public static byte[] ComputeValueOfElementList(XadesSignedXml xadesSignedXml, ArrayList elementXpaths)
{
XmlElement signatureElement = xadesSignedXml.GetSignatureElement();
List <XmlAttribute> allNamespaces = xadesSignedXml.GetAllNamespaces(signatureElement);
XmlDocument ownerDocument = signatureElement.OwnerDocument;
XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(ownerDocument.NameTable);
xmlNamespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
xmlNamespaceManager.AddNamespace("xades", "http://uri.etsi.org/01903/v1.3.2#");
using (MemoryStream memoryStream = new MemoryStream())
{
foreach (string elementXpath in elementXpaths)
{
XmlNodeList xmlNodeList = signatureElement.SelectNodes(elementXpath, xmlNamespaceManager);
if (xmlNodeList.Count == 0)
{
throw new CryptographicException("Element " + elementXpath + " not found while calculating hash");
}
foreach (XmlNode item in xmlNodeList)
{
XmlElement xmlElement = (XmlElement)item.Clone();
xmlElement.SetAttribute("xmlns:" + XadesSignedXml.XmlDSigPrefix, "http://www.w3.org/2000/09/xmldsig#");
foreach (XmlAttribute item2 in allNamespaces)
{
xmlElement.SetAttribute(item2.Name, item2.Value);
}
byte[] array = ApplyTransform(xmlElement, new XmlDsigC14NTransform());
memoryStream.Write(array, 0, array.Length);
}
}
return(memoryStream.ToArray());
}
}
private void SetSignatureId(XadesSignedXml xadesSignedXml)
{
string text = Guid.NewGuid().ToString();
xadesSignedXml.Signature.Id = "xmldsig-ab2df1fb-1819-413d-8b8c-79e9ed75638a";
xadesSignedXml.SignatureValueId = xadesSignedXml.Signature.Id + "-sigvalue";
}
private static void InjectSignatureToOriginalDoc(XadesSignedXml signedXml, XmlDocument originalDoc)
{
var xmlSig = signedXml.GetXml();
var signedDataContainer = signedXml.GetIdElement(originalDoc, "signed-data-container");
signedDataContainer?.InsertBefore(originalDoc.ImportNode(xmlSig, true), signedDataContainer.FirstChild);
}
/// <exception cref="System.IO.IOException"></exception>
public virtual Document ExtendSignature(object signatureId, Document document, Document
originalData, SignatureParameters parameters)
{
if (this.tspSource == null)
{
throw new ConfigurationException(ConfigurationException.MSG.CONFIGURE_TSP_SERVER);
}
XmlDocument envelopedSignatureXmlDocument;
XmlDocument xadesDocument;
XmlElement signature;
XadesSignedXml xadesSignedXml;
xadesDocument = XmlUtils.ToXmlDocument(document);
xadesDocument.PreserveWhitespace = true;
xadesDocument.Load(document.OpenStream());
xadesSignedXml = new XadesSignedXml(xadesDocument.DocumentElement); //Needed if it is a enveloped signature document
signature = xadesSignedXml.GetIdElement(xadesDocument, (string)signatureId);
xadesSignedXml.LoadXml(signature);
ExtendSignatureTag(xadesSignedXml);
envelopedSignatureXmlDocument = XmlUtils.ToXmlDocument(originalData);
return(XmlUtils.ToDocument(envelopedSignatureXmlDocument, xadesSignedXml));
}
/// <summary>
/// Establece el identificador para la firma
/// </summary>
private void SetSignatureId(XadesSignedXml xadesSignedXml)
{
string id = Guid.NewGuid().ToString();
xadesSignedXml.Signature.Id = "Signature-" + id;
xadesSignedXml.SignatureValueId = "SignatureValue-" + id;
}
private void RequestTimeStamp(XadesSignedXml xadesSignedXml)
{
TimeStamp signatureTimeStamp;
ArrayList signatureValueElementXpaths;
byte[] signatureValueHash;
byte[] tsaTimeStamp;
signatureValueElementXpaths = new ArrayList();
signatureValueElementXpaths.Add("ds:SignatureValue");
signatureValueHash = ComputeHashValueOfElementList(xadesSignedXml.GetXml(), signatureValueElementXpaths);
//jbonilla
tsaTimeStamp = this.tspSource.GetTimeStampToken(signatureValueHash);
signatureTimeStamp = new TimeStamp("SignatureTimeStamp");
//signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp" + this.uid;
signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsaTimeStamp;
signatureTimeStamp.CanonicalizationMethod.Algorithm = SignedXml.XmlDsigExcC14NTransformUrl;
//jbonilla Deprecated
//HashDataInfo hashDataInfo = new HashDataInfo();
//hashDataInfo.UriAttribute = "#" + elementIdValues[0];
//signatureTimeStamp.HashDataInfoCollection.Add(hashDataInfo);
UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);
xadesSignedXml.UnsignedProperties = unsignedProperties;
//TODO jbonilla - Delete?
