예제 #1
0
        public async Task <object> SignXMLAsync(string accessToken, string base_URL, InputSignatureAdvanced inputSignatureAdvanced)
        {
            SBUtils.Unit.SetLicenseKey("03D250F599AFD170E8A7410AFE3EAAC635E687187762F9936518B7FA6AEDDB215DF3177560DD647433BEE43711D31EC2B6818C0797C464E7F077467EABB466DE8F21CE77A054C9D3B04B0BA859B4BE8E8B7FCD50D07E2A4CD96240FA1468D8F03CBDE4EB1D2070A4294D2426881EEFBDFFAA7A76747B30A2E0564CA06CD673089318BFBA530E88A26F6FF76E46FE2A5A65C0FBAACB09F9804BC287412E49EE832058643D8A59B8398C7637C3EDE91660E6B696F32AD416F606DB215A2FFF214B5DF58DE27687362740B591D7F3D2D33CE6A3D1601521408511476FA81D374CA32D0443BD710D4D732A8C398A953047EEAB4A62237813DA11FC5E0EBFF1E69A9D");
            pin = inputSignatureAdvanced.PIN; otp = inputSignatureAdvanced.OTP; credentialsID = inputSignatureAdvanced.credentialsID; access_token = accessToken; baseURL = base_URL; hashAlgo = inputSignatureAdvanced.hashAlgo; signAlgo = inputSignatureAdvanced.signAlgo;

            OutputError error = new OutputError()
            {
                error             = "error_pades_signature",
                error_description = "error"
            };

            TElXMLDOMDocument document       = new TElXMLDOMDocument();
            TElXMLDOMDocument signedDocument = new TElXMLDOMDocument();

            try
            {
                var filePath = Path.GetTempFileName();
                if (inputSignatureAdvanced.documentStream.Length > 0)
                {
                    using (Stream stream = new FileStream(filePath, FileMode.Create))
                    {
                        Stream memoryStream = new MemoryStream(inputSignatureAdvanced.documentStream);

                        await memoryStream.CopyToAsync(stream);

                        stream.Position = 0;
                        document.LoadFromStream(stream, "ISO-8859-1", true);

                        TElXMLSigner          Signer   = new TElXMLSigner(null);
                        TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);
                        try
                        {
                            Signer.SignatureType          = SBXMLSec.Unit.xstEnveloped;
                            Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
                            Signer.SignatureMethodType    = SBXMLSec.Unit.xmtSig;

                            TElXMLReference Ref = new TElXMLReference();

                            Ref.URI     = "";
                            Ref.URINode = document.DocumentElement;
                            Ref.TransformChain.AddEnvelopedSignatureTransform();

                            if (hashAlgo == "2.16.840.1.101.3.4.2.1")
                            {
                                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;
                                Ref.DigestMethod       = SBXMLSec.Unit.xdmSHA256;
                            }
                            else
                            {
                                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                                Ref.DigestMethod       = SBXMLSec.Unit.xdmSHA1;
                            }

                            Signer.References.Add(Ref);

                            TElX509Certificate Cert = LoadCertificate(credentialsID, accessToken);
                            X509Data.Certificate = Cert;
                            Signer.KeyData       = X509Data;

                            Signer.UpdateReferencesDigest();
                            Signer.OnRemoteSign += new TSBXMLRemoteSignEvent(XAdESHandler_OnRemoteSign);
                            Signer.GenerateSignature();
                            TElXMLDOMNode node = document.ChildNodes.get_Item(0);

                            Signer.SaveEnveloped(document.DocumentElement);
                            var signedMemory = new MemoryStream();
                            document.SaveToStream(signedMemory);

                            OutputAdvancedSignature output = new OutputAdvancedSignature()
                            {
                                signedDocument = signedMemory.GetBuffer()
                            };

                            Signer.Dispose();
                            X509Data.Dispose();
                            return(output);
                        }
                        catch (Exception ex)
                        {
                            return(error);
                        }
                    }
                }
                else
                {
                    return(error);
                }
            }

            catch (Exception ex)
            {
                return(error);
            }
        }
예제 #2
0
        private static void SignElement(string absoluteCertFilePath, string password, object element)
        {
            TElXMLSigner          Signer;
            TElXAdESSigner        XAdESSigner = null;
            TElXMLKeyInfoRSAData  RSAKeyData  = null;
            TElXMLKeyInfoX509Data X509KeyData = null;
            TElXMLKeyInfoPGPData  PGPKeyData  = null;
            FileStream            F;
            TElXMLDOMNode         SigNode;

