public static XmlElement Generate(XmlElement xmlElement, string elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, string inclusiveNamespacesPrefixList, string digestMethod, string signatureMethod) { try { XmlSignature.RemoveSignature(xmlElement); signedXml.SigningKey = signingKey; signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; Reference reference = new Reference(); reference.Uri = "#" + elementId; reference.AddTransform((Transform) new XmlDsigEnvelopedSignatureTransform()); if (!string.IsNullOrEmpty(digestMethod)) { reference.DigestMethod = digestMethod; } XmlDsigExcC14NTransform excC14Ntransform = new XmlDsigExcC14NTransform(); //if (!string.IsNullOrEmpty(inclusiveNamespacesPrefixList)) // excC14Ntransform.InclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList; reference.AddTransform((Transform)excC14Ntransform); signedXml.AddReference(reference); signedXml.KeyInfo = keyInfo; if (!string.IsNullOrEmpty(signatureMethod)) { signedXml.SignedInfo.SignatureMethod = signatureMethod; } signedXml.ComputeSignature(); return(signedXml.GetXml()); } catch (Exception ex) { throw new SamlSignatureException("Failed to generate XML signature.", ex); } }
public static Transform fromURI(string uri) { Transform t = null; switch (uri) { case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315": t = new XmlDsigC14NTransform(); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments": t = new XmlDsigC14NWithCommentsTransform(); break; case "http://www.w3.org/2000/09/xmldsig#enveloped-signature": t = new XmlDsigEnvelopedSignatureTransform(); break; case "http://www.w3.org/TR/1999/REC-xpath-19991116": t = new XmlDsigXPathTransform(); break; case "http://www.w3.org/TR/1999/REC-xslt-19991116": t = new XmlDsigXsltTransform(); break; case "http://www.w3.org/2001/10/xml-exc-c14n#": t = new XmlDsigExcC14NTransform(); break; } return(t); }
private static void SignXmlDocumentWithCertificate(XmlDocument doc, X509Certificate2 cert) { doc.PreserveWhitespace = true; var signedXml = new SignedXml(doc); signedXml.SigningKey = cert.PrivateKey; var reference = new Reference(); reference.Uri = ""; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); var exc = new XmlDsigExcC14NTransform(); reference.AddTransform(exc); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.AddReference(reference); var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; signedXml.ComputeSignature(); var xmlSig = signedXml.GetXml(); doc.DocumentElement.AppendChild(doc.ImportNode(xmlSig, true)); Console.WriteLine("Successfully signed."); }
public string CanonicalizeXml(string xml) { var document = new XmlDocument { PreserveWhitespace = false }; document.LoadXml(xml); var nodes = document.SelectNodes("/descendant-or-self::node() | //@* | //namespace::*"); Debug.Assert(nodes != null, "nodes != null"); // // Canonicalize the document. // <node /> expands to <node></node>, attributes are placed into // alphabetical order, etc. // var transform = new XmlDsigExcC14NTransform(); transform.LoadInput(nodes); using (var stream = (MemoryStream)transform.GetOutput(typeof(Stream))) { using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } } }
static void Main(string[] args) { foreach (var xml in xmlList) { var xmlDocument = new XmlDocument(); xmlDocument.LoadXml(xml); Console.WriteLine("===> ORIGINAL <===="); Console.WriteLine(xmlDocument.InnerXml); Console.WriteLine("===> C14N <===="); var transformXml = new XmlDsigExcC14NTransform(); transformXml.LoadInput(xmlDocument); var stream = transformXml.GetOutput(typeof(Stream)) as Stream; var reader = new StreamReader(stream); Console.WriteLine(reader.ReadToEnd()); Console.WriteLine("===> C14N#WithComments <===="); transformXml = new XmlDsigExcC14NTransform(true); transformXml.LoadInput(xmlDocument); stream = transformXml.GetOutput(typeof(Stream)) as Stream; reader = new StreamReader(stream); Console.WriteLine(reader.ReadToEnd()); Console.WriteLine(); } }
public static string GetDocument(SignedXmlDocument doc) { Transform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(doc.Document.GetXmlDocument()); return(new StreamReader((MemoryStream)transform.GetOutput()).ReadToEnd()); }
