public static string GetSignatureAlgorithmUrl(XmlSignatureAlgorithmType algorithm)
{
return(algorithm switch
{
XmlSignatureAlgorithmType.RsaSha1 => RsaSha1Url,
XmlSignatureAlgorithmType.RsaSha224 => RsaSha224Url,
XmlSignatureAlgorithmType.RsaSha256 => RsaSha256Url,
XmlSignatureAlgorithmType.RsaSha384 => RsaSha384Url,
XmlSignatureAlgorithmType.RsaSha512 => RsaSha512Url,
XmlSignatureAlgorithmType.DsaSha1 => DsaSha1Url,
XmlSignatureAlgorithmType.DsaSha224 => DsaSha224Url,
XmlSignatureAlgorithmType.DsaSha256 => DsaSha256Url,
XmlSignatureAlgorithmType.DsaSha384 => DsaSha384Url,
XmlSignatureAlgorithmType.DsaSha512 => DsaSha512Url,
XmlSignatureAlgorithmType.HmacSha1 => HmacSha1Url,
XmlSignatureAlgorithmType.HmacSha224 => HmacSha224Url,
XmlSignatureAlgorithmType.HmacSha256 => HmacSha256Url,
XmlSignatureAlgorithmType.HmacSha384 => HmacSha384Url,
XmlSignatureAlgorithmType.HmacSha512 => HmacSha512Url,
XmlSignatureAlgorithmType.EcdsaSha1 => EcdsaSha1Url,
XmlSignatureAlgorithmType.EcdsaSha224 => EcdsaSha224Url,
XmlSignatureAlgorithmType.EcdsaSha256 => EcdsaSha256Url,
XmlSignatureAlgorithmType.EcdsaSha384 => EcdsaSha384Url,
XmlSignatureAlgorithmType.EcdsaSha512 => EcdsaSha512Url,
_ => throw new NotImplementedException(),
});
public static bool Validate(string text, string signature, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm, bool base64UrlEncoding)
{
if (signature == null)
{
return(false);
}
var textBytes = Encoding.UTF8.GetBytes(text);
var signatureBytes = base64UrlEncoding ? Base64UrlEncoder.FromBase64String(signature) : Convert.FromBase64String(signature);
var valid = Validate(textBytes, signatureBytes, asymmetricAlgorithm, signatureAlgorithm);
return(valid);
}
public static bool Validate(byte[] textBytes, byte[] signatureBytes, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm)
{
var signatureDescription = Algorithms.Create(signatureAlgorithm);
var hashAlgorithm = signatureDescription.CreateDigest();
var deformatter = signatureDescription.CreateDeformatter(asymmetricAlgorithm);
var hash = hashAlgorithm.ComputeHash(textBytes);
var valid = deformatter.VerifySignature(hash, signatureBytes);
return(valid);
}
public static byte[] GenerateSignatureBytes(byte[] bytes, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm)
{
var signatureDescription = Algorithms.Create(signatureAlgorithm);
var hashAlgorithm = signatureDescription.CreateDigest();
var formatter = signatureDescription.CreateFormatter(asymmetricAlgorithm);
var hash = hashAlgorithm.ComputeHash(bytes);
var signatureBytes = formatter.CreateSignature(hash);
return(signatureBytes);
}
public static string GenerateSignatureString(byte[] bytes, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm, bool base64UrlEncoding)
{
var signedBytes = GenerateSignatureBytes(bytes, asymmetricAlgorithm, signatureAlgorithm);
var signedText = base64UrlEncoding ? Base64UrlEncoder.ToBase64String(signedBytes) : Convert.ToBase64String(signedBytes);
return(signedText);
}
public static string GenerateSignatureString(string text, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm, bool base64UrlEncoding)
{
var bytes = Encoding.UTF8.GetBytes(text);
return(GenerateSignatureString(bytes, asymmetricAlgorithm, signatureAlgorithm, base64UrlEncoding));
}
private static XmlElement GenerateSignedXml(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm)
{
var rsa = cert.GetRSAPrivateKey();
if (rsa == null)
{
throw new IdentityProviderException("X509 must be RSA");
}
string signatureAlgorithmUrl = Algorithms.GetSignatureAlgorithmUrl(signatureAlgorithm);
string digestAlgorithmUrl = Algorithms.GetDigestAlgorithmUrl(digestAlgorithm);
var signedXml = new PrefixedSignedXml(xmlDoc)
{
SigningKey = rsa
};
signedXml.SignedInfo.SignatureMethod = signatureAlgorithmUrl;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
//Empty string means entire document, use '#' before name //https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.reference.uri?view=netframework-4.7.2
var referenceUri = String.Empty;
var id = xmlDoc.DocumentElement.GetAttribute("ID");
if (!String.IsNullOrWhiteSpace(id))
{
referenceUri = "#" + id;
}
Reference reference = new Reference
{
Uri = referenceUri,
DigestMethod = digestAlgorithmUrl
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.KeyInfo = new KeyInfo();
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.ComputeSignature("ds");
var signedXmlDoc = signedXml.GetXml("ds");
return(signedXmlDoc);
}
public static XmlDocument SignXmlDoc(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm)
{
var signedXml = GenerateSignedXml(xmlDoc, cert, signatureAlgorithm, digestAlgorithm);
xmlDoc.DocumentElement.AppendChild(signedXml);
return(xmlDoc);
}