XmlElement xml = xadesSignedXml.XadesObject.GetXml();
XmlElement xml1 = xadesSignedXml.GetXml();
}
/// <summary>
/// Construye el documento enveloped
/// </summary>
private void CreateEnvelopedDocument()
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml(_document);
reference.Id = "Reference-" + Guid.NewGuid().ToString();
reference.Uri = "";
for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++)
{
if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase))
{
reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value;
break;
}
}
XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
/// <summary>
/// Carga el documento XML especificado y establece para firmar el elemento especificado en elementId
/// </summary>
/// <param name="xmlDocument"></param>
/// <param name="elementId"></param>
/// <param name="mimeType"></param>
public void SetContentInternallyDetached(XmlDocument xmlDocument, string elementId, string mimeType)
{
_document = (XmlDocument)xmlDocument.Clone();
_document.PreserveWhitespace = true;
Reference reference = new Reference();
reference.Uri = "#" + elementId;
reference.Id = "Reference-" + Guid.NewGuid().ToString();
_objectReference = reference.Id;
_mimeType = mimeType;
if (mimeType == "text/xml")
{
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
reference.AddTransform(transform);
}
else
{
XmlDsigBase64Transform transform = new XmlDsigBase64Transform();
reference.AddTransform(transform);
}
_xadesSignedXml = new XadesSignedXml(_document);
_xadesSignedXml.AddReference(reference);
}
private IEnumerable <X509Certificate2> GetCandidateCertificates(XadesSignedXml signedXml)
{
var certificates = ExtractCertificates(signedXml).ToArray();
if (certificates.Length == 0)
{
throw new InvalidOperationException("Элемент KeyInfo.X509Data.X509Certificate не заполнен или отсутствует");
}
var certInfosCollection = signedXml.SignedSignatureProperties.SigningCertificate.CertCollection;
if (certInfosCollection == null)
{
throw new InvalidOperationException("Элемент xades:SigningCertificate не заполнен или отсутствует");
}
var certInfos = certInfosCollection.OfType <Cert>().ToArray();
foreach (var certificate in certificates)
{
var isCertificateMatch = certInfos.Any(certInfo => IsCertificateMatchCertInfo(certificate, certInfo));
if (isCertificateMatch)
{
yield return(certificate);
}
}
}
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml)
{
base.ExtendSignatureTag(xadesSignedXml);
X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate(
xadesSignedXml.GetSigningCertificate());
DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties
.SignedProperties.SignedSignatureProperties.SigningTime;
ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate
, signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null);
UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties;
var completeCertificateRefs = new CompleteCertificateRefs();
IncorporateCertificateRefs(completeCertificateRefs, ctx);
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = completeCertificateRefs;
var completeRevocationRefs = new CompleteRevocationRefs();
IncorporateOCSPRefs(completeRevocationRefs, ctx);
IncorporateCRLRefs(completeRevocationRefs, ctx);
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = completeRevocationRefs;
xadesSignedXml.UnsignedProperties = unsignedProperties;
}
public static XmlElement SignWithXAdES(X509Certificate2 signingCertificate, XmlDocument xmlDocument)
{
var signedXml = new XadesSignedXml(xmlDocument);
signedXml.Signature.Id = SignatureId;
signedXml.SigningKey = signingCertificate.PrivateKey;
var signatureReference = new Reference {
Uri = "",
};
signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(signatureReference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
signedXml.KeyInfo = keyInfo;
AddXAdESProperties(xmlDocument, signedXml, signingCertificate);
signedXml.ComputeSignature();
return(signedXml.GetXml());
}
public static XadesSignedXml GetXadesSignedXml(SigningKeyProvider provider, XmlDocument originalDoc, string signatureid)
