public static XadesObject GetXadesObject(XadesInfo xadesInfo, string signatureid)
{
XadesObject xadesObject = new XadesObject();
xadesObject.QualifyingProperties.Target = String.Format("#{0}", signatureid);
xadesObject.QualifyingProperties.SignedProperties.Id = String.Format("{0}-signedprops", signatureid);
SignedSignatureProperties signedSignatureProperties = xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties;
var x509CertificateParser = new Org.BouncyCastle.X509.X509CertificateParser();
X509Certificate bouncyCert = x509CertificateParser.ReadCertificate(Convert.FromBase64String(xadesInfo.RawPK));
var cert = new Cert
{
IssuerSerial =
{
X509IssuerName = GetOidRepresentation(bouncyCert.IssuerDN.ToString()),
X509SerialNumber = bouncyCert.SerialNumber.ToString()
}
};
cert.CertDigest.DigestMethod.Algorithm = CPSignedXml.XmlDsigGost3411UrlObsolete;
var rawCertData = Convert.FromBase64String(xadesInfo.RawPK);
var pkHash = HashAlgorithm.Create("GOST3411");
var hashValue = pkHash.ComputeHash(rawCertData);
cert.CertDigest.DigestValue = hashValue;
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
signedSignatureProperties.SigningTime = xadesInfo.SigningDateTimeUTC.AddMinutes(xadesInfo.TimeZoneOffsetMinutes);
return xadesObject;
}
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters)
{
Cert cert;
cert = new Cert();
cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString();
DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest);
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
if (parameters.SignaturePolicyInfo != null)
{
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier;
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri))
{
SigPolicyQualifier spq = new SigPolicyQualifier();
spq.AnyXmlElement = sigDocument.Document.CreateElement(XadesSignedXml.XmlXadesPrefix, "SPURI", XadesSignedXml.XadesNamespaceUri);
spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq);
}
if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash);
}
}
signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now;
if (_dataFormat != null)
{
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
newDataObjectFormat.MimeType = _dataFormat.MimeType;
newDataObjectFormat.Encoding = _dataFormat.Encoding;
newDataObjectFormat.Description = _dataFormat.Description;
newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id;
if (_dataFormat.ObjectIdentifier != null)
{
newDataObjectFormat.ObjectIdentifier.Identifier.IdentifierUri = _dataFormat.ObjectIdentifier.Identifier.IdentifierUri;
}
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
if (parameters.SignerRole != null &&
(parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0))
{
signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole();
foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles)
{
signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole()
{
PkiData = certifiedRole.GetRawCertData()
});
}
foreach (string claimedRole in parameters.SignerRole.ClaimedRoles)
{
signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole()
{
InnerText = claimedRole
});
}
}
foreach (SignatureCommitment signatureCommitment in parameters.SignatureCommitments)
{
CommitmentTypeIndication cti = new CommitmentTypeIndication();
cti.CommitmentTypeId.Identifier.IdentifierUri = signatureCommitment.CommitmentType.URI;
cti.AllSignedDataObjects = true;
foreach (XmlElement signatureCommitmentQualifier in signatureCommitment.CommitmentTypeQualifiers)
{
CommitmentTypeQualifier ctq = new CommitmentTypeQualifier();
ctq.AnyXmlElement = signatureCommitmentQualifier;
cti.CommitmentTypeQualifiers.CommitmentTypeQualifierCollection.Add(ctq);
}
signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(cti);
}
if (parameters.SignatureProductionPlace != null)
{
signedSignatureProperties.SignatureProductionPlace.City = parameters.SignatureProductionPlace.City;
signedSignatureProperties.SignatureProductionPlace.StateOrProvince = parameters.SignatureProductionPlace.StateOrProvince;
signedSignatureProperties.SignatureProductionPlace.PostalCode = parameters.SignatureProductionPlace.PostalCode;
signedSignatureProperties.SignatureProductionPlace.CountryName = parameters.SignatureProductionPlace.CountryName;
}
}
public static X509Certificate2 GetX509Certificate2() => new X509Certificate2(Cert.PemCertToByteArray());
/// <summary>
/// Obtiene la informnacion del certificado, lo desencripta y aplica digestion SHA-256 para generar el sello.