            TElXMLReferenceList Refs = new TElXMLReferenceList();
            TElXMLReference     Ref  = new TElXMLReference();

            Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
            if ((TElXMLDOMNode)element is TElXMLDOMDocument)
            {
                Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
                Ref.URI     = "";
            }
            else
            if ((TElXMLDOMNode)element is TElXMLDOMElement)
            {
                Ref.URINode = (TElXMLDOMNode)element;
                TElXMLDOMElement El = (TElXMLDOMElement)element;
                if (El.GetAttribute("ID") != "")
                {
                    Ref.URI = "#" + El.GetAttribute("ID");
                }
                else
                if (El.ParentNode is TElXMLDOMDocument)
                {
                    Ref.URI = "";
                }
                else
                {
                    El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                    Ref.URI = "#" + El.GetAttribute("Id");
                }
            }
            else
            {
                Ref.URINode = (TElXMLDOMNode)element;
                Ref.URI     = ((TElXMLDOMNode)element).LocalName;
            }

            Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
            Ref.TransformChain.Add(new TElXMLC14NTransform());
            Refs.Add(Ref);

            Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
            try
            {
                Signer.SignatureType          = SBXMLSec.Unit.xstEnveloped;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
                Signer.SignatureMethodType    = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod        = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod  = SBXMLSec.Unit.xmmHMAC_MD5;
                Signer.References = Refs;
                Signer.KeyName    = String.Empty;
                Signer.IncludeKey = false;

                Signer.OnFormatElement += FormatElement;
                Signer.OnFormatText    += FormatText;

                if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
                {
                    TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
                    El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                    Ref.URI = "#" + El.GetAttribute("Id");
                }


                RSAKeyData = new TElXMLKeyInfoRSAData(true);
                RSAKeyData.RSAKeyMaterial.Passphrase = password;
                X509KeyData = new TElXMLKeyInfoX509Data(true);
                PGPKeyData  = new TElXMLKeyInfoPGPData(true);

                F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);

                try
                {
                    // trying to load file as RSA key material
                    RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
                }
                catch { }

                if (!RSAKeyData.RSAKeyMaterial.SecretKey)
                {
                    // trying to load file as Certificate
                    F.Position = 0;
                    LoadCertificate(F, password, X509KeyData);
                }

                if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
                    (X509KeyData.Certificate == null))
                {
                    // trying to load file as PGP key
                    F.Position                      = 0;
                    PGPKeyData.SecretKey            = new TElPGPSecretKey();
                    PGPKeyData.SecretKey.Passphrase = password;
                    try
                    {
                        ((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
                    }
                    catch
                    {
                        PGPKeyData.SecretKey = null;
                    }
                }

                F.Close();

                if (RSAKeyData.RSAKeyMaterial.SecretKey)
                {
                    Signer.KeyData = RSAKeyData;
                }
                else if (X509KeyData.Certificate != null)
                {
                    if (!X509KeyData.Certificate.PrivateKeyExists)
                    {
                        throw new Exception("The selected certificate doesn''t contain a private key");
                    }

                    Signer.KeyData = X509KeyData;
                }
                else if (PGPKeyData.SecretKey != null)
                {
                    Signer.KeyData = PGPKeyData;
                }

                Signer.UpdateReferencesDigest();

                Signer.GenerateSignature();

                SigNode = (TElXMLDOMNode)element;
                if (SigNode is TElXMLDOMDocument)
                {
                    SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;
                }

                try
                {
                    // If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
                    // If the signature type is enveloped, the signature is placed as a child of the passed node.
                    Signer.Save(ref SigNode);
                }
                catch (Exception E)
                {
                    throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
                }
            }
            finally
            {
                Signer.Dispose();
                if (XAdESSigner != null)
                {
                    XAdESSigner.Dispose();
                }
                if (X509KeyData != null)
                {
                    X509KeyData.Dispose();
                }
                if (PGPKeyData != null)
                {
                    PGPKeyData.Dispose();
                }
            }
        }
예제 #3
0
        private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
        {
            //var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);

            TElXMLEncryptor            Encryptor;
            TElXMLKeyInfoSymmetricData SymKeyData;
            TElXMLKeyInfoRSAData       RSAKeyData;
            TElXMLKeyInfoX509Data      X509KeyData;
            TElXMLKeyInfoPGPData       PGPKeyData;
            FileStream    F;
            TElXMLDOMNode EncNode;

