public static XmlElement Generate(XmlElement xmlElement, string elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, string inclusiveNamespacesPrefixList, string digestMethod, string signatureMethod)
{
try
{
XmlSignature.RemoveSignature(xmlElement);
signedXml.SigningKey = signingKey;
signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
Reference reference = new Reference();
reference.Uri = "#" + elementId;
reference.AddTransform((Transform) new XmlDsigEnvelopedSignatureTransform());
if (!string.IsNullOrEmpty(digestMethod))
{
reference.DigestMethod = digestMethod;
}
XmlDsigExcC14NTransform excC14Ntransform = new XmlDsigExcC14NTransform();
//if (!string.IsNullOrEmpty(inclusiveNamespacesPrefixList))
// excC14Ntransform.InclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList;
reference.AddTransform((Transform)excC14Ntransform);
signedXml.AddReference(reference);
signedXml.KeyInfo = keyInfo;
if (!string.IsNullOrEmpty(signatureMethod))
{
signedXml.SignedInfo.SignatureMethod = signatureMethod;
}
signedXml.ComputeSignature();
return(signedXml.GetXml());
}
catch (Exception ex)
{
throw new SamlSignatureException("Failed to generate XML signature.", ex);
}
}
public static Transform fromURI(string uri)
{
Transform t = null;
switch (uri)
{
case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315":
t = new XmlDsigC14NTransform();
break;
case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments":
t = new XmlDsigC14NWithCommentsTransform();
break;
case "http://www.w3.org/2000/09/xmldsig#enveloped-signature":
t = new XmlDsigEnvelopedSignatureTransform();
break;
case "http://www.w3.org/TR/1999/REC-xpath-19991116":
t = new XmlDsigXPathTransform();
break;
case "http://www.w3.org/TR/1999/REC-xslt-19991116":
t = new XmlDsigXsltTransform();
break;
case "http://www.w3.org/2001/10/xml-exc-c14n#":
t = new XmlDsigExcC14NTransform();
break;
}
return(t);
}
private static void SignXmlDocumentWithCertificate(XmlDocument doc, X509Certificate2 cert)
{
doc.PreserveWhitespace = true;
var signedXml = new SignedXml(doc);
signedXml.SigningKey = cert.PrivateKey;
var reference = new Reference();
reference.Uri = "";
var env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
var exc = new XmlDsigExcC14NTransform();
reference.AddTransform(exc);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.AddReference(reference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
var xmlSig = signedXml.GetXml();
doc.DocumentElement.AppendChild(doc.ImportNode(xmlSig, true));
Console.WriteLine("Successfully signed.");
}
public string CanonicalizeXml(string xml)
{
var document = new XmlDocument
{
PreserveWhitespace = false
};
document.LoadXml(xml);
var nodes = document.SelectNodes("/descendant-or-self::node() | //@* | //namespace::*");
Debug.Assert(nodes != null, "nodes != null");
//
// Canonicalize the document.
// <node /> expands to <node></node>, attributes are placed into
// alphabetical order, etc.
//
var transform = new XmlDsigExcC14NTransform();
transform.LoadInput(nodes);
using (var stream = (MemoryStream)transform.GetOutput(typeof(Stream)))
{
using (var reader = new StreamReader(stream))
{
return(reader.ReadToEnd());
}
}
}
static void Main(string[] args)
{
foreach (var xml in xmlList)
{
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(xml);
Console.WriteLine("===> ORIGINAL <====");
Console.WriteLine(xmlDocument.InnerXml);
Console.WriteLine("===> C14N <====");
var transformXml = new XmlDsigExcC14NTransform();
transformXml.LoadInput(xmlDocument);
var stream = transformXml.GetOutput(typeof(Stream)) as Stream;
var reader = new StreamReader(stream);
Console.WriteLine(reader.ReadToEnd());
Console.WriteLine("===> C14N#WithComments <====");
transformXml = new XmlDsigExcC14NTransform(true);
transformXml.LoadInput(xmlDocument);
stream = transformXml.GetOutput(typeof(Stream)) as Stream;
reader = new StreamReader(stream);
Console.WriteLine(reader.ReadToEnd());
Console.WriteLine();
}
}
public static string GetDocument(SignedXmlDocument doc)
{
Transform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(doc.Document.GetXmlDocument());
return(new StreamReader((MemoryStream)transform.GetOutput()).ReadToEnd());
}
/// <summary>
/// Signs the document given as an argument.
