// Sign an XML file and save the signature in a new file. This method does not // save the public key within the XML file. This file cannot be verified unless // the verifying code has the key with which it was signed. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Load the passed XML file using its name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
static void Main(string[] args) { if (args.Length != 4) { Console.WriteLine("Usage: cra.exe cert-file cert-password input-path output-path"); return; } String certFile = args[0]; String password = args[1]; String input = args[2]; String output = args[3]; X509Certificate2 cert = new X509Certificate2(certFile, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(input); var XmlToSign = new XmlDocument(); XmlToSign.LoadXml(xmlDoc.DocumentElement["Body"].OuterXml); SignedXml signedXml = new SignedXml(XmlToSign); signedXml.SigningKey = cert.PrivateKey; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement["Body"].AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); xmlDoc.Save(output); }
public static string firmarDocumentoSemilla(string documento, X509Certificate2 certificado) { //// //// Cree un nuevo documento xml y defina sus caracteristicas XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = false; doc.LoadXml(documento); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = certificado.PrivateKey; Signature XMLSignature = signedXml.Signature; Reference reference = new Reference(""); XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XMLSignature.SignedInfo.AddReference(reference); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)certificado.PrivateKey)); keyInfo.AddClause(new KeyInfoX509Data(certificado)); XMLSignature.KeyInfo = keyInfo; signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } return(doc.InnerXml); }
public void Makelicense(string pritivefile, string keyfile, string licensefile) { string pubKey = ReadPublicKey(pritivefile); RSACryptoServiceProvider Key = new RSACryptoServiceProvider(); Key.FromXmlString(pubKey); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(keyfile); var pub = xmlDoc.CreateElement("PublicKey"); pub.InnerXml = Key.ToXmlString(false); xmlDoc.SelectSingleNode("IGCESLicense").AppendChild(pub); //xmlDoc.Save(licensefile); SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SigningKey = Key; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); xmlDoc.Save(licensefile); }
public XmlDocument FirmarXml(X509Certificate2 x509Certificate2, XmlDocument xmlDocument, string strReference) { xmlDocument.PreserveWhitespace = true; SignedXml signedXml = new SignedXml(xmlDocument); signedXml.SigningKey = x509Certificate2.PrivateKey; Signature XMLSignature = signedXml.Signature; Reference reference = new Reference(strReference); XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XMLSignature.SignedInfo.AddReference(reference); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)x509Certificate2.PrivateKey)); keyInfo.AddClause(new KeyInfoX509Data(x509Certificate2)); XMLSignature.KeyInfo = keyInfo; signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(xmlDigitalSignature, true)); return(xmlDocument); }
static void SignXmlFile(string outputName) { CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = "XML_DSIG_RSA_KEY"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.Load(outputName); SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SigningKey = rsaKey; // Create a Reference object that describes what to sign. To sign the entire document, set the Uri property to "". Reference reference = new Reference(); reference.Uri = ""; // Add an XmlDsigEnvelopedSignatureTransform object to the Reference object. A transformation allows the verifier to represent the XML data in the identical manner that the signer used. // XML data can be represented in different ways, so this step is vital to verification. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); xmlDoc.Save(outputName); }
/// <summary> /// Construye el documento enveloped /// </summary> private void CreateEnvelopedDocument() { Reference reference = new Reference(); _xadesSignedXml = new XadesSignedXml(_document); reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Uri = ""; for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++) { if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase)) { reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value; break; } } XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(xmlDsigEnvelopedSignatureTransform); _objectReference = reference.Id; _xadesSignedXml.AddReference(reference); }
/// <summary> /// Signs the document given as an argument. /// </summary> private static void SignDocument(XmlDocument doc) { SignedXml signedXml = new SignedXml(doc); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // TODO Dynamically dig out the correct ID attribute from the XmlDocument. Reference reference = new Reference("#_b8977dc86cda41493fba68b32ae9291d"); // Assert.That(reference.Uri == string.Empty); XmlDsigEnvelopedSignatureTransform envelope = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envelope); // NOTE: C14n may require the following list of namespace prefixes. Seems to work without it, though. //List<string> prefixes = new List<string>(); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2000/09/xmldsig#")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema-instance")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("http://www.w3.org/2001/XMLSchema")); //prefixes.Add(doc.DocumentElement.GetPrefixOfNamespace("urn:oasis:names:tc:SAML:2.0:assertion")); //XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(string.Join(" ", prefixes.ToArray()).Trim()); XmlDsigExcC14NTransform C14NTransformer = new XmlDsigExcC14NTransform(); reference.AddTransform(C14NTransformer); signedXml.AddReference(reference); // Add the key to the signature, so the assertion can be verified by