public static XadesObject GetXadesObject(XadesInfo xadesInfo, string signatureid) { XadesObject xadesObject = new XadesObject(); xadesObject.QualifyingProperties.Target = String.Format("#{0}", signatureid); xadesObject.QualifyingProperties.SignedProperties.Id = String.Format("{0}-signedprops", signatureid); SignedSignatureProperties signedSignatureProperties = xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties; var x509CertificateParser = new Org.BouncyCastle.X509.X509CertificateParser(); X509Certificate bouncyCert = x509CertificateParser.ReadCertificate(Convert.FromBase64String(xadesInfo.RawPK)); var cert = new Cert { IssuerSerial = { X509IssuerName = GetOidRepresentation(bouncyCert.IssuerDN.ToString()), X509SerialNumber = bouncyCert.SerialNumber.ToString() } }; cert.CertDigest.DigestMethod.Algorithm = CPSignedXml.XmlDsigGost3411UrlObsolete; var rawCertData = Convert.FromBase64String(xadesInfo.RawPK); var pkHash = HashAlgorithm.Create("GOST3411"); var hashValue = pkHash.ComputeHash(rawCertData); cert.CertDigest.DigestValue = hashValue; signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); signedSignatureProperties.SigningTime = xadesInfo.SigningDateTimeUTC.AddMinutes(xadesInfo.TimeZoneOffsetMinutes); return xadesObject; }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = sigDocument.Document.CreateElement(XadesSignedXml.XmlXadesPrefix, "SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now; if (_dataFormat != null) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = _dataFormat.MimeType; newDataObjectFormat.Encoding = _dataFormat.Encoding; newDataObjectFormat.Description = _dataFormat.Description; newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id; if (_dataFormat.ObjectIdentifier != null) { newDataObjectFormat.ObjectIdentifier.Identifier.IdentifierUri = _dataFormat.ObjectIdentifier.Identifier.IdentifierUri; } signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } if (parameters.SignerRole != null && (parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0)) { signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole(); foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles) { signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole() { PkiData = certifiedRole.GetRawCertData() }); } foreach (string claimedRole in parameters.SignerRole.ClaimedRoles) { signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole() { InnerText = claimedRole }); } } foreach (SignatureCommitment signatureCommitment in parameters.SignatureCommitments) { CommitmentTypeIndication cti = new CommitmentTypeIndication(); cti.CommitmentTypeId.Identifier.IdentifierUri = signatureCommitment.CommitmentType.URI; cti.AllSignedDataObjects = true; foreach (XmlElement signatureCommitmentQualifier in signatureCommitment.CommitmentTypeQualifiers) { CommitmentTypeQualifier ctq = new CommitmentTypeQualifier(); ctq.AnyXmlElement = signatureCommitmentQualifier; cti.CommitmentTypeQualifiers.CommitmentTypeQualifierCollection.Add(ctq); } signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(cti); } if (parameters.SignatureProductionPlace != null) { signedSignatureProperties.SignatureProductionPlace.City = parameters.SignatureProductionPlace.City; signedSignatureProperties.SignatureProductionPlace.StateOrProvince = parameters.SignatureProductionPlace.StateOrProvince; signedSignatureProperties.SignatureProductionPlace.PostalCode = parameters.SignatureProductionPlace.PostalCode; signedSignatureProperties.SignatureProductionPlace.CountryName = parameters.SignatureProductionPlace.CountryName; } }