{
var signedXml = new XadesSignedXml(originalDoc)
{
SigningKey = provider.SigningKey
};
signedXml.Signature.Id = signatureid;
signedXml.SignatureValueId = String.Format("{0}-sigvalue", signatureid);
var reference = new Reference
{
Uri = "#signed-data-container",
DigestMethod = provider.DigestMethod,
Id = String.Format("{0}-ref0", signatureid)
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
signedXml.SignedInfo.SignatureMethod = provider.SignatureMethod;
return(signedXml);
}
public static void InjectSignatureTo(this XadesSignedXml signedXml, XmlDocument originalDoc)
{
var signatureElement = signedXml.GetXml();
var importSignatureElement = originalDoc.ImportNode(signatureElement, true);
var signedDataContainer = signedXml.GetIdElement(originalDoc, signedXml.SignedElementId);
signedDataContainer.InsertBefore(importSignatureElement, signedDataContainer.FirstChild);
}
public X509Certificate2 GetSignatureCertificate(XadesSignedXml signedXml)
{
var candidates = GetCandidateCertificates(signedXml).ToArray();
if (!candidates.Any())
{
throw new InvalidOperationException("Не найдено ни одного сертификата, обозначенного в xades:SigningCertificate");
}
return(FindMatchedCertificate(signedXml, candidates));
}
/// <summary>
/// Añade una firma al documento
/// </summary>
/// <param name="certificate"></param>
/// <param name="signMethod"></param>
public void CoSign(X509Certificate2 certificate, SignMethod?signMethod = null)
{
if (_xadesSignedXml == null)
{
throw new Exception("No hay ninguna firma XADES creada previamente.");
}
if (certificate == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
Reference refContent = _xadesSignedXml.SignedInfo.References[0] as Reference;
if (refContent == null)
{
throw new Exception("No se ha podido encontrar la referencia del contenido firmado.");
}
if (_xadesSignedXml.XadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Count > 0)
{
foreach (DataObjectFormat dof in _xadesSignedXml.XadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection)
{
if (dof.ObjectReferenceAttribute == ("#" + refContent.Id))
{
_mimeType = dof.MimeType;
break;
}
}
}
var destination = _xadesSignedXml.GetSignatureElement().ParentNode;
_xadesSignedXml = new XadesSignedXml(_document);
refContent.Id = "Reference-" + Guid.NewGuid().ToString();
_xadesSignedXml.AddReference(refContent);
if (destination.NodeType != XmlNodeType.Document)
{
_xadesSignedXml.SignatureNodeDestination = (XmlElement)destination;
}
else
{
_xadesSignedXml.SignatureNodeDestination = ((XmlDocument)destination).DocumentElement;
}
_objectReference = refContent.Id;
SetSignatureId();
Sign(certificate, signMethod);
}
/// <summary>
/// Construye el documento enveloped
/// </summary>
private void CreateEnvelopedDocument()
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml(_document);
reference.DigestMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
reference.Id = "r-id-1";
reference.Type = "";
reference.Uri = "";
//for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++)
//{
// if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase))
// {
// reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value;
// break;
// }
//}
// ** XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
//xmlDsigEnvelopedSignatureTransform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116";
XmlDocument doc = new XmlDocument();
XmlElement xpathElem = doc.CreateElement("XPath");
xpathElem.InnerText = "not(ancestor-or-self::ds:Signature)";
XmlDsigXPathTransform xform = new XmlDsigXPathTransform();
xform.LoadInnerXml(xpathElem.SelectNodes("."));
xform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116";
//xform.PropagatedNamespaces.Add("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
reference.AddTransform(xform);
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
reference.AddTransform(transform);
//reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
/// <summary>
/// Obtiene el valor canonicalizado de los elementos especificados en elementXpaths