            Encryptor = new TElXMLEncryptor
            {
                EncryptKey         = true,
                EncryptionMethod   = 1,
                KeyName            = String.Empty,
                EncryptedDataType  = 0,
                KeyEncryptionType  = 0,
                KeyTransportMethod = 1,
                KeyWrapMethod      = 0
            };

            SymKeyData = new TElXMLKeyInfoSymmetricData(true);
            // generate random Key & IV
            SymKeyData.Key.Generate(32 * 8);
            SymKeyData.Key.GenerateIV(16 * 8);

            Encryptor.KeyData = SymKeyData;

            // xetKeyTransport
            RSAKeyData = new TElXMLKeyInfoRSAData(true);
            RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
            X509KeyData = new TElXMLKeyInfoX509Data(true);
            PGPKeyData  = new TElXMLKeyInfoPGPData(true);

            certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
            F           = new FileStream(certificate, FileMode.Open, FileAccess.Read);

            PGPKeyData.PublicKey = new TElPGPPublicKey();
            try
            {
                ((TElPGPPublicKey)PGPKeyData.PublicKey).LoadFromStream(F);
            }
            catch
            {
                PGPKeyData.PublicKey.Dispose();
                PGPKeyData.PublicKey = null;
            }

            F.Close();

            Encryptor.KeyEncryptionKeyData = PGPKeyData;

            //Encrypt Node
            Encryptor.Encrypt(nodeToEnrypt);
            // Save document
            EncNode = Encryptor.Save(FXMLDocument);

            //Replacing selected node with encrypted node
            var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");

            var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");

            nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
            encryptedAssertion.Attributes.Add(nsAttr);
            encryptedAssertion.AppendChild(EncNode);
            nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);

            Encryptor.Dispose();
            if (X509KeyData != null)
            {
                X509KeyData.Dispose();
            }
            if (PGPKeyData != null)
            {
                PGPKeyData.Dispose();
            }
        }
예제 #4
0
        private static void SignElement(string absoluteCertFilePath, string password, object element)
        {
            TElXMLSigner Signer;
            TElXAdESSigner XAdESSigner = null;
            TElXMLKeyInfoRSAData RSAKeyData = null;
            TElXMLKeyInfoX509Data X509KeyData = null;
            TElXMLKeyInfoPGPData PGPKeyData = null;
            FileStream F;
            TElXMLDOMNode SigNode;

            TElXMLReferenceList Refs = new TElXMLReferenceList();
            TElXMLReference Ref = new TElXMLReference();
            Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
            if ((TElXMLDOMNode)element is TElXMLDOMDocument)
            {
                Ref.URINode = ((TElXMLDOMDocument)element).DocumentElement;
                Ref.URI = "";
            }
            else
                if ((TElXMLDOMNode)element is TElXMLDOMElement)
                {
                    Ref.URINode = (TElXMLDOMNode)element;
                    TElXMLDOMElement El = (TElXMLDOMElement)element;
                    if (El.GetAttribute("ID") != "")
                        Ref.URI = "#" + El.GetAttribute("ID");
                    else
                        if (El.ParentNode is TElXMLDOMDocument)
                            Ref.URI = "";
                        else
                        {
                            El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                            Ref.URI = "#" + El.GetAttribute("Id");
                        }
                }
                else
                {
                    Ref.URINode = (TElXMLDOMNode)element;
                    Ref.URI = ((TElXMLDOMNode)element).LocalName;
                }

            Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
            Ref.TransformChain.Add(new TElXMLC14NTransform());
            Refs.Add(Ref);

            Signer = new TElXMLSigner(); // https://www.eldos.com/documentation/sbb/documentation/ref_cl_xmlsigner_prp_signaturemethodtype.html
            try
            {
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloped;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanonComment;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_MD5;
                Signer.References = Refs;
                Signer.KeyName = String.Empty;
                Signer.IncludeKey = false;

                Signer.OnFormatElement += FormatElement;
                Signer.OnFormatText += FormatText;

                if ((Signer.SignatureType == SBXMLSec.Unit.xstEnveloping) && (Ref != null) && (Ref.URI == "") && (Ref.URINode is TElXMLDOMElement))
                {
                    TElXMLDOMElement El = (TElXMLDOMElement)Ref.URINode;
                    El.SetAttribute("ID", "id-" + SBStrUtils.Unit.IntToStr(SBRandom.__Global.SBRndGenerate(uint.MaxValue)));
                    Ref.URI = "#" + El.GetAttribute("Id");
                }