/// </summary>
private static void SignDocument(XmlDocument doc)
{
SignedXml signedXml = new SignedXml(doc);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// TODO Dynamically dig out the correct ID attribute from the XmlDocument.
Reference reference = new Reference("#_b8977dc86cda41493fba68b32ae9291d");
// Assert.That(reference.Uri == string.Empty);
XmlDsigEnvelopedSignatureTransform envelope = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(envelope);
// NOTE: C14n may require the following list of namespace prefixes. Seems to work without it, though.
//List<string> prefixes = new List<string>();
//prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2000/09/xmldsig#"));
//prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema-instance"));
//prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema"));
//prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("urn:oasis:names:tc:SAML:2.0:assertion"));
//XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(string.Join(" ", prefixes.ToArray()).Trim());
XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform();
reference.AddTransform(C14NTransformer);
signedXml.AddReference(reference);
// Add the key to the signature, so the assertion can be verified by itself.
signedXml.KeyInfo = new KeyInfo();
// Use RSA key for signing.
//{
// CspParameters parameters = new CspParameters();
// parameters.KeyContainerName = "XML_DSIG_RSA_KEY";
// RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(parameters);
// signedXml.SigningKey = rsaKey;
// signedXml.KeyInfo.AddClause(new RSAKeyValue(rsaKey));
//}
// Use X509 Certificate for signing.
{
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");
Assert.That(cert.HasPrivateKey);
signedXml.SigningKey = cert.GetRSAPrivateKey();
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert, X509IncludeOption.EndCertOnly));
}
// Information on the these and other "key info clause" types can be found at:
// ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.NETDEVFX.v20.en/CPref18/html/T_System_Security_Cryptography_Xml_KeyInfoClause_DerivedTypes.htm
// Do it!
signedXml.ComputeSignature();
XmlNodeList nodes = doc.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION);
Assert.That(nodes.Count == 1);
XmlNode node = nodes[0];
doc.DocumentElement.InsertAfter(doc.ImportNode(signedXml.GetXml(), true), node);
}
private object UseXmlDocumentTransform(Type type)
{
var innerTransform = new XmlDsigExcC14NTransform();
innerTransform.LoadInput(this._inputStream);
return(innerTransform.GetOutput(type));
}
string C14N(string xml)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
XmlDocument doc = new XmlDocument();
doc.LoadXml(xml);
t.LoadInput(doc);
return(new StreamReader(t.GetOutput() as Stream).ReadToEnd());
}
public byte[] CanonicalizeUsingClrLibrary(object input)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(_includeComments, _inclusivePrefixes);
t.LoadInput(input);
MemoryStream s = (MemoryStream)t.GetOutput(typeof(Stream));
return(s.ToArray());
}
/// <summary>
/// Add a timestamp to the signature, complaint with the XAdES-T 1.3.1 standard.
/// </summary>
/// <remarks>
/// Requires a Timestamp Provider <see cref="XadesCreator.TimestampProvider"/>
/// </remarks>
/// <param name="signature">The signature to extend</param>
/// <exception cref="ArgumentNullException">When the signature is null</exception>
/// <exception cref="InvalidOperationException">When no timestamp provider is set</exception>
public void ExtendToXadesT(ref XmlElement signature)
{
if (signature == null)
{
throw new ArgumentNullException("signature", "A signature is required");
}
if (TimestampProvider == null)
{
throw new InvalidOperationException("The timestamp provider is required for XAdES-T");
}
var timestamp = new XmlDocument();
timestamp.Load(Assembly.GetExecutingAssembly().GetManifestResourceStream("IM.Xades.Resources.Timestamp.xml"));
var timestampValue = (XmlElement)timestamp.SelectSingleNode("//xades:EncapsulatedTimeStamp", nsMgr);
XmlNode sigValue = signature.SelectSingleNode("./ds:SignatureValue", nsMgr);
//Serialize because the C14N overloads wich accepts lists is totaly wrong (it C14N's the document)
MemoryStream stream = new MemoryStream();
using (var writer = XmlWriter.Create(stream))
{
sigValue.WriteTo(writer);
}
stream.Seek(0, SeekOrigin.Begin);
//Canocalize the signature value
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(stream);
var canonicalized = (Stream)transform.GetOutput(typeof(Stream));
//hash the canocalized version
SHA256 sha256 = SHA256.Create();
byte[] hashed = sha256.ComputeHash(canonicalized);
//Get the timestamp.