itself. signedXml.KeyInfo = new KeyInfo(); // Use RSA key for signing. //{ // CspParameters parameters = new CspParameters(); // parameters.KeyContainerName = "XML_DSIG_RSA_KEY"; // RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(parameters); // signedXml.SigningKey = rsaKey; // signedXml.KeyInfo.AddClause(new RSAKeyValue(rsaKey)); //} // Use X509 Certificate for signing. { X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); Assert.That(cert.HasPrivateKey); signedXml.SigningKey = cert.GetRSAPrivateKey(); signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert, X509IncludeOption.EndCertOnly)); } // Information on the these and other "key info clause" types can be found at: // ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.NETDEVFX.v20.en/CPref18/html/T_System_Security_Cryptography_Xml_KeyInfoClause_DerivedTypes.htm // Do it! signedXml.ComputeSignature(); XmlNodeList nodes = doc.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION); Assert.That(nodes.Count == 1); XmlNode node = nodes[0]; doc.DocumentElement.InsertAfter(doc.ImportNode(signedXml.GetXml(), true), node); }
// Resolve the specified base and relative Uri's . private static Uri ResolveUris(Uri baseUri, string relativeUri) { //<Snippet7> XmlUrlResolver xmlResolver = new XmlUrlResolver(); xmlResolver.Credentials = System.Net.CredentialCache.DefaultCredentials; XmlDsigEnvelopedSignatureTransform xmlTransform = new XmlDsigEnvelopedSignatureTransform(); xmlTransform.Resolver = xmlResolver; //</Snippet7> Uri absoluteUri = xmlResolver.ResolveUri(baseUri, relativeUri); if (absoluteUri != null) { Console.WriteLine( "\nResolved the base Uri and relative Uri to the following:"); Console.WriteLine(absoluteUri.ToString()); } else { Console.WriteLine( "Unable to resolve the base Uri and relative Uri"); } return(absoluteUri); }
// Sign an XML file. // This document cannot be verified unless the verifying // code has the key with which it was signed. public static void SignXml(XmlDocument xmlDoc, RSA Key) { // Check arguments. if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (Key == null) { throw new ArgumentException("Key"); } // Create a SignedXml object. SignedXml signedXml = new SignedXml(xmlDoc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
private System.Security.Cryptography.Xml.Signature SignXml(XmlDocument xmlDoc, RSA Key) { if (xmlDoc == null) { throw new ArgumentException(nameof(xmlDoc)); } if (Key == null) { throw new ArgumentException(nameof(Key)); } SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SigningKey = (AsymmetricAlgorithm)Key; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform signatureTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform((Transform)signatureTransform); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xml = signedXml.GetXml(); System.Security.Cryptography.Xml.Signature signature = signedXml.Signature; xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode((XmlNode)xml, true)); return(signature); }
public static string SignXml(XmlDocument xmlDoc, X509Certificate2 cert) { var rsaKey = (RSACryptoServiceProvider)cert.PrivateKey; if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (rsaKey == null) { throw new ArgumentException("Key"); } var signedXml = new SignedXml(xmlDoc); var XMLSignature = signedXml.Signature; signedXml.SigningKey = rsaKey; var reference = new Reference(); reference.Uri = ""; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); XMLSignature.KeyInfo = keyInfo; signedXml.ComputeSignature(); var xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); return(xmlDoc.InnerXml); }
//public static object VerifyLicense(byte[] certPubKeyData, string licenseKey) //{ // string licenseString; // object licenseInformation = null; // try // { // X509Certificate2 certificate = new X509Certificate2(certPubKeyData); // RSACryptoServiceProvider rsaCryptoServiceProvider = (RSACryptoServiceProvider)certificate.PublicKey.Key; // XmlDocument xmlDocument = new XmlDocument // { // PreserveWhitespace = true // }; // xmlDocument.LoadXml(Encoding.UTF8.GetString(Convert.FromBase64String(licenseKey))); // if (VerifyXml(xmlDocument, rsaCryptoServiceProvider)) // { // XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature"); // xmlDocument.DocumentElement.RemoveChild(nodeList[0]); // licenseString = xmlDocument.OuterXml; // XmlSerializer xmlSerializer = new XmlSerializer(typeof(object), new Type[] { typeof(object) }); // using (StringReader stringReader = new StringReader(licenseString)) // { // licenseInformation = (object)xmlSerializer.Deserialize(stringReader); // } // } // } // catch (Exception) // { // } // return licenseInformation; //} //private static Boolean VerifyXml(XmlDocument Doc, RSA Key) //{ // // Check arguments. // if (Doc == null) // throw new ArgumentException("Doc"); // if (Key == null) // throw new ArgumentException("Key"); // // Create a new SignedXml object and pass it // // the XML document class. // SignedXml signedXml = new SignedXml(Doc); // // Find the "Signature" node and create a new // // XmlNodeList object. // XmlNodeList nodeList = Doc.GetElementsByTagName("Signature"); // // Throw an exception if no signature was found. // if (nodeList.Count <= 0) // { // throw new CryptographicException("Verification failed: No Signature was found in the document."); // } // // This example only supports one signature for // // the entire XML document. Throw an exception // // if more than one signature was found. // if (nodeList.Count >= 2) // { // throw new CryptographicException("Verification failed: More that one signature was found for the document."); // } // // Load the first <signature> node. // signedXml.LoadXml((XmlElement)nodeList[0]); // // Check the signature and return the result. // return signedXml.CheckSignature(Key); //} private static void SignXML(XmlDocument xmlDoc, RSA Key) { if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } SignedXml signedXml = new SignedXml(xmlDoc) { SigningKey = Key ?? throw new ArgumentException("Key") }; Reference reference = new Reference { Uri = "" }; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); } }