/// <summary> /// Signs the document given as an argument. /// </summary> private static void SignDocument(XmlDocument doc) { SignedXml signedXml = new SignedXml(doc); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // TODO Dynamically dig out the correct ID attribute from the XmlDocument. Reference reference = new Reference("#_b8977dc86cda41493fba68b32ae9291d"); // Assert.That(reference.Uri == string.Empty); XmlDsigEnvelopedSignatureTransform envelope = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envelope); // NOTE: C14n may require the following list of namespace prefixes. Seems to work without it, though. //List<string> prefixes = new List<string>(); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2000/09/xmldsig#")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema-instance")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("urn:oasis:names:tc:SAML:2.0:assertion")); //XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(string.Join(" ", prefixes.ToArray()).Trim()); XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(); reference.AddTransform(C14NTransformer); signedXml.AddReference(reference); // Add the key to the signature, so the assertion can be verified by itself. signedXml.KeyInfo = new KeyInfo(); // Use RSA key for signing. //{ // CspParameters parameters = new CspParameters(); // parameters.KeyContainerName = "XML_DSIG_RSA_KEY"; // RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(parameters); // signedXml.SigningKey = rsaKey; // signedXml.KeyInfo.AddClause(new RSAKeyValue(rsaKey)); //} // Use X509 Certificate for signing. { X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); Assert.That(cert.HasPrivateKey); signedXml.SigningKey = cert.GetRSAPrivateKey(); signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert, X509IncludeOption.EndCertOnly)); } // Information on the these and other "key info clause" types can be found at: // ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.NETDEVFX.v20.en/CPref18/html/T_System_Security_Cryptography_Xml_KeyInfoClause_DerivedTypes.htm // Do it! signedXml.ComputeSignature(); XmlNodeList nodes = doc.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION); Assert.That(nodes.Count == 1); XmlNode node = nodes[0]; doc.DocumentElement.InsertAfter(doc.ImportNode(signedXml.GetXml(), true), node); }
private object UseXmlDocumentTransform(Type type) { var innerTransform = new XmlDsigExcC14NTransform(); innerTransform.LoadInput(this._inputStream); return(innerTransform.GetOutput(type)); }
string C14N(string xml) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); XmlDocument doc = new XmlDocument(); doc.LoadXml(xml); t.LoadInput(doc); return(new StreamReader(t.GetOutput() as Stream).ReadToEnd()); }
public byte[] CanonicalizeUsingClrLibrary(object input) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(_includeComments, _inclusivePrefixes); t.LoadInput(input); MemoryStream s = (MemoryStream)t.GetOutput(typeof(Stream)); return(s.ToArray()); }
/// <summary> /// Add a timestamp to the signature, complaint with the XAdES-T 1.3.1 standard. /// </summary> /// <remarks> /// Requires a Timestamp Provider <see cref="XadesCreator.TimestampProvider"/> /// </remarks> /// <param name="signature">The signature to extend</param> /// <exception cref="ArgumentNullException">When the signature is null</exception> /// <exception cref="InvalidOperationException">When no timestamp provider is set</exception> public void ExtendToXadesT(ref XmlElement signature) { if (signature == null) { throw new ArgumentNullException("signature", "A signature is required"); } if (TimestampProvider == null) { throw new InvalidOperationException("The timestamp provider is required for XAdES-T"); } var timestamp = new XmlDocument(); timestamp.Load(Assembly.GetExecutingAssembly().GetManifestResourceStream("IM.Xades.Resources.Timestamp.xml")); var timestampValue = (XmlElement)timestamp.SelectSingleNode("//xades:EncapsulatedTimeStamp", nsMgr); XmlNode sigValue = signature.SelectSingleNode("./ds:SignatureValue", nsMgr); //Serialize because the C14N overloads wich accepts lists is totaly wrong (it C14N's the document) MemoryStream stream = new MemoryStream(); using (var writer = XmlWriter.Create(stream)) { sigValue.WriteTo(writer); } stream.Seek(0, SeekOrigin.Begin); //Canocalize the signature value XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(stream); var canonicalized = (Stream)transform.GetOutput(typeof(Stream)); //hash the canocalized version SHA256 sha256 = SHA256.Create(); byte[] hashed = sha256.ComputeHash(canonicalized); //Get the timestamp. byte[] timestampHash = TimestampProvider.GetTimestampFromDocumentHash(hashed, "http://www.w3.org/2001/04/xmlenc#sha256"); timestampValue.InnerText = Convert.ToBase64String(timestampHash); var qProps = (XmlElement)signature.SelectSingleNode("./ds:Object/xades:QualifyingProperties", nsMgr); var unsignedProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedProperties", Extra.XadesTools.NS); qProps.AppendChild(unsignedProps); var unsignedSigProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedSignatureProperties", Extra.XadesTools.NS); unsignedProps.AppendChild(unsignedSigProps); var imported = unsignedSigProps.OwnerDocument.ImportNode(timestamp.DocumentElement, true); unsignedSigProps.AppendChild(imported); }
