/// <summary>
///
/// </summary>
/// <returns></returns>
public KeyInfoNode addSecurityTokenReference()
{
XmlElement securityTokenRef = SecurityTokenReference.xmlKeyInfoSecurityTokenReference(_doc, uuid);
var keyInfoData = new KeyInfoNode(securityTokenRef);
return(keyInfoData);
}
/// <summary>
/// This method is only used to sign the autenticacion service
/// </summary>
public static XmlElement SignAuthenticationRequest(XmlElement xmlElement, X509Certificate2 x509Certificate2, string referenceUri, XmlElement securityTokenReferenceElement)
{
var signedXml = new SignedXmlWithId(xmlElement)
{
SigningKey = x509Certificate2.GetRSAPrivateKey()
};
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
var reference = new Reference
{
Uri = referenceUri,
DigestMethod = SignedXml.XmlDsigSHA1Url
};
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
var keyInfo = new KeyInfo();
var keyInfoNode = new KeyInfoNode
{
Value = securityTokenReferenceElement
};
keyInfo.AddClause(keyInfoNode);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
return(signedXml.GetXml());
}
public static XmlElement GenerateSecurity(XmlDocument document,
X509Certificate2 certificate,
string prefix,
string id,
string iteration = "")
{
XmlNodeList nodeList = null;
XmlElement elemSecurity = null;
FSSSignedXml signer = new FSSSignedXml(document);
signer.SigningKey = certificate.PrivateKey;
KeyInfo keyInfo = new KeyInfo();
XmlElement keySecurityTokenReference =
document.CreateElement("wsse", "SecurityTokenReference", WsdlServiceHandle.xmlns_wsse);
XmlElement keyReference = document.CreateElement("wsse", "Reference", WsdlServiceHandle.xmlns_wsse);
keyReference.SetAttribute("URI", $"#http://eln.fss.ru/actor/mo/{WsdlServiceHandle.ogrn}");
keySecurityTokenReference.AppendChild(keyReference);
KeyInfoNode keyInfoData = new KeyInfoNode(keySecurityTokenReference);
keyInfo.AddClause(keyInfoData);
signer.KeyInfo = keyInfo;
Reference reference =
new Reference($"#{prefix}_{id}{(String.IsNullOrEmpty(iteration) ? "" : $"_{iteration}")}");
: super(securityToken, true /* addTimestamp */)
{
EwsUtilities.ValidateParam(securityToken, "securityToken");
EwsUtilities.ValidateParam(securityTokenReference, "securityTokenReference");
SafeXmlDocument doc = new SafeXmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(securityTokenReference);
this.keyInfoNode = new KeyInfoNode(doc.DocumentElement);
}
/// <summary>
/// Initializes a new instance of the <see cref="PartnerTokenCredentials"/> class.
/// </summary>
/// <param name="securityToken">The token.</param>
/// <param name="securityTokenReference">The token reference.</param>
internal PartnerTokenCredentials(string securityToken, string securityTokenReference)
: base(securityToken, true /* addTimestamp */)
{
EwsUtilities.ValidateParam(securityToken, "securityToken");
EwsUtilities.ValidateParam(securityTokenReference, "securityTokenReference");
SafeXmlDocument doc = new SafeXmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(securityTokenReference);
this.keyInfoNode = new KeyInfoNode(doc.DocumentElement);
}
public void InvalidKeyNode()
{
string bad = "<Test></Test>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(bad);
KeyInfoNode node1 = new KeyInfoNode();
node1.LoadXml(null);
Assert.Null(node1.GetValue());
}
public void InvalidKeyNode()
{
string bad = "<Test></Test>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(bad);
KeyInfoNode node1 = new KeyInfoNode();
// LAMESPEC: No ArgumentNullException is thrown if value == null
node1.LoadXml(null);
Assert.IsNull(node1.Value, "Value==null");
}
public void KeyInfoNode()
{
string test = "<Test>KeyInfoNode</Test>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(test);
KeyInfoNode node = new KeyInfoNode(doc.DocumentElement);
info.AddClause(node);