/// </summary>
/// <param name="cfdi"></param>
/// <param name="xml"></param>
private static void firmarXml(Cfdi cfdi, ref XDocument xml)
{
try
{
obtenerCertificado(cfdi.rutaArchivoCer, ref xml);
string cadenaOriginal = obtenerCadenaOriginal(cfdi.rutaXsltCadenaOriginal, xml);
string algoritmoHash = "SHA-256";
string xmlLlavePrivada = string.Empty;
string sellobase64 = string.Empty;
Rsa rsa = new Rsa();
Rsa rsa2 = new Rsa();
Cert certificado = new Cert();
PrivateKey llavePrivada = new PrivateKey();
Chilkat.PublicKey llavePublica;
if (llavePrivada.LoadPkcs8EncryptedFile(cfdi.rutaArchivoKey, cfdi.secretArchivoKey) == false)
{
return;
}
xmlLlavePrivada = llavePrivada.GetXml();
if (rsa.UnlockComponent(Constantes.CHILKAT_UNLOCK_CODE) == false)
{
//Debug.Write(rsa.LastErrorText);
return;
}
if (rsa.ImportPrivateKey(xmlLlavePrivada) == false)
{
//Debug.Write(rsa.LastErrorText);
return;
}
rsa.Charset = "utf-8";
rsa.EncodingMode = "base64";
rsa.LittleEndian = false;
if (certificado.LoadFromFile(cfdi.rutaArchivoCer) == false)
{
return;
}
sellobase64 = rsa.SignStringENC(cadenaOriginal, algoritmoHash);
xml.Root.SetAttributeValue("Sello", sellobase64);
XElement xComprobante = xml.Root;
xComprobante = HelpersXml.removerAtributosVacios(xml.Root, true);
llavePublica = certificado.ExportPublicKey();
if (rsa2.ImportPublicKey(llavePublica.GetXml()) == false)
{
return;
}
rsa2.Charset = "utf-8";
rsa.EncodingMode = "base64";
rsa2.LittleEndian = false;
if (rsa2.VerifyStringENC(cadenaOriginal, algoritmoHash, sellobase64) == false)
{
return;
}
certificado.Dispose();
cfdi.cadenaOriginal = cadenaOriginal;
}
catch (Exception ex)
{
throw ex;
}
}
public void Setup_LoadCert()
{
signingCert = Cert.LoadFromPfx("cert1.pfx_testonly_donotuse", "");
Assert.True(signingCert.HasPrivateKey);
}
static void Main(string[] args)
{
foreach (StoreLocation storeLocation in (StoreLocation[])Enum.GetValues(typeof(StoreLocation)))
{
foreach (StoreName storeName in (StoreName[])Enum.GetValues(typeof(StoreName)))
{
X509Store store = new X509Store(storeName, storeLocation);
try
{
store.Open(OpenFlags.OpenExistingOnly);
if (store.Certificates.Count > 0)
{
Console.WriteLine("Store: {0}, {1}", store.Name, store.Location);
Console.WriteLine("=============================================");
foreach (X509Certificate2 Cert in store.Certificates)
{
if (Cert.NotAfter <= DateTime.Now)
{
Console.WriteLine("Expired: " + (Cert.FriendlyName != "" ? Cert.FriendlyName + ", " : Cert.Subject) + " (" + Cert.GetExpirationDateString() + ")");
}
else
{
Console.WriteLine("OK: " + (Cert.FriendlyName != "" ? Cert.FriendlyName + ", " : Cert.Subject) + " (" + Cert.GetExpirationDateString() + ")");
}
}
Console.WriteLine();
}
store.Close();
}
catch (CryptographicException)
{
//store does not exist or access denied
}
}
}
}
public CfdiResult SellarXml(String rutaCert, String rutaKey, String contrasena, String rutaArchivoXmlOrigen)
{
CfdiResult result = AgregarCertificado(rutaCert);
if (!result.Correcto)
{
return(result);
}
PrivateKey privKey = new PrivateKey();
XDocument xDoc = XDocument.Load(rutaArchivoXmlOrigen);
xDoc.Root.SetAttributeValue("Certificado", this.Certificado);
xDoc.Root.SetAttributeValue("NoCertificado", this.NoCertificado);
xDoc.Save(rutaArchivoXmlOrigen);
String cadenaOriginal = GetCadenaOriginal(this.RutaXSLTCadenaOriginal, rutaArchivoXmlOrigen);
if (!privKey.LoadPkcs8EncryptedFile(rutaKey, contrasena))