private void AddXmlReference(string id, string hashFunction) { var reference = new Reference("#" + id) { DigestMethod = hashFunction }; Transform transform = new XmlDsigExcC14NTransform(); reference.AddTransform(transform); base.AddReference(reference); }
private XmlDocument SignSmev2(GostFlavor gostFlavor, XmlDocument doc, X509Certificate2 certificate) { XmlNode root = doc.SelectSingleNode("/*"); string rootPrefix = root?.Prefix; //----------------------------------------------------------------------------------------------CREATE STRUCTURE XmlDocument tDoc = AddTemplate(doc, certificate); //----------------------------------------------------------------------------------------------ROOT PREFIX XmlElement bodyElement = tDoc.GetElementsByTagName(rootPrefix + ":Body")[0] as XmlElement; string referenceUri = bodyElement?.GetAttribute("wsu:Id"); //----------------------------------------------------------------------------------------------SignedXML CREATE //нужен для корректной отработки wsu:reference Smev2SignedXml signedXml = new Smev2SignedXml(tDoc) { SigningKey = certificate.PrivateKey }; //----------------------------------------------------------------------------------------------REFERNCE Reference reference = new Reference { #pragma warning disable 612 DigestMethod = GostAlgorithmSelector.GetHashAlgorithmDescriptor(gostFlavor), //CPSignedXml.XmlDsigGost3411UrlObsolete, #pragma warning restore 612 Uri = "#" + referenceUri }; XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform(); reference.AddTransform(c14); signedXml.AddReference(reference); //----------------------------------------------------------------------------------------------SIGNATURE SETUP signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; #pragma warning disable 612 signedXml.SignedInfo.SignatureMethod = GostAlgorithmSelector.GetSignatureAlgorithmDescriptor(gostFlavor); //CPSignedXml.XmlDsigGost3410UrlObsolete; #pragma warning disable 612 //----------------------------------------------------------------------------------------------KEYINFO KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data(certificate); keyInfo.AddClause(x509KeyInfo); signedXml.KeyInfo = keyInfo; //----------------------------------------------------------------------------------------------SIGN DOCUMENT signedXml.ComputeSignature(); //----------------------------------------------------------------------------------------------GET XML XmlElement xmlDigitalSignature = signedXml.GetXml(); //----------------------------------------------------------------------------------------------APPEND SIGNATURE TAGS tDoc.GetElementsByTagName("Signature")[0].PrependChild( tDoc.ImportNode(xmlDigitalSignature.GetElementsByTagName("SignatureValue")[0], true)); tDoc.GetElementsByTagName("Signature")[0].PrependChild( tDoc.ImportNode(xmlDigitalSignature.GetElementsByTagName("SignedInfo")[0], true)); ((XmlElement)tDoc.GetElementsByTagName("Signature")[0]).SetAttribute("xmlns", DS_NS); return(tDoc); }
/// <summary> /// Signs an XML Document for a Saml Response /// </summary> /// <param name="xml"></param> /// <param name="cert2"></param> /// <param name="referenceId"></param> /// <returns></returns> public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue, Models.IdPOptionsModel options) { SamlSignedXml sig = new SamlSignedXml(doc, referenceId); // Add the key to the SignedXml xmlDocument. //sig.SigningKey = cert2.PrivateKey; sig.SigningKey = cert2.GetRSAPrivateKey(); if (options.UseSHA256) { //otherwise - defaults to SHA1 sig.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; } // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = String.Empty; reference.Uri = "#" + referenceValue; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); //XmlDsigC14NTransform env2 = new XmlDsigC14NTransform(); XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform(); reference.AddTransform(env); reference.AddTransform(env2); if (options.UseSHA256) { reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; } // Add the reference to the SignedXml object. sig.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data keyData = new KeyInfoX509Data(cert2); keyInfo.AddClause(keyData); sig.KeyInfo = keyInfo; sig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // Compute the signature. sig.ComputeSignature(); // Get the XML representation of the signature and save it to an XmlElement object. XmlElement xmlDigitalSignature = sig.GetXml(); return(xmlDigitalSignature); }