byte[] timestampHash = TimestampProvider.GetTimestampFromDocumentHash(hashed, "http://www.w3.org/2001/04/xmlenc#sha256");
timestampValue.InnerText = Convert.ToBase64String(timestampHash);
var qProps = (XmlElement)signature.SelectSingleNode("./ds:Object/xades:QualifyingProperties", nsMgr);
var unsignedProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedProperties", Extra.XadesTools.NS);
qProps.AppendChild(unsignedProps);
var unsignedSigProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedSignatureProperties", Extra.XadesTools.NS);
unsignedProps.AppendChild(unsignedSigProps);
var imported = unsignedSigProps.OwnerDocument.ImportNode(timestamp.DocumentElement, true);
unsignedSigProps.AppendChild(imported);
}
private void AddXmlReference(string id, string hashFunction)
{
var reference = new Reference("#" + id)
{
DigestMethod = hashFunction
};
Transform transform = new XmlDsigExcC14NTransform();
reference.AddTransform(transform);
base.AddReference(reference);
}
private XmlDocument SignSmev2(GostFlavor gostFlavor, XmlDocument doc, X509Certificate2 certificate)
{
XmlNode root = doc.SelectSingleNode("/*");
string rootPrefix = root?.Prefix;
//----------------------------------------------------------------------------------------------CREATE STRUCTURE
XmlDocument tDoc = AddTemplate(doc, certificate);
//----------------------------------------------------------------------------------------------ROOT PREFIX
XmlElement bodyElement = tDoc.GetElementsByTagName(rootPrefix + ":Body")[0] as XmlElement;
string referenceUri = bodyElement?.GetAttribute("wsu:Id");
//----------------------------------------------------------------------------------------------SignedXML CREATE
//нужен для корректной отработки wsu:reference
Smev2SignedXml signedXml = new Smev2SignedXml(tDoc)
{
SigningKey = certificate.PrivateKey
};
//----------------------------------------------------------------------------------------------REFERNCE
Reference reference = new Reference
{
#pragma warning disable 612
DigestMethod = GostAlgorithmSelector.GetHashAlgorithmDescriptor(gostFlavor),
//CPSignedXml.XmlDsigGost3411UrlObsolete,
#pragma warning restore 612
Uri = "#" + referenceUri
};
XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform();
reference.AddTransform(c14);
signedXml.AddReference(reference);
//----------------------------------------------------------------------------------------------SIGNATURE SETUP
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
#pragma warning disable 612
signedXml.SignedInfo.SignatureMethod = GostAlgorithmSelector.GetSignatureAlgorithmDescriptor(gostFlavor);
//CPSignedXml.XmlDsigGost3410UrlObsolete;
#pragma warning disable 612
//----------------------------------------------------------------------------------------------KEYINFO
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data(certificate);
keyInfo.AddClause(x509KeyInfo);
signedXml.KeyInfo = keyInfo;
//----------------------------------------------------------------------------------------------SIGN DOCUMENT
signedXml.ComputeSignature();
//----------------------------------------------------------------------------------------------GET XML
XmlElement xmlDigitalSignature = signedXml.GetXml();
//----------------------------------------------------------------------------------------------APPEND SIGNATURE TAGS
tDoc.GetElementsByTagName("Signature")[0].PrependChild(
tDoc.ImportNode(xmlDigitalSignature.GetElementsByTagName("SignatureValue")[0], true));
tDoc.GetElementsByTagName("Signature")[0].PrependChild(
tDoc.ImportNode(xmlDigitalSignature.GetElementsByTagName("SignedInfo")[0], true));
((XmlElement)tDoc.GetElementsByTagName("Signature")[0]).SetAttribute("xmlns", DS_NS);
return(tDoc);
}
/// <summary>
/// Signs an XML Document for a Saml Response
/// </summary>
/// <param name="xml"></param>
/// <param name="cert2"></param>
/// <param name="referenceId"></param>
/// <returns></returns>
public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue, Models.IdPOptionsModel options)
{
SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
// Add the key to the SignedXml xmlDocument.
