//throws XMLSecurityException
/**
* This will sign the XRD using the provided Private Key. The
* signature will be kept in DOM. DOM will be created if it doesn't exist
* already.
* @param oKey - The private key to sign the descriptor with.
* @throws XMLSecurityException
*/
public void sign(PrivateKey oKey)
{
// build up the DOM (stored in moElem for future use)
getDOM();
// before signing, make sure that the document is properly normalized
// this is separate from the XMLDSig canonicalization and is more for attributes, namespaces, etc.
moElem.OwnerDocument.Normalize();
XmlElement oAssertionElem =
DOMUtils.getFirstChildElement(
moElem, Tags.NS_SAML, Tags.TAG_ASSERTION);
if (oAssertionElem == null) {
throw new XMLSecurityException(
"Cannot create signature. No SAML Assertion attached to descriptor.");
}
XmlElement oSubjectElem =
DOMUtils.getFirstChildElement(
oAssertionElem, Tags.NS_SAML, Tags.TAG_SUBJECT);
if (oSubjectElem == null) {
throw new XMLSecurityException(
"Cannot create signature. SAML Assertion has no subject.");
}
// make sure the id attribute is present
string sID = moElem.getAttributeNS(Tags.NS_XML, Tags.ATTR_ID_LOW);
if ((sID == null) || (sID.Equals(""))) {
throw new XMLSecurityException(
"Cannot create signature. ID is missing for " +
moElem.LocalName);
}
// Set the DOM so that it can be signed
DOM3Utils.bestEffortSetIDAttr(moElem, Tags.NS_XML, Tags.ATTR_ID_LOW);
// Build the empty signature.
XmlDocument oDoc = moElem.getOwnerDocument();
XMLSignature oSig =
new XMLSignature(
oDoc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
// add all the transforms to the signature
string[] oTransforms =
new string[] { Transforms.TRANSFORM_ENVELOPED_SIGNATURE, Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS };
Transforms oTrans = new Transforms(oSig.getDocument());
for (int i = 0; i < oTransforms.Length; i++) {
oTrans.addTransform(oTransforms[i]);
}
oSig.addDocument("#" + sID, oTrans);
// now finally sign the thing
oSig.sign(oKey);
// now sub in this element
XmlElement oSigElem = oSig.getElement();
// insert the signature in the right place
oAssertionElem.InsertBefore(oSigElem, oSubjectElem);
}
public static bool createEnvelopedBes(string pinNo, string signXML, String outXML, bool bInTest)
{
bool res = false;
cardPinNo = pinNo;
TestEnvelopedSignatureInitialize();
try
{
// here is our custom envelope xml
// XmlDocument envelopeDoc = newEnvelope("edefter.xml");
XmlDocument envelopeDoc = Conn.newEnvelope(signXML);
XmlElement exts = (XmlElement)envelopeDoc.GetElementsByTagName("ext:UBLExtensions").Item(0);
XmlElement ext = (XmlElement)exts.GetElementsByTagName("ext:UBLExtension").Item(0);
XmlElement extContent = (XmlElement)ext.GetElementsByTagName("ext:ExtensionContent").Item(0);
UriBuilder ub = new UriBuilder(Conn.ROOT_DIR + "efatura\\config\\");
// create context with working dir
Context context = new Context(ub.Uri);
//UriBuilder ub2 = new UriBuilder(Conn.ROOT_DIR + "efatura\\config\\xmlsignature-config.xml");
context.Config = new Config(Conn.ROOT_DIR + "efatura\\config\\xmlsignature-config.xml");
// define where signature belongs to
context.Document = envelopeDoc;
// create signature according to context,
// with default type (XADES_BES)
XMLSignature signature = new XMLSignature(context, false);
String setID = "Signature_" + envelopeDoc.GetElementsByTagName("cbc:ID").Item(0).InnerText;
signature.Id = setID;
signature.SigningTime = DateTime.Now;
// attach signature to envelope
//envelopeDoc.DocumentElement.AppendChild(signature.Element);
extContent.AppendChild(signature.Element);
//add transforms for efatura
Transforms transforms = new Transforms(context);
transforms.addTransform(new Transform(context, TransformType.ENVELOPED.Url));
// add document as reference,
//signature.addDocument("#data1", "text/xml", false);
signature.addDocument("", "text/xml", transforms, DigestMethod.SHA_256, false);
ECertificate certificate = SmartCardManager.getInstance().getEInvoiceCertificate(cardPinNo);// getSignatureCertificate(true, false);
if (certificate.isMaliMuhurCertificate())
{
ValidationPolicy policy = new ValidationPolicy();
String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy-malimuhur.xml";
policy = PolicyReader.readValidationPolicy(policyPath);
ValidationSystem vs = CertificateValidation.createValidationSystem(policy);
context.setCertValidationSystem(vs);
}
else
{
ValidationPolicy policy = new ValidationPolicy();
String policyPath = Conn.ROOT_DIR + "efatura\\config\\certval-policy.xml";
policy = PolicyReader.readValidationPolicy(policyPath);
ValidationSystem vs = CertificateValidation.createValidationSystem(policy);
context.setCertValidationSystem(vs);
}
if (CertValidation.validateCertificate(certificate) || bInTest)
{
BaseSigner signer = SmartCardManager.getInstance().getSigner(cardPinNo, certificate);
X509Certificate2 msCert = certificate.asX509Certificate2();
signature.addKeyInfo(msCert.PublicKey.Key);
signature.addKeyInfo(certificate);
KeyInfo keyInfo = signature.createOrGetKeyInfo();
int elementCount = keyInfo.ElementCount;
for (int k = 0; k < elementCount; k++)
{
KeyInfoElement kiElement = keyInfo.get(k);
if (kiElement.GetType().IsAssignableFrom(typeof(X509Data)))
{
X509Data x509Data = (X509Data)kiElement;
X509SubjectName x509SubjectName = new X509SubjectName(context,
certificate.getSubject().stringValue());
x509Data.add(x509SubjectName);
break;
}
}
//signature.addKeyInfo(certificate);
signature.SignedInfo.CanonicalizationMethod = C14nMethod.EXCLUSIVE_WITH_COMMENTS;
signature.sign(signer);
// this time we dont use signature.write because we need to write
// whole document instead of signature
using (Stream s = new FileStream(outXML, FileMode.Create))
{
try
{
envelopeDoc.Save(s);
s.Flush();
s.Close();
res = true;
}
catch (Exception e)
{
res = false;
MessageBox.Show("Dosya kaydedilirken hata oluştu " + e.Message.ToString());
s.Close();
}
}
}
}
catch (Exception e)
{
res = false;
MessageBox.Show("Hata Oluştu \r\n" + e.Message.ToString());
}
return(res);
}
