private ExtendedSignedXml GetSignature(XmlDocument inputXml, XmlDsigSignParameters signParameters, Action <ExtendedSignedXml> signedXmlPostProcessing) { if (inputXml.DocumentElement == null) { throw new InvalidDocumentException("Document to sign has no root element"); } var certificate = signParameters.SignatureCertificate; var inputPath = signParameters.InputPath; var signedXml = new ExtendedSignedXml(inputXml); signedXml.Signature.Id = "signature"; CreateAndAddReferenceTo(signedXml, inputXml, inputPath, signParameters.XPathNodeToSign); CreateTimestampNodeIfNeeded(signedXml, signParameters); CreateNodesForProperties(signedXml, signParameters); IncludeSignatureCertificateIfNeeded(signedXml, certificate, signParameters); AddCanonicalizationMethodTo(signedXml); if (signedXmlPostProcessing != null) { signedXmlPostProcessing(signedXml); } signedXml.ComputeSignature(); return(signedXml); }
public bool Verify() { var signatureXml = GetSignature(); var signedXml = new ExtendedSignedXml(Xml); signedXml.LoadXml(signatureXml); foreach (var attachment in Attachments) { var reference = new Reference(attachment.Stream) { Uri = "cid:" + attachment.ContentId, DigestMethod = SignedXml.XmlDsigSHA256Url }; reference.AddTransform(new AttachmentContentSignatureTransform()); signedXml.AddExternalReference(reference); } var securityXml = GetSecurity(); var security = XmlToObject.Deserialize <AS4.Security.Security>(securityXml); var certificate = new X509Certificate2(security.BinarySecurityToken.Value); return(signedXml.CheckSignature(certificate.GetRSAPublicKey())); }
public bool Verify() { var signedXml = new ExtendedSignedXml(Xml); var signature = GetSignature(Xml); signedXml.LoadXml(signature); return(signedXml.CheckSignature()); }
private static void CreateReferenceToSignedProperties(ExtendedSignedXml signedXml, XmlElement signedPropertiesNode) { var reference = new Reference("#" + signedPropertiesNode.GetAttribute("Id")) { Type = ExtendedSignedXml.XmlDsigSignatureProperties }; signedXml.AddReference(reference); }
private static XmlElement AddQualifyingPropertiesNode(ExtendedSignedXml signedXml, XmlDocument document) { var dataObject = new DataObject(); var result = document.CreateElement("QualifyingProperties", XadesNamespaceUrl); result.SetAttribute("Target", signedXml.Signature.Id); dataObject.Data = result.SelectNodes("."); signedXml.AddObject(dataObject); return(result); }
private static void CreateTimestampNodeIfNeeded(ExtendedSignedXml signedXml, XmlDsigSignParameters signParameters) { if (!signParameters.IncludeTimestamp) { return; } const string propertyName = "Timestamp"; const string propertyNameSpace = ExtendedSignedXml.XmlDSigTimestampNamespace; var propertyValue = XmlHelper.NowInCanonicalRepresentation(); AddPropertyFromNameAndValue(propertyName, propertyValue, propertyNameSpace, signedXml, signParameters); }
public void Sign() { var qualifyingProperties = GetQualifyingProperties(Certificate); var qualifyingPropertiesXml = ObjectToXml.Serialize(qualifyingProperties); var signedXml = new ExtendedSignedXml(Xml); signedXml.Signature.Id = qualifyingProperties.Target; signedXml.SigningKey = Certificate.GetRSAPrivateKey(); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url; var documentReference = new Reference { Id = qualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormat.ObjectReference, Type = null, Uri = "" }; documentReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); documentReference.DigestMethod = SignedXml.XmlDsigSHA256Url; signedXml.AddReference(documentReference); var signedProperties = new Reference { Type = Namespaces.SignedProperties, Uri = "#" + qualifyingProperties.SignedProperties.Id }; signedProperties.AddTransform(new XmlDsigExcC14NTransform()); signedProperties.DigestMethod = SignedXml.XmlDsigSHA256Url; signedXml.AddReference(signedProperties); var dataObject = new DataObject { Data = qualifyingPropertiesXml.ChildNodes }; signedXml.AddObject(dataObject); var certificateKeyInfo = new KeyInfo(); certificateKeyInfo.AddClause(new KeyInfoX509Data(Certificate)); signedXml.KeyInfo = certificateKeyInfo; signedXml.ComputeSignature(); var signature = signedXml.GetXml(); Insert(signature, Xml.DocumentElement); }