{
return(new CfdiResult(false, privKey.LastErrorText));
}
String privKeyXml = privKey.GetXml();
Rsa rsa = new Rsa();
String hashAlg = "SHA-256";
if (!rsa.UnlockComponent("RSAT34MB34N_7F1CD986683M"))
{
return(new CfdiResult(false, rsa.LastErrorText));
}
if (!rsa.ImportPrivateKey(privKeyXml))
{
return(new CfdiResult(false, rsa.LastErrorText));
}
rsa.Charset = "UTF-8";
rsa.EncodingMode = "base64";
rsa.LittleEndian = false;
Cert cert = new Cert();
if (!cert.LoadFromFile(rutaCert))
{
return(new CfdiResult(false, cert.LastErrorText));
}
String selloBase64 = rsa.SignStringENC(cadenaOriginal, hashAlg);
PublicKey publicKey = cert.ExportPublicKey();
Rsa rsa2 = new Rsa();
if (!rsa2.ImportPublicKey(publicKey.GetXml()))
{
return(new CfdiResult(false, rsa2.LastErrorText));
}
rsa2.Charset = "utf-8";
rsa2.EncodingMode = "base64";
rsa2.LittleEndian = false;
if (!rsa2.VerifyStringENC(cadenaOriginal, hashAlg, selloBase64))
{
return(new CfdiResult(false, rsa2.LastErrorText));
}
cert.Dispose();
privKey.Dispose();
publicKey.Dispose();
this.Sello = selloBase64;
xDoc.Root.SetAttributeValue("Sello", selloBase64);
//String xml = xDoc.ToString();
//File.WriteAllText(rutaArchivoXmlOrigen, xml);
xDoc.Save(rutaArchivoXmlOrigen);
//SerializarObjeto(rutaArchivoXmlOrigen);
return(new CfdiResult());
}
private bool IsNameMatch(X509Certificate2 certificate, Cert certInfo)
{
return(IssuerComparer.AreSameIssuer(certificate.Issuer, certInfo.IssuerSerial.X509IssuerName));
}
public void AddCert(string name, Cert cert, uint index)
{
AddData(name, cert.ByteData, index);
}
public void AddCert(string name, Cert cert)
{
AddCert(name, cert, 0);
}
public HttpResponseMessage Put(int id, [FromBody] m_signature signature)
{
try
{
/*section processing certificate*/
Cert myCert = null;
try
{
myCert = new Cert(
pathToFiles + "sertifikat/" + signature.certName,
signature.password
);
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
/*section processing Signature*/
MetaData MyMD = new MetaData();
MyMD.Author = signature.author;
MyMD.Title = signature.title;
MyMD.Subject = signature.subject;
MyMD.Keywords = signature.keyword;
PDFSigner pdfs = new PDFSigner(
pathToFiles + "input/" + signature.pdfName,
pathToFiles + "output/sign_" + signature.pdfName,
myCert,
MyMD
);
pdfs.Sign(signature.reason, signature.email, signature.location,
pathToFiles + "pic/" + signature.picName, signature.visible,
signature.posX, signature.posY
);
/*section save data to DB*/
using (SignatureDBEntities entities = new SignatureDBEntities())
{
var entity = entities.SignatureTables
.FirstOrDefault(e => e.id == id);
if (entity == null)
{
System.Diagnostics.Debug.WriteLine("Id not found");
return(Request.CreateErrorResponse(
HttpStatusCode.BadRequest, "Id not found"));
}
else
{
entity.author = signature.author;
entity.title = signature.title;
entity.subject = signature.subject;
entity.keyword = signature.keyword;
entity.reason = signature.reason;
entity.email = signature.email;
entity.location = signature.location;
entity.certName = signature.certName;
entity.issuerId = signature.issuerId;
entity.requestorId = signature.requestorId;
entity.status = "sign";
entity.approval = 1;
entities.SaveChanges();
System.Diagnostics.Debug.WriteLine("Sukses Sign File");
}
var message = Request.CreateResponse(
HttpStatusCode.Created, signature);
message.Headers.Location = new Uri(
Request.RequestUri + "/" + signature.id.ToString()
);