Assert.AreEqual("<KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><Test xmlns=\"\">KeyInfoNode</Test></KeyInfo>", (info.GetXml().OuterXml), "node");
Assert.AreEqual(1, info.Count, "node count");
}
private XmlElement siganatureXML(XmlDocument doc, Parametros parametro)
{
if (doc == null)
{
throw new ArgumentException("xmlDoc");
}
PrivateKeyRSACryptoServiceWC3 privaKeryRSQ = new PrivateKeyRSACryptoServiceWC3(parametro.certificado.getX509Certificate2());
privaKeryRSQ.extraerPrivateKeyRSACryptoServiceProvider();
SignedInfoWC3 signeInfo = new SignedInfoWC3(doc, parametro.UUIDiRamdon);
KeyInfoNode info = signeInfo.addSecurityTokenReference();
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(info);
ReferenceWC3 referenceXML = new ReferenceWC3($"#_0", SignedXml.XmlDsigSHA1Url);
referenceXML.addDigestMethod();
referenceXML.addUri();
referenceXML.addTransform();
var signedXml = new SignedXmlWithId(doc);
signedXml.SigningKey = parametro.certificado.getX509Certificate2().PrivateKey;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.AddReference(referenceXML.getRefence());
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
return(xmlDigitalSignature);
}
public void ImportKeyNode()
{
string value = "<KeyName xmlns=\"http://www.w3.org/2000/09/xmldsig#\">Mono::</KeyName>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(value);
KeyInfoNode node1 = new KeyInfoNode();
node1.LoadXml(doc.DocumentElement);
string s = (node1.GetXml().OuterXml);
Assert.Equal(value, s);
}
public void NewKeyNode()
{
string test = "<Test></Test>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(test);
KeyInfoNode node1 = new KeyInfoNode();
node1.Value = doc.DocumentElement;
XmlElement xel = node1.GetXml();
KeyInfoNode node2 = new KeyInfoNode(node1.Value);
node2.LoadXml(xel);
Assert.AreEqual((node1.GetXml().OuterXml), (node2.GetXml().OuterXml), "node1==node2");
}
private EncryptedData CreateEncryptedData(string dataId, string keyId)
{
var encryptedData = new EncryptedData();
encryptedData.Type = EncryptedXml.XmlEncElementContentUrl;
encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
encryptedData.Id = dataId;
var tokenReference = Document.CreateElement("wsse:SecurityTokenReference", Manager.LookupNamespace("wsse"));
tokenReference.SetAttribute("TokenType", Manager.LookupNamespace("wsse11"), "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
var reference = Document.CreateElement("wsse:Reference", Manager.LookupNamespace("wsse"));
reference.SetAttribute("URI", "#" + keyId);
tokenReference.AppendChild(reference);
var infoNode = new KeyInfoNode(tokenReference);
encryptedData.KeyInfo.AddClause(infoNode);
return(encryptedData);
}
/// <summary>
/// Firmar y Encriptar el Documento XML usando un Certificado x509.
/// </summary>
/// <param name="xmldoc">el documento XML a firmar y encriptar.</param>
/// <param name="certificado">el certificado para poder firmar el XML</param>
/// <param name="certificadopublico">el certificado publico para poder encriptar</param>
/// <returns></returns>
private static XmlDocument FirmaryEncriptarSoapRequest(XmlDocument xmldoc, X509Certificate2 certificadoPrivado, X509Certificate2 certificadopublico)
{
#region Firmar
//añadir las referencias de espacios de nombres para asegurarnos de que podamos trabajar contra
//cualquier documento elemento XML sin importar el nombramiento de los Tags siempre y cuando sepamos sus Namespaces.
XmlNamespaceManager namespaceManager = new XmlNamespaceManager(xmldoc.NameTable);
namespaceManager.AddNamespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
namespaceManager.AddNamespace("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
namespaceManager.AddNamespace("soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
//Seleccionar el Header para agregarle elementos.