public static SignedXml Standard(XmlDocument doc) { var signedXml = new SignedXml(doc) { SigningKey = RSA.Create(2048), }; var signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; signedXml.SignedInfo.SignatureMethod = signatureMethod; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); signedXml.ComputeSignature(); return(signedXml); }
public static void SignXml(XmlDocument xmlDoc, RSA rsaKey) { if (xmlDoc == null) { throw new ArgumentException(nameof(xmlDoc)); } if (rsaKey == null) { throw new ArgumentException(nameof(rsaKey)); } SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SigningKey = rsaKey; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
/// <summary> /// Computes the hash value of the specified System.Xml.XmlDocument object. /// </summary> /// <param name="doc">The System.Xml.XmlDocument object to sign.</param> /// <returns>The System.Security.Cryptography.RSA signature as XmlElement</returns> public XmlElement RsaSignData(XmlDocument doc) { // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = RsaProvider; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); return(xmlDigitalSignature); }
public static XmlDocument SignXmlDocument(XmlDocument document, RSACryptoServiceProvider rsaProvider) { if (document == null) { throw new ArgumentException(nameof(document)); } if (rsaProvider == null) { throw new ArgumentException(nameof(rsaProvider)); } Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); SignedXml signedXml = new SignedXml(document); signedXml.SigningKey = rsaProvider; signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); document.DocumentElement.AppendChild(document.ImportNode(xmlDigitalSignature, true)); return(document); }
// Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)Key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); }
static string SignXml(RSA rsa, string xml) { var xmlDoc = new XmlDocument { PreserveWhitespace = true }; xmlDoc.LoadXml(xml); var signedXml = new SignedXml(xmlDoc) { SigningKey = rsa }; var reference = new Reference { Uri = "" }; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); var xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); return(xmlDoc.OuterXml); }
public static SignedXml Extended(XmlDocument doc) { var signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; CryptoConfig.AddAlgorithm(typeof(DSSSignatureDescription), signatureMethod); var signedXml = new SignedXml(doc) { SigningKey = new DSS(), }; signedXml.SignedInfo.SignatureMethod = signatureMethod; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); signedXml.ComputeSignature(); return(signedXml); }
/// <summary> /// Sign /// </summary> /// <param name="input">The input.</param> /// <param name="output">The output.</param> /// <param name="certificate">The certificate.</param> public override void Sign(Stream input, Stream output, X509Certificate2 certificate) { CheckInputOutputAndCertificate(input, output, certificate); using (var rsaKey = (RSACryptoServiceProvider)certificate.PrivateKey) { var xmlDoc = new XmlDocument { PreserveWhitespace = true }; xmlDoc.Load(input); var signedXml = new SignedXml(xmlDoc) { SigningKey = rsaKey }; var envelope = new XmlDsigEnvelopedSignatureTransform(); var reference = new Reference { Uri = "" }; reference.AddTransform(envelope); signedXml.AddReference(reference); signedXml.ComputeSignature(); var xmlDigitalSignature = signedXml.GetXml(); xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); xmlDoc.Save(output); } }
/// <summary> /// Inserta un contenido XML para generar una firma enveloped. /// </summary> /// <param name="xmlDocument"></param> private void SetContentEnveloped(SignatureDocument sigDocument, XmlDocument xmlDocument) { sigDocument.Document = xmlDocument; _refContent = new Reference(); sigDocument.XadesSignature = new XadesSignedXml(sigDocument.Document); _refContent.Id = "Reference-" + Guid.NewGuid().ToString(); _refContent.Uri = ""; _dataFormat = new DataObjectFormat(); _dataFormat.MimeType = "text/xml"; _dataFormat.Encoding = "UTF-8"; for (int i = 0; i < sigDocument.Document.DocumentElement.Attributes.Count; i++) { if (sigDocument.Document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase)) { _refContent.Uri = "#" + sigDocument.Document.DocumentElement.Attributes[i].Value; break; } } XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); _refContent.AddTransform(xmlDsigEnvelopedSignatureTransform); sigDocument.XadesSignature.AddReference(_refContent); }
private static void signXMLDocument(byte[] xmlDocumentBuffer, X509Certificate2 certificate, string signedXMLPath) { XmlDocument xmlDocument = new XmlDocument(); string xml = Encoding.UTF8.GetString(xmlDocumentBuffer); xmlDocument.LoadXml(xml); using (var rsaKey = certificate.PrivateKey) { var signedXml = new SignedXml(xmlDocument); signedXml.SigningKey = rsaKey; var reference = new Reference(); reference.Uri = ""; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); var xmlDigitalSignature = signedXml.GetXml(); xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(xmlDigitalSignature, true)); xmlDocument.Save(signedXMLPath); } }
public static Transform fromURI(string uri) { Transform t = null; switch (uri) { case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315": t = new XmlDsigC14NTransform(); break; case "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments": t = new XmlDsigC14NWithCommentsTransform(); break; case "http://www.w3.org/2000/09/xmldsig#enveloped-signature": t = new XmlDsigEnvelopedSignatureTransform(); break; case "http://www.w3.org/TR/1999/REC-xpath-19991116": t = new XmlDsigXPathTransform(); break; case "http://www.w3.org/TR/1999/REC-xslt-19991116": t = new XmlDsigXsltTransform(); break; case "http://www.w3.org/2001/10/xml-exc-c14n#": t = new XmlDsigExcC14NTransform(); break; } return(t); }