//sig.SigningKey = cert2.PrivateKey;
sig.SigningKey = cert2.GetRSAPrivateKey();
if (options.UseSHA256)
{
//otherwise - defaults to SHA1
sig.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
}
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = String.Empty;
reference.Uri = "#" + referenceValue;
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new
XmlDsigEnvelopedSignatureTransform();
//XmlDsigC14NTransform env2 = new XmlDsigC14NTransform();
XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform();
reference.AddTransform(env);
reference.AddTransform(env2);
if (options.UseSHA256)
{
reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
}
// Add the reference to the SignedXml object.
sig.AddReference(reference);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);
keyInfo.AddClause(keyData);
sig.KeyInfo = keyInfo;
sig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// Compute the signature.
sig.ComputeSignature();
// Get the XML representation of the signature and save it to an XmlElement object.
XmlElement xmlDigitalSignature = sig.GetXml();
return(xmlDigitalSignature);
}
private static void SignDocument(X509Certificate2 cert, XmlDocument doc)
{
//Create reference to #MsgBody which is the ID of the SOAP Body (only signing the Body)
Reference reference = new Reference("#MsgBody");
//Create a signedXML object from doc, add reference and private key, then generate the signature
SignedXml signedXML = new SignedXml(doc);
signedXML.AddReference(reference);
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey;
signedXML.SigningKey = rsaKey;
signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXML.SignedInfo.CanonicalizationMethodObject;
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
env.Algorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
reference.AddTransform(env);
string referenceDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
reference.DigestMethod = referenceDigestMethod;
signedXML.AddReference(reference);
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("RSA-SHA256");
signedXML.ComputeSignature();
XmlElement xmlDigitalSignature = signedXML.GetXml();
doc.DocumentElement.FirstChild.FirstChild.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
// Add KeyInfo Node with reference to the X509 cert
string keyInfoTags = "<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:Reference URI=\"#X509Token\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/></SecurityTokenReference></ds:KeyInfo></root>";
XmlDocument keyInfo = new XmlDocument();
// Fix for Xml external entity injection violation in fortify report
XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Prohibit;
settings.XmlResolver = null;
XmlReader reader = XmlReader.Create(new StringReader(keyInfoTags), settings);
//keyInfo.LoadXml("<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:Reference URI=\"#X509Token\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/></SecurityTokenReference></ds:KeyInfo></root>");
keyInfo.Load(reader);
doc.DocumentElement.FirstChild.FirstChild.LastChild.AppendChild(doc.ImportNode(keyInfo.FirstChild.FirstChild, true));
//Add The Base64 representation of the X509 cert to BinarySecurityToken Node
//X509SecurityToken token = new X509SecurityToken(cert);
doc.DocumentElement.FirstChild.LastChild.InnerText = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.None);
}
private static void GenerateReference(string elementID, string inclusivePrefixList, SignedXmlWithId xSigned)
{
var reference = new Reference()
{
Uri = "#" + elementID
};
XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();
env.InclusiveNamespacesPrefixList = inclusivePrefixList;
reference.AddTransform(env);
xSigned.AddReference(reference);
}
private XmlDocument SignEnveloped(
GostFlavor gostFlavor,
XmlDocument doc,
X509Certificate2 certificate,
string nodeId = null)
{
//----------------------------------------------------------------------------------------------CREATE SIGNED XML
SignedXml signedXml = new SignedXml(doc)
{
SigningKey = certificate.PrivateKey
};
//----------------------------------------------------------------------------------------------REFERNCE
Reference reference = new Reference
{
Uri = nodeId,
#pragma warning disable 612
DigestMethod = GostAlgorithmSelector.GetHashAlgorithmDescriptor(gostFlavor)
//CPSignedXml.XmlDsigGost3411UrlObsolete - old
#pragma warning disable 612
};
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform();
reference.AddTransform(c14);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
//----------------------------------------------------------------------------------------------SIGNATURE SETUP
