public async Task <object> SignXMLAsync(string accessToken, string base_URL, InputSignatureAdvanced inputSignatureAdvanced) { SBUtils.Unit.SetLicenseKey("03D250F599AFD170E8A7410AFE3EAAC635E687187762F9936518B7FA6AEDDB215DF3177560DD647433BEE43711D31EC2B6818C0797C464E7F077467EABB466DE8F21CE77A054C9D3B04B0BA859B4BE8E8B7FCD50D07E2A4CD96240FA1468D8F03CBDE4EB1D2070A4294D2426881EEFBDFFAA7A76747B30A2E0564CA06CD673089318BFBA530E88A26F6FF76E46FE2A5A65C0FBAACB09F9804BC287412E49EE832058643D8A59B8398C7637C3EDE91660E6B696F32AD416F606DB215A2FFF214B5DF58DE27687362740B591D7F3D2D33CE6A3D1601521408511476FA81D374CA32D0443BD710D4D732A8C398A953047EEAB4A62237813DA11FC5E0EBFF1E69A9D"); pin = inputSignatureAdvanced.PIN; otp = inputSignatureAdvanced.OTP; credentialsID = inputSignatureAdvanced.credentialsID; access_token = accessToken; baseURL = base_URL; hashAlgo = inputSignatureAdvanced.hashAlgo; signAlgo = inputSignatureAdvanced.signAlgo; OutputError error = new OutputError() { error = "error_pades_signature", error_description = "error" }; TElXMLDOMDocument document = new TElXMLDOMDocument(); TElXMLDOMDocument signedDocument = new TElXMLDOMDocument(); try { var filePath = Path.GetTempFileName(); if (inputSignatureAdvanced.documentStream.Length > 0) { using (Stream stream = new FileStream(filePath, FileMode.Create)) { Stream memoryStream = new MemoryStream(inputSignatureAdvanced.documentStream); await memoryStream.CopyToAsync(stream); stream.Position = 0; document.LoadFromStream(stream, "ISO-8859-1", true); TElXMLSigner Signer = new TElXMLSigner(null); TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false); try { Signer.SignatureType = SBXMLSec.Unit.xstEnveloped; Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon; Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig; TElXMLReference Ref = new TElXMLReference(); Ref.URI = ""; Ref.URINode = document.DocumentElement; Ref.TransformChain.AddEnvelopedSignatureTransform(); if (hashAlgo == "2.16.840.1.101.3.4.2.1") { Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256; Ref.DigestMethod = SBXMLSec.Unit.xdmSHA256; } else { Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1; Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1; } Signer.References.Add(Ref); TElX509Certificate Cert = LoadCertificate(credentialsID, accessToken); X509Data.Certificate = Cert; Signer.KeyData = X509Data; Signer.UpdateReferencesDigest(); Signer.OnRemoteSign += new TSBXMLRemoteSignEvent(XAdESHandler_OnRemoteSign); Signer.GenerateSignature(); TElXMLDOMNode node = document.ChildNodes.get_Item(0); Signer.SaveEnveloped(document.DocumentElement); var signedMemory = new MemoryStream(); document.SaveToStream(signedMemory); OutputAdvancedSignature output = new OutputAdvancedSignature() { signedDocument = signedMemory.GetBuffer() }; Signer.Dispose(); X509Data.Dispose(); return(output); } catch (Exception ex) { return(error); } } } else { return(error); } } catch (Exception ex) { return(error); } }
private static void SignElement(string absoluteCertFilePath, string password, object element) { TElXMLSigner Signer; TElXAdESSigner XAdESSigner = null; TElXMLKeyInfoRSAData RSAKeyData = null; TElXMLKeyInfoX509Data X509KeyData = null; TElXMLKeyInfoPGPData PGPKeyData = null; FileStream F; TElXMLDOMNode SigNode; TElXMLReferenceList Refs = new TElXMLReferenceList(); TElXMLReference Ref = new TElXMLReference(); Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1; if ((TElXMLDOMNode)element is TElXMLDOMDocument) { Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement; Ref.URI = ""; } else if ((TElXMLDOMNode)element is TElXMLDOMElement) { Ref.URINode = (TElXMLDOMNode)element; TElXMLDOMElement El = (TElXMLDOMElement)element; if (El.GetAttribute("ID") != "") { Ref.URI = "#" + El.GetAttribute("ID"); } else if (El.ParentNode is TElXMLDOMDocument) { Ref.URI = ""; } else { El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue))); Ref.URI = "#" + El.GetAttribute("Id"); } } else { Ref.URINode = (TElXMLDOMNode)element; Ref.URI = ((TElXMLDOMNode)element).LocalName; } Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform()); Ref.TransformChain.Add(new TElXMLC14NTransform()); Refs.Add(Ref); Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html