public static string GetSignatureAlgorithmUrl(XmlSignatureAlgorithmType algorithm) { return(algorithm switch { XmlSignatureAlgorithmType.RsaSha1 => RsaSha1Url, XmlSignatureAlgorithmType.RsaSha224 => RsaSha224Url, XmlSignatureAlgorithmType.RsaSha256 => RsaSha256Url, XmlSignatureAlgorithmType.RsaSha384 => RsaSha384Url, XmlSignatureAlgorithmType.RsaSha512 => RsaSha512Url, XmlSignatureAlgorithmType.DsaSha1 => DsaSha1Url, XmlSignatureAlgorithmType.DsaSha224 => DsaSha224Url, XmlSignatureAlgorithmType.DsaSha256 => DsaSha256Url, XmlSignatureAlgorithmType.DsaSha384 => DsaSha384Url, XmlSignatureAlgorithmType.DsaSha512 => DsaSha512Url, XmlSignatureAlgorithmType.HmacSha1 => HmacSha1Url, XmlSignatureAlgorithmType.HmacSha224 => HmacSha224Url, XmlSignatureAlgorithmType.HmacSha256 => HmacSha256Url, XmlSignatureAlgorithmType.HmacSha384 => HmacSha384Url, XmlSignatureAlgorithmType.HmacSha512 => HmacSha512Url, XmlSignatureAlgorithmType.EcdsaSha1 => EcdsaSha1Url, XmlSignatureAlgorithmType.EcdsaSha224 => EcdsaSha224Url, XmlSignatureAlgorithmType.EcdsaSha256 => EcdsaSha256Url, XmlSignatureAlgorithmType.EcdsaSha384 => EcdsaSha384Url, XmlSignatureAlgorithmType.EcdsaSha512 => EcdsaSha512Url, _ => throw new NotImplementedException(), });
public static bool Validate(string text, string signature, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm, bool base64UrlEncoding) { if (signature == null) { return(false); } var textBytes = Encoding.UTF8.GetBytes(text); var signatureBytes = base64UrlEncoding ? Base64UrlEncoder.FromBase64String(signature) : Convert.FromBase64String(signature); var valid = Validate(textBytes, signatureBytes, asymmetricAlgorithm, signatureAlgorithm); return(valid); }
public static bool Validate(byte[] textBytes, byte[] signatureBytes, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm) { var signatureDescription = Algorithms.Create(signatureAlgorithm); var hashAlgorithm = signatureDescription.CreateDigest(); var deformatter = signatureDescription.CreateDeformatter(asymmetricAlgorithm); var hash = hashAlgorithm.ComputeHash(textBytes); var valid = deformatter.VerifySignature(hash, signatureBytes); return(valid); }
public static byte[] GenerateSignatureBytes(byte[] bytes, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm) { var signatureDescription = Algorithms.Create(signatureAlgorithm); var hashAlgorithm = signatureDescription.CreateDigest(); var formatter = signatureDescription.CreateFormatter(asymmetricAlgorithm); var hash = hashAlgorithm.ComputeHash(bytes); var signatureBytes = formatter.CreateSignature(hash); return(signatureBytes); }
public static string GenerateSignatureString(byte[] bytes, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm, bool base64UrlEncoding) { var signedBytes = GenerateSignatureBytes(bytes, asymmetricAlgorithm, signatureAlgorithm); var signedText = base64UrlEncoding ? Base64UrlEncoder.ToBase64String(signedBytes) : Convert.ToBase64String(signedBytes); return(signedText); }
public static string GenerateSignatureString(string text, AsymmetricAlgorithm asymmetricAlgorithm, XmlSignatureAlgorithmType signatureAlgorithm, bool base64UrlEncoding) { var bytes = Encoding.UTF8.GetBytes(text); return(GenerateSignatureString(bytes, asymmetricAlgorithm, signatureAlgorithm, base64UrlEncoding)); }
private static XmlElement GenerateSignedXml(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm) { var rsa = cert.GetRSAPrivateKey(); if (rsa == null) { throw new IdentityProviderException("X509 must be RSA"); } string signatureAlgorithmUrl = Algorithms.GetSignatureAlgorithmUrl(signatureAlgorithm); string digestAlgorithmUrl = Algorithms.GetDigestAlgorithmUrl(digestAlgorithm); var signedXml = new PrefixedSignedXml(xmlDoc) { SigningKey = rsa }; signedXml.SignedInfo.SignatureMethod = signatureAlgorithmUrl; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; //Empty string means entire document, use '#' before name //https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.reference.uri?view=netframework-4.7.2 var referenceUri = String.Empty; var id = xmlDoc.DocumentElement.GetAttribute("ID"); if (!String.IsNullOrWhiteSpace(id)) { referenceUri = "#" + id; } Reference reference = new Reference { Uri = referenceUri, DigestMethod = digestAlgorithmUrl }; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); signedXml.KeyInfo = new KeyInfo(); signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.ComputeSignature("ds"); var signedXmlDoc = signedXml.GetXml("ds"); return(signedXmlDoc); }
public static XmlDocument SignXmlDoc(XmlDocument xmlDoc, X509Certificate2 cert, XmlSignatureAlgorithmType signatureAlgorithm, XmlDigestAlgorithmType digestAlgorithm) { var signedXml = GenerateSignedXml(xmlDoc, cert, signatureAlgorithm, digestAlgorithm); xmlDoc.DocumentElement.AppendChild(signedXml); return(xmlDoc); }