private static void SignDocument(X509Certificate2 cert, XmlDocument doc) { //Create reference to #MsgBody which is the ID of the SOAP Body (only signing the Body) Reference reference = new Reference("#MsgBody"); //Create a signedXML object from doc, add reference and private key, then generate the signature SignedXml signedXML = new SignedXml(doc); signedXML.AddReference(reference); RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey; signedXML.SigningKey = rsaKey; signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXML.SignedInfo.CanonicalizationMethodObject; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); env.Algorithm = "http://www.w3.org/2001/10/xml-exc-c14n#"; reference.AddTransform(env); string referenceDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; reference.DigestMethod = referenceDigestMethod; signedXML.AddReference(reference); KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("RSA-SHA256"); signedXML.ComputeSignature(); XmlElement xmlDigitalSignature = signedXML.GetXml(); doc.DocumentElement.FirstChild.FirstChild.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); // Add KeyInfo Node with reference to the X509 cert string keyInfoTags = "<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:Reference URI=\"#X509Token\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/></SecurityTokenReference></ds:KeyInfo></root>"; XmlDocument keyInfo = new XmlDocument(); // Fix for Xml external entity injection violation in fortify report XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Prohibit; settings.XmlResolver = null; XmlReader reader = XmlReader.Create(new StringReader(keyInfoTags), settings); //keyInfo.LoadXml("<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:Reference URI=\"#X509Token\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/></SecurityTokenReference></ds:KeyInfo></root>"); keyInfo.Load(reader); doc.DocumentElement.FirstChild.FirstChild.LastChild.AppendChild(doc.ImportNode(keyInfo.FirstChild.FirstChild, true)); //Add The Base64 representation of the X509 cert to BinarySecurityToken Node //X509SecurityToken token = new X509SecurityToken(cert); doc.DocumentElement.FirstChild.LastChild.InnerText = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.None); }
private static void GenerateReference(string elementID, string inclusivePrefixList, SignedXmlWithId xSigned) { var reference = new Reference() { Uri = "#" + elementID }; XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform(); env.InclusiveNamespacesPrefixList = inclusivePrefixList; reference.AddTransform(env); xSigned.AddReference(reference); }
private XmlDocument SignEnveloped( GostFlavor gostFlavor, XmlDocument doc, X509Certificate2 certificate, string nodeId = null) { //----------------------------------------------------------------------------------------------CREATE SIGNED XML SignedXml signedXml = new SignedXml(doc) { SigningKey = certificate.PrivateKey }; //----------------------------------------------------------------------------------------------REFERNCE Reference reference = new Reference { Uri = nodeId, #pragma warning disable 612 DigestMethod = GostAlgorithmSelector.GetHashAlgorithmDescriptor(gostFlavor) //CPSignedXml.XmlDsigGost3411UrlObsolete - old #pragma warning disable 612 }; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); //----------------------------------------------------------------------------------------------SIGNATURE SETUP signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = GostAlgorithmSelector.GetSignatureAlgorithmDescriptor(gostFlavor); //CPSignedXml.XmlDsigGost3410UrlObsolete; - old //----------------------------------------------------------------------------------------------KEYINFO KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data(certificate); keyInfo.AddClause(x509KeyInfo); signedXml.KeyInfo = keyInfo; //----------------------------------------------------------------------------------------------SIGN DOCUMENT signedXml.ComputeSignature(); //----------------------------------------------------------------------------------------------GET XML XmlElement xmlDigitalSignature = signedXml.GetXml(); //----------------------------------------------------------------------------------------------APPEND SIGNATURE XmlNode root = doc.SelectSingleNode("/*"); root?.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); return(doc); }