return(message);
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(
HttpStatusCode.BadRequest, ex));
}
}
public void CanAddRelyingPartyWithClaimMappings()
{
var encryptingCertificate = Cert.LoadEncryptingCertificate();
var relyingParty = new RelyingParty
{
Realm = "urn:identityserver:encrypt",
Name = "Test Relying Party",
Enabled = true,
ReplyUrl = "https://www.google.com/",
TokenType = "urn:oasis:names:tc:SAML:1.0:assertion",
TokenLifeTime = 1000,
IncludeAllClaimsForUser = false,
DefaultClaimTypeMappingPrefix = "https://schema.org/",
SamlNameIdentifierFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
SignatureAlgorithm = SecurityAlgorithms.RsaSha256Signature,
DigestAlgorithm = SecurityAlgorithms.Sha256Digest,
ClaimMappings = new List <ClaimMap>
{
new ClaimMap {
InboundClaim = "name", OutboundClaim = ClaimTypes.Name
},
new ClaimMap {
InboundClaim = "email", OutboundClaim = ClaimTypes.Email
}
},
EncryptingCertificate = encryptingCertificate.RawData
};
using (var context = new RelyingPartyConfigurationDbContext(ConfigConnectionStringName))
{
context.RelyingParties.Add(relyingParty);
context.SaveChanges();
}
RelyingParty persistedRelyingParty;
using (var context = new RelyingPartyConfigurationDbContext(ConfigConnectionStringName))
{
persistedRelyingParty =
context.RelyingParties.Include(x => x.ClaimMappings)
.FirstOrDefault(x => x.Realm == relyingParty.Realm);
}
Assert.NotNull(persistedRelyingParty);
Assert.True(relyingParty.Realm == persistedRelyingParty.Realm);
Assert.True(persistedRelyingParty.ClaimMappings.Any());
Assert.True(relyingParty.ClaimMappings.Count == persistedRelyingParty.ClaimMappings.Count);
Assert.True(relyingParty.DefaultClaimTypeMappingPrefix ==
persistedRelyingParty.DefaultClaimTypeMappingPrefix);
Assert.True(relyingParty.DigestAlgorithm == persistedRelyingParty.DigestAlgorithm);
Assert.True(relyingParty.Enabled == persistedRelyingParty.Enabled);
Assert.True(relyingParty.Id == persistedRelyingParty.Id);
Assert.True(relyingParty.IncludeAllClaimsForUser == persistedRelyingParty.IncludeAllClaimsForUser);
Assert.True(relyingParty.Name == persistedRelyingParty.Name);
Assert.True(relyingParty.ReplyUrl == persistedRelyingParty.ReplyUrl);
Assert.True(relyingParty.SamlNameIdentifierFormat == persistedRelyingParty.SamlNameIdentifierFormat);
Assert.True(relyingParty.SignatureAlgorithm == persistedRelyingParty.SignatureAlgorithm);
Assert.True(relyingParty.TokenLifeTime == persistedRelyingParty.TokenLifeTime);
Assert.True(relyingParty.TokenType == persistedRelyingParty.TokenType);
Assert.NotNull(relyingParty.EncryptingCertificate);
var readEncryptionCertificate = new X509Certificate2(relyingParty.EncryptingCertificate);
Assert.True(readEncryptionCertificate.SubjectName.Name == encryptingCertificate.SubjectName.Name);
Assert.True(readEncryptionCertificate.IssuerName.Name == encryptingCertificate.IssuerName.Name);
Assert.True(readEncryptionCertificate.Thumbprint == encryptingCertificate.Thumbprint);
// assert token encrypted using saved cert can be decrypted
var testClaim = new Claim(ClaimTypes.NameIdentifier, "69307727-D2F7-4ED3-A7DF-08EEE8F8C624");
var securityTokenDescriptor = new SecurityTokenDescriptor
{
AppliesToAddress = relyingParty.Realm,
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(relyingParty.TokenLifeTime)),
ReplyToAddress = relyingParty.ReplyUrl,