private static void SignXml(XmlDocument xmlDoc, AsymmetricAlgorithm key) { if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (key == null) { throw new ArgumentException("key"); } var signedXml = new SignedXml(xmlDoc) { SigningKey = key }; var reference = new Reference { Uri = "#presented-form" }; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); //signedXml.ComputeSignature(); //var xmlDigitalSignature = signedXml.GetXml(); //xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); //xmlDoc.Save("out-signed-xml.xml"); }
public XmlDocument GetXMLSigned(string MensagemXML, X509Certificate2 cert) { //return XML_Prefeitura.MensagemXML; try { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.LoadXml(MensagemXML); RSA rsaKey = ((RSA)cert.PrivateKey); // Sign the XML document. SignedXml signedXml = new SignedXml(xmlDoc); // Add the key to the SignedXml document. signedXml.SigningKey = rsaKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data keyInfoData = new KeyInfoX509Data(cert); //KeyInfoName kin = new KeyInfoName(); //kin.Value = "Public key of certificate"; //RSACryptoServiceProvider rsaprovider = (RSACryptoServiceProvider)cert.PublicKey.Key; //RSAKeyValue rkv = new RSAKeyValue(rsaprovider); // keyInfo.AddClause(kin); // keyInfo.AddClause(rkv); keyInfo.AddClause(keyInfoData); signedXml.KeyInfo = keyInfo; // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); return(xmlDoc); } catch (Exception) { return(null); } }
public static bool SignXmlSHA256(XmlDocument docMsg, String cspName, String keyStorePhrass, X509Certificate2 signerCert, String referenceUri = "") { try { if (!String.IsNullOrEmpty(cspName)) { // Generate a signing key. CspParameters csp = new CspParameters(1, cspName); csp.Flags = CspProviderFlags.UseDefaultKeyContainer; csp.KeyNumber = (int)KeyNumber.Signature; if (!String.IsNullOrEmpty(keyStorePhrass)) { csp.KeyPassword = new SecureString(); foreach (var ch in keyStorePhrass.ToCharArray()) { csp.KeyPassword.AppendChar(ch); } } RSACryptoServiceProvider Key = new RSACryptoServiceProvider(csp); } SignedXml signedXml = new SignedXml(docMsg); signedXml.SigningKey = signerCert.PrivateKey; Reference reference = new Reference(); reference.Uri = referenceUri; reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; //Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(signerCert)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; //signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigEnvelopedSignatureTransformUrl; signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. docMsg.DocumentElement.AppendChild(docMsg.ImportNode(xmlDigitalSignature, true)); return(true); } catch (Exception e) { Logger.Error(e); } return(false); }
/// <summary> /// Signs the specified xmldocument with the given key and the finderprint. /// </summary> /// <param name="doc">The XMl representation of a request to iDeal</param> /// <param name="key">The key used to sign</param> /// <param name="fingerprintHex">The fingerprint</param> /// <returns>Returns the modified xml with the signature</returns> public static XmlElement Sign(ref XmlDocument doc, RSA key, string fingerprintHex) { doc.PreserveWhitespace = true; Trace.WriteLine("Message to sign:" + doc.OuterXml); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = key; // Get the signature object from the SignedXml object. Signature signatureRef = signedXml.Signature; //Pass "" to specify that all of the current XML document should be signed. Reference reference = new Reference(""); reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the Reference object to the Signature object. signatureRef.SignedInfo.AddReference(reference); signatureRef.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; signatureRef.SignedInfo.SignatureMethod = XmlDigSignRSASHA256Namespace; // Add an RSAKeyValue KeyInfo KeyInfo keyInfo = new KeyInfo(); KeyInfoClause clause = new RSAKeyValue(key); keyInfo.AddClause(clause); signatureRef.KeyInfo = keyInfo; signedXml.ComputeSignature(); XmlElement xmlSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlSignature, true)); //xmlSignature.Prefix = "ds"; if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } string xml = doc.OuterXml; //replace KeyValue with KeyName containing the fingerprint of the signing certificate string keyNameTag = "<KeyName>" + fingerprintHex.Replace("-", "") + "</KeyName>"; xml = System.Text.RegularExpressions.Regex.Replace(xml, "<KeyValue>.*</KeyValue>", keyNameTag); //reload the xml document from customized xml source doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xml); //} return((XmlElement)doc.DocumentElement.ChildNodes[doc.DocumentElement.ChildNodes.Count - 1]); }
/// <summary> /// Sign an XML file. /// </summary> /// <param name="xmlDoc"> XML document object that holds the XML data</param> /// <param name="signingKey">The certificate which will be used in signing the XML document</param> /// <param name="addKey">Flag to indicate if the public key should be included in the signed XML document or not</param> /// <exception cref="ArgumentNullException">Private key is null or any of the passed arguments is null.</exception> /// <exception cref="CryptographicException">The key value is not an RSA key, or the key is unreadable.</exception> /// <exception cref="NotSupportedException">The key algorithm for this private key is not supported.</exception> /// <exception cref="CryptographicUnexpectedOperationException">The X.509 keys do not match.</exception> /// <exception cref="ArgumentException">The cryptographic service provider key is null.</exception> private static void SignXml(XmlDocument xmlDoc, X509Certificate2 signingKey, bool addKey) { if (signingKey == null) { throw new ArgumentNullException("signingKey is null"); } // Create RSA signing key and save it in the container. RSACryptoServiceProvider key = signingKey.PrivateKey as RSACryptoServiceProvider; // Check arguments. if (xmlDoc == null) { throw new ArgumentNullException("xmlDoc is null"); } if (key == null) { throw new ArgumentNullException("Private key is null"); } // Create a SignedXml object. SignedXml signedXml = new SignedXml(xmlDoc); // Add the key to the SignedXml document. signedXml.SigningKey = key; // Add public key of the certificate if (addKey) { KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data keyInfoData = new KeyInfoX509Data(signingKey); keyInfo.AddClause(keyInfoData); signedXml.KeyInfo = keyInfo; } // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