/// </summary>
/// <param name="xadesSignedXml"></param>
/// <param name="elementXpaths"></param>
/// <returns></returns>
public static byte[] ComputeValueOfElementList(XadesSignedXml xadesSignedXml, ArrayList elementXpaths)
{
XmlDocument xmlDocument;
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList searchXmlNodeList;
var signatureXmlElement = xadesSignedXml.GetSignatureElement();
var namespaces = xadesSignedXml.GetAllNamespaces(signatureXmlElement);
xmlDocument = signatureXmlElement.OwnerDocument;
xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable);
xmlNamespaceManager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
xmlNamespaceManager.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri);
using (MemoryStream msResult = new MemoryStream())
{
foreach (string elementXpath in elementXpaths)
{
searchXmlNodeList = signatureXmlElement.SelectNodes(elementXpath, xmlNamespaceManager);
if (searchXmlNodeList.Count == 0)
{
throw new CryptographicException("Element " + elementXpath + " not found while calculating hash");
}
foreach (XmlNode xmlNode in searchXmlNodeList)
{
XmlAttribute dsNamespace = xmlDocument.CreateAttribute("xmlns:" + XadesSignedXml.XmlDSigPrefix);
dsNamespace.Value = XadesSignedXml.XmlDsigNamespaceUrl;
xmlNode.Attributes.Append(dsNamespace);
foreach (var attr in namespaces)
{
XmlAttribute attrNamespace = xmlDocument.CreateAttribute(attr.Name);
attrNamespace.Value = attr.Value;
xmlNode.Attributes.Append(attrNamespace);
}
byte[] canonicalizedElement = ApplyTransform((XmlElement)xmlNode, new XmlDsigC14NTransform());
msResult.Write(canonicalizedElement, 0, canonicalizedElement.Length);
}
}
return(msResult.ToArray());
}
}
/// <summary>
/// Realiza el proceso de firmado
/// </summary>
/// <param name="certificate"></param>
/// <param name="signMethod"></param>
public void Sign(X509Certificate2 certificate, SignMethod?signMethod = null)
{
_mimeType = "application/octet-stream";
if (certificate == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
if (signMethod.HasValue)
{
this.SignMethod = signMethod.Value;
}
if (!string.IsNullOrEmpty(_signatureId) && _document != null &&
_document.SelectSingleNode("//*[@Id='" + _signatureId + "']") != null)
{
throw new Exception("El documento ya ha sido firmado, debe seleccionar otro método de firma.");
}
if (string.IsNullOrEmpty(_signatureId))
{
SetSignatureId();
}
_signCertificate = certificate;
AddCertificateInfo();
AddXadesInfo();
foreach (Reference reference in _xadesSignedXml.SignedInfo.References)
{
reference.DigestMethod = _refsMethodUri;
}
_xadesSignedXml.SignedInfo.SignatureMethod = _signMethodUri;
ComputeSignature();
UpdateDocument();
XmlNode xmlNode = _document.SelectSingleNode("//*[@Id='" + _signatureId + "']");
_xadesSignedXml = new XadesSignedXml(_document);
_xadesSignedXml.LoadXml((XmlElement)xmlNode);
}
private void AddCertificateInfoToSignature(XadesSignedXml xadesSignedXml, SignatureParameters parameters)
{
var key = parameters.SigningCertificate.GetPublicKey();
if (key is RsaKeyParameters)
{
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
RSAParameters RSAKeyInfo = new RSAParameters();
//Set RSAKeyInfo to the public key values.
RSAKeyInfo.Modulus = ((RsaKeyParameters)key).Modulus.ToByteArray();
RSAKeyInfo.Exponent = ((RsaKeyParameters)key).Exponent.ToByteArray();
rsaKey.ImportParameters(RSAKeyInfo);
xadesSignedXml.SigningKey = rsaKey;
KeyInfo keyInfo = new KeyInfo();
// ETSI TS 103 171 V2.1.1
// 6.2.1 Placement of the signing certificate
// "b) In order to facilitate path-building, generators should include in the same ds:KeyInfo/X509Data element as
// in note a) all certificates not available to verifiers that can be used during path building."
//keyInfo.AddClause(new KeyInfoX509Data(this.certificate));
{
KeyInfoX509Data x509Data = new KeyInfoX509Data();
foreach (X509Certificate cert in parameters.CertificateChain)
{
x509Data.AddCertificate(DotNetUtilities.ToX509Certificate2(cert));
//TODO jbonilla validar más de uno?