private static void SignDocument(X509Certificate2 cert, XmlDocument doc) { //Create reference to #MsgBody which is the ID of the SOAP Body (only signing the Body) Reference reference = new Reference("#MsgBody"); //Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); //Create a signedXML object from doc, add reference and private key, then generate the signature SignedXml signedXML = new SignedXml(doc); signedXML.AddReference(reference); RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey; signedXML.SigningKey = rsaKey; // Changes done to support SHA2 - START =================== var cn14Transform = new XmlDsigExcC14NTransform(); string referenceDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; reference.AddTransform(cn14Transform); reference.DigestMethod = referenceDigestMethod; signedXML.AddReference(reference); KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("RSA-SHA256"); // Changes done to support SHA2 - END =================== // Compute the signature. signedXML.ComputeSignature(); // Get the XML representation of the signature and add to the SOAP Header XmlElement xmlDigitalSignature = signedXML.GetXml(); doc.DocumentElement.FirstChild.FirstChild.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); // Add KeyInfo Node with reference to the X509 cert XmlDocument keyInfo = new XmlDocument(); keyInfo.LoadXml("<root xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:wsse=\"http://schemas.xmlsoap.org/ws/2002/04/secext\" ><ds:KeyInfo><SecurityTokenReference xmlns=\"http://schemas.xmlsoap.org/ws/2002/04/secext\"><wsse:Reference URI=\"#X509Token\"/></SecurityTokenReference></ds:KeyInfo></root>"); doc.DocumentElement.FirstChild.FirstChild.LastChild.AppendChild(doc.ImportNode(keyInfo.FirstChild.FirstChild, true)); //Add The Base64 representation of the X509 cert to BinarySecurityToken Node //X509SecurityToken token = new X509SecurityToken(cert); doc.DocumentElement.FirstChild.LastChild.InnerText = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.None); }
private static XmlDocument BuildSignature(XmlDocument doc, String id, X509Certificate2 cert) { X509Certificate2 requestSigningCert = cert; doc.PreserveWhitespace = true; SignedXml signedXml = new SignedXml(doc); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(requestSigningCert)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)requestSigningCert.PrivateKey; signedXml.SigningKey = rsaKey; Reference reference = new Reference { Uri = "#" + id }; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigExcC14NTransform c16n = new XmlDsigExcC14NTransform(); //c16n.PropagatedNamespaces.Add("ds", "http://www.w3.org/2000/09/xmldsig#"); // line above throws null pointer exception. reference.AddTransform(c16n); signedXml.AddReference(reference); // Now we can compute the signature. signedXml.ComputeSignature(); // Append signature to document. XmlElement xmlDigitalSignature = signedXml.GetXml(); XmlNamespaceManager nsManager = new XmlNamespaceManager(doc.NameTable); nsManager.AddNamespace("saml2", "urn:oasis:names:tc:SAML:2.0:assertion"); doc.DocumentElement.InsertAfter(doc.ImportNode(xmlDigitalSignature, true), doc.SelectSingleNode("//saml2:Issuer", nsManager)); return(doc); }
public void SignXml(XmlDocument xmlDoc, string referenceId, AsymmetricAlgorithm key, string inclusiveNamespacesPrefixList) { // Check arguments. if (xmlDoc == null) { throw new ArgumentException("xmlDocument"); } if (key == null) { throw new ArgumentException("asymmetricAlgorithm"); } // Create a SignedXml object. var signedXml = new SignedXml(xmlDoc); // Add the key to the SignedXml document. signedXml.SigningKey = key; // Create a reference to be signed. var reference = new Reference(); reference.Uri = "#" + referenceId; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // Add an enveloped transformation to the reference. var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add an C14N transformation to the reference. var cn14 = new XmlDsigExcC14NTransform(false); if (!String.IsNullOrWhiteSpace(inclusiveNamespacesPrefixList)) { cn14.InclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList; } reference.AddTransform(cn14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
