/// <summary> /// Inserta un contenido XML para generar una firma enveloping. /// </summary> /// <param name="xmlDocument"></param> public void SetContentEveloping(XmlDocument xmlDocument) { Reference reference = new Reference(); _xadesSignedXml = new XadesSignedXml(); XmlDocument doc = (XmlDocument)xmlDocument.Clone(); doc.PreserveWhitespace = true; if (doc.ChildNodes[0].NodeType == XmlNodeType.XmlDeclaration) { doc.RemoveChild(doc.ChildNodes[0]); } //Add an object string dataObjectId = "DataObject-" + Guid.NewGuid().ToString(); System.Security.Cryptography.Xml.DataObject dataObject = new System.Security.Cryptography.Xml.DataObject(); dataObject.Data = doc.ChildNodes; dataObject.Id = dataObjectId; _xadesSignedXml.AddObject(dataObject); reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Uri = "#" + dataObjectId; reference.Type = SignedXml.XmlDsigNamespaceUrl + "Object"; XmlDsigC14NTransform transform = new XmlDsigC14NTransform(); reference.AddTransform(transform); _objectReference = reference.Id; _mimeType = "text/xml"; _xadesSignedXml.AddReference(reference); _document = null; }
public static string Sign(string xml, X509Certificate2 x509) { // Wczytaj. XmlDocument doc = new XmlDocument { PreserveWhitespace = true }; doc.LoadXml(xml); // SignedXml object XadesSignedXml signedXml = new XadesSignedXml(doc); signedXml.Signature.Id = "ID-1234"; signedXml.SigningKey = x509.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url; // dodaj referencję na dokument Reference reference = new Reference("#Dokument"); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(reference); // dodaj KeyInfo KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(x509)); // ??? WholeChain ??? signedXml.KeyInfo = keyInfo; // XadesObject xo = new XadesObject(); { Cert cert = new Cert(); cert.IssuerSerial.X509IssuerName = x509.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = x509.SerialNumber; { SHA1 cryptoServiceProvider = new SHA1CryptoServiceProvider(); cert.CertDigest.DigestValue = cryptoServiceProvider.ComputeHash(x509.RawData); cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; } xo.QualifyingProperties.Target = "#" + signedXml.Signature.Id; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Now; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningCertificate.CertCollection.Add(cert); DataObjectFormat dof = new DataObjectFormat { ObjectReferenceAttribute = "#Dokument", Description = "Dokument w formacie xml [XML]", Encoding = SignedXml.XmlDsigBase64TransformUrl, // ...xmldsig/#base64 MimeType = "text/plain" }; xo.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Add(dof); } signedXml.AddXadesObject(xo); //// W dokumentacji 2.9.9.a, Id dla <ds:Object> ma mieć wartość "Dokument", ale nie ma tego w przykładach var data = new DataObject("Dokument", "text/xml", "", doc.DocumentElement); signedXml.AddObject(data); // Podpisz signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); return(xmlDigitalSignature.OuterXml); }
private static void AddXAdESProperties(XmlDocument document, XadesSignedXml xadesSignedXml, X509Certificate2 signingCertificate) { var parametersSignature = new Reference { Uri = $"#{SignaturePropertiesId}", Type = XadesSignedXml.XmlDsigSignatureProperties, }; xadesSignedXml.AddReference(parametersSignature); // <Object> var objectNode = document.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl); // <Object><QualifyingProperties> var qualifyingPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "QualifyingProperties", XadesSignedXml.XadesNamespaceUrl); qualifyingPropertiesNode.SetAttribute("Target", $"#{SignatureId}"); objectNode.AppendChild(qualifyingPropertiesNode); // <Object><QualifyingProperties><SignedProperties> var signedPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedProperties", XadesSignedXml.XadesNamespaceUrl); signedPropertiesNode.SetAttribute("Id", SignaturePropertiesId); qualifyingPropertiesNode.AppendChild(signedPropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> var signedSignaturePropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedSignatureProperties", XadesSignedXml.XadesNamespaceUrl); signedPropertiesNode.AppendChild(signedSignaturePropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> </SigningTime> var signingTime = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningTime", XadesSignedXml.XadesNamespaceUrl); signingTime.InnerText = $"{DateTime.UtcNow.ToString("s")}Z"; signedSignaturePropertiesNode.AppendChild(signingTime); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate> var signingCertificateNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningCertificate", XadesSignedXml.XadesNamespaceUrl); signedSignaturePropertiesNode.AppendChild(signingCertificateNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert> var certNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Cert", XadesSignedXml.XadesNamespaceUrl); signingCertificateNode.AppendChild(certNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> var certDigestNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CertDigest", XadesSignedXml.XadesNamespaceUrl); certNode.AppendChild(certDigestNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod> var digestMethod = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl); var digestMethodAlgorithmAtribute = document.CreateAttribute("Algorithm"); digestMethodAlgorithmAtribute.InnerText = SignedXml.XmlDsigSHA1Url; digestMethod.Attributes.Append(digestMethodAlgorithmAtribute); certDigestNode.AppendChild(digestMethod); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod> var digestValue = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl); digestValue.InnerText = Convert.ToBase64String(signingCertificate.GetCertHash()); certDigestNode.AppendChild(digestValue); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> var issuerSerialNode = document.CreateElement(XadesSignedXml.XadesPrefix, "IssuerSerial", XadesSignedXml.XadesNamespaceUrl); certNode.AppendChild(issuerSerialNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509IssuerName> var x509IssuerName = document.CreateElement("X509IssuerName", SignedXml.XmlDsigNamespaceUrl); x509IssuerName.InnerText = signingCertificate.Issuer; issuerSerialNode.AppendChild(x509IssuerName); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509SerialNumber> var x509SerialNumber = document.CreateElement("X509SerialNumber", SignedXml.XmlDsigNamespaceUrl); x509SerialNumber.InnerText = ToDecimalString(signingCertificate.SerialNumber); issuerSerialNode.AppendChild(x509SerialNumber); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties> var signedDataObjectPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedDataObjectProperties", XadesSignedXml.XadesNamespaceUrl); signedPropertiesNode.AppendChild(signedDataObjectPropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication> var commitmentTypeIndicationNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeIndication", XadesSignedXml.XadesNamespaceUrl); signedDataObjectPropertiesNode.AppendChild(commitmentTypeIndicationNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId> var commitmentTypeIdNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeId", XadesSignedXml.XadesNamespaceUrl); commitmentTypeIndicationNode.AppendChild(commitmentTypeIdNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId><Identifier> var identifierNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Identifier", XadesSignedXml.XadesNamespaceUrl); identifierNode.InnerText = XadesSignedXml.XadesProofOfApproval; commitmentTypeIdNode.AppendChild(identifierNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><AllSignedDataObjects> var allSignedDataObjectsNode = document.CreateElement(XadesSignedXml.XadesPrefix, "AllSignedDataObjects", XadesSignedXml.XadesNamespaceUrl); commitmentTypeIndicationNode.AppendChild(allSignedDataObjectsNode); var dataObject = new DataObject(); dataObject.Data = qualifyingPropertiesNode.SelectNodes("."); xadesSignedXml.AddObject(dataObject); }