XmlElement headerNode = xmldoc.DocumentElement.SelectSingleNode("//soapenv:Header", namespaceManager) as XmlElement;
//Creamos el nodo de seguridad <Security>
XmlElement securityNode = xmldoc.CreateElement("wsse", "Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
securityNode.SetAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
securityNode.SetAttribute("mustUnderstand", "http://schemas.xmlsoap.org/soap/envelope/", "1");
XmlAttribute mustUnderstandSecurityAttribute = securityNode.GetAttributeNode("mustUnderstand");
mustUnderstandSecurityAttribute.Prefix = "soapenv";
#region Preparar elementos a ser firmados
//Ahora vamos a crear otro BinarySecurityToken
//Ahora creamos un BinarySecurityToken que será el certificado x509 de la clave privada
//Con este BinarySecurityToken se espera que el receptor pueda verificar el Digest de la firma que se
//genera con este BinarySecurityToken.
//este BinarySecurityToken es firmado también.
XmlElement binarySecurityTokenNode2 = xmldoc.CreateElement("wsse", "BinarySecurityToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
//El atributo EncodingType dice cómo el Token está codificado, en este caso, Base64Binary.
binarySecurityTokenNode2.SetAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
//El atributo ValueType indica qué es el BinarySecurityToken, en este caso un Certificado X509v3.
binarySecurityTokenNode2.SetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
binarySecurityTokenNode2.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", XmlElementsIds.PrivateKeyBinarySecurityTokenUri);
XmlAttribute attribute2 = binarySecurityTokenNode2.GetAttributeNode("Id");
attribute2.Prefix = "wsu";
binarySecurityTokenNode2.InnerText = Convert.ToBase64String(certificadoPrivado.GetRawCertData());
//Creamos una estampa de tiempo, la cuál será firmada también:
Timestamp timestamp = new Timestamp();
timestamp.TtlInSeconds = 5000;
//El body también será firmado, pero todavía no tiene los atributos requeridos para que pueda ser firmado
//Aquí se los agrego.
//Ahora vamos a ponerle un Id.
XmlElement body = xmldoc.DocumentElement.SelectSingleNode("//soapenv:Body", namespaceManager) as XmlElement;
body.SetAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
body.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", XmlElementsIds.BodyId);
var bodyId = body.GetAttributeNode("Id");
bodyId.Prefix = "wsu";
#endregion
#region Agregar elementos a ser firmados al nodo Security
securityNode.AppendChild(timestamp.GetXml(xmldoc));
securityNode.AppendChild(binarySecurityTokenNode2);
//agregar
headerNode.AppendChild(securityNode);
//el body ya existe, y no pertenece al nodo security.
#endregion
//Al momento de computar la firma, la clase SignedXml buscará las referencias previamente puestas, (las busca por los Id de cada uno
//de los elementos a ser firmados.
//y firmará los elementos que las referencias han referenciado
//valga la redundancia.
#region Crear firma XML
//Ahora vamos a agregar un elemento Signature, que representa la firma digital.
SignedXml signedXml = new SignedXmlWithId(xmldoc);
signedXml.Signature.Id = "SIG-3";
//la canonicalización indica como se deben interpretar los espacios en blanco y similares
//porque el valor de firma puede cambiar inclusive cuando hayan espacios u otros caracteres-
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
//cual fue el algoritmo usado para firmar.
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
//Cada una de las referencias apunta a un Id, que deberán tener los elementos
//a ser firmados.
System.Security.Cryptography.Xml.Reference reference = new System.Security.Cryptography.Xml.Reference
{
Uri = "#" + XmlElementsIds.PrivateKeyBinarySecurityTokenUri
};
reference.AddTransform(new XmlDsigExcC14NTransform(""));
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
System.Security.Cryptography.Xml.Reference reference2 = new System.Security.Cryptography.Xml.Reference
{
Uri = "#" + timestamp.Id
};
reference2.AddTransform(new XmlDsigExcC14NTransform("wsse lib soapenv"));
reference2.DigestMethod = SignedXml.XmlDsigSHA1Url;
System.Security.Cryptography.Xml.Reference reference3 = new System.Security.Cryptography.Xml.Reference
{
Uri = "#" + XmlElementsIds.BodyId
};
reference3.AddTransform(new XmlDsigExcC14NTransform("lib"));
reference3.DigestMethod = SignedXml.XmlDsigSHA1Url;
signedXml.SignedInfo.AddReference(reference);
signedXml.SignedInfo.AddReference(reference2);
signedXml.SignedInfo.AddReference(reference3);
signedXml.SigningKey = certificadoPrivado.PrivateKey; //la clave privada para firmar.