try { Signer.SignatureType = SBXMLSec.Unit.xstEnveloped; Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment; Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig; Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1; Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5; Signer.References = Refs; Signer.KeyName = String.Empty; Signer.IncludeKey = false; Signer.OnFormatElement += FormatElement; Signer.OnFormatText += FormatText; if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement)) { TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode; El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue))); Ref.URI = "#" + El.GetAttribute("Id"); } RSAKeyData = new TElXMLKeyInfoRSAData(true); RSAKeyData.RSAKeyMaterial.Passphrase = password; X509KeyData = new TElXMLKeyInfoX509Data(true); PGPKeyData = new TElXMLKeyInfoPGPData(true); F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read); try { // trying to load file as RSA key material RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0); } catch { } if (!RSAKeyData.RSAKeyMaterial.SecretKey) { // trying to load file as Certificate F.Position = 0; LoadCertificate(F, password, X509KeyData); } if (!RSAKeyData.RSAKeyMaterial.PublicKey && (X509KeyData.Certificate == null)) { // trying to load file as PGP key F.Position = 0; PGPKeyData.SecretKey = new TElPGPSecretKey(); PGPKeyData.SecretKey.Passphrase = password; try { ((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F); } catch { PGPKeyData.SecretKey = null; } } F.Close(); if (RSAKeyData.RSAKeyMaterial.SecretKey) { Signer.KeyData = RSAKeyData; } else if (X509KeyData.Certificate != null) { if (!X509KeyData.Certificate.PrivateKeyExists) { throw new Exception("The selected certificate doesn''t contain a private key"); } Signer.KeyData = X509KeyData; } else if (PGPKeyData.SecretKey != null) { Signer.KeyData = PGPKeyData; } Signer.UpdateReferencesDigest(); Signer.GenerateSignature(); SigNode = (TElXMLDOMNode)element; if (SigNode is TElXMLDOMDocument) { SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement; } try { // If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature. // If the signature type is enveloped, the signature is placed as a child of the passed node. Signer.Save(ref SigNode); } catch (Exception E) { throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message)); } } finally { Signer.Dispose(); if (XAdESSigner != null) { XAdESSigner.Dispose(); } if (X509KeyData != null) { X509KeyData.Dispose(); } if (PGPKeyData != null) { PGPKeyData.Dispose(); } } }
private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt) { //var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true); TElXMLEncryptor Encryptor; TElXMLKeyInfoSymmetricData SymKeyData; TElXMLKeyInfoRSAData RSAKeyData; TElXMLKeyInfoX509Data X509KeyData; TElXMLKeyInfoPGPData PGPKeyData; FileStream F; TElXMLDOMNode EncNode; Encryptor = new TElXMLEncryptor { EncryptKey = true, EncryptionMethod = 1, KeyName = String.Empty, EncryptedDataType = 0, KeyEncryptionType = 0, KeyTransportMethod = 1, KeyWrapMethod = 0 }; SymKeyData = new TElXMLKeyInfoSymmetricData(true); // generate random Key & IV SymKeyData.Key.Generate(32 * 8); SymKeyData.Key.GenerateIV(16 * 8); Encryptor.KeyData = SymKeyData; // xetKeyTransport RSAKeyData = new TElXMLKeyInfoRSAData(true); RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty; X509KeyData = new TElXMLKeyInfoX509Data(true); PGPKeyData = new TElXMLKeyInfoPGPData(true); certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc"); F = new FileStream(certificate, FileMode.Open, FileAccess.Read); PGPKeyData.PublicKey = new TElPGPPublicKey(); try { ((TElPGPPublicKey)PGPKeyData.PublicKey).LoadFromStream(F); } catch { PGPKeyData.PublicKey.Dispose(); PGPKeyData.PublicKey = null; } F.Close(); Encryptor.KeyEncryptionKeyData = PGPKeyData; //Encrypt Node Encryptor.Encrypt(nodeToEnrypt); // Save document EncNode = Encryptor.Save(FXMLDocument); //Replacing selected node with encrypted node var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion"); var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2"); nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion"; encryptedAssertion.Attributes.Add(nsAttr); encryptedAssertion.AppendChild(EncNode); nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt); Encryptor.Dispose(); if (X509KeyData != null) { X509KeyData.Dispose(); } if (PGPKeyData != null) { PGPKeyData.Dispose(); } }