public static void SignXml(XmlDocument xmlDoc, X509Certificate2 uidCert) { RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)uidCert.PrivateKey; // Check arguments. if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (rsaKey == null) { throw new ArgumentException("Key"); } // Create a SignedXml object. SignedXml signedXml = new SignedXml(xmlDoc); // Add the key to the SignedXml document. signedXml.SigningKey = rsaKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); KeyInfoX509Data clause = new KeyInfoX509Data(); clause.AddSubjectName(uidCert.Subject); clause.AddCertificate(uidCert); keyInfo.AddClause(clause); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); System.Console.WriteLine(signedXml.GetXml().InnerXml); // Append the element to the XML document. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
/// <summary> /// Obtém a assinatura de um objeto serializável /// </summary> /// <typeparam name="T"></typeparam> /// <param name="objeto"></param> /// <param name="id"></param> /// <param name="certificadoDigital">Informe o certificado digital</param> /// <param name="manterDadosEmCache">Validador para manter o certificado em cache</param> /// <returns>Retorna um objeto do tipo Classes.Assinatura.Signature, contendo a assinatura do objeto passado como parâmetro</returns> public static Signature ObterAssinatura <T>(T objeto, string id, X509Certificate2 certificadoDigital, bool manterDadosEmCache = false, string signatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1", string digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1") where T : class { var objetoLocal = objeto; if (id == null) { throw new Exception("Não é possível assinar um objeto evento sem sua respectiva Id!"); } try { var documento = new XmlDocument { PreserveWhitespace = true }; documento.LoadXml(FuncoesXml.ClasseParaXmlString(objetoLocal)); var docXml = new SignedXml(documento) { SigningKey = certificadoDigital.PrivateKey }; docXml.SignedInfo.SignatureMethod = signatureMethod; var reference = new Reference { Uri = "#" + id, DigestMethod = digestMethod }; // adicionando EnvelopedSignatureTransform a referencia var envelopedSigntature = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envelopedSigntature); var c14Transform = new XmlDsigC14NTransform(); reference.AddTransform(c14Transform); docXml.AddReference(reference); // carrega o certificado em KeyInfoX509Data para adicionar a KeyInfo var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(certificadoDigital)); docXml.KeyInfo = keyInfo; docXml.ComputeSignature(); //// recuperando a representação do XML assinado var xmlDigitalSignature = docXml.GetXml(); var assinatura = FuncoesXml.XmlStringParaClasse <Signature>(xmlDigitalSignature.OuterXml); return(assinatura); } finally { //Se não mantém os dados do certificado em cache e o certificado não foi passado por parâmetro(isto é, ele foi criado dentro deste método), //então libera o certificado, chamando o método reset. if (!manterDadosEmCache & certificadoDigital == null) { certificadoDigital.Reset(); } } }
/// <summary> /// Verified the xml with the physical Certificate /// </summary> /// <param name="xmlDoc"> xml document</param> /// <param name="certificateFileName"> Certificate File Name</param> /// <returns>Boolean Value</returns> public static bool IsXmlSignValidByFile(XmlDocument xmlDoc, string certificateFileName) { CryptoConfig.AddAlgorithm(typeof(Security.Cryptography.RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = "XML_DSIG_RSA_KEY"; RSACryptoServiceProvider csp = new RSACryptoServiceProvider(cspParams); if (xmlDoc == null) { throw new CryptographicException("XML Document object cann't be null"); } X509Certificate2 x509; // Add SHA-256 algorith mapping. CryptoConfig.AddAlgorithm(typeof(Security.Cryptography.RSAPKCS1SHA256SignatureDescription), XmlDsigSha256SignatureMethod); // Create a new x509 instance based on the passed in certificate. try { x509 = new X509Certificate2(certificateFileName, string.Empty, X509KeyStorageFlags.Exportable); } catch { throw new CryptographicException("Could not load the certificate file at " + certificateFileName); } // loading the key string csp.FromXmlString(x509.PublicKey.Key.ToXmlString(false)); xmlDoc.PreserveWhitespace = true; SignedXml signedXml = new SignedXml(xmlDoc); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; signedXml.SigningKey = csp; // Create a reference to be signed. Reference reference = new Reference(string.Empty); reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(false); reference.AddTransform(env); signedXml.AddReference(reference); // Find the "Signature" node and create a new XmlNodeList nodeList = xmlDoc.GetElementsByTagName("Signature"); // Load the first <signature> node. signedXml.LoadXml((XmlElement)nodeList[0]); return(signedXml.CheckSignature(csp)); }