void AppendNegotiationMessageXml(XmlReader reader, TlsServerSessionInfo tlsInfo) { XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; reader.MoveToContent(); doc.AppendChild(doc.ReadNode(reader)); t.LoadInput(doc); MemoryStream stream = (MemoryStream)t.GetOutput(); byte [] bytes = stream.ToArray(); tlsInfo.Messages.Write(bytes, 0, bytes.Length); }
/// <summary> /// Выполнить каноникализацию XML-узла /// </summary> /// <param name="node"> /// Узел /// </param> /// <returns> /// Каноникализированный XM-текст /// </returns> public static string Canonicalize(this XmlNode node) { var transform = new XmlDsigExcC14NTransform(); var document = new XmlDocument(); document.LoadXml(node.OuterXml); transform.LoadInput(document); using (var stream = (Stream)transform.GetOutput()) using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } }
private string SignAuthN(string authNXml, string requestId, X509Certificate2 requestSigningCert) { if (string.IsNullOrEmpty(authNXml)) { throw new ArgumentNullException("authNXml"); } XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.LoadXml(authNXml); SignedXml signedXml = new SignedXml(xmlDoc); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(requestSigningCert)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)requestSigningCert.PrivateKey; signedXml.SigningKey = rsaKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = "#" + requestId; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigExcC14NTransform c16n = new XmlDsigExcC14NTransform(); c16n.InclusiveNamespacesPrefixList = "#default samlp saml ds xs xsi"; reference.AddTransform(c16n); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.InsertAfter(xmlDoc.ImportNode(xmlDigitalSignature, true), xmlDoc.DocumentElement.FirstChild); //signature to be second node after saml:Issuer return(xmlDoc.OuterXml); }
/// <summary> /// Construye el documento enveloped /// </summary> private void CreateEnvelopedDocument() { Reference reference = new Reference(); _xadesSignedXml = new XadesSignedXml(_document); reference.DigestMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; reference.Id = "r-id-1"; reference.Type = ""; reference.Uri = ""; //for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++) //{ // if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase)) // { // reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value; // break; // } //} // ** XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); //xmlDsigEnvelopedSignatureTransform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116"; XmlDocument doc = new XmlDocument(); XmlElement xpathElem = doc.CreateElement("XPath"); xpathElem.InnerText = "not(ancestor-or-self::ds:Signature)"; XmlDsigXPathTransform xform = new XmlDsigXPathTransform(); xform.LoadInnerXml(xpathElem.SelectNodes(".")); xform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116"; //xform.PropagatedNamespaces.Add("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#"); reference.AddTransform(xform); XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); reference.AddTransform(transform); //reference.AddTransform(xmlDsigEnvelopedSignatureTransform); _objectReference = reference.Id; _xadesSignedXml.AddReference(reference); }
public Stream CanonicalizeNode(XmlElement nodeToCanon) { XmlNode node = (XmlNode)nodeToCanon; XmlNodeReader reader = new XmlNodeReader(node); Stream stream = new MemoryStream(); XmlWriter writer = new XmlTextWriter(stream, Encoding.UTF8); writer.WriteNode(reader, false); writer.Flush(); stream.Position = 0; XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); transform.LoadInput(stream); return(transform.GetOutput() as Stream); }
private byte[] GetSignedInfoForVerification(XmlElement si) { XmlDsigExcC14NTransform canon = new XmlDsigExcC14NTransform(false); XmlDocument d = new XmlDocument(); d.AppendChild(d.ImportNode(si, true)); canon.LoadInput(d); byte[] csi; using (MemoryStream ms = new MemoryStream()) { ((Stream)canon.GetOutput()).CopyTo(ms); csi = ms.GetBuffer(); } return(csi); }
