private static XmlElement GenerateSignedXml(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm) { var rsa = cert.GetRSAPrivateKey(); if (rsa == null) { throw new IdentityProviderException("X509 must be RSA"); } string signatureAlgorithmUrl = Algorithms.GetSignatureAlgorithmUrl(signatureAlgorithm); string digestAlgorithmUrl = Algorithms.GetDigestAlgorithmUrl(digestAlgorithm); var signedXml = new PrefixedSignedXml(xmlDoc) { SigningKey = rsa }; signedXml.SignedInfo.SignatureMethod = signatureAlgorithmUrl; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; //Empty string means entire document, use '#' before name //https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.reference.uri?view=netframework-4.7.2 var referenceUri = String.Empty; var id = xmlDoc.DocumentElement.GetAttribute("ID"); if (!String.IsNullOrWhiteSpace(id)) { referenceUri = "#" + id; } Reference reference = new Reference { Uri = referenceUri, DigestMethod = digestAlgorithmUrl }; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); signedXml.KeyInfo = new KeyInfo(); signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.ComputeSignature("ds"); var signedXmlDoc = signedXml.GetXml("ds"); return(signedXmlDoc); }
public static XmlDocument SignXmlDoc(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm) { var signedXml = GenerateSignedXml(xmlDoc, cert, signatureAlgorithm, digestAlgorithm); xmlDoc.DocumentElement.AppendChild(signedXml); return(xmlDoc); }