//throws XMLSecurityException /** * This will sign the XRD using the provided Private Key. The * signature will be kept in DOM. DOM will be created if it doesn't exist * already. * @param oKey - The private key to sign the descriptor with. * @throws XMLSecurityException */ public void sign(PrivateKey oKey) { // build up the DOM (stored in moElem for future use) getDOM(); // before signing, make sure that the document is properly normalized // this is separate from the XMLDSig canonicalization and is more for attributes, namespaces, etc. moElem.OwnerDocument.Normalize(); XmlElement oAssertionElem = DOMUtils.getFirstChildElement( moElem, Tags.NS_SAML, Tags.TAG_ASSERTION); if (oAssertionElem == null) { throw new XMLSecurityException( "Cannot create signature. No SAML Assertion attached to descriptor."); } XmlElement oSubjectElem = DOMUtils.getFirstChildElement( oAssertionElem, Tags.NS_SAML, Tags.TAG_SUBJECT); if (oSubjectElem == null) { throw new XMLSecurityException( "Cannot create signature. SAML Assertion has no subject."); } // make sure the id attribute is present string sID = moElem.getAttributeNS(Tags.NS_XML, Tags.ATTR_ID_LOW); if ((sID == null) || (sID.Equals(""))) { throw new XMLSecurityException( "Cannot create signature. ID is missing for " + moElem.LocalName); } // Set the DOM so that it can be signed DOM3Utils.bestEffortSetIDAttr(moElem, Tags.NS_XML, Tags.ATTR_ID_LOW); // Build the empty signature. XmlDocument oDoc = moElem.getOwnerDocument(); XMLSignature oSig = new XMLSignature( oDoc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); // add all the transforms to the signature string[] oTransforms = new string[] { Transforms.TRANSFORM_ENVELOPED_SIGNATURE, Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS }; Transforms oTrans = new Transforms(oSig.getDocument()); for (int i = 0; i < oTransforms.Length; i++) { oTrans.addTransform(oTransforms[i]); } oSig.addDocument("#" + sID, oTrans); // now finally sign the thing oSig.sign(oKey); // now sub in this element XmlElement oSigElem = oSig.getElement(); // insert the signature in the right place oAssertionElem.InsertBefore(oSigElem, oSubjectElem); }
public static bool createEnvelopedBes(string pinNo, string signXML, String outXML, bool bInTest) { bool res = false; cardPinNo = pinNo; TestEnvelopedSignatureInitialize(); try { // here is our custom envelope xml // XmlDocument envelopeDoc = newEnvelope("edefter.xml"); XmlDocument envelopeDoc = Conn.newEnvelope(signXML); XmlElement exts = (XmlElement)envelopeDoc.GetElementsByTagName("ext:UBLExtensions").Item(0); XmlElement ext = (XmlElement)exts.GetElementsByTagName("ext:UBLExtension").Item(0); XmlElement extContent = (XmlElement)ext.GetElementsByTagName("ext:ExtensionContent").Item(0); UriBuilder ub = new UriBuilder(Conn.ROOT_DIR + "efatura\\config\\"); // create context with working dir Context context = new Context(ub.Uri); //UriBuilder ub2 = new UriBuilder(Conn.ROOT_DIR + "efatura\\config\\xmlsignature-config.xml"); context.Config = new Config(Conn.ROOT_DIR + "efatura\\config\\xmlsignature-config.xml"); // define where signature belongs to context.Document = envelopeDoc; // create signature according to context, // with default type (XADES_BES) XMLSignature signature = new XMLSignature(context, false); String setID = "Signature_" + envelopeDoc.GetElementsByTagName("cbc:ID").Item(0).InnerText; signature.Id = setID; signature.SigningTime = DateTime.Now; // attach signature to envelope //envelopeDoc.DocumentElement.AppendChild(signature.Element); extContent.AppendChild(signature.Element); //add transforms for efatura Transforms transforms = new Transforms(context); transforms.addTransform(new Transform(context, TransformType.ENVELOPED.Url)); // add document as reference, //signature.addDocument("#data1", "text/xml", false); signature.addDocument("", "text/xml", transforms, DigestMethod.SHA_256, false); ECertificate certificate = SmartCardManager.getInstance().getEInvoiceCertificate(cardPinNo);// getSignatureCertificate(true, false); if (certificate.isMaliMuhurCertificate()) { ValidationPolicy policy = new ValidationPolicy(); String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy-malimuhur.xml"; policy = PolicyReader.readValidationPolicy(policyPath); ValidationSystem vs = CertificateValidation.createValidationSystem(policy); context.setCertValidationSystem(vs); } else { ValidationPolicy policy = new ValidationPolicy(); String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy.xml"; policy = PolicyReader.readValidationPolicy(policyPath); ValidationSystem vs = CertificateValidation.createValidationSystem(policy); context.setCertValidationSystem(vs); } if (CertValidation.validateCertificate(certificate) || bInTest) { BaseSigner signer = SmartCardManager.getInstance().getSigner(cardPinNo, certificate); X509Certificate2 msCert = certificate.asX509Certificate2(); signature.addKeyInfo(msCert.PublicKey.Key); signature.addKeyInfo(certificate); KeyInfo keyInfo = signature.createOrGetKeyInfo(); int elementCount = keyInfo.ElementCount; for (int k = 0; k < elementCount; k++) { KeyInfoElement kiElement = keyInfo.get(k); if (kiElement.GetType().IsAssignableFrom(typeof(X509Data))) { X509Data x509Data = (X509Data)kiElement; X509SubjectName x509SubjectName = new X509SubjectName(context, certificate.getSubject().stringValue()); x509Data.add(x509SubjectName); break; } } //signature.addKeyInfo(certificate); signature.SignedInfo.CanonicalizationMethod = C14nMethod.EXCLUSIVE_WITH_COMMENTS; signature.sign(signer); // this time we dont use signature.write because we need to write // whole document instead of signature using (Stream s = new FileStream(outXML, FileMode.Create)) { try { envelopeDoc.Save(s); s.Flush(); s.Close(); res = true; } catch (Exception e) { res = false; MessageBox.Show("Dosya kaydedilirken hata oluştu " + e.Message.ToString()); s.Close(); } } } } catch (Exception e) { res = false; MessageBox.Show("Hata Oluştu \r\n" + e.Message.ToString()); } return(res); }