public static void Main(String[] args) { //calculate caninicalized xml var t = new XmlDsigEnvelopedSignatureTransform(false); XmlDocument doc = new XmlDocument(); //doc.PreserveWhitespace = true; doc.Load(@"c:\temp\x.xml"); t.LoadInput(doc); FieldInfo field = t.GetType().GetField("_signaturePosition", BindingFlags.NonPublic | BindingFlags.Instance); field.SetValue(t, 1); var res = (XmlDocument)t.GetOutput(); var s = res.OuterXml; var c14 = new XmlDsigC14NTransform(); c14.LoadInput(res); var mem = (MemoryStream)c14.GetOutput(); var sha = new SHA256Managed(); var byte1 = c14.GetDigestedOutput(new SHA256Managed()); var digest1 = Convert.ToBase64String(byte1); var byte2 = sha.ComputeHash(mem.ToArray()); var digest2 = Convert.ToBase64String(byte2); var s1 = System.Text.Encoding.UTF8.GetString(mem.ToArray()); var byte3 = sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(s1)); var digest3 = Convert.ToBase64String(byte3); //return; //validate signature CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(@"c:\temp\x.xml"); XmlNode node = xmlDoc.DocumentElement; X509Certificate2 cert = new X509Certificate2(File.ReadAllBytes(@"c:\temp\x.cer")); bool isValid = ValidateXml(xmlDoc, cert); //return; //calc hash var sha1 = new SHA256Managed(); var b1 = sha1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(File.ReadAllText(@"c:\temp\x_no_sig.xml"))); var b64 = Convert.ToBase64String(b1); }
// Sign an XML file.This document cannot be verified unless the verifying code has the key with which it was signed. public static void SignXml(XmlDocument doc, RSA key) { // Create a SignedXml object SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document signedXml.KeyInfo = new KeyInfo(); signedXml.KeyInfo.AddClause(new RSAKeyValue(key)); signedXml.SigningKey = key; // Create a reference to be signed Reference reference = new Reference(""); // reference.Uri = ""; // Add an enveloped transformation to the reference XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Set the KeyInfo to the SignedXml object // KeyInfo ki = new KeyInfo(); // ki.AddClause(new RSAKeyValue(key)); // signedXml.SigningKey = key; // signedXml.KeyInfo = ki; // Add the reference to the SignedXml object signedXml.AddReference(reference); // Compute the signature signedXml.ComputeSignature(); // Get the XML representation of the signature and save it to an XmlElement object. // XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document // doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); doc.DocumentElement.PrependChild(signedXml.GetXml()); }
public static XmlDocument Assinar(XmlDocument docXML, string pUri, X509Certificate2 pCertificado) { try { // Load the certificate from the certificate store. X509Certificate2 cert = pCertificado; // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc = docXML; // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = cert.PrivateKey; // Create a reference to be signed. Reference reference = new Reference(); // pega o uri que deve ser assinada XmlAttributeCollection _Uri = doc.GetElementsByTagName(pUri).Item(0).Attributes; foreach (XmlAttribute _atributo in _Uri) { if (_atributo.Name == "Id") { reference.Uri = "#" + _atributo.InnerText; } } // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); XmlDsigC14NTransform c14 = new XmlDsigC14NTransform(); reference.AddTransform(c14); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Create a new KeyInfo object. KeyInfo keyInfo = new KeyInfo(); // Load the certificate into a KeyInfoX509Data object // and add it to the KeyInfo object. keyInfo.AddClause(new KeyInfoX509Data(cert)); // Add the KeyInfo object to the SignedXml object. signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } return doc; } catch (Exception ex) { throw new Exception("Erro ao efetuar assinatura digital, detalhes: " + ex.Message); } }
//------------------------------------------------------------------------------------------- private string SignXML(string xml) { // Signing XML Documents: http://msdn.microsoft.com/en-us/library/ms229745.aspx var rsaKey = new RSACryptoServiceProvider(); string sales_licensekeys_privatekey = ConfigurationManager.AppSettings["sales_licensekeys_privatekey"]; if (!File.Exists(sales_licensekeys_privatekey)) throw new Exception("The private signing key is missing"); rsaKey.FromXmlString(System.IO.File.ReadAllText(sales_licensekeys_privatekey)); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xml); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = rsaKey; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // set to "" to sign the entire doc XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement xmlDigitalSignature = signedXml.GetXml(); doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); MemoryStream ms = new MemoryStream(); XmlTextWriter writer = new XmlTextWriter(ms, new UTF8Encoding(false)); writer = new XmlTextWriter(ms, new UTF8Encoding(false)); //writer.Formatting = Formatting.Indented; doc.WriteContentTo(writer); writer.Flush(); ms.Position = 0; StreamReader reader = new StreamReader(ms); return reader.ReadToEnd(); }
// Třída podepíše certifikátem dokument XML // Pokud je již dokument podepsaný, přidá se další podpis public XmlDocument Sign(XmlDocument doc, X509Certificate2 cert) { // před podepisováním z dokumentu odstraníme komentáře (.NET s nimi má problémy pokud se kombinují s XPath transformacemi) XmlDocument strippedDoc = RemoveComments(doc); // definice mapování prefixů na jmenné prostory XmlNamespaceManager manager = new XmlNamespaceManager(strippedDoc.NameTable); manager.AddNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#"); // zjištění kolik podpisů již v dokumentu je int signatures = strippedDoc.SelectNodes("//dsig:Signature", manager).Count; // objekt sloužící pro vytvoření podpisu SignedXml signedXml = new SignedXml(strippedDoc); // podepisovat budeme privátním klíčem z certifikátu signedXml.SigningKey = cert.PrivateKey; // podepisovat budeme pomocí RSA-SHA256 signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; // reference na podepisovaný dokument ("" znamená celý dokument) Reference reference = new Reference(); reference.Uri = ""; // pro výpočet otisku se bude používat SHA-256 reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // digitální podpis bude přímo součástí dokumentu XML (tzv. "enveloped