// This function is called by the Index method (see above). It contains examples of signature validation parameters. private static void setValidationParameters(XmlSignatureExplorer sigExplorer, int caseNumber) { switch (caseNumber) { /* * Example #1: accept any valid XmlDSig signature as long as the signer has an ICP-Brasil certificate * * These parameters will only accept signatures made with ICP-Brasil certificates that comply with the * minimal security features defined in the XmlDSig standard. The signatures need not, however, follow * the extra requirements defined in the ICP-Brasil signature policy documentation (DOC-ICP-15.03). */ case 1: // By omitting the accepted policies catalog and defining a default policy, we're telling Rest PKI to validate // all signatures in the file with the default policy -- even signatures with an explicit signature policy. sigExplorer.AcceptableExplicitPolicies = null; sigExplorer.DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic; // The XmlDSigBasic policy requires us to choose a security context sigExplorer.SecurityContextId = StandardSecurityContexts.PkiBrazil; break; /* * Example #2: accept any valid XmlDSig signature as long as the signer is trusted by Windows * * Same case as example #1, but using the WindowsServer trust arbitrator */ case 2: sigExplorer.AcceptableExplicitPolicies = null; sigExplorer.DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic; sigExplorer.SecurityContextId = StandardSecurityContexts.WindowsServer; break; } }
public async Task <ActionResult> Index(string userfile) { // Our action only works if a userfile is given to work with if (string.IsNullOrEmpty(userfile)) { return(HttpNotFound()); } var filename = userfile.Replace("_", "."); // Note: we're receiving the userfile argument with "_" as "." because of limitations of // ASP.NET MVC. // Get an instance of the XmlSignatureExplorer class, used to open/validate XML signatures. var sigExplorer = new XmlSignatureExplorer(Util.GetRestPkiClient()) { // Specify that we want to validate the signatures in the file, not only inspect them. Validate = true, // Specify the parameters for the signature validation: // Accept any valid XmlDSig signature as long as the signer has an ICP-Brasil certificate. DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic, // We have encapsulated the security context choice on Util.cs. SecurityContextId = Util.GetSecurityContextId() }; // Set the XML file sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename)); // Call the Open() method, which returns a list of signatures found in the XML file var signatures = await sigExplorer.OpenAsync(); // Render the signatures' information. (see file Views/OpenXmlSignature/Index.html for more // information on the information returned) return(View(signatures)); }
public ActionResult Index(string userfile) { // Our action only works if a userfile is given to work with if (string.IsNullOrEmpty(userfile)) { return(HttpNotFound()); } var filename = userfile.Replace("_", "."); // Note: we're passing the filename argument with "." as "_" because of limitations of ASP.NET MVC // Get an instance of the XmlSignatureExplorer class, used to open/validate XML signatures var sigExplorer = new XmlSignatureExplorer(Util.GetRestPkiClient()) { Validate = true // Specify that we want to validate the signatures in the file, not only inspect them }; // Set the XML file sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename)); // Parameters for the signature validation. We have encapsulated this code in a method to include several // possibilities depending on the argument passed. Experiment changing the argument to see different validation // configurations. Once you decide which is best for your case, you can place the code directly here. setValidationParameters(sigExplorer, 1); // try changing this number ---------^ for different validation parameters // Call the Open() method, which returns a list of signatures found in the XML file var signatures = sigExplorer.Open(); // Render the signatures' information (see file Views/OpenXmlSignature/Index.html for more information on the information returned) return(View(signatures)); }
public async Task <ActionResult> Index(string userfile) { // Our action only works if a userfile is given to work with. string userfilePath; if (!StorageMock.TryGetFile(userfile, out userfilePath)) { return(HttpNotFound()); } // Get an instance of the XmlSignatureExplorer class, used to open/validate XML signatures. var sigExplorer = new XmlSignatureExplorer(Util.GetRestPkiClient()) { // Specify that we want to validate the signatures in the file, not only inspect them. Validate = true, // Specify the parameters for the signature validation: // Accept any valid XmlDSig signature as long as the signer has an ICP-Brasil certificate. DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic, // Specify the security context to be used to determine trust in the certificate chain. We // have encapsulated the security context choice on Util.cs. SecurityContextId = Util.GetSecurityContextId() }; // Set the XML file. sigExplorer.SetSignatureFile(userfilePath); // Call the Open() method, which returns a list of signatures found in the XML file. var signatures = await sigExplorer.OpenAsync(); // Render the signatures' information (see file OpenXmlSignature/Index.html for more // information on the information returned). return(View(new OpenXmlSignatureModel() { Signatures = signatures })); }