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = GostAlgorithmSelector.GetSignatureAlgorithmDescriptor(gostFlavor);
//CPSignedXml.XmlDsigGost3410UrlObsolete; - old
//----------------------------------------------------------------------------------------------KEYINFO
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data(certificate);
keyInfo.AddClause(x509KeyInfo);
signedXml.KeyInfo = keyInfo;
//----------------------------------------------------------------------------------------------SIGN DOCUMENT
signedXml.ComputeSignature();
//----------------------------------------------------------------------------------------------GET XML
XmlElement xmlDigitalSignature = signedXml.GetXml();
//----------------------------------------------------------------------------------------------APPEND SIGNATURE
XmlNode root = doc.SelectSingleNode("/*");
root?.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
return(doc);
}
private static void SignDocument(X509Certificate2 cert, XmlDocument doc)
{
//Create reference to #MsgBody which is the ID of the SOAP Body (only signing the Body)
Reference reference = new Reference("#MsgBody");
//Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
//Create a signedXML object from doc, add reference and private key, then generate the signature
SignedXml signedXML = new SignedXml(doc);
signedXML.AddReference(reference);
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey;
signedXML.SigningKey = rsaKey;
// Changes done to support SHA2 - START ===================
var cn14Transform = new XmlDsigExcC14NTransform();
string referenceDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
reference.AddTransform(cn14Transform);
reference.DigestMethod = referenceDigestMethod;
signedXML.AddReference(reference);
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("RSA-SHA256");
// Changes done to support SHA2 - END ===================
// Compute the signature.
signedXML.ComputeSignature();
// Get the XML representation of the signature and add to the SOAP Header
XmlElement xmlDigitalSignature = signedXML.GetXml();
doc.DocumentElement.FirstChild.FirstChild.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
// Add KeyInfo Node with reference to the X509 cert
XmlDocument keyInfo = new XmlDocument();
keyInfo.LoadXml("<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://schemas.xmlsoap.org/ws/2002/04/secext\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://schemas.xmlsoap.org/ws/2002/04/secext\"><wsse:Reference URI=\"#X509Token\"/></SecurityTokenReference></ds:KeyInfo></root>");
doc.DocumentElement.FirstChild.FirstChild.LastChild.AppendChild(doc.ImportNode(keyInfo.FirstChild.FirstChild, true));
//Add The Base64 representation of the X509 cert to BinarySecurityToken Node
//X509SecurityToken token = new X509SecurityToken(cert);
doc.DocumentElement.FirstChild.LastChild.InnerText = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.None);
}
private static XmlDocument BuildSignature(XmlDocument doc, String id, X509Certificate2 cert)
{
X509Certificate2 requestSigningCert = cert;
doc.PreserveWhitespace = true;
SignedXml signedXml = new SignedXml(doc);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(requestSigningCert));
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)requestSigningCert.PrivateKey;
signedXml.SigningKey = rsaKey;
Reference reference = new Reference
{
Uri = "#" + id
};
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigExcC14NTransform c16n = new XmlDsigExcC14NTransform();
//c16n.PropagatedNamespaces.Add("ds", "http://www.w3.org/2000/09/xmldsig#");
// line above throws null pointer exception.
reference.AddTransform(c16n);
signedXml.AddReference(reference);
// Now we can compute the signature.
signedXml.ComputeSignature();
// Append signature to document.
XmlElement xmlDigitalSignature = signedXml.GetXml();
XmlNamespaceManager nsManager = new XmlNamespaceManager(doc.NameTable);
nsManager.AddNamespace("saml2", "urn:oasis:names:tc:SAML:2.0:assertion");
doc.DocumentElement.InsertAfter(doc.ImportNode(xmlDigitalSignature, true), doc.SelectSingleNode("//saml2:Issuer", nsManager));
return(doc);
}
public void SignXml(XmlDocument xmlDoc, string referenceId, AsymmetricAlgorithm key, string inclusiveNamespacesPrefixList)
{
// Check arguments.
if (xmlDoc == null)
{
throw new ArgumentException("xmlDocument");
}
if (key == null)
{
throw new ArgumentException("asymmetricAlgorithm");
}
// Create a SignedXml object.
var signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = key;
// Create a reference to be signed.