public static X509Certificate2 GetX509Certificate2() => new X509Certificate2(Cert.PemCertToByteArray());
/// <summary> /// Obtiene la informnacion del certificado, lo desencripta y aplica digestion SHA-256 para generar el sello. /// </summary> /// <param name="cfdi"></param> /// <param name="xml"></param> private static void firmarXml(Cfdi cfdi, ref XDocument xml) { try { obtenerCertificado(cfdi.rutaArchivoCer, ref xml); string cadenaOriginal = obtenerCadenaOriginal(cfdi.rutaXsltCadenaOriginal, xml); string algoritmoHash = "SHA-256"; string xmlLlavePrivada = string.Empty; string sellobase64 = string.Empty; Rsa rsa = new Rsa(); Rsa rsa2 = new Rsa(); Cert certificado = new Cert(); PrivateKey llavePrivada = new PrivateKey(); Chilkat.PublicKey llavePublica; if (llavePrivada.LoadPkcs8EncryptedFile(cfdi.rutaArchivoKey, cfdi.secretArchivoKey) == false) { return; } xmlLlavePrivada = llavePrivada.GetXml(); if (rsa.UnlockComponent(Constantes.CHILKAT_UNLOCK_CODE) == false) { //Debug.Write(rsa.LastErrorText); return; } if (rsa.ImportPrivateKey(xmlLlavePrivada) == false) { //Debug.Write(rsa.LastErrorText); return; } rsa.Charset = "utf-8"; rsa.EncodingMode = "base64"; rsa.LittleEndian = false; if (certificado.LoadFromFile(cfdi.rutaArchivoCer) == false) { return; } sellobase64 = rsa.SignStringENC(cadenaOriginal, algoritmoHash); xml.Root.SetAttributeValue("Sello", sellobase64); XElement xComprobante = xml.Root; xComprobante = HelpersXml.removerAtributosVacios(xml.Root, true); llavePublica = certificado.ExportPublicKey(); if (rsa2.ImportPublicKey(llavePublica.GetXml()) == false) { return; } rsa2.Charset = "utf-8"; rsa.EncodingMode = "base64"; rsa2.LittleEndian = false; if (rsa2.VerifyStringENC(cadenaOriginal, algoritmoHash, sellobase64) == false) { return; } certificado.Dispose(); cfdi.cadenaOriginal = cadenaOriginal; } catch (Exception ex) { throw ex; } }
public void Setup_LoadCert() { signingCert = Cert.LoadFromPfx("cert1.pfx_testonly_donotuse", ""); Assert.True(signingCert.HasPrivateKey); }
static void Main(string[] args) { foreach (StoreLocation storeLocation in (StoreLocation[])Enum.GetValues(typeof(StoreLocation))) { foreach (StoreName storeName in (StoreName[])Enum.GetValues(typeof(StoreName))) { X509Store store = new X509Store(storeName, storeLocation); try { store.Open(OpenFlags.OpenExistingOnly); if (store.Certificates.Count > 0) { Console.WriteLine("Store: {0}, {1}", store.Name, store.Location); Console.WriteLine("============================================="); foreach (X509Certificate2 Cert in store.Certificates) { if (Cert.NotAfter <= DateTime.Now) { Console.WriteLine("Expired: " + (Cert.FriendlyName != "" ? Cert.FriendlyName + ", " : Cert.Subject) + " (" + Cert.GetExpirationDateString() + ")"); } else { Console.WriteLine("OK: " + (Cert.FriendlyName != "" ? Cert.FriendlyName + ", " : Cert.Subject) + " (" + Cert.GetExpirationDateString() + ")"); } } Console.WriteLine(); } store.Close(); } catch (CryptographicException) { //store does not exist or access denied } } } }