                RSAKeyData = new TElXMLKeyInfoRSAData(true);
                RSAKeyData.RSAKeyMaterial.Passphrase = password;
                X509KeyData = new TElXMLKeyInfoX509Data(true);
                PGPKeyData = new TElXMLKeyInfoPGPData(true);

                F = new FileStream(absoluteCertFilePath, FileMode.Open, FileAccess.Read);

                try
                {
                    // trying to load file as RSA key material
                    RSAKeyData.RSAKeyMaterial.LoadSecret(F, 0);
                }
                catch { }

                if (!RSAKeyData.RSAKeyMaterial.SecretKey)
                {
                    // trying to load file as Certificate
                    F.Position = 0;
                    LoadCertificate(F, password, X509KeyData);
                }

                if (!RSAKeyData.RSAKeyMaterial.PublicKey &&
                    (X509KeyData.Certificate == null))
                {
                    // trying to load file as PGP key
                    F.Position = 0;
                    PGPKeyData.SecretKey = new TElPGPSecretKey();
                    PGPKeyData.SecretKey.Passphrase = password;
                    try
                    {
                        ((TElPGPSecretKey)PGPKeyData.SecretKey).LoadFromStream(F);
                    }
                    catch
                    {
                        PGPKeyData.SecretKey = null;
                    }
                }

                F.Close();

                if (RSAKeyData.RSAKeyMaterial.SecretKey)
                    Signer.KeyData = RSAKeyData;
                else if (X509KeyData.Certificate != null)
                {
                    if (!X509KeyData.Certificate.PrivateKeyExists)
                        {
                        throw new Exception("The selected certificate doesn''t contain a private key");
                    }

                    Signer.KeyData = X509KeyData;
                }
                else if (PGPKeyData.SecretKey != null)
                {
                    Signer.KeyData = PGPKeyData;
                }

                Signer.UpdateReferencesDigest();

                Signer.GenerateSignature();

                SigNode = (TElXMLDOMNode)element;
                if (SigNode is TElXMLDOMDocument)
                    SigNode = ((TElXMLDOMDocument)SigNode).DocumentElement;

                try
                {
                    // If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
                    // If the signature type is enveloped, the signature is placed as a child of the passed node.
                    Signer.Save(ref SigNode);
                }
                catch (Exception E)
                {
                    throw new Exception(string.Format("Failed to sign data and to save the signature: ({0})", E.Message));
                }
            }
            finally
            {
                Signer.Dispose();
                if (XAdESSigner != null)
                    XAdESSigner.Dispose();
                if (X509KeyData != null)
                    X509KeyData.Dispose();
                if (PGPKeyData != null)
                    PGPKeyData.Dispose();
            }
        }
예제 #5
0
        private static void EncryptAssertion(string certificate, TElXMLDOMNode nodeToEnrypt)
        {
            //var nodeToEnrypt = FXMLDocument.FindNode("saml2:Assertion", true);

            TElXMLEncryptor Encryptor;
            TElXMLKeyInfoSymmetricData SymKeyData;
            TElXMLKeyInfoRSAData RSAKeyData;
            TElXMLKeyInfoX509Data X509KeyData;
            TElXMLKeyInfoPGPData PGPKeyData;
            FileStream F;
            TElXMLDOMNode EncNode;

            Encryptor = new TElXMLEncryptor
            {
                EncryptKey = true,
                EncryptionMethod = 1,
                KeyName = String.Empty,
                EncryptedDataType = 0,
                KeyEncryptionType = 0,
                KeyTransportMethod = 1,
                KeyWrapMethod = 0
            };

            SymKeyData = new TElXMLKeyInfoSymmetricData(true);
            // generate random Key & IV
            SymKeyData.Key.Generate(32 * 8);
            SymKeyData.Key.GenerateIV(16 * 8);

            Encryptor.KeyData = SymKeyData;

            // xetKeyTransport
            RSAKeyData = new TElXMLKeyInfoRSAData(true);
            RSAKeyData.RSAKeyMaterial.Passphrase = String.Empty;
            X509KeyData = new TElXMLKeyInfoX509Data(true);
            PGPKeyData = new TElXMLKeyInfoPGPData(true);

            certificate = HostingEnvironment.MapPath("~/App_Data/ussitsps_test_pub.asc");
            F = new FileStream(certificate, FileMode.Open, FileAccess.Read);

