterSignature.AddReference(referenceKeyInfo); XadesObject counterSignatureXadesObject = new XadesObject { Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString() }; counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id; AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = parameters.DigestMethod.URI; } counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document); counterSigDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml()); UnsignedProperties unsignedProperties = counterSigDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); counterSigDocument.XadesSignature.UnsignedProperties = unsignedProperties; counterSigDocument.UpdateDocument(); return(counterSigDocument); }
public static void FirmarXadesEPES(XmlDocument xmlDoc, X509Certificate2 cert) { // Precondiciones. if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (cert == null) { throw new ArgumentException("Cert"); } // String keyInfoID = "keyinfoID"; String signedPropertiestypeID = "SignedPropertiestypeID"; String signatureID = "FacturaeSignatureID"; // Creo el objeto de la firma. XadesSignedXml signedXml = new XadesSignedXml(xmlDoc); // Añado la clave privada. signedXml.SigningKey = cert.PrivateKey; // Creo una referencia al documento, se pasa "" para decir que es todo el documento Reference reference = new Reference(); reference.Uri = ""; // Añado transformacion a enveloped a la referencia. reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); // Añado la referencia al objeto de la firma. signedXml.AddReference(reference); // Creo una referencia al keyInfo Reference keyInfoReference = new Reference(); keyInfoReference.Uri = "#" + keyInfoID; signedXml.AddReference(keyInfoReference); //referencia al SignedProperiestype Reference signedProperiestypeReference = new Reference(); signedProperiestypeReference.Uri = "#" + signedPropertiestypeID; signedProperiestypeReference.Type = "http://uri.etsi.org/01903#SignedProperties"; signedProperiestypeReference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(signedProperiestypeReference); // Añado la informacion del certificado KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = keyInfoID; keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; //info extra para xades-epes QualifyingPropertiesType qualifyingProperties = new QualifyingPropertiesType(); qualifyingProperties.Target = "#" + signatureID; qualifyingProperties.SignedProperties = new SignedPropertiesType(); qualifyingProperties.SignedProperties.Id = signedPropertiestypeID; qualifyingProperties.SignedProperties.SignedSignatureProperties = new SignedSignaturePropertiesType(); qualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Today; qualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier = new SignaturePolicyIdentifierType(); SignaturePolicyIdType signaturePolicyIdType = new SignaturePolicyIdType(); signaturePolicyIdType.SigPolicyId = new ObjectIdentifierType(); signaturePolicyIdType.SigPolicyId.Identifier = new IdentifierType(); signaturePolicyIdType.SigPolicyId.Identifier.Value = "http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf"; signaturePolicyIdType.SigPolicyId.Description = "facturae31"; signaturePolicyIdType.SigPolicyHash = new DigestAlgAndValueType(); signaturePolicyIdType.SigPolicyHash.DigestMethod = new DigestMethodType(); signaturePolicyIdType.SigPolicyHash.DigestMethod.Algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"; signaturePolicyIdType.SigPolicyHash.DigestValue = Convert.FromBase64String("Ohixl6upD6av8N7pEvDABhEL6hM="); qualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.Item = signaturePolicyIdType; signedXml.AddQualifyingPropertiesObject(qualifyingProperties); // Proceso la firma. signedXml.ComputeSignature(); // Obtengo la representación de la firma en Xml. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Añado el xml de la firma al documento original. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("Es necesario un certificado válido para la firma."); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument signatureDocument = new SignatureDocument(); signatureDocument.Document = (XmlDocument)sigDocument.Document.Clone(); signatureDocument.Document.PreserveWhitespace = true; XadesSignedXml xadesSignedXml = new XadesSignedXml(signatureDocument.Document); xadesSignedXml.Signature.Id = "xmldsig-" + Guid.NewGuid().ToString(); xadesSignedXml.SignatureValueId = sigDocument.XadesSignature.Signature.Id + "-sigvalue"; xadesSignedXml.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference(); _refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId; Reference refContent = _refContent; Guid guid = Guid.NewGuid(); refContent.Id = "Reference-" + guid.ToString(); _refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature"; _refContent.AddTransform(new XmlDsigC14NTransform()); xadesSignedXml.AddReference(_refContent); _mimeType = "text/xml"; _encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + xadesSignedXml.Signature.Id; keyInfo.AddClause(new KeyInfoX509Data(parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); xadesSignedXml.KeyInfo = keyInfo; Reference reference = new Reference(); reference.Id = "ReferenceKeyInfo-" + xadesSignedXml.Signature.Id; reference.Uri = "#KeyInfoId-" + xadesSignedXml.Signature.Id; xadesSignedXml.AddReference(reference); XadesObject xadesObject = new XadesObject(); XadesObject xadesObject2 = xadesObject; guid = Guid.NewGuid(); xadesObject2.Id = "CounterSignatureXadesObject-" + guid.ToString(); xadesObject.QualifyingProperties.Target = "#" + xadesSignedXml.Signature.Id; xadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + xadesSignedXml.Signature.Id; AddSignatureProperties(signatureDocument, xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, xadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, xadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); xadesSignedXml.AddXadesObject(xadesObject); foreach (Reference reference2 in xadesSignedXml.SignedInfo.References) { reference2.DigestMethod = parameters.DigestMethod.URI; } xadesSignedXml.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; xadesSignedXml.AddXadesNamespace = true; xadesSignedXml.ComputeSignature(); signatureDocument.XadesSignature = new XadesSignedXml(signatureDocument.Document); signatureDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml()); UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(xadesSignedXml); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); return(signatureDocument); }