private static void SignElement(string absoluteCertFilePath, string password, object element) { TElXMLSigner Signer; TElXAdESSigner XAdESSigner = null; TElXMLKeyInfoRSAData RSAKeyData = null; TElXMLKeyInfoX509Data X509KeyData = null; TElXMLKeyInfoPGPData PGPKeyData = null; FileStream F; TElXMLDOMNode SigNode; TElXMLReferenceList Refs = new TElXMLReferenceList(); TElXMLReference Ref = new TElXMLReference(); Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1; if ((TElXMLDOMNode)element is TElXMLDOMDocument) { Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement; Ref.URI = ""; } else if ((TElXMLDOMNode)element is TElXMLDOMElement) { Ref.URINode = (TElXMLDOMNode)element; TElXMLDOMElement El = (TElXMLDOMElement)element; if (El.GetAttribute("ID") != "") Ref.URI = "#" + El.GetAttribute("ID"); else if (El.ParentNode is TElXMLDOMDocument) Ref.URI = ""; else { El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue))); Ref.URI = "#" + El.GetAttribute("Id"); } } else { Ref.URINode = (TElXMLDOMNode)element; Ref.URI = ((TElXMLDOMNode)element).LocalName; } Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform()); Ref.TransformChain.Add(new TElXMLC14NTransform()); Refs.Add(Ref); Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html try { Signer.SignatureType = SBXMLSec.Unit.xstEnveloped; Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment; Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig; Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1; Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5; Signer.References = Refs; Signer.KeyName = String.Empty; Signer.IncludeKey = false; Signer.OnFormatElement += FormatElement; Signer.OnFormatText += FormatText; if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement)) { TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode; El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue))); Ref.URI = "#" + El.GetAttribute("Id"); } RSAKeyData = new TElXMLKeyInfoRSAData(true); RSAKeyData.RSAKeyMaterial.Passphrase = password; X509KeyData = new TElXMLKeyInfoX509Data(true); PGPKeyData = new TElXMLKeyInfoPGPData(true); F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read); try { // trying to load file as RSA key material RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0); } catch { } if (!RSAKeyData.RSAKeyMaterial.SecretKey) { // trying to load file as Certificate F.Position = 0; LoadCertificate(F, password, X509KeyData); } if (!RSAKeyData.RSAKeyMaterial.PublicKey && (X509KeyData.Certificate == null)) { // trying to load file as PGP key F.Position = 0; PGPKeyData.SecretKey = new TElPGPSecretKey(); PGPKeyData.SecretKey.Passphrase = password; try { ((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F); } catch { PGPKeyData.SecretKey = null; } } F.Close(); if (RSAKeyData.RSAKeyMaterial.SecretKey) Signer.KeyData = RSAKeyData; else if (X509KeyData.Certificate != null) { if (!X509KeyData.Certificate.PrivateKeyExists) { throw new Exception("The selected certificate doesn''t contain a private key"); } Signer.KeyData = X509KeyData; } else if (PGPKeyData.SecretKey != null) { Signer.KeyData = PGPKeyData; } Signer.UpdateReferencesDigest(); Signer.GenerateSignature(); SigNode = (TElXMLDOMNode)element; if (SigNode is TElXMLDOMDocument) SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement; try { // If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature. // If the signature type is enveloped, the signature is placed as a child of the passed node. Signer.Save(ref SigNode); } catch (Exception E) { throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message)); } } finally { Signer.Dispose(); if (XAdESSigner != null) XAdESSigner.Dispose(); if (X509KeyData != null) X509KeyData.Dispose(); if (PGPKeyData != null) PGPKeyData.Dispose(); } }