            PGPKeyData.PublicKey = new TElPGPPublicKey();
            try
            {
                ((TElPGPPublicKey) PGPKeyData.PublicKey).LoadFromStream(F);
            }
            catch
            {
                PGPKeyData.PublicKey.Dispose();
                PGPKeyData.PublicKey = null;
            }

            F.Close();

            Encryptor.KeyEncryptionKeyData = PGPKeyData;

            //Encrypt Node
            Encryptor.Encrypt(nodeToEnrypt);
            // Save document
            EncNode = Encryptor.Save(FXMLDocument);

            //Replacing selected node with encrypted node
            var encryptedAssertion = FXMLDocument.CreateElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "saml2:EncryptedAssertion");

            var nsAttr = FXMLDocument.CreateAttribute("xmlns:saml2");
            nsAttr.Value = "urn:oasis:names:tc:SAML:2.0:assertion";
            encryptedAssertion.Attributes.Add(nsAttr);
            encryptedAssertion.AppendChild(EncNode);
            nodeToEnrypt.ParentNode.ReplaceChild(encryptedAssertion, nodeToEnrypt);

            Encryptor.Dispose();
            if (X509KeyData != null)
                X509KeyData.Dispose();
            if (PGPKeyData != null)
                PGPKeyData.Dispose();
        }
예제 #6
0
        public MemoryStream SignXML(Stream stream, string accessToken, string OTP, string PIN, string credentialID, string base_URL, string hash_algo, string sign_algo)
        {
            var memory = new MemoryStream();

            try
            {
                SBUtils.Unit.SetLicenseKey("03D250F599AFD170E8A7410AFE3EAAC635E687187762F9936518B7FA6AEDDB215DF3177560DD647433BEE43711D31EC2B6818C0797C464E7F077467EABB466DE8F21CE77A054C9D3B04B0BA859B4BE8E8B7FCD50D07E2A4CD96240FA1468D8F03CBDE4EB1D2070A4294D2426881EEFBDFFAA7A76747B30A2E0564CA06CD673089318BFBA530E88A26F6FF76E46FE2A5A65C0FBAACB09F9804BC287412E49EE832058643D8A59B8398C7637C3EDE91660E6B696F32AD416F606DB215A2FFF214B5DF58DE27687362740B591D7F3D2D33CE6A3D1601521408511476FA81D374CA32D0443BD710D4D732A8C398A953047EEAB4A62237813DA11FC5E0EBFF1E69A9D");

                pin = PIN; otp = OTP; credentialsID = credentialID; access_token = accessToken; baseURL = base_URL; hashAlgo = hash_algo; signAlgo = sign_algo;

                TElXMLDOMDocument document       = new TElXMLDOMDocument();
                TElXMLDOMDocument signedDocument = new TElXMLDOMDocument();

                stream.Position = 0;
                document.LoadFromStream(stream, "ISO-8859-1", true);

                TElXMLSigner          Signer   = new TElXMLSigner(null);
                TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);
                try
                {
                    Signer.SignatureType          = SBXMLSec.Unit.xstEnveloped;
                    Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
                    Signer.SignatureMethodType    = SBXMLSec.Unit.xmtSig;

                    TElXMLReference Ref = new TElXMLReference();

                    Ref.URI     = "";
                    Ref.URINode = document.DocumentElement;
                    Ref.TransformChain.AddEnvelopedSignatureTransform();

                    if (hashAlgo == "2.16.840.1.101.3.4.2.1")
                    {
                        Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;
                        Ref.DigestMethod       = SBXMLSec.Unit.xdmSHA256;
                    }
                    else
                    {
                        Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                        Ref.DigestMethod       = SBXMLSec.Unit.xdmSHA1;
                    }

                    Signer.References.Add(Ref);

                    TElX509Certificate Cert = LoadCertificate(credentialsID, access_token);
                    X509Data.Certificate = Cert;
                    Signer.KeyData       = X509Data;

                    Signer.UpdateReferencesDigest();
                    Signer.OnRemoteSign += new TSBXMLRemoteSignEvent(XAdESHandler_OnRemoteSign);
                    Signer.GenerateSignature();
                    TElXMLDOMNode node = document.ChildNodes.get_Item(0);

                    Signer.SaveEnveloped(document.DocumentElement);

                    // Signer.SaveEnveloping(node);
                    // Signer.SaveDetached(); - semnatura se salveaza separat



                    document.SaveToStream(memory);

                    return(memory);
                }
                finally
                {
                    Signer.Dispose();
                    X509Data.Dispose();
                }
            }
            catch (Exception ex) { return(memory); }
        }