/// <summary> /// Signs the CDA Package and creates the signature document. /// </summary> /// <param name="package">A CDAPackageBase instance containing the root document to sign.</param> /// <param name="signingCert">The certificate used to sign the root document.</param> /// <returns>Signature of the root document.</returns> private static byte[] CreateSignature(CDAPackage package, X509Certificate2 signingCert) { package.SigningTime = DateTime.Now.ToUniversalTime(); byte[] rootDocumentContent = package.CDADocumentRoot.FileContent; byte[] hash = CalculateSHA1(rootDocumentContent); var manifest = new ManifestType(); manifest.Reference = new ReferenceType[] { new ReferenceType() { URI = package.CDADocumentRoot.FileName, DigestMethod = new DigestMethodType() { Algorithm = SignedXml.XmlDsigSHA1Url }, DigestValue = hash } }; var approver = new ApproverType(); approver.personId = package.Approver.PersonId.ToString(); approver.personName = new PersonNameType(); approver.personName.familyName = package.Approver.PersonFamilyName; if (package.Approver.PersonTitles != null) { approver.personName.nameTitle = package.Approver.PersonTitles.ToArray(); } if (package.Approver.PersonGivenNames != null) { approver.personName.givenName = package.Approver.PersonGivenNames.ToArray(); } if (package.Approver.PersonNameSuffixes != null) { approver.personName.nameSuffix = package.Approver.PersonNameSuffixes.ToArray(); } var eSignature = new eSignatureType(); eSignature.Manifest = manifest; eSignature.approver = approver; eSignature.signingTime = package.SigningTime.Value; XmlDocument eSignatureXml = eSignature.SerializeToXml(); ISignedContainerProfileService signedContainerService = XspFactory.Instance.GetSignedContainerProfileService(XspVersion.V_2010); XmlDocument signedDoc = signedContainerService.Create(eSignatureXml, signingCert); var ms = new MemoryStream(); signedDoc.Save(ms); return(ms.ToArray()); }
/// <summary> /// Verify the signature of a CDA package. /// </summary> /// <param name="package">The CDA package to verify.</param> /// <param name="verifyCertificate">A delegate to verify the signature certificate.</param> public static void VerifySignature(CDAPackage package, VerifyCertificateDelegate verifyCertificate) { // Return if package doesn't contain a signature. if (package.CDASignature == null) { return; } byte[] signatureDocumentContent = package.CDASignature.FileContent; byte[] rootDocumentContent = package.CDADocumentRoot.FileContent; byte[] hash = CalculateSHA1(rootDocumentContent); var signatureDocument = new XmlDocument(); signatureDocument.PreserveWhitespace = true; signatureDocument.Load(new MemoryStream(signatureDocumentContent)); // Get eSignature eSignatureType eSignature = null; try { var eSignatureElement = signatureDocument.GetElementsByTagName("eSignature", "*")[0] as XmlElement; eSignature = eSignatureElement.Deserialize <eSignatureType>(); } catch (Exception ex) { throw new SignatureVerificationException("Error extracting eSignature"); } if (eSignature == null) { throw new SignatureVerificationException("Error extracting eSignature"); } var manifest = eSignature.Manifest; var approver = eSignature.approver; // Get signing time package.SigningTime = eSignature.signingTime; // Get approver package.Approver = new Approver(); if (eSignature.approver != null) { if (eSignature.approver.personId != null) { package.Approver.PersonId = new Uri(eSignature.approver.personId, UriKind.RelativeOrAbsolute); } var personName = eSignature.approver.personName; if (personName != null) { package.Approver.PersonFamilyName = personName.familyName; if (personName.givenName != null) { package.Approver.PersonGivenNames = personName.givenName.ToList(); } if (personName.nameSuffix != null) { package.Approver.PersonNameSuffixes = personName.nameSuffix.ToList(); } if (personName.nameTitle != null) { package.Approver.PersonTitles = personName.nameTitle.ToList(); } } } // Check signature digest var manifestElement = signatureDocument.GetElementsByTagName("Manifest", "*")[0] as XmlElement; if (manifest.Reference[0].URI != "CDA_ROOT.XML") { throw new SignatureVerificationException("Error verifying document - Manifest reference must have a URI of 'CDA_ROOT.XML'"); } if (manifest.Reference[0].DigestMethod.Algorithm != SignedXml.XmlDsigSHA1Url) { throw new SignatureVerificationException("Error verifying document - Manifest digest method must have an algorithm of '" + SignedXml.XmlDsigSHA1Url + "'"); } if (Convert.ToBase64String(manifest.Reference[0].DigestValue) != Convert.ToBase64String(hash)) { throw new SignatureVerificationException("Error verifying document - Manifest digest value mismatch"); } // Verify certificate ICertificateVerifier verifier = new CertificateVerifier(verifyCertificate); ISignedContainerProfileService signedContainerService = XspFactory.Instance.GetSignedContainerProfileService(XspVersion.V_2010); signedContainerService.Check(signatureDocument, verifier); // Verify attachments integrity checks if (package.CDADocumentAttachments != null && package.CDADocumentAttachments.Count > 0) { VerifyAttachments(package); } return; }