var reference = new Reference();
reference.Uri = "#" + referenceId;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// Add an enveloped transformation to the reference.
var env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add an C14N transformation to the reference.
var cn14 = new XmlDsigExcC14NTransform(false);
if (!String.IsNullOrWhiteSpace(inclusiveNamespacesPrefixList))
{
cn14.InclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList;
}
reference.AddTransform(cn14);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
void AppendNegotiationMessageXml(XmlReader reader, TlsServerSessionInfo tlsInfo)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
reader.MoveToContent();
doc.AppendChild(doc.ReadNode(reader));
t.LoadInput(doc);
MemoryStream stream = (MemoryStream)t.GetOutput();
byte [] bytes = stream.ToArray();
tlsInfo.Messages.Write(bytes, 0, bytes.Length);
}
/// <summary>
/// Выполнить каноникализацию XML-узла
/// </summary>
/// <param name="node">
/// Узел
/// </param>
/// <returns>
/// Каноникализированный XM-текст
/// </returns>
public static string Canonicalize(this XmlNode node)
{
var transform = new XmlDsigExcC14NTransform();
var document = new XmlDocument();
document.LoadXml(node.OuterXml);
transform.LoadInput(document);
using (var stream = (Stream)transform.GetOutput())
using (var reader = new StreamReader(stream))
{
return(reader.ReadToEnd());
}
}
private string SignAuthN(string authNXml, string requestId, X509Certificate2 requestSigningCert)
{
if (string.IsNullOrEmpty(authNXml))
{
throw new ArgumentNullException("authNXml");
}
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.LoadXml(authNXml);
SignedXml signedXml = new SignedXml(xmlDoc);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(requestSigningCert));
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)requestSigningCert.PrivateKey;
signedXml.SigningKey = rsaKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#" + requestId;
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigExcC14NTransform c16n = new XmlDsigExcC14NTransform();
c16n.InclusiveNamespacesPrefixList = "#default samlp saml ds xs xsi";
reference.AddTransform(c16n);
signedXml.AddReference(reference);
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDoc.DocumentElement.InsertAfter(xmlDoc.ImportNode(xmlDigitalSignature, true), xmlDoc.DocumentElement.FirstChild); //signature to be second node after saml:Issuer
return(xmlDoc.OuterXml);
}
/// <summary>
/// Construye el documento enveloped
/// </summary>
private void CreateEnvelopedDocument()
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml(_document);
reference.DigestMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
reference.Id = "r-id-1";
reference.Type = "";
reference.Uri = "";
//for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++)
//{
// if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase))
// {
// reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value;
// break;
// }
//}
// ** XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
//xmlDsigEnvelopedSignatureTransform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116";
XmlDocument doc = new XmlDocument();
XmlElement xpathElem = doc.CreateElement("XPath");
xpathElem.InnerText = "not(ancestor-or-self::ds:Signature)";
XmlDsigXPathTransform xform = new XmlDsigXPathTransform();
xform.LoadInnerXml(xpathElem.SelectNodes("."));
xform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116";
//xform.PropagatedNamespaces.Add("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
reference.AddTransform(xform);
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
reference.AddTransform(transform);
//reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
public Stream CanonicalizeNode(XmlElement nodeToCanon)
{
XmlNode node = (XmlNode)nodeToCanon;
XmlNodeReader reader = new XmlNodeReader(node);
Stream stream = new MemoryStream();
XmlWriter writer = new XmlTextWriter(stream, Encoding.UTF8);
writer.WriteNode(reader, false);
writer.Flush();
stream.Position = 0;
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(stream);
return(transform.GetOutput() as Stream);
}
private byte[] GetSignedInfoForVerification(XmlElement si)
{
XmlDsigExcC14NTransform canon = new XmlDsigExcC14NTransform(false);
XmlDocument d = new XmlDocument();
d.AppendChild(d.ImportNode(si, true));
canon.LoadInput(d);
byte[] csi;
using (MemoryStream ms = new MemoryStream())
{
((Stream)canon.GetOutput()).CopyTo(ms);
csi = ms.GetBuffer();
}
return(csi);
}
public void SimpleNamespacePrefixes()
{
string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>";