private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt) { //var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true); TElXMLEncryptor Encryptor; TElXMLKeyInfoSymmetricData SymKeyData; TElXMLKeyInfoRSAData RSAKeyData; TElXMLKeyInfoX509Data X509KeyData; TElXMLKeyInfoPGPData PGPKeyData; FileStream F; TElXMLDOMNode EncNode; Encryptor = new TElXMLEncryptor { EncryptKey = true, EncryptionMethod = 1, KeyName = String.Empty, EncryptedDataType = 0, KeyEncryptionType = 0, KeyTransportMethod = 1, KeyWrapMethod = 0 }; SymKeyData = new TElXMLKeyInfoSymmetricData(true); // generate random Key & IV SymKeyData.Key.Generate(32 * 8); SymKeyData.Key.GenerateIV(16 * 8); Encryptor.KeyData = SymKeyData; // xetKeyTransport RSAKeyData = new TElXMLKeyInfoRSAData(true); RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty; X509KeyData = new TElXMLKeyInfoX509Data(true); PGPKeyData = new TElXMLKeyInfoPGPData(true); certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc"); F = new FileStream(certificate, FileMode.Open, FileAccess.Read); PGPKeyData.PublicKey = new TElPGPPublicKey(); try { ((TElPGPPublicKey) PGPKeyData.PublicKey).LoadFromStream(F); } catch { PGPKeyData.PublicKey.Dispose(); PGPKeyData.PublicKey = null; } F.Close(); Encryptor.KeyEncryptionKeyData = PGPKeyData; //Encrypt Node Encryptor.Encrypt(nodeToEnrypt); // Save document EncNode = Encryptor.Save(FXMLDocument); //Replacing selected node with encrypted node var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion"); var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2"); nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion"; encryptedAssertion.Attributes.Add(nsAttr); encryptedAssertion.AppendChild(EncNode); nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt); Encryptor.Dispose(); if (X509KeyData != null) X509KeyData.Dispose(); if (PGPKeyData != null) PGPKeyData.Dispose(); }
public MemoryStream SignXML(Stream stream, string accessToken, string OTP, string PIN, string credentialID, string base_URL, string hash_algo, string sign_algo) { var memory = new MemoryStream(); try { SBUtils.Unit.SetLicenseKey("03D250F599AFD170E8A7410AFE3EAAC635E687187762F9936518B7FA6AEDDB215DF3177560DD647433BEE43711D31EC2B6818C0797C464E7F077467EABB466DE8F21CE77A054C9D3B04B0BA859B4BE8E8B7FCD50D07E2A4CD96240FA1468D8F03CBDE4EB1D2070A4294D2426881EEFBDFFAA7A76747B30A2E0564CA06CD673089318BFBA530E88A26F6FF76E46FE2A5A65C0FBAACB09F9804BC287412E49EE832058643D8A59B8398C7637C3EDE91660E6B696F32AD416F606DB215A2FFF214B5DF58DE27687362740B591D7F3D2D33CE6A3D1601521408511476FA81D374CA32D0443BD710D4D732A8C398A953047EEAB4A62237813DA11FC5E0EBFF1E69A9D"); pin = PIN; otp = OTP; credentialsID = credentialID; access_token = accessToken; baseURL = base_URL; hashAlgo = hash_algo; signAlgo = sign_algo; TElXMLDOMDocument document = new TElXMLDOMDocument(); TElXMLDOMDocument signedDocument = new TElXMLDOMDocument(); stream.Position = 0; document.LoadFromStream(stream, "ISO-8859-1", true); TElXMLSigner Signer = new TElXMLSigner(null); TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false); try { Signer.SignatureType = SBXMLSec.Unit.xstEnveloped; Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon; Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig; TElXMLReference Ref = new TElXMLReference(); Ref.URI = ""; Ref.URINode = document.DocumentElement; Ref.TransformChain.AddEnvelopedSignatureTransform(); if (hashAlgo == "2.16.840.1.101.3.4.2.1") { Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256; Ref.DigestMethod = SBXMLSec.Unit.xdmSHA256; } else { Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1; Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1; } Signer.References.Add(Ref); TElX509Certificate Cert = LoadCertificate(credentialsID, access_token); X509Data.Certificate = Cert; Signer.KeyData = X509Data; Signer.UpdateReferencesDigest(); Signer.OnRemoteSign += new TSBXMLRemoteSignEvent(XAdESHandler_OnRemoteSign); Signer.GenerateSignature(); TElXMLDOMNode node = document.ChildNodes.get_Item(0); Signer.SaveEnveloped(document.DocumentElement); // Signer.SaveEnveloping(node); // Signer.SaveDetached(); - semnatura se salveaza separat document.SaveToStream(memory); return(memory); } finally { Signer.Dispose(); X509Data.Dispose(); } } catch (Exception ex) { return(memory); } }