private static void AddProperty(XmlDocument document, ExtendedSignedXml signedXml, XmlElement propertyNode) { if (signedXml.PropertiesNode == null) { signedXml.PropertiesNode = CreatePropertiesNode(document, signedXml); } var nodeSignatureProperty = document.CreateElement("SignatureProperty", SignedXml.XmlDsigNamespaceUrl); nodeSignatureProperty.SetAttribute("Target", "#" + signedXml.Signature.Id); nodeSignatureProperty.AppendChild(propertyNode); signedXml.PropertiesNode.AppendChild(nodeSignatureProperty); }
private static void AddXAdESNodes(ExtendedSignedXml signedXml, XmlDsigSignParameters parameters) { var document = parameters.InputXml; var qualifyingPropertiesNode = AddQualifyingPropertiesNode(signedXml, document); var signedPropertiesNode = AddSignedPropertiesNode(document, qualifyingPropertiesNode); CreateReferenceToSignedProperties(signedXml, signedPropertiesNode); var signedSignatureProperties = AddSignedSignaturePropertiesNode(document, signedPropertiesNode); AddSigningTimeNode(document, signedSignatureProperties); AddSigningCertificate(document, signedSignatureProperties, parameters); //AddSignaturePolicyIdentifier(document, signedSignatureProperties); var unsignedPropertiesNode = AddUnsignedPropertiesNode(document, qualifyingPropertiesNode); AddUnsignedSignaturePropertiesNode(document, unsignedPropertiesNode); }
private static void AddPropertyFromNameAndValue(string propertyName, string propertyValue, string propertyNameSpace, ExtendedSignedXml signedXml, XmlDsigSignParameters signParameters) { var document = signParameters.InputXml; if (document == null) { throw new InvalidParameterException("Document cannot be null"); } var propertyNode = string.IsNullOrEmpty(propertyNameSpace) ? document.CreateElement(propertyName) : document.CreateElement(propertyName, propertyNameSpace); propertyNode.InnerText = propertyValue; AddProperty(document, signedXml, propertyNode); }
private static XmlElement CreatePropertiesNode(XmlDocument document, ExtendedSignedXml signedXml) { var dataObject = new DataObject(); var nodeSignatureProperties = document.CreateElement("SignatureProperties", SignedXml.XmlDsigNamespaceUrl); nodeSignatureProperties.SetAttribute("Id", PropertiesId); dataObject.Data = nodeSignatureProperties.SelectNodes("."); signedXml.AddObject(dataObject); var referenceToProperties = new Reference { Uri = "#" + PropertiesId, Type = ExtendedSignedXml.XmlDsigSignatureProperties }; signedXml.AddReference(referenceToProperties); return(nodeSignatureProperties); }
private static void CreateNodesForProperties(ExtendedSignedXml signedXml, XmlDsigSignParameters signParameters) { if (signParameters.Properties != null && signParameters.Properties.Count > 0) { foreach (var xmlPropertyDescriptor in signParameters.Properties) { AddPropertyFromNameAndValue(xmlPropertyDescriptor.Name, xmlPropertyDescriptor.Value, xmlPropertyDescriptor.NameSpace, signedXml, signParameters); } } if (signParameters.PropertyBuilders != null && signParameters.PropertyBuilders.Count > 0) { foreach (var propertyBuilder in signParameters.PropertyBuilders) { AddProperty(signParameters.InputXml, signedXml, propertyBuilder(signParameters.InputXml)); } } }