//La Keyinfo representa un identificador de un Token de seguridad.
//en el caso de las firmas, identifica cómo encontrar el token que se usó para firmar.
KeyInfo keyInfoInsideSignature = new KeyInfo();
keyInfoInsideSignature.Id = "KI-D313N3M1G0";
//en este caso Una referencia a un token de seguridad.
SecurityTokenReference securityTokenReferenceInsideSignature = new SecurityTokenReference();
securityTokenReferenceInsideSignature.Id = "STR-SecurityTokenReference";
securityTokenReferenceInsideSignature.ValueType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
securityTokenReferenceInsideSignature.Reference = XmlElementsIds.PrivateKeyBinarySecurityTokenUri; //El BinarySecurityToken que contiene el Certificado x509v3 usado para la firma (usando su clave privada)
KeyInfoClause keyInfoClauseInsideSignature = new KeyInfoNode(securityTokenReferenceInsideSignature.GetXml());
keyInfoInsideSignature.AddClause(keyInfoClauseInsideSignature);
signedXml.KeyInfo = keyInfoInsideSignature;
signedXml.ComputeSignature();
//revisar que la firma sea válida.(para propósitos de desarrollo)
bool firstcheck = signedXml.CheckSignature(certificadoPrivado, true);
XmlNode signatureNode = signedXml.GetXml(); //Finalmente ya obtenemos un elemento <signature> totalmente formado y listo para ser anexado al nodo <security>
#endregion
securityNode.AppendChild(signatureNode);
#endregion
#region Encriptar
//Ahora vamos a obtener el certificado público, y usar su clave para encriptar el contenido del body
Encriptar(ref xmldoc, "lib:quotationCarGenericRq", certificadopublico, ref securityNode);
#endregion
//Devolver un XML Firmado y Encriptado.
#region testing, se puede dejar comentado:
//HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://wsqa.libertycolombia.com.co:8443/soa-infra/services/GenericAuto/GenericAutoQuotation/GenericAutoQuotationMediator_ep");
//req.Headers.Add("SOAPAction", "urn:quotationCarGeneric");
//req.Method = "POST";
//req.UserAgent = "Apache-HttpClient/4.1.1 (java 1.5)";
//req.ContentType = "text/xml;charset=\"utf-8\"";
//req.Host = "wsqa.libertycolombia.com.co:8443";
////XmlDocument xmldoctest = new XmlDocument();
////xmldoctest.Load(@"C:\Users\CarlosAlbertoFiguere\Desktop\test.xml");
//using (Stream stream = req.GetRequestStream())
//{
// using (StreamWriter streamWriter = new StreamWriter(stream))
// {
// streamWriter.Write(xmldoc.OuterXml);
// }
//}
//try
//{
// WebResponse lol = req.GetResponse();
// string response = (new StreamReader(lol.GetResponseStream())).ReadToEnd();
//}
//catch (WebException wex)
//{
// string response = (new StreamReader(wex.Response.GetResponseStream())).ReadToEnd();
//}
#endregion
return(xmldoc);
}
/// <summary>
/// Метод подписи XML подписью органа власти
/// </summary>
/// <param name="doc"></param>
/// <param name="certificate"></param>
/// <returns></returns>
private XmlDocument SignMessage2XX(XmlDocument xml, IntPtr certificate)
{
try
{
// Удаляем тэг Actor
string message = string.Empty;
try
{
log.LogDebug("Пытаемся удалить атрибут 'Actor'.");
message = SoapDSigUtil.RemoveActor(xml);
log.LogDebug("Атрибут 'Actor' успешно удален.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке удалить атрибут 'Actor'. {ex.Message}.");
}
XmlDocument doc = new XmlDocument()
{
PreserveWhitespace = true
};
try
{
doc.LoadXml(message);
}
catch (Exception ex)
{
throw new Exception($"Ошибка при формировании XML после удаления атрибута 'Actor'. {ex.Message}.");
}
try
{
log.LogDebug("Получаем значение тэга для подписи.");
this.tagForSign = this.FindSmevTagForSign(doc);
log.LogDebug($"Значение тэга для подписи получено. {tagForSign}.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке получить тэг с элементом для подписи. {ex.Message}.");