SigningCredentials = new X509SigningCredentials(Cert.LoadDecryptingCertificate(), relyingParty.SignatureAlgorithm, relyingParty.DigestAlgorithm),
Subject = new ClaimsIdentity(new List <Claim> {
testClaim
}),
TokenIssuerName = "https://domain.test",
TokenType = "urn:oasis:names:tc:SAML:2.0:assertion",
EncryptingCredentials = new EncryptedKeyEncryptingCredentials(readEncryptionCertificate)
};
var handler = new Saml2SecurityTokenHandler();
var securityToken = handler.CreateToken(securityTokenDescriptor);
var stringBuilder = new StringBuilder();
using (var writer = XmlWriter.Create(stringBuilder))
{
handler.WriteToken(writer, securityToken);
}
var token = stringBuilder.ToString();
SecurityToken validatedToken;
var claimsPrincipal = handler.ValidateToken(
token,
new TokenValidationParameters
{
IssuerSigningKey = new X509SecurityKey(Cert.LoadDecryptingCertificate()),
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
ValidateAudience = false,
ClientDecryptionTokens =
new ReadOnlyCollection <SecurityToken>(new List <SecurityToken>
{
new X509SecurityToken(Cert.LoadDecryptingCertificate())
})
},
out validatedToken);
Assert.NotNull(validatedToken);
Assert.NotNull(claimsPrincipal);
Assert.True(claimsPrincipal.HasClaim(testClaim.Type, testClaim.Value));
}
private void FirmarFacturaToolStripMenuItemClick(object sender, EventArgs e)
{
using (OpenFileDialog openCertificadoFileDialog = new OpenFileDialog
{
InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Personal),
Title = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Seleccione_su_certificado_de_usuario,
Filter = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Certificado_Digital____p12____p12
})
{
if (openCertificadoFileDialog.ShowDialog(this) == DialogResult.OK)
{
if (!string.IsNullOrEmpty(openCertificadoFileDialog.FileName))
{
Passs pass = new Passs();
if (pass.ShowDialog() == DialogResult.OK)
{
Cert myCert = null;
try
{
myCert = new Cert(openCertificadoFileDialog.FileName, pass.Password);
}
catch (Exception ex)
{
XtraMessageBox.Show(ex.Message, Application.ProductName);
return;
}
OpenFileDialog openFileDialog = new OpenFileDialog
{
InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Personal),
Title =
FacturasRecursos.
Form1_firmarFacturaToolStripMenuItem_Click_Seleccione_una_factura_sin_firmar,
Filter =
FacturasRecursos.
Form1_firmarFacturaToolStripMenuItem_Click_Factura____pdf____pdf
};
if (openFileDialog.ShowDialog(this) == DialogResult.OK)
{
if (!string.IsNullOrEmpty(openFileDialog.FileName))
{
MetaData myMd = new MetaData();
myMd.Author = Settings.Default.nombre;
myMd.Title = string.Format("Factura emitida por {0}", Settings.Default.nombre);
myMd.Subject = "Factura por translado en taxi";
myMd.Keywords = "factura, taxi, mariano";
myMd.Creator = "Riccardo Prieto Mendoza";
myMd.Producer = "Riccardo Prieto Mendoza";
using (SaveFileDialog sabeD = new SaveFileDialog
{
InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Personal),
Title = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Guardar_Factura_Firmada_como___,
Filter = FacturasRecursos.Form1_firmarFacturaToolStripMenuItem_Click_Factura____pdf____pdf
})
{
if (sabeD.ShowDialog(this) == DialogResult.OK)
{
PdfSigner pdfs = new PdfSigner(openFileDialog.FileName, sabeD.FileName, myCert, myMd);
pdfs.Sign("Factura por translado en taxi", Settings.Default.email, Settings.Default.direccion + " " + Settings.Default.poblacionCP, false);
Process.Start(sabeD.FileName);
}
}
}
}
}
}
}
}
}
