private static XmlElement GenerateSignedXml(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm)
{
var rsa = cert.GetRSAPrivateKey();
if (rsa == null)
{
throw new IdentityProviderException("X509 must be RSA");
}
string signatureAlgorithmUrl = Algorithms.GetSignatureAlgorithmUrl(signatureAlgorithm);
string digestAlgorithmUrl = Algorithms.GetDigestAlgorithmUrl(digestAlgorithm);
var signedXml = new PrefixedSignedXml(xmlDoc)
{
SigningKey = rsa
};
signedXml.SignedInfo.SignatureMethod = signatureAlgorithmUrl;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
//Empty string means entire document, use '#' before name //https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.reference.uri?view=netframework-4.7.2
var referenceUri = String.Empty;
var id = xmlDoc.DocumentElement.GetAttribute("ID");
if (!String.IsNullOrWhiteSpace(id))
{
referenceUri = "#" + id;
}
Reference reference = new Reference
{
Uri = referenceUri,
DigestMethod = digestAlgorithmUrl
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.KeyInfo = new KeyInfo();
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.ComputeSignature("ds");
var signedXmlDoc = signedXml.GetXml("ds");
return(signedXmlDoc);
}
public static XmlDocument SignXmlDoc(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm)
{
var signedXml = GenerateSignedXml(xmlDoc, cert, signatureAlgorithm, digestAlgorithm);
xmlDoc.DocumentElement.AppendChild(signedXml);
return(xmlDoc);
}