public CfdiResult SellarXml(String rutaCert, String rutaKey, String contrasena, String rutaArchivoXmlOrigen) { CfdiResult result = AgregarCertificado(rutaCert); if (!result.Correcto) { return(result); } PrivateKey privKey = new PrivateKey(); XDocument xDoc = XDocument.Load(rutaArchivoXmlOrigen); xDoc.Root.SetAttributeValue("Certificado", this.Certificado); xDoc.Root.SetAttributeValue("NoCertificado", this.NoCertificado); xDoc.Save(rutaArchivoXmlOrigen); String cadenaOriginal = GetCadenaOriginal(this.RutaXSLTCadenaOriginal, rutaArchivoXmlOrigen); if (!privKey.LoadPkcs8EncryptedFile(rutaKey, contrasena)) { return(new CfdiResult(false, privKey.LastErrorText)); } String privKeyXml = privKey.GetXml(); Rsa rsa = new Rsa(); String hashAlg = "SHA-256"; if (!rsa.UnlockComponent("RSAT34MB34N_7F1CD986683M")) { return(new CfdiResult(false, rsa.LastErrorText)); } if (!rsa.ImportPrivateKey(privKeyXml)) { return(new CfdiResult(false, rsa.LastErrorText)); } rsa.Charset = "UTF-8"; rsa.EncodingMode = "base64"; rsa.LittleEndian = false; Cert cert = new Cert(); if (!cert.LoadFromFile(rutaCert)) { return(new CfdiResult(false, cert.LastErrorText)); } String selloBase64 = rsa.SignStringENC(cadenaOriginal, hashAlg); PublicKey publicKey = cert.ExportPublicKey(); Rsa rsa2 = new Rsa(); if (!rsa2.ImportPublicKey(publicKey.GetXml())) { return(new CfdiResult(false, rsa2.LastErrorText)); } rsa2.Charset = "utf-8"; rsa2.EncodingMode = "base64"; rsa2.LittleEndian = false; if (!rsa2.VerifyStringENC(cadenaOriginal, hashAlg, selloBase64)) { return(new CfdiResult(false, rsa2.LastErrorText)); } cert.Dispose(); privKey.Dispose(); publicKey.Dispose(); this.Sello = selloBase64; xDoc.Root.SetAttributeValue("Sello", selloBase64); //String xml = xDoc.ToString(); //File.WriteAllText(rutaArchivoXmlOrigen, xml); xDoc.Save(rutaArchivoXmlOrigen); //SerializarObjeto(rutaArchivoXmlOrigen); return(new CfdiResult()); }
private bool IsNameMatch(X509Certificate2 certificate, Cert certInfo) { return(IssuerComparer.AreSameIssuer(certificate.Issuer, certInfo.IssuerSerial.X509IssuerName)); }
public void AddCert(string name, Cert cert, uint index) { AddData(name, cert.ByteData, index); }
public void AddCert(string name, Cert cert) { AddCert(name, cert, 0); }
public HttpResponseMessage Put(int id, [FromBody] m_signature signature) { try { /*section processing certificate*/ Cert myCert = null; try { myCert = new Cert( pathToFiles + "sertifikat/" + signature.certName, signature.password ); } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex)); } /*section processing Signature*/ MetaData MyMD = new MetaData(); MyMD.Author = signature.author; MyMD.Title = signature.title; MyMD.Subject = signature.subject; MyMD.Keywords = signature.keyword; PDFSigner pdfs = new PDFSigner( pathToFiles + "input/" + signature.pdfName, pathToFiles + "output/sign_" + signature.pdfName, myCert, MyMD ); pdfs.Sign(signature.reason, signature.email, signature.location, pathToFiles + "pic/" + signature.picName, signature.visible, signature.posX, signature.posY ); /*section save data to DB*/ using (SignatureDBEntities entities = new SignatureDBEntities()) { var entity = entities.SignatureTables .FirstOrDefault(e => e.id == id); if (entity == null) { System.Diagnostics.Debug.WriteLine("Id not found"); return(Request.CreateErrorResponse( HttpStatusCode.BadRequest, "Id not found")); } else { entity.author = signature.author; entity.title = signature.title; entity.subject = signature.subject; entity.keyword = signature.keyword; entity.reason = signature.reason; entity.email = signature.email; entity.location = signature.location; entity.certName = signature.certName; entity.issuerId = signature.issuerId; entity.requestorId = signature.requestorId; entity.status = "sign"; entity.approval = 1; entities.SaveChanges(); System.Diagnostics.Debug.WriteLine("Sukses Sign File"); } var message = Request.CreateResponse( HttpStatusCode.Created, signature); message.Headers.Location = new Uri( Request.RequestUri + "/" + signature.id.ToString() ); return(message); } } catch (Exception ex) { return(Request.CreateErrorResponse( HttpStatusCode.BadRequest, ex)); } }