string expected = @"<a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(input);
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
t.LoadInput(doc);
Stream s = t.GetOutput() as Stream;
Assert.Equal(new StreamReader(s, Encoding.UTF8).ReadToEnd(), expected);
}
private XmlDocument SignXmlNode(
GostFlavor gostFlavor,
XmlDocument doc,
X509Certificate2 certificate,
string nodeId)
{
//----------------------------------------------------------------------------------------------CREATE SIGNED XML
SignedXml signedXml = new SignedXml(doc)
{
SigningKey = certificate.PrivateKey
};
//----------------------------------------------------------------------------------------------REFERNCE
Reference reference = new Reference
{
Uri = "#" + nodeId,
#pragma warning disable 612
DigestMethod = GostAlgorithmSelector.GetHashAlgorithmDescriptor(gostFlavor)
//CPSignedXml.XmlDsigGost3411UrlObsolete - old
#pragma warning disable 612
};
XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform();
reference.AddTransform(c14);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
//----------------------------------------------------------------------------------------------SIGNATURE SETUP
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = GostAlgorithmSelector.GetSignatureAlgorithmDescriptor(gostFlavor);
//CPSignedXml.XmlDsigGost3410UrlObsolete;
//----------------------------------------------------------------------------------------------KEYINFO
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data(certificate);
keyInfo.AddClause(x509KeyInfo);
signedXml.KeyInfo = keyInfo;
//----------------------------------------------------------------------------------------------SIGN DOCUMENT
signedXml.ComputeSignature();
//----------------------------------------------------------------------------------------------GET XML
XmlElement xmlDigitalSignature = signedXml.GetXml();
//=============================================================================APPEND SIGNATURE TO DOCUMENT
GetNodeWithAttributeValue(doc.ChildNodes, nodeId)?.ParentNode?.AppendChild(xmlDigitalSignature);
return(doc);
}
public void PropagatedNamespaces()
{
XmlDocument doc = new XmlDocument();
doc.AppendChild(doc.CreateElement("foo", "urn:foo"));
doc.DocumentElement.AppendChild(doc.CreateElement("bar", "urn:bar"));
Assert.AreEqual(String.Empty, doc.DocumentElement.GetAttribute("xmlns:f"), "#1");
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
t.LoadInput(doc);
t.PropagatedNamespaces.Add("f", "urn:foo");
t.PropagatedNamespaces.Add("b", "urn:bar");
Stream s = t.GetOutput() as Stream;
Assert.AreEqual(new StreamReader(s, Encoding.UTF8).ReadToEnd(), "<f:foo xmlns:f=\"urn:foo\"><b:bar xmlns:b=\"urn:bar\"></b:bar></f:foo>");
Assert.AreEqual("urn:foo", doc.DocumentElement.GetAttribute("xmlns:f"), "#2");
}
/// <summary>
/// Signs a list of references using a certificate and returns
/// the signature element.
/// </summary>
/// <param name="xmlDoc">Xml document that contains the references.
/// Cannot be null.</param>
/// <param name="signCert">Certificate used for signing that contains a
/// private key. The certificate and contained private key cannot be null.</param>
/// <param name="references">List of references to sign. Cannot be null.</param>
/// <returns>'ds:Signature' element</returns>
public static XmlElement Sign(XmlDocument xmlDoc, X509Certificate2 signCert,
IList <string> references)
{
// Create the signature object using the document as the context
SignedXml signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = signCert.PrivateKey;
// Specify the canonicalization method
signedXml.Signature.SignedInfo.CanonicalizationMethod =
SignedXml.XmlDsigExcC14NTransformUrl;
// Specify the signature method
signedXml.Signature.SignedInfo.SignatureMethod =
SignedXml.XmlDsigRSASHA1Url;
// Add all the signing references
foreach (string signReferenceId in references)
{
Reference reference = new Reference();
reference.Uri = "#" + signReferenceId;
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
// Add the reference transform
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
reference.AddTransform(transform);
// Add the reference to the signature
signedXml.AddReference(reference);
}
// Calculate the signature
signedXml.ComputeSignature();
// Add the key information to the signature
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data kixd = new KeyInfoX509Data();
kixd.AddCertificate(signCert);
keyInfo.AddClause(kixd);
signedXml.KeyInfo = keyInfo;
// Return the signature
return(signedXml.GetXml());
}