signature") XmlDsigEnvelopedSignatureTransform envTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envTransform); // navíc budeme používat XPath transoformaci, která dovoluje přidat několik podpisů najednou XmlDsigXPathTransform xpathTransform = new XmlDsigXPathTransform(); // příprava definice XPath transformace jako struktura XML signature XmlDocument transformBody = new XmlDocument(); // podoba XPath filtru se liší podle počtu podpisů if (signatures == 0) transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature)</dsig:XPath>"); else transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature) or not(ancestor-or-self::dsig:Signature/preceding-sibling::dsig:Signature[" + signatures + "])</dsig:XPath>"); // načtení definice XPath transformace do objektu xpathTransform.LoadInnerXml(transformBody.SelectNodes("/*[1]")); // přidání XPath transformace reference.AddTransform(xpathTransform); // přidání reference do podpisu signedXml.AddReference(reference); // přidání certifikátu do podpisu KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; // výpočet podpisu signedXml.ComputeSignature(); // získání XML reprezentace podpisu XmlElement xmlSignature = signedXml.GetXml(); // k podpisu přidáme identifikátor, tak jak doporučuje standard ISDOC xmlSignature.SetAttribute("Id", "Signature-" + (signatures + 1)); // XML dokument pro podepsaný výsledek XmlDocument result = new XmlDocument(); // bílé znaky musíme zachovat, jinak se špatně spočte hash result.PreserveWhitespace = true; // načtení původního dokumentu result.AppendChild(result.ImportNode(strippedDoc.DocumentElement, true)); // připojení podpisu na konec dokumentu XML result.DocumentElement.AppendChild(result.ImportNode(xmlSignature, true)); return result; }
private void Sign(Message message, string[] elementIdsToSign, string[] attachmentsToSign, string wssNamespace, X509Certificate2 certificate) { //Prepare XML to encrypt and sign var element = this.PrepareEncyrptSign(message); bool signEntireDocument = true; string elementToBeSigned = string.Empty; var signedMessage = new XmlDocument(); signedMessage.AppendChild(signedMessage.ImportNode(element, true)); SignatureType signAs = SignatureType.InternallyDetached; signedMessage.PreserveWhitespace = false; OverrideSignedXml signedXml = new OverrideSignedXml(signedMessage); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (elementIdsToSign != null && elementIdsToSign.Length > 0) { bool isContentTransform = this.IsSignatureContentTransform; foreach (string s in elementIdsToSign) { // Create a reference to be signed. Reference reference = new Reference(string.Format("#{0}", s)); reference.AddTransform(new XmlDsigExcC14NTransform()); reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; // Add the reference to the SignedXml object. signedXml.AddReference(reference); } signEntireDocument = false; } // Reference attachments to sign if (attachmentsToSign != null && attachmentsToSign.Length > 0) { bool isContentTransform = this.IsSignatureContentTransform; foreach (string attachmentId in attachmentsToSign) { // Create a reference to be signed. Reference reference = new Reference(string.Format("{0}{1}", Constants.CidUriScheme, attachmentId)); reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; if (isContentTransform) { AttachmentContentSignatureTransform env = new AttachmentContentSignatureTransform(); reference.AddTransform(env); } else { AttachmentCompleteSignatureTransform env = new AttachmentCompleteSignatureTransform(); reference.AddTransform(env); } // Add the reference to the SignedXml object. signedXml.AddReference(reference); } signEntireDocument = false; } if (signEntireDocument) { Reference reference = new Reference(); reference.Uri = ""; reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signAs = SignatureType.Enveloped; } string x509CertificateReferenceId = string.Format("{0}-{1}", Constants.IdAttributeName, Guid.NewGuid().ToString("N")); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509SecurityTokenReference(string.Format("#{0}", x509CertificateReferenceId), wssNamespace)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; RSA key = (RSACryptoServiceProvider) certificate.PrivateKey; signedXML.SigningKey = key; CidWebRequest.Message = message; signedXml.ComputeSignature(); var xmlSignature = signedXml.GetXml(); XmlDocument unsignedEnvelopeDoc = new XmlDocument(); unsignedEnvelopeDoc.LoadXml(message.MessageAsString); }
// Třída podepíše certifikátem dokument XML a přidá časové razítko // Pokud je již dokument podepsaný, přidá se další podpis public XmlDocument SignWithTimestamp(XmlDocument doc, X509Certificate2 cert, string tsURL, string tsUsername, string tsPassword) { // před podepisováním z dokumentu odstraníme komentáře (.NET s nimi má problémy pokud se kombinují s XPath transformacemi) XmlDocument strippedDoc = RemoveComments(doc); // definice mapování prefixů na jmenné prostory XmlNamespaceManager manager = new XmlNamespaceManager(strippedDoc.NameTable); manager.AddNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#"); // zjištění kolik podpisů již v dokumentu je int signatures = strippedDoc.SelectNodes("//dsig:Signature", manager).Count; string signatureID = (signatures + 1).ToString(); // vytvoření elementu Object pro časové razítko XmlElement objectElement = doc.CreateElement("Object", "http://www.w3.org/2000/09/xmldsig#"); // spočítání otisku certifikátu SHA256 sha256 = new SHA256Managed(); string certHash = Convert.ToBase64String(sha256.ComputeHash(cert.GetRawCertData())); objectElement.InnerXml = @"<xades:QualifyingProperties xmlns:xades='http://uri.etsi.org/01903/v1.3.2#' Target='#Signature-" + signatureID + @"' xmlns='http://www.w3.org/2000/09/xmldsig#'> <xades:SignedProperties Id='Signature-" + signatureID + @"-SignedProperties'> <xades:SignedSignatureProperties> <xades:SigningTime>" + XmlConvert.ToString(DateTime.Now.ToUniversalTime(), XmlDateTimeSerializationMode.RoundtripKind) + @"</xades:SigningTime> <xades:SigningCertificate> <xades:Cert> <xades:CertDigest> <DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'></DigestMethod> <DigestValue>" + certHash + @"</DigestValue> </xades:CertDigest> <xades:IssuerSerial> <X509IssuerName>" + cert.IssuerName + @"</X509IssuerName> <X509SerialNumber>" + cert.GetSerialNumberString() + @"</X509SerialNumber> </xades:IssuerSerial> </xades:Cert> </xades:SigningCertificate> </xades:SignedSignatureProperties> <xades:SignedDataObjectProperties> <xades:DataObjectFormat ObjectReference='#Signature-" + signatureID + @"-Document-Reference'> <xades:MimeType>application/xml</xades:MimeType> </xades:DataObjectFormat> </xades:SignedDataObjectProperties> </xades:SignedProperties> <xades:UnsignedProperties> <xades:UnsignedSignatureProperties> <xades:SignatureTimeStamp> <xades:EncapsulatedTimeStamp Encoding='http://uri.etsi.org/01903/v1.2.2#DER'></xades:EncapsulatedTimeStamp> </xades:SignatureTimeStamp> </xades:UnsignedSignatureProperties> </xades:UnsignedProperties> </xades:QualifyingProperties>"; // objekt sloužící pro vytvoření podpisu CustomIdSignedXml signedXml = new CustomIdSignedXml(strippedDoc, objectElement); // podepisovat budeme privátním klíčem z certifikátu signedXml.SigningKey = cert.PrivateKey; // podepisovat budeme pomocí RSA-SHA256 signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; // reference na podepisovaný dokument ("" znamená celý dokument) Reference reference = new Reference(); reference.Uri = ""; reference.Id = "Signature-" + signatureID + "-Document-Reference"; // pro výpočet otisku se bude používat SHA-256 reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // digitální podpis bude přímo součástí dokumentu XML (tzv. "enveloped signature") XmlDsigEnvelopedSignatureTransform envTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(envTransform); // navíc budeme používat XPath transoformaci, která dovoluje přidat několik podpisů najednou XmlDsigXPathTransform xpathTransform = new XmlDsigXPathTransform(); // příprava definice XPath transformace jako struktura XML signature XmlDocument transformBody = new XmlDocument(); // podoba XPath filtru se liší podle počtu podpisů if (signatures == 0) transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature)</dsig:XPath>"); else transformBody.LoadXml("<dsig:XPath xmlns:dsig='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::dsig:Signature) or not(ancestor-or-self::dsig:Signature/preceding-sibling::dsig:Signature[" + signatures + "])</dsig:XPath>"); // načtení definice XPath transformace do objektu xpathTransform.LoadInnerXml(transformBody.SelectNodes("/*[1]")); // přidání XPath transformace reference.AddTransform(xpathTransform); // přidání reference do podpisu signedXml.AddReference(reference); // reference na SignedProperties -- XAdES-BES vyžaduje podpis certifikátu Reference spReference = new Reference(); spReference.Uri = "#Signature-" + signatureID + "-SignedProperties"; // pro výpočet otisku se bude používat SHA-256 spReference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; // přidání reference do podpisu signedXml.AddReference(spReference); // přidání certifikátu do podpisu KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; // přidání objektu s časovým razítkem do podpisu DataObject dataObj = new DataObject(); dataObj.LoadXml(objectElement); signedXml.AddObject(dataObj); // výpočet podpisu signedXml.ComputeSignature(); // získání XML reprezentace podpisu XmlElement xmlSignature = signedXml.GetXml(); // k podpisu přidáme identifikátor, tak jak doporučuje standard ISDOC xmlSignature.SetAttribute("Id", "Signature-" + signatureID); // XML dokument pro podepsaný výsledek XmlDocument result = new XmlDocument(); // bílé znaky musíme zachovat, jinak se špatně spočte hash result.PreserveWhitespace = true; // načtení původního dokumentu result.AppendChild(result.ImportNode(strippedDoc.DocumentElement, true)); // připojení podpisu na konec dokumentu XML result.DocumentElement.AppendChild(result.ImportNode(xmlSignature, true)); // Spočítání otisku digitálního podpisu byte[] digest; digest = sha256.ComputeHash(signedXml.SignatureValue); // generátor požadavků na časové razítko TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); // vytvoření dat pro požadavek na timestamp server TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha256, digest); // získání surových dat pro poslání na timestamp server byte[] reqData = request.GetEncoded(); // inicializace požadavku na timestamp server HttpWebRequest httpReq = (HttpWebRequest)WebRequest.Create(tsURL); httpReq.Method = "POST"; httpReq.ContentType = "application/timestamp-query"; httpReq.ContentLength = reqData.Length; httpReq.Credentials = new NetworkCredential(tsUsername, tsPassword); // odeslání požadavku na timestamp server Stream reqStream = httpReq.GetRequestStream(); reqStream.Write(reqData, 0, reqData.Length); reqStream.Close(); // přečtení odpovědi HttpWebResponse httpResp = (HttpWebResponse)httpReq.GetResponse(); Stream respStream = new BufferedStream(httpResp.GetResponseStream()); TimeStampResponse response = new TimeStampResponse(respStream); respStream.Close(); // Console.WriteLine("Status razítkování: " + response.Status); // Console.WriteLine("Čas razítka: " + response.TimeStampToken.TimeStampInfo.GenTime.ToLocalTime()); string timestamp = Convert.ToBase64String(response.GetEncoded()); // doplnění získaného časového razítka do dokumentu XmlNamespaceManager nsmng = new XmlNamespaceManager(result.NameTable); nsmng.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); nsmng.AddNamespace("xades", "http://uri.etsi.org/01903/v1.3.2#"); XmlElement etsElement = (XmlElement)result.SelectSingleNode("//*[@Id = 'Signature-" + signatureID +"']/ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp/xades:EncapsulatedTimeStamp", nsmng); etsElement.InnerText = timestamp; return result; }