public void CanAddRelyingPartyWithClaimMappings() { var encryptingCertificate = Cert.LoadEncryptingCertificate(); var relyingParty = new RelyingParty { Realm = "urn:identityserver:encrypt", Name = "Test Relying Party", Enabled = true, ReplyUrl = "https://www.google.com/", TokenType = "urn:oasis:names:tc:SAML:1.0:assertion", TokenLifeTime = 1000, IncludeAllClaimsForUser = false, DefaultClaimTypeMappingPrefix = "https://schema.org/", SamlNameIdentifierFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", SignatureAlgorithm = SecurityAlgorithms.RsaSha256Signature, DigestAlgorithm = SecurityAlgorithms.Sha256Digest, ClaimMappings = new List <ClaimMap> { new ClaimMap { InboundClaim = "name", OutboundClaim = ClaimTypes.Name }, new ClaimMap { InboundClaim = "email", OutboundClaim = ClaimTypes.Email } }, EncryptingCertificate = encryptingCertificate.RawData }; using (var context = new RelyingPartyConfigurationDbContext(ConfigConnectionStringName)) { context.RelyingParties.Add(relyingParty); context.SaveChanges(); } RelyingParty persistedRelyingParty; using (var context = new RelyingPartyConfigurationDbContext(ConfigConnectionStringName)) { persistedRelyingParty = context.RelyingParties.Include(x => x.ClaimMappings) .FirstOrDefault(x => x.Realm == relyingParty.Realm); } Assert.NotNull(persistedRelyingParty); Assert.True(relyingParty.Realm == persistedRelyingParty.Realm); Assert.True(persistedRelyingParty.ClaimMappings.Any()); Assert.True(relyingParty.ClaimMappings.Count == persistedRelyingParty.ClaimMappings.Count); Assert.True(relyingParty.DefaultClaimTypeMappingPrefix == persistedRelyingParty.DefaultClaimTypeMappingPrefix); Assert.True(relyingParty.DigestAlgorithm == persistedRelyingParty.DigestAlgorithm); Assert.True(relyingParty.Enabled == persistedRelyingParty.Enabled); Assert.True(relyingParty.Id == persistedRelyingParty.Id); Assert.True(relyingParty.IncludeAllClaimsForUser == persistedRelyingParty.IncludeAllClaimsForUser); Assert.True(relyingParty.Name == persistedRelyingParty.Name); Assert.True(relyingParty.ReplyUrl == persistedRelyingParty.ReplyUrl); Assert.True(relyingParty.SamlNameIdentifierFormat == persistedRelyingParty.SamlNameIdentifierFormat); Assert.True(relyingParty.SignatureAlgorithm == persistedRelyingParty.SignatureAlgorithm); Assert.True(relyingParty.TokenLifeTime == persistedRelyingParty.TokenLifeTime); Assert.True(relyingParty.TokenType == persistedRelyingParty.TokenType); Assert.NotNull(relyingParty.EncryptingCertificate); var readEncryptionCertificate = new X509Certificate2(relyingParty.EncryptingCertificate); Assert.True(readEncryptionCertificate.SubjectName.Name == encryptingCertificate.SubjectName.Name); Assert.True(readEncryptionCertificate.IssuerName.Name == encryptingCertificate.IssuerName.Name); Assert.True(readEncryptionCertificate.Thumbprint == encryptingCertificate.Thumbprint); // assert token encrypted using saved cert can be decrypted var testClaim = new Claim(ClaimTypes.NameIdentifier, "69307727-D2F7-4ED3-A7DF-08EEE8F8C624"); var securityTokenDescriptor = new SecurityTokenDescriptor { AppliesToAddress = relyingParty.Realm, Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(relyingParty.TokenLifeTime)), ReplyToAddress = relyingParty.ReplyUrl, SigningCredentials = new X509SigningCredentials(Cert.LoadDecryptingCertificate(), relyingParty.SignatureAlgorithm, relyingParty.DigestAlgorithm), Subject = new ClaimsIdentity(new List <Claim> { testClaim }), TokenIssuerName = "https://domain.test", TokenType = "urn:oasis:names:tc:SAML:2.0:assertion", EncryptingCredentials = new EncryptedKeyEncryptingCredentials(readEncryptionCertificate) }; var handler = new Saml2SecurityTokenHandler(); var securityToken = handler.CreateToken(securityTokenDescriptor); var stringBuilder = new StringBuilder(); using (var writer = XmlWriter.Create(stringBuilder)) { handler.WriteToken(writer, securityToken); } var token = stringBuilder.ToString(); SecurityToken validatedToken; var claimsPrincipal = handler.ValidateToken( token, new TokenValidationParameters { IssuerSigningKey = new X509SecurityKey(Cert.LoadDecryptingCertificate()), ValidateIssuer = false, ValidateIssuerSigningKey = false, ValidateAudience = false, ClientDecryptionTokens = new ReadOnlyCollection <SecurityToken>(new List <SecurityToken> { new X509SecurityToken(Cert.LoadDecryptingCertificate()) }) }, out validatedToken); Assert.NotNull(validatedToken); Assert.NotNull(claimsPrincipal); Assert.True(claimsPrincipal.HasClaim(testClaim.Type, testClaim.Value)); }
private void FirmarFacturaToolStripMenuItemClick(object sender, EventArgs e) { using (OpenFileDialog openCertificadoFileDialog = new OpenFileDialog { InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Personal), Title = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Seleccione_su_certificado_de_usuario, Filter = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Certificado_Digital____p12____p12 }) { if (openCertificadoFileDialog.ShowDialog(this) == DialogResult.OK) { if (!string.IsNullOrEmpty(openCertificadoFileDialog.FileName)) { Passs pass = new Passs(); if (pass.ShowDialog() == DialogResult.OK) { Cert myCert = null; try { myCert = new Cert(openCertificadoFileDialog.FileName, pass.Password); } catch (Exception ex) { XtraMessageBox.Show(ex.Message, Application.ProductName); return; } OpenFileDialog openFileDialog = new OpenFileDialog { InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Personal), Title = FacturasRecursos. Form1_firmarFacturaToolStripMenuItem_Click_Seleccione_una_factura_sin_firmar, Filter = FacturasRecursos. Form1_firmarFacturaToolStripMenuItem_Click_Factura____pdf____pdf }; if (openFileDialog.ShowDialog(this) == DialogResult.OK) { if (!string.IsNullOrEmpty(openFileDialog.FileName)) { MetaData myMd = new MetaData(); myMd.Author = Settings.Default.nombre; myMd.Title = string.Format("Factura emitida por {0}", Settings.Default.nombre); myMd.Subject = "Factura por translado en taxi"; myMd.Keywords = "factura, taxi, mariano"; myMd.Creator = "Riccardo Prieto Mendoza"; myMd.Producer = "Riccardo Prieto Mendoza"; using (SaveFileDialog sabeD = new SaveFileDialog { InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Personal), Title = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Guardar_Factura_Firmada_como___, Filter = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Factura____pdf____pdf }) { if (sabeD.ShowDialog(this) == DialogResult.OK) { PdfSigner pdfs = new PdfSigner(openFileDialog.FileName, sabeD.FileName, myCert, myMd); pdfs.Sign("Factura por translado en taxi", Settings.Default.email, Settings.Default.direccion + " " + Settings.Default.poblacionCP, false); Process.Start(sabeD.FileName); } } } } } } } } }