private ExtendedSignedXml GetSignature(XmlDocument inputXml, XmlDsigSignParameters signParameters, Action <ExtendedSignedXml> signedXmlPostProcessing)
{
if (inputXml.DocumentElement == null)
{
throw new InvalidDocumentException("Document to sign has no root element");
}
var certificate = signParameters.SignatureCertificate;
var inputPath = signParameters.InputPath;
var signedXml = new ExtendedSignedXml(inputXml);
signedXml.Signature.Id = "signature";
CreateAndAddReferenceTo(signedXml, inputXml, inputPath, signParameters.XPathNodeToSign);
CreateTimestampNodeIfNeeded(signedXml, signParameters);
CreateNodesForProperties(signedXml, signParameters);
IncludeSignatureCertificateIfNeeded(signedXml, certificate, signParameters);
AddCanonicalizationMethodTo(signedXml);
if (signedXmlPostProcessing != null)
{
signedXmlPostProcessing(signedXml);
}
signedXml.ComputeSignature();
return(signedXml);
}
public bool Verify()
{
var signatureXml = GetSignature();
var signedXml = new ExtendedSignedXml(Xml);
signedXml.LoadXml(signatureXml);
foreach (var attachment in Attachments)
{
var reference = new Reference(attachment.Stream)
{
Uri = "cid:" + attachment.ContentId,
DigestMethod = SignedXml.XmlDsigSHA256Url
};
reference.AddTransform(new AttachmentContentSignatureTransform());
signedXml.AddExternalReference(reference);
}
var securityXml = GetSecurity();
var security = XmlToObject.Deserialize <AS4.Security.Security>(securityXml);
var certificate = new X509Certificate2(security.BinarySecurityToken.Value);
return(signedXml.CheckSignature(certificate.GetRSAPublicKey()));
}
public bool Verify()
{
var signedXml = new ExtendedSignedXml(Xml);
var signature = GetSignature(Xml);
signedXml.LoadXml(signature);
return(signedXml.CheckSignature());
}
private static void CreateReferenceToSignedProperties(ExtendedSignedXml signedXml, XmlElement signedPropertiesNode)
{
var reference = new Reference("#" + signedPropertiesNode.GetAttribute("Id"))
{
Type = ExtendedSignedXml.XmlDsigSignatureProperties
};
signedXml.AddReference(reference);
}
private static XmlElement AddQualifyingPropertiesNode(ExtendedSignedXml signedXml, XmlDocument document)
{
var dataObject = new DataObject();
var result = document.CreateElement("QualifyingProperties", XadesNamespaceUrl);
result.SetAttribute("Target", signedXml.Signature.Id);
dataObject.Data = result.SelectNodes(".");
signedXml.AddObject(dataObject);
return(result);
}
private static void CreateTimestampNodeIfNeeded(ExtendedSignedXml signedXml, XmlDsigSignParameters signParameters)
{
if (!signParameters.IncludeTimestamp)
{
return;
}
const string propertyName = "Timestamp";
const string propertyNameSpace = ExtendedSignedXml.XmlDSigTimestampNamespace;
var propertyValue = XmlHelper.NowInCanonicalRepresentation();
AddPropertyFromNameAndValue(propertyName, propertyValue, propertyNameSpace, signedXml, signParameters);
}
public void Sign()
{
var qualifyingProperties = GetQualifyingProperties(Certificate);
var qualifyingPropertiesXml = ObjectToXml.Serialize(qualifyingProperties);
var signedXml = new ExtendedSignedXml(Xml);
signedXml.Signature.Id = qualifyingProperties.Target;
signedXml.SigningKey = Certificate.GetRSAPrivateKey();
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url;
var documentReference = new Reference
{
Id = qualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormat.ObjectReference,
Type = null,
Uri = ""
};
documentReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
documentReference.DigestMethod = SignedXml.XmlDsigSHA256Url;
signedXml.AddReference(documentReference);
var signedProperties = new Reference
{
Type = Namespaces.SignedProperties,
Uri = "#" + qualifyingProperties.SignedProperties.Id
};
signedProperties.AddTransform(new XmlDsigExcC14NTransform());
signedProperties.DigestMethod = SignedXml.XmlDsigSHA256Url;
signedXml.AddReference(signedProperties);
var dataObject = new DataObject
{
Data = qualifyingPropertiesXml.ChildNodes
};