public void SimpleNamespacePrefixes() { string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>"; string expected = @"<a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action>"; XmlDocument doc = new XmlDocument(); doc.LoadXml(input); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); t.LoadInput(doc); Stream s = t.GetOutput() as Stream; Assert.Equal(new StreamReader(s, Encoding.UTF8).ReadToEnd(), expected); }
private XmlDocument SignXmlNode( GostFlavor gostFlavor, XmlDocument doc, X509Certificate2 certificate, string nodeId) { //----------------------------------------------------------------------------------------------CREATE SIGNED XML SignedXml signedXml = new SignedXml(doc) { SigningKey = certificate.PrivateKey }; //----------------------------------------------------------------------------------------------REFERNCE Reference reference = new Reference { Uri = "#" + nodeId, #pragma warning disable 612 DigestMethod = GostAlgorithmSelector.GetHashAlgorithmDescriptor(gostFlavor) //CPSignedXml.XmlDsigGost3411UrlObsolete - old #pragma warning disable 612 }; XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); //----------------------------------------------------------------------------------------------SIGNATURE SETUP signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = GostAlgorithmSelector.GetSignatureAlgorithmDescriptor(gostFlavor); //CPSignedXml.XmlDsigGost3410UrlObsolete; //----------------------------------------------------------------------------------------------KEYINFO KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data x509KeyInfo = new KeyInfoX509Data(certificate); keyInfo.AddClause(x509KeyInfo); signedXml.KeyInfo = keyInfo; //----------------------------------------------------------------------------------------------SIGN DOCUMENT signedXml.ComputeSignature(); //----------------------------------------------------------------------------------------------GET XML XmlElement xmlDigitalSignature = signedXml.GetXml(); //=============================================================================APPEND SIGNATURE TO DOCUMENT GetNodeWithAttributeValue(doc.ChildNodes, nodeId)?.ParentNode?.AppendChild(xmlDigitalSignature); return(doc); }
public void PropagatedNamespaces() { XmlDocument doc = new XmlDocument(); doc.AppendChild(doc.CreateElement("foo", "urn:foo")); doc.DocumentElement.AppendChild(doc.CreateElement("bar", "urn:bar")); Assert.AreEqual(String.Empty, doc.DocumentElement.GetAttribute("xmlns:f"), "#1"); XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(); t.LoadInput(doc); t.PropagatedNamespaces.Add("f", "urn:foo"); t.PropagatedNamespaces.Add("b", "urn:bar"); Stream s = t.GetOutput() as Stream; Assert.AreEqual(new StreamReader(s, Encoding.UTF8).ReadToEnd(), "<f:foo xmlns:f=\"urn:foo\"><b:bar xmlns:b=\"urn:bar\"></b:bar></f:foo>"); Assert.AreEqual("urn:foo", doc.DocumentElement.GetAttribute("xmlns:f"), "#2"); }
/// <summary> /// Signs a list of references using a certificate and returns /// the signature element. /// </summary> /// <param name="xmlDoc">Xml document that contains the references. /// Cannot be null.</param> /// <param name="signCert">Certificate used for signing that contains a /// private key. The certificate and contained private key cannot be null.</param> /// <param name="references">List of references to sign. Cannot be null.</param> /// <returns>'ds:Signature' element</returns> public static XmlElement Sign(XmlDocument xmlDoc, X509Certificate2 signCert, IList <string> references) { // Create the signature object using the document as the context SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SigningKey = signCert.PrivateKey; // Specify the canonicalization method signedXml.Signature.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // Specify the signature method signedXml.Signature.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url; // Add all the signing references foreach (string signReferenceId in references) { Reference reference = new Reference(); reference.Uri = "#" + signReferenceId; reference.DigestMethod = SignedXml.XmlDsigSHA1Url; // Add the reference transform XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); reference.AddTransform(transform); // Add the reference to the signature signedXml.AddReference(reference); } // Calculate the signature signedXml.ComputeSignature(); // Add the key information to the signature KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data kixd = new KeyInfoX509Data(); kixd.AddCertificate(signCert); keyInfo.AddClause(kixd); signedXml.KeyInfo = keyInfo; // Return the signature return(signedXml.GetXml()); }