//break;
}
keyInfo.AddClause(x509Data);
}
keyInfo.AddClause(new RSAKeyValue(rsaKey));
xadesSignedXml.KeyInfo = keyInfo;
}
else
{
throw new ArgumentException("Only allowed RsaKeyParameters", "key");
}
}
public static Document ToDocument(XmlDocument originalDocument, XadesSignedXml xadesSignedXml)
{
XmlElement xmlElementToSave;
originalDocument.DocumentElement.AppendChild(originalDocument.ImportNode(xadesSignedXml.GetXml(), true));
xmlElementToSave = originalDocument.DocumentElement;
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true; //Needed
xmlDocument.LoadXml(xmlElementToSave.OuterXml);
MemoryStream buf = new MemoryStream();
xmlDocument.Save(buf);
buf.Seek(0, SeekOrigin.Begin);
return(new InMemoryDocument(buf.ToArray()));
}
public void Run()
{
/*
* 1. Получаем сертификат от клиента
* 2. Формируем объект xades из сертификата от клиента
* 3. Подписываем исходное сообщение
* 4. Вычисляем хеш от SignedInfo и отправляем его для подписи клиенту
* 5. Изменяем подписанное сообщение - подменяем подпись
*/
var originalDoc = new XmlDocument()
{
PreserveWhitespace = true
};
originalDoc.LoadXml(_xmlStr);
// 1. Получаем сертификат от клиента
XadesInfo xadesInfo = GetClientXadesInfo();
// 2. Формируем объект xades из сертификата от клиента
XadesSignedXml xadesSignedXml = GetXadesSignedXml(xadesInfo, originalDoc);
// 3. Подписываем исходное сообщение серверным сертификатом
xadesSignedXml.ComputeSignature();
// 4. Вычисляем хеш от SignedInfo и отправляем его для подписи клиенту
HashAlgorithm hash;
xadesSignedXml.GetSignedInfoHash(out hash);
var signature = _client.GetSignedHash(Convert.ToBase64String(hash.Hash));
// 5. Изменяем подписанное сообщение - подменяем подпись
xadesSignedXml.Signature.SignatureValue = Convert.FromBase64String(signature);
GisSignatureHelper.InjectSignatureToOriginalDoc(xadesSignedXml, originalDoc);
Console.WriteLine("Получившееся сообщение:");
Console.WriteLine(originalDoc.OuterXml);
Assert.IsFalse(originalDoc.OuterXml.Contains("unstructuredName"));
}
private IEnumerable <X509Certificate2> ExtractCertificates(XadesSignedXml signedXml)
{
var keyInfo = signedXml.KeyInfo;
if (keyInfo == null || keyInfo.Count == 0)
{
throw new InvalidOperationException("Элемент KeyInfo не заполнен или отсутствует");
}
if (keyInfo.Count > 1)
{
throw new InvalidOperationException("Найдено более одного элемента KeyInfo");
}
var x509Data = keyInfo.OfType <KeyInfoX509Data>().FirstOrDefault();
if (x509Data == null)
{
throw new InvalidOperationException("Элемент X509Data не заполнен или отсутствует");
}
return(x509Data.Certificates.OfType <X509Certificate2>());
}
/// <summary>
/// Inserta un documento para generar una firma externally detached.
/// </summary>
/// <param name="fileName"></param>
public void SetContentExternallyDetached(string fileName)
{
Reference reference = new Reference();
_document = new XmlDocument();
_xadesSignedXml = new XadesSignedXml();
reference.Uri = "file://" + fileName.Replace("\\", "/");
reference.Id = "Reference-" + Guid.NewGuid().ToString();
if (reference.Uri.EndsWith(".xml") || reference.Uri.EndsWith(".XML"))
{
_mimeType = "text/xml";
reference.AddTransform(new XmlDsigC14NTransform());
}
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
private static XadesSignedXml CreateFromXmlDocument(XmlDocument envelopedSignatureXmlDocument)
{
XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform;
Reference reference;
reference = new Reference();
var xadesSignedXml = new XadesSignedXml(envelopedSignatureXmlDocument);
reference.Uri = "";
reference.Id = "xml_ref_id";
//TODO jbonilla - Parameter?
//reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
// ETSI TS 103 171 V2.1.1
// 6.2.4 Transforms within ds:Reference element
{
//XmlDsigC14NTransform xmlDsigC14NTransform = new XmlDsigC14NTransform();
//reference.AddTransform(xmlDsigC14NTransform);
xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
//jbonilla - Para permitir multifirmas (co-firmas)
Dictionary <string, string> namespaces = new Dictionary <string, string>();
namespaces.Add("ds", "http://www.w3.org/2000/09/xmldsig#");
var xmlDsigXPathTransform = CreateXPathTransform("not(ancestor-or-self::ds:Signature)", namespaces);
reference.AddTransform(xmlDsigXPathTransform);
}
xadesSignedXml.AddReference(reference);
// ETSI TS 103 171 V2.1.1
// 6.2.2 Canonicalization of ds:SignedInfo element
xadesSignedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigC14NTransformUrl;//"http://www.w3.org/2001/10/xml-exc-c14n#";
//xadesSignedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
xadesSignedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
return(xadesSignedXml);
}
private static XadesSignedXml GetXadesSignedXml(X509Certificate2 certificate, XmlDocument originalDoc, string signatureid, string privateKeyPassword)
{
var secureString = new SecureString();
foreach (var ch in privateKeyPassword)
{
secureString.AppendChar(ch);
}
var provider = (Gost3410CryptoServiceProvider)certificate.PrivateKey;
provider.SetContainerPassword(secureString);
var signedXml = new XadesSignedXml(originalDoc)
{
SigningKey = provider
};
signedXml.Signature.Id = signatureid;
signedXml.SignatureValueId = $"{signatureid}-sigvalue";
var reference = new Reference
{
Uri = "#signed-data-container",
#pragma warning disable 612
DigestMethod = CPSignedXml.XmlDsigGost3411UrlObsolete,
#pragma warning restore 612
Id = $"{signatureid}-ref0"
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
#pragma warning disable 612
signedXml.SignedInfo.SignatureMethod = CPSignedXml.XmlDsigGost3410UrlObsolete;
#pragma warning restore 612
return(signedXml);
}
/// <summary>
/// Inserta un contenido XML para generar una firma enveloping.
/// </summary>
/// <param name="xmlDocument"></param>
public void SetContentEveloping(XmlDocument xmlDocument)
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml();
XmlDocument doc = (XmlDocument)xmlDocument.Clone();
doc.PreserveWhitespace = true;
if (doc.ChildNodes[0].NodeType == XmlNodeType.XmlDeclaration)
{
doc.RemoveChild(doc.ChildNodes[0]);
}
//Add an object
string dataObjectId = "DataObject-" + Guid.NewGuid().ToString();
System.Security.Cryptography.Xml.DataObject dataObject = new System.Security.Cryptography.Xml.DataObject();
dataObject.Data = doc.ChildNodes;
dataObject.Id = dataObjectId;
_xadesSignedXml.AddObject(dataObject);
reference.Id = "Reference-" + Guid.NewGuid().ToString();
reference.Uri = "#" + dataObjectId;
reference.Type = SignedXml.XmlDsigNamespaceUrl + "Object";
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
reference.AddTransform(transform);
_objectReference = reference.Id;
_mimeType = "text/xml";
_xadesSignedXml.AddReference(reference);
_document = null;
}
private void InjectXadesXInformation(XadesSignedXml xadesSignedXml)
{
TimeStamp xadesXTimeStamp;
ArrayList signatureValueElementXpaths;
byte[] signatureValueHash;
byte[] tsaTimeStamp;
signatureValueElementXpaths = new ArrayList();
signatureValueElementXpaths.Add("ds:Object/xsd:QualifyingProperties/xsd:UnsignedProperties/xsd:UnsignedSignatureProperties/xsd:CompleteCertificateRefs");
signatureValueElementXpaths.Add("ds:Object/xsd:QualifyingProperties/xsd:UnsignedProperties/xsd:UnsignedSignatureProperties/xsd:CompleteRevocationRefs");
signatureValueHash = ComputeHashValueOfElementList(xadesSignedXml.GetXml(), signatureValueElementXpaths);
//jbonilla
tsaTimeStamp = this.tspSource.GetTimeStampToken(signatureValueHash);
xadesXTimeStamp = new TimeStamp("RefsOnlyTimeStamp");
xadesXTimeStamp.EncapsulatedTimeStamp.PkiData = tsaTimeStamp;
xadesXTimeStamp.CanonicalizationMethod.Algorithm = SignedXml.XmlDsigExcC14NTransformUrl;
//xadesXTimeStamp.EncapsulatedTimeStamp.Id = "";
//jbonilla Deprecated
//foreach (string elementIdValue in elementIdValues)
//{
// hashDataInfo = new HashDataInfo();
// hashDataInfo.UriAttribute = "#" + elementIdValue;
// xadesXTimeStamp.HashDataInfoCollection.Add(hashDataInfo);
//}
UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = true;
unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampCollection.Add(xadesXTimeStamp);
xadesSignedXml.UnsignedProperties = unsignedProperties;
}
public static void InjectSignatureToOriginalDoc(XadesSignedXml signedXml, XmlDocument originalDoc)
{
var xmlSig = signedXml.GetXml();