}
SmevSignedXml signedXml = new SmevSignedXml(doc);
try
{
log.LogDebug($"Выполняем добавление элемента Reference в XML.");
signedXml = (SmevSignedXml)SmevXmlHelper.AddReference(doc, signedXml, certificate,
SignWithId,
mrVersion,
ElemForSign,
ref idCounter,
tagForSign,
tagForSignNamespaceUri,
namespaceIdAttr: NamespaceUri.OasisWSSecurityUtility
);
log.LogDebug($"Добавление элемента Reference в XML выполнено успешно.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке добавить элемент Reference. {ex.Message}.");
}
signedXml.NamespaceForReference = NamespaceUri.OasisWSSecurityUtility;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
try
{
log.LogDebug($"Пытаемся получить значение SignatureMethod.");
signedXml.SignedInfo.SignatureMethod = SignServiceUtils.GetSignatureMethod(SignServiceUtils.GetAlgId(certificate));
log.LogDebug($"Значение SignatureMethod успешно получено: {signedXml.SignedInfo.SignatureMethod}.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке получить значение метода подписи. {ex.Message}.");
}
XmlElement keyInfoElem = doc.CreateElement("KeyInfo", NamespaceUri.WSXmlDSig);
XmlElement binaryTokenElem = doc.CreateElement("wsse", "BinarySecurityToken", NamespaceUri.OasisWSSecuritySecext);
XmlElement tokenReferenceElem = doc.CreateElement("wsse", "SecurityTokenReference", NamespaceUri.OasisWSSecuritySecext);
XmlElement referenceElem = doc.CreateElement("wsse", "Reference", NamespaceUri.OasisWSSecuritySecext);
string certId = "uuid-" + Guid.NewGuid().ToString();
XmlAttribute idAttr = doc.CreateAttribute("u", "Id", NamespaceUri.OasisWSSecurityUtility);
XmlAttribute valueTypeTokenAttr = doc.CreateAttribute("ValueType");
XmlAttribute encodingTypeTokenAttr = doc.CreateAttribute("EncodingType");
idAttr.Value = certId;
valueTypeTokenAttr.Value = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
encodingTypeTokenAttr.Value = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
binaryTokenElem.Attributes.Append((XmlAttribute)doc.ImportNode(idAttr, true));
binaryTokenElem.Attributes.Append((XmlAttribute)doc.ImportNode(valueTypeTokenAttr, true));
binaryTokenElem.Attributes.Append((XmlAttribute)doc.ImportNode(encodingTypeTokenAttr, true));
X509Certificate2 cert = SignServiceUtils.GetX509Certificate2(certificate);
binaryTokenElem.InnerText = Convert.ToBase64String(cert.RawData);
XmlAttribute valueTypeAttr = doc.CreateAttribute("ValueType");
valueTypeAttr.Value = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
referenceElem.Attributes.Append((XmlAttribute)doc.ImportNode(valueTypeAttr, true));
XmlAttribute uriAttr = doc.CreateAttribute("URI");
uriAttr.Value = "#" + certId;
referenceElem.Attributes.Append((XmlAttribute)doc.ImportNode(uriAttr, true));
tokenReferenceElem.PrependChild(doc.ImportNode(referenceElem, true));
keyInfoElem.PrependChild(doc.ImportNode(tokenReferenceElem, true));
try
{
KeyInfoNode keyNode = new KeyInfoNode(tokenReferenceElem);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyNode);
signedXml.KeyInfo = keyInfo;
}
catch (Exception ex)
{
throw new Exception($"Ошибка при формировании элемента KeyInfo. {ex.Message}.");
}
try
{
log.LogDebug($"Пытаемся вычислить подпись.");
signedXml.ComputeSignatureWithoutPrivateKey(xmldsigPrefix, certificate);
log.LogDebug($"Вычисление подписи выполнено успешно.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке вычислить подпись для XML. {ex.Message}.");
}
XmlElement signatureElem = null;
try
{
log.LogDebug("Пытаемся получить элемент с подписью.");
signatureElem = signedXml.GetXml(xmldsigPrefix);
log.LogDebug("Элемент с подписью успешно получен.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке получить элемент содержащий подпись. {ex.Message}.");
}
try
{