signedXml.AddObject(dataObject);
var certificateKeyInfo = new KeyInfo();
certificateKeyInfo.AddClause(new KeyInfoX509Data(Certificate));
signedXml.KeyInfo = certificateKeyInfo;
signedXml.ComputeSignature();
var signature = signedXml.GetXml();
Insert(signature, Xml.DocumentElement);
}
private static void AddProperty(XmlDocument document, ExtendedSignedXml signedXml, XmlElement propertyNode)
{
if (signedXml.PropertiesNode == null)
{
signedXml.PropertiesNode = CreatePropertiesNode(document, signedXml);
}
var nodeSignatureProperty = document.CreateElement("SignatureProperty", SignedXml.XmlDsigNamespaceUrl);
nodeSignatureProperty.SetAttribute("Target", "#" + signedXml.Signature.Id);
nodeSignatureProperty.AppendChild(propertyNode);
signedXml.PropertiesNode.AppendChild(nodeSignatureProperty);
}
private static void AddXAdESNodes(ExtendedSignedXml signedXml, XmlDsigSignParameters parameters)
{
var document = parameters.InputXml;
var qualifyingPropertiesNode = AddQualifyingPropertiesNode(signedXml, document);
var signedPropertiesNode = AddSignedPropertiesNode(document, qualifyingPropertiesNode);
CreateReferenceToSignedProperties(signedXml, signedPropertiesNode);
var signedSignatureProperties = AddSignedSignaturePropertiesNode(document, signedPropertiesNode);
AddSigningTimeNode(document, signedSignatureProperties);
AddSigningCertificate(document, signedSignatureProperties, parameters);
//AddSignaturePolicyIdentifier(document, signedSignatureProperties);
var unsignedPropertiesNode = AddUnsignedPropertiesNode(document, qualifyingPropertiesNode);
AddUnsignedSignaturePropertiesNode(document, unsignedPropertiesNode);
}
private static void AddPropertyFromNameAndValue(string propertyName, string propertyValue, string propertyNameSpace,
ExtendedSignedXml signedXml, XmlDsigSignParameters signParameters)
{
var document = signParameters.InputXml;
if (document == null)
{
throw new InvalidParameterException("Document cannot be null");
}
var propertyNode = string.IsNullOrEmpty(propertyNameSpace) ?
document.CreateElement(propertyName) : document.CreateElement(propertyName, propertyNameSpace);
propertyNode.InnerText = propertyValue;
AddProperty(document, signedXml, propertyNode);
}
private static XmlElement CreatePropertiesNode(XmlDocument document, ExtendedSignedXml signedXml)
{
var dataObject = new DataObject();
var nodeSignatureProperties = document.CreateElement("SignatureProperties", SignedXml.XmlDsigNamespaceUrl);
nodeSignatureProperties.SetAttribute("Id", PropertiesId);
dataObject.Data = nodeSignatureProperties.SelectNodes(".");
signedXml.AddObject(dataObject);
var referenceToProperties = new Reference
{
Uri = "#" + PropertiesId,
Type = ExtendedSignedXml.XmlDsigSignatureProperties
};
signedXml.AddReference(referenceToProperties);
return(nodeSignatureProperties);
}
private static void CreateNodesForProperties(ExtendedSignedXml signedXml, XmlDsigSignParameters signParameters)
{
if (signParameters.Properties != null && signParameters.Properties.Count > 0)
{
foreach (var xmlPropertyDescriptor in signParameters.Properties)
{
AddPropertyFromNameAndValue(xmlPropertyDescriptor.Name, xmlPropertyDescriptor.Value,
xmlPropertyDescriptor.NameSpace,
signedXml, signParameters);
}
}
if (signParameters.PropertyBuilders != null && signParameters.PropertyBuilders.Count > 0)
{
foreach (var propertyBuilder in signParameters.PropertyBuilders)
{
AddProperty(signParameters.InputXml, signedXml, propertyBuilder(signParameters.InputXml));
}
}
}
private static VerificationResults PerformValidationFromXml(string xml, VerificationParameters validationParameters)
{
var document = new XmlDocument {
PreserveWhitespace = true
};
document.LoadXml(xml);
var newsignedXml = new ExtendedSignedXml(document);
if (document.DocumentElement == null)
{
throw new InvalidDocumentException("Document has no root element");
}
var signatureNode = XmlDsigNodesHelper.GetSignatureNode(document);
newsignedXml.LoadXml(signatureNode);