var signedDataContainer = signedXml.GetIdElement(originalDoc, "signed-data-container");
signedDataContainer.InsertBefore(originalDoc.ImportNode(xmlSig, true), signedDataContainer.FirstChild);
}
public static XadesSignedXml GetXadesSignedXml(X509Certificate2 certificate, XmlDocument originalDoc, string signatureid, string privateKeyPassword)
{
var secureString = new SecureString();
foreach (var ch in privateKeyPassword)
secureString.AppendChar(ch);
var provider = (Gost3410CryptoServiceProvider)certificate.PrivateKey;
provider.SetContainerPassword(secureString);
var signedXml = new XadesSignedXml(originalDoc) { SigningKey = provider };
signedXml.Signature.Id = signatureid;
signedXml.SignatureValueId = String.Format("{0}-sigvalue", signatureid);
var reference = new Reference
{
Uri = "#signed-data-container",
DigestMethod = CPSignedXml.XmlDsigGost3411UrlObsolete,
Id = String.Format("{0}-ref0", signatureid)
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
signedXml.SignedInfo.SignatureMethod = CPSignedXml.XmlDsigGost3410UrlObsolete;
return signedXml;
}
protected internal virtual void ExtendSignatureTag(XadesSignedXml xadesSignedXml)
{
RequestTimeStamp(xadesSignedXml);
}
/// <summary>
/// Realiza la contrafirma de la firma actual
/// </summary>
/// <param name="sigDocument"></param>
/// <param name="parameters"></param>
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters)
{
if (parameters.Signer == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
SignatureDocument.CheckSignatureDocument(sigDocument);
SignatureDocument counterSigDocument = new SignatureDocument();
counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone();
counterSigDocument.Document.PreserveWhitespace = true;
XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document);
SetSignatureId(counterSignature);
counterSignature.SigningKey = parameters.Signer.SigningKey;
_refContent = new Reference();
_refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId;
_refContent.Id = "Reference-" + Guid.NewGuid().ToString();
_refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature";
_refContent.AddTransform(new XmlDsigC14NTransform());
counterSignature.AddReference(_refContent);
_dataFormat = new DataObjectFormat();
_dataFormat.MimeType = "text/xml";
_dataFormat.Encoding = "UTF-8";
KeyInfo keyInfo = new KeyInfo();
keyInfo.Id = "KeyInfoId-" + counterSignature.Signature.Id;
keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate));
keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey));
counterSignature.KeyInfo = keyInfo;
Reference referenceKeyInfo = new Reference();
referenceKeyInfo.Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id;
referenceKeyInfo.Uri = "#KeyInfoId-" + counterSignature.Signature.Id;
counterSignature.AddReference(referenceKeyInfo);
XadesObject counterSignatureXadesObject = new XadesObject();
counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString();
counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id;
counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id;
AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties,
counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties,
counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters);
counterSignature.AddXadesObject(counterSignatureXadesObject);
foreach (Reference signReference in counterSignature.SignedInfo.References)
{
signReference.DigestMethod = parameters.DigestMethod.URI;
}
counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI;
counterSignature.AddXadesNamespace = true;
counterSignature.ComputeSignature();
UnsignedProperties unsignedProperties = sigDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature);
sigDocument.XadesSignature.UnsignedProperties = unsignedProperties;
UpdateXadesSignature(sigDocument);
counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone();
counterSigDocument.Document.PreserveWhitespace = true;
XmlElement signatureElement = (XmlElement)sigDocument.Document.SelectSingleNode("//*[@Id='" + counterSignature.Signature.Id + "']");
counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document);
counterSigDocument.XadesSignature.LoadXml(signatureElement);
return(counterSigDocument);
}
/// <summary>
/// Load state from an XML element
/// </summary>
/// <param name="xmlElement">XML element containing new state</param>
/// <param name="counterSignedXmlElement">Element containing parent signature (needed if there are counter signatures)</param>
public void LoadXml(System.Xml.XmlElement xmlElement, XmlElement counterSignedXmlElement)
{
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList xmlNodeList;
IEnumerator enumerator;
