/// <summary>
/// Signs the CDA Package and creates the signature document.
/// </summary>
/// <param name="package">A CDAPackageBase instance containing the root document to sign.</param>
/// <param name="signingCert">The certificate used to sign the root document.</param>
/// <returns>Signature of the root document.</returns>
private static byte[] CreateSignature(CDAPackage package, X509Certificate2 signingCert)
{
package.SigningTime = DateTime.Now.ToUniversalTime();
byte[] rootDocumentContent = package.CDADocumentRoot.FileContent;
byte[] hash = CalculateSHA1(rootDocumentContent);
var manifest = new ManifestType();
manifest.Reference = new ReferenceType[]
{
new ReferenceType()
{
URI = package.CDADocumentRoot.FileName,
DigestMethod = new DigestMethodType()
{
Algorithm = SignedXml.XmlDsigSHA1Url
},
DigestValue = hash
}
};
var approver = new ApproverType();
approver.personId = package.Approver.PersonId.ToString();
approver.personName = new PersonNameType();
approver.personName.familyName = package.Approver.PersonFamilyName;
if (package.Approver.PersonTitles != null)
{
approver.personName.nameTitle = package.Approver.PersonTitles.ToArray();
}
if (package.Approver.PersonGivenNames != null)
{
approver.personName.givenName = package.Approver.PersonGivenNames.ToArray();
}
if (package.Approver.PersonNameSuffixes != null)
{
approver.personName.nameSuffix = package.Approver.PersonNameSuffixes.ToArray();
}
var eSignature = new eSignatureType();
eSignature.Manifest = manifest;
eSignature.approver = approver;
eSignature.signingTime = package.SigningTime.Value;
XmlDocument eSignatureXml = eSignature.SerializeToXml();
ISignedContainerProfileService signedContainerService = XspFactory.Instance.GetSignedContainerProfileService(XspVersion.V_2010);
XmlDocument signedDoc = signedContainerService.Create(eSignatureXml, signingCert);
var ms = new MemoryStream();
signedDoc.Save(ms);
return(ms.ToArray());
}
/// <summary>
/// Verify the signature of a CDA package.
/// </summary>
/// <param name="package">The CDA package to verify.</param>
/// <param name="verifyCertificate">A delegate to verify the signature certificate.</param>
public static void VerifySignature(CDAPackage package, VerifyCertificateDelegate verifyCertificate)
{
// Return if package doesn't contain a signature.
if (package.CDASignature == null)
{
return;
}
byte[] signatureDocumentContent = package.CDASignature.FileContent;
byte[] rootDocumentContent = package.CDADocumentRoot.FileContent;
byte[] hash = CalculateSHA1(rootDocumentContent);
var signatureDocument = new XmlDocument();
signatureDocument.PreserveWhitespace = true;
signatureDocument.Load(new MemoryStream(signatureDocumentContent));
// Get eSignature
eSignatureType eSignature = null;
try
{
var eSignatureElement = signatureDocument.GetElementsByTagName("eSignature", "*")[0] as XmlElement;
eSignature = eSignatureElement.Deserialize <eSignatureType>();
}
catch (Exception ex)
{
throw new SignatureVerificationException("Error extracting eSignature");
}
if (eSignature == null)
{
throw new SignatureVerificationException("Error extracting eSignature");
}
var manifest = eSignature.Manifest;
var approver = eSignature.approver;
// Get signing time
package.SigningTime = eSignature.signingTime;
// Get approver
package.Approver = new Approver();
if (eSignature.approver != null)
{
if (eSignature.approver.personId != null)
{
package.Approver.PersonId = new Uri(eSignature.approver.personId, UriKind.RelativeOrAbsolute);
}
var personName = eSignature.approver.personName;
if (personName != null)
{
package.Approver.PersonFamilyName = personName.familyName;
if (personName.givenName != null)
{
package.Approver.PersonGivenNames = personName.givenName.ToList();
}
if (personName.nameSuffix != null)
{
package.Approver.PersonNameSuffixes = personName.nameSuffix.ToList();
}
if (personName.nameTitle != null)
{
package.Approver.PersonTitles = personName.nameTitle.ToList();
}
}
}
// Check signature digest
var manifestElement = signatureDocument.GetElementsByTagName("Manifest", "*")[0] as XmlElement;
if (manifest.Reference[0].URI != "CDA_ROOT.XML")
{
throw new SignatureVerificationException("Error verifying document - Manifest reference must have a URI of 'CDA_ROOT.XML'");
}
if (manifest.Reference[0].DigestMethod.Algorithm != SignedXml.XmlDsigSHA1Url)
{
throw new SignatureVerificationException("Error verifying document - Manifest digest method must have an algorithm of '" + SignedXml.XmlDsigSHA1Url + "'");
}
if (Convert.ToBase64String(manifest.Reference[0].DigestValue) != Convert.ToBase64String(hash))
{
throw new SignatureVerificationException("Error verifying document - Manifest digest value mismatch");
}
// Verify certificate
ICertificateVerifier verifier = new CertificateVerifier(verifyCertificate);
ISignedContainerProfileService signedContainerService = XspFactory.Instance.GetSignedContainerProfileService(XspVersion.V_2010);
signedContainerService.Check(signatureDocument, verifier);
// Verify attachments integrity checks
if (package.CDADocumentAttachments != null && package.CDADocumentAttachments.Count > 0)
{
VerifyAttachments(package);
}
return;
}