private static VerificationResults PerformValidationFromXml(string xml, VerificationParameters validationParameters) { var document = new XmlDocument { PreserveWhitespace = true }; document.LoadXml(xml); var newsignedXml = new ExtendedSignedXml(document); if (document.DocumentElement == null) { throw new InvalidDocumentException("Document has no root element"); } var signatureNode = XmlDsigNodesHelper.GetSignatureNode(document); newsignedXml.LoadXml(signatureNode); var verificationCertificate = GetVerificationCertificate(newsignedXml, validationParameters); if (verificationCertificate == null) { throw new Exception("Signer public key could not be found"); } if (!newsignedXml.CheckSignature(verificationCertificate, !validationParameters.VerifyCertificate)) { throw new InvalidOperationException("Signature is invalid."); } var results = new VerificationResults { Timestamp = GetTimeStampFromSignature(document), OriginalDocument = GetDocumentFromSignature(document), SigningCertificate = GetCertificateFromSignature(document) }; return(results); }
public void Sign(XmlDocument xml, Stream sed) { var security = new Security { BinarySecurityToken = new BinarySecurityToken { Id = Guid.NewGuid().ToString(), EncodingType = Namespaces.Base64Binary, ValueType = Namespaces.X509TokenProfile, Value = certificate.GetRawCertData() } }; var securityXml = Serializer.Serialize(security); var signedXml = new ExtendedSignedXml(xml) { SigningKey = certificate.GetRSAPrivateKey() }; var namespaces = new XmlNamespaceManager(xml.NameTable); namespaces.AddNamespace("s", Namespaces.SoapEnvelope); namespaces.AddNamespace("eb", Namespaces.ElectronicBusinessMessagingService); namespaces.AddNamespace("wsu", Namespaces.WebServiceSecurityUtility); var messaging = xml.SelectSingleNode("/s:Envelope/s:Header/eb:Messaging", namespaces); var body = xml.SelectSingleNode("/s:Envelope/s:Body", namespaces); var messagingReference = new Reference { Uri = "#" + messaging.Attributes["wsu:Id"].Value, DigestMethod = SignedXml.XmlDsigSHA256Url }; messagingReference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(messagingReference); var bodyReference = new Reference { Uri = "#" + body.Attributes["wsu:Id"].Value, DigestMethod = SignedXml.XmlDsigSHA256Url }; bodyReference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(bodyReference); var sedReference = new Reference(new NonCloseableStream(sed)) { Uri = "cid:DefaultSED", DigestMethod = SignedXml.XmlDsigSHA256Url }; sedReference.AddTransform(new AttachmentContentSignatureTransform()); signedXml.AddExternalReference(sedReference); var keyInfo = new KeyInfo(); keyInfo.AddClause(new SecurityTokenReference(security.BinarySecurityToken.Id)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url; signedXml.ComputeSignature(); var signature = signedXml.GetXml(); Insert(signature, securityXml.DocumentElement); var header = xml.SelectSingleNode("/s:Envelope/s:Header", namespaces); Insert(securityXml, header); }
public void Sign() { var security = new AS4.Security.Security { BinarySecurityToken = new BinarySecurityToken { Id = Guid.NewGuid().ToString(), EncodingType = Soap.Namespaces.Base64Binary, ValueType = Soap.Namespaces.X509TokenProfile, Value = Certificate.GetRawCertData() } }; var securityXml = ObjectToXml.Serialize(security); var signedXml = new ExtendedSignedXml(Xml) { SigningKey = Certificate.GetRSAPrivateKey() }; foreach (var uri in Uris) { var reference = new Reference { Uri = "#" + uri, DigestMethod = SignedXml.XmlDsigSHA256Url }; reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); } foreach (var attachment in Attachments) { var reference = new Reference(new NonCloseableStream(attachment.Stream)) { Uri = "cid:" + attachment.ContentId, DigestMethod = SignedXml.XmlDsigSHA256Url }; reference.AddTransform(new AttachmentContentSignatureTransform()); signedXml.AddExternalReference(reference); } var keyInfo = new KeyInfo(); keyInfo.AddClause(new SecurityTokenReference(security.BinarySecurityToken.Id)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url; signedXml.ComputeSignature(); var signature = signedXml.GetXml(); Insert(signature, securityXml.DocumentElement); var namespaces = new XmlNamespaceManager(Xml.NameTable); namespaces.AddNamespace("s", Soap.Namespaces.SoapEnvelope); var header = Xml.SelectSingleNode("/s:Envelope/s:Header", namespaces); Insert(securityXml, header); }