XmlElement iterationXmlElement;
XadesSignedXml newXadesSignedXml;
TimeStamp newTimeStamp;
XmlElement counterSignatureElement;
if (xmlElement == null)
{
throw new ArgumentNullException("xmlElement");
}
xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
xmlNamespaceManager.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri);
xmlNamespaceManager.AddNamespace("xadesv141", XadesSignedXml.XadesNamespace141Uri);
this.counterSignatureCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xades:CounterSignature", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
if (counterSignedXmlElement != null)
{
newXadesSignedXml = new XadesSignedXml(counterSignedXmlElement);
}
else
{
newXadesSignedXml = new XadesSignedXml();
}
//Skip any whitespace at start
counterSignatureElement = null;
for (int childNodeCounter = 0; (childNodeCounter < iterationXmlElement.ChildNodes.Count) && (counterSignatureElement == null); childNodeCounter++)
{
if (iterationXmlElement.ChildNodes[childNodeCounter] is XmlElement)
{
counterSignatureElement = (XmlElement)iterationXmlElement.ChildNodes[childNodeCounter];
}
}
if (counterSignatureElement != null)
{
newXadesSignedXml.LoadXml(counterSignatureElement);
this.counterSignatureCollection.Add(newXadesSignedXml);
}
else
{
throw new CryptographicException("CounterSignature element does not contain signature");
}
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
this.signatureTimeStampCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xades:SignatureTimeStamp", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newTimeStamp = new TimeStamp("SignatureTimeStamp");
newTimeStamp.LoadXml(iterationXmlElement);
this.signatureTimeStampCollection.Add(newTimeStamp);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
xmlNodeList = xmlElement.SelectNodes("xades:CompleteCertificateRefs", xmlNamespaceManager);
if (xmlNodeList.Count != 0)
{
this.completeCertificateRefs = new CompleteCertificateRefs();
this.completeCertificateRefs.LoadXml((XmlElement)xmlNodeList.Item(0));
}
else
{
this.completeCertificateRefs = null;
}
xmlNodeList = xmlElement.SelectNodes("xades:CompleteRevocationRefs", xmlNamespaceManager);
if (xmlNodeList.Count != 0)
{
this.CompleteRevocationRefs = new CompleteRevocationRefs();
this.CompleteRevocationRefs.LoadXml((XmlElement)xmlNodeList.Item(0));
}
else
{
this.completeRevocationRefs = null;
}
this.sigAndRefsTimeStampCollection.Clear();
this.refsOnlyTimeStampCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xades:SigAndRefsTimeStamp", xmlNamespaceManager);
if (xmlNodeList.Count > 0)
{
this.refsOnlyTimeStampFlag = false;
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newTimeStamp = new TimeStamp("SigAndRefsTimeStamp");
newTimeStamp.LoadXml(iterationXmlElement);
this.sigAndRefsTimeStampCollection.Add(newTimeStamp);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
else
{
xmlNodeList = xmlElement.SelectNodes("xades:RefsOnlyTimeStamp", xmlNamespaceManager);
if (xmlNodeList.Count > 0)
{
this.refsOnlyTimeStampFlag = true;
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newTimeStamp = new TimeStamp("RefsOnlyTimeStamp");
newTimeStamp.LoadXml(iterationXmlElement);
this.refsOnlyTimeStampCollection.Add(newTimeStamp);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
else
{
this.refsOnlyTimeStampFlag = false;
}
}
xmlNodeList = xmlElement.SelectNodes("xades:CertificateValues", xmlNamespaceManager);
if (xmlNodeList.Count != 0)
{
this.certificateValues = new CertificateValues();
this.certificateValues.LoadXml((XmlElement)xmlNodeList.Item(0));
}
else
{
this.certificateValues = null;
}
xmlNodeList = xmlElement.SelectNodes("xades:RevocationValues", xmlNamespaceManager);
if (xmlNodeList.Count != 0)
{
this.revocationValues = new RevocationValues();
this.revocationValues.LoadXml((XmlElement)xmlNodeList.Item(0));
}
else
{
this.revocationValues = null;
}
this.archiveTimeStampCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xades:ArchiveTimeStamp", xmlNamespaceManager);
xmlNodeList = xmlElement.SelectNodes("xadesv141:ArchiveTimeStamp", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newTimeStamp = new TimeStamp("ArchiveTimeStamp");
newTimeStamp.LoadXml(iterationXmlElement);
this.archiveTimeStampCollection.Add(newTimeStamp);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
xmlNodeList = xmlElement.SelectNodes("xadesv141:ArchiveTimeStamp", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newTimeStamp = new TimeStamp("ArchiveTimeStamp", "xadesv141", XadesSignedXml.XadesNamespace141Uri);
newTimeStamp.LoadXml(iterationXmlElement);
this.archiveTimeStampCollection.Add(newTimeStamp);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