log.LogDebug("Пытаемся добавить подпись в XML содержимое.");
FillSignatureElement(doc, signatureElem, certificate, binaryTokenElem);
log.LogDebug("Подпись успешно добавлена.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке заполнить XML информацией о подписи. {ex.Message}.");
}
try
{
log.LogDebug("Пытаемся добавить атрибут 'Actor'.");
SoapDSigUtil.AddActor(doc);
log.LogDebug("Атрибут 'Actor' успешно добавлен.");
}
catch (Exception ex)
{
throw new Exception($"Ошибка при попытке добавить атрибут 'Actor'. {ex.Message}.");
}
return(doc);
}
catch (Exception ex)
{
log.LogError($"Ошибка при попытке подписать XML. {ex.Message}.");
throw new CryptographicException($"Ошибка при попытке подписать XML для версии {mrText[mrVersion]}. {ex.Message}.");
}
finally
{
SignServiceUtils.FreeHandleCertificate(certificate);
}
}
public XmlDocument SignMessage(XmlDocument xmlDoc)
{
var namespaceManager = new XmlNamespaceManager(xmlDoc.NameTable);
namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/");
namespaceManager.AddNamespace("u", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
var soapHeaderNode = xmlDoc.DocumentElement?.SelectSingleNode("//s:Header", namespaceManager) as XmlElement;
var bodyNode = xmlDoc.DocumentElement?.SelectSingleNode("//s:Body", namespaceManager) as XmlElement;
if (bodyNode == null)
{
throw new Exception("No body tag found.");
}
var uuid = $"id-{Guid.NewGuid()}";
var uuidSecurityToken = $"id-{Guid.NewGuid()}";
var timestamp = xmlDoc.CreateElement("u", "Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
var created = xmlDoc.CreateElement("u", "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
var expires = xmlDoc.CreateElement("u", "Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
timestamp.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", uuidSecurityToken);
created.InnerText = DateTime.Now.ToString("yyyy-MM-ddTHH':'mm':'ss'.'fffZ");
expires.InnerText = DateTime.Now.AddMinutes(5).ToString("yyyy-MM-ddTHH':'mm':'ss'.'fffZ");
timestamp.AppendChild(created);
timestamp.AppendChild(expires);
soapHeaderNode?.AppendChild(timestamp);
var securityNode = xmlDoc.CreateElement(
prefix: "o",
localName: "Security",
namespaceURI: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
);
securityNode.SetAttribute("mustUnderstand", "http://schemas.xmlsoap.org/soap/envelope/", "1");
var binarySecurityTokenElement = xmlDoc.CreateElement("o", "BinarySecurityToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
binarySecurityTokenElement.SetAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
binarySecurityTokenElement.SetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
binarySecurityTokenElement.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", uuid);
binarySecurityTokenElement.InnerText = SecurityToken;
securityNode.AppendChild(binarySecurityTokenElement);
soapHeaderNode?.AppendChild(securityNode);
var signedXml = new SignedXmlWithId(xmlDoc);
signedXml.SignedInfo.SignatureMethod = SignatureMethod;
signedXml.SigningKey = RsaKey;
var securityTokenRef = xmlDoc.CreateElement("o", "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
var oRef = xmlDoc.CreateElement("o", "Reference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
oRef.SetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
oRef.SetAttribute("URI", $"#{uuid}");
securityTokenRef.AppendChild(oRef);
var keyInfo = new KeyInfo();
var keyInfoData = new KeyInfoNode(securityTokenRef);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
var reference = new Reference
{
Uri = $"#{uuid}",
DigestMethod = DigestMethod
};
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var signedElement = signedXml.GetXml();
securityNode.AppendChild(signedElement);
return(xmlDoc);
}