var verificationCertificate = GetVerificationCertificate(newsignedXml, validationParameters);
if (verificationCertificate == null)
{
throw new Exception("Signer public key could not be found");
}
if (!newsignedXml.CheckSignature(verificationCertificate, !validationParameters.VerifyCertificate))
{
throw new InvalidOperationException("Signature is invalid.");
}
var results = new VerificationResults
{
Timestamp = GetTimeStampFromSignature(document),
OriginalDocument = GetDocumentFromSignature(document),
SigningCertificate = GetCertificateFromSignature(document)
};
return(results);
}
public void Sign(XmlDocument xml, Stream sed)
{
var security = new Security
{
BinarySecurityToken = new BinarySecurityToken
{
Id = Guid.NewGuid().ToString(),
EncodingType = Namespaces.Base64Binary,
ValueType = Namespaces.X509TokenProfile,
Value = certificate.GetRawCertData()
}
};
var securityXml = Serializer.Serialize(security);
var signedXml = new ExtendedSignedXml(xml)
{
SigningKey = certificate.GetRSAPrivateKey()
};
var namespaces = new XmlNamespaceManager(xml.NameTable);
namespaces.AddNamespace("s", Namespaces.SoapEnvelope);
namespaces.AddNamespace("eb", Namespaces.ElectronicBusinessMessagingService);
namespaces.AddNamespace("wsu", Namespaces.WebServiceSecurityUtility);
var messaging = xml.SelectSingleNode("/s:Envelope/s:Header/eb:Messaging", namespaces);
var body = xml.SelectSingleNode("/s:Envelope/s:Body", namespaces);
var messagingReference = new Reference
{
Uri = "#" + messaging.Attributes["wsu:Id"].Value,
DigestMethod = SignedXml.XmlDsigSHA256Url
};
messagingReference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(messagingReference);
var bodyReference = new Reference
{
Uri = "#" + body.Attributes["wsu:Id"].Value,
DigestMethod = SignedXml.XmlDsigSHA256Url
};
bodyReference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(bodyReference);
var sedReference = new Reference(new NonCloseableStream(sed))
{
Uri = "cid:DefaultSED",
DigestMethod = SignedXml.XmlDsigSHA256Url
};
sedReference.AddTransform(new AttachmentContentSignatureTransform());
signedXml.AddExternalReference(sedReference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new SecurityTokenReference(security.BinarySecurityToken.Id));
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url;
signedXml.ComputeSignature();
var signature = signedXml.GetXml();
Insert(signature, securityXml.DocumentElement);
var header = xml.SelectSingleNode("/s:Envelope/s:Header", namespaces);
Insert(securityXml, header);
}
public void Sign()
{
var security = new AS4.Security.Security
{
BinarySecurityToken = new BinarySecurityToken
{
Id = Guid.NewGuid().ToString(),
EncodingType = Soap.Namespaces.Base64Binary,
ValueType = Soap.Namespaces.X509TokenProfile,
Value = Certificate.GetRawCertData()
}
};
var securityXml = ObjectToXml.Serialize(security);
var signedXml = new ExtendedSignedXml(Xml)
{
SigningKey = Certificate.GetRSAPrivateKey()
};
foreach (var uri in Uris)
{
var reference = new Reference
{
Uri = "#" + uri,
DigestMethod = SignedXml.XmlDsigSHA256Url
};
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
}
foreach (var attachment in Attachments)
{
var reference = new Reference(new NonCloseableStream(attachment.Stream))
{
Uri = "cid:" + attachment.ContentId,
DigestMethod = SignedXml.XmlDsigSHA256Url
};
reference.AddTransform(new AttachmentContentSignatureTransform());
signedXml.AddExternalReference(reference);
}
var keyInfo = new KeyInfo();
keyInfo.AddClause(new SecurityTokenReference(security.BinarySecurityToken.Id));
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url;
signedXml.ComputeSignature();
var signature = signedXml.GetXml();
Insert(signature, securityXml.DocumentElement);
var namespaces = new XmlNamespaceManager(Xml.NameTable);
namespaces.AddNamespace("s", Soap.Namespaces.SoapEnvelope);
var header = Xml.SelectSingleNode("/s:Envelope/s:Header", namespaces);
Insert(securityXml, header);
}
