public static XmlElement SignWithXAdES(X509Certificate2 signingCertificate, XmlDocument xmlDocument)
{
var signedXml = new XadesSignedXml(xmlDocument);
signedXml.Signature.Id = SignatureId;
signedXml.SigningKey = signingCertificate.PrivateKey;
var signatureReference = new Reference {
Uri = "",
};
signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(signatureReference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
signedXml.KeyInfo = keyInfo;
AddXAdESProperties(xmlDocument, signedXml, signingCertificate);
signedXml.ComputeSignature();
return(signedXml.GetXml());
}
/// <summary>
/// Carga el documento XML especificado y establece para firmar el elemento especificado en elementId
/// </summary>
/// <param name="xmlDocument"></param>
/// <param name="elementId"></param>
/// <param name="mimeType"></param>
public void SetContentInternallyDetached(XmlDocument xmlDocument, string elementId, string mimeType)
{
_document = (XmlDocument)xmlDocument.Clone();
_document.PreserveWhitespace = true;
Reference reference = new Reference();
reference.Uri = "#" + elementId;
reference.Id = "Reference-" + Guid.NewGuid().ToString();
_objectReference = reference.Id;
_mimeType = mimeType;
if (mimeType == "text/xml")
{
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
reference.AddTransform(transform);
}
else
{
XmlDsigBase64Transform transform = new XmlDsigBase64Transform();
reference.AddTransform(transform);
}
_xadesSignedXml = new XadesSignedXml(_document);
_xadesSignedXml.AddReference(reference);
}
public static XadesSignedXml GetXadesSignedXml(SigningKeyProvider provider, XmlDocument originalDoc, string signatureid)
{
var signedXml = new XadesSignedXml(originalDoc)
{
SigningKey = provider.SigningKey
};
signedXml.Signature.Id = signatureid;
signedXml.SignatureValueId = String.Format("{0}-sigvalue", signatureid);
var reference = new Reference
{
Uri = "#signed-data-container",
DigestMethod = provider.DigestMethod,
Id = String.Format("{0}-ref0", signatureid)
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
signedXml.SignedInfo.SignatureMethod = provider.SignatureMethod;
return(signedXml);
}
/// <summary>
/// Construye el documento enveloped
/// </summary>
private void CreateEnvelopedDocument()
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml(_document);
reference.Id = "Reference-" + Guid.NewGuid().ToString();
reference.Uri = "";
for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++)
{
if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase))
{
reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value;
break;
}
}
XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
/// <summary>
/// Añade una firma al documento
/// </summary>
/// <param name="certificate"></param>
/// <param name="signMethod"></param>
public void CoSign(X509Certificate2 certificate, SignMethod?signMethod = null)
{
if (_xadesSignedXml == null)
{
throw new Exception("No hay ninguna firma XADES creada previamente.");
}
if (certificate == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
Reference refContent = _xadesSignedXml.SignedInfo.References[0] as Reference;
if (refContent == null)
{
throw new Exception("No se ha podido encontrar la referencia del contenido firmado.");
}
if (_xadesSignedXml.XadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Count > 0)
{
foreach (DataObjectFormat dof in _xadesSignedXml.XadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection)
{
if (dof.ObjectReferenceAttribute == ("#" + refContent.Id))
{
_mimeType = dof.MimeType;
break;
}
}
}
var destination = _xadesSignedXml.GetSignatureElement().ParentNode;
_xadesSignedXml = new XadesSignedXml(_document);
refContent.Id = "Reference-" + Guid.NewGuid().ToString();
_xadesSignedXml.AddReference(refContent);
if (destination.NodeType != XmlNodeType.Document)
{
_xadesSignedXml.SignatureNodeDestination = (XmlElement)destination;
}
else
{
_xadesSignedXml.SignatureNodeDestination = ((XmlDocument)destination).DocumentElement;
}
_objectReference = refContent.Id;
SetSignatureId();
Sign(certificate, signMethod);
}
/// <summary>
/// Construye el documento enveloped
/// </summary>
private void CreateEnvelopedDocument()
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml(_document);
reference.DigestMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
reference.Id = "r-id-1";
reference.Type = "";
reference.Uri = "";
//for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++)
//{
// if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase))
// {
// reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value;
// break;
// }
//}
// ** XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
//xmlDsigEnvelopedSignatureTransform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116";
XmlDocument doc = new XmlDocument();
XmlElement xpathElem = doc.CreateElement("XPath");
xpathElem.InnerText = "not(ancestor-or-self::ds:Signature)";
XmlDsigXPathTransform xform = new XmlDsigXPathTransform();
xform.LoadInnerXml(xpathElem.SelectNodes("."));
xform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116";
//xform.PropagatedNamespaces.Add("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
reference.AddTransform(xform);
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
reference.AddTransform(transform);
//reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
/// <summary>
/// Inserta un documento para generar una firma externally detached.
/// </summary>
/// <param name="fileName"></param>
public void SetContentExternallyDetached(string fileName)
{
Reference reference = new Reference();
_document = new XmlDocument();
_xadesSignedXml = new XadesSignedXml();
reference.Uri = "file://" + fileName.Replace("\\", "/");
reference.Id = "Reference-" + Guid.NewGuid().ToString();
if (reference.Uri.EndsWith(".xml") || reference.Uri.EndsWith(".XML"))
{
_mimeType = "text/xml";
reference.AddTransform(new XmlDsigC14NTransform());
}
_objectReference = reference.Id;
_xadesSignedXml.AddReference(reference);
}
private static XadesSignedXml CreateFromXmlDocument(XmlDocument envelopedSignatureXmlDocument)
{
XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform;
Reference reference;
reference = new Reference();
var xadesSignedXml = new XadesSignedXml(envelopedSignatureXmlDocument);
reference.Uri = "";
reference.Id = "xml_ref_id";
//TODO jbonilla - Parameter?
//reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
// ETSI TS 103 171 V2.1.1
// 6.2.4 Transforms within ds:Reference element
{
//XmlDsigC14NTransform xmlDsigC14NTransform = new XmlDsigC14NTransform();
//reference.AddTransform(xmlDsigC14NTransform);
xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(xmlDsigEnvelopedSignatureTransform);
//jbonilla - Para permitir multifirmas (co-firmas)
Dictionary <string, string> namespaces = new Dictionary <string, string>();
namespaces.Add("ds", "http://www.w3.org/2000/09/xmldsig#");
var xmlDsigXPathTransform = CreateXPathTransform("not(ancestor-or-self::ds:Signature)", namespaces);
reference.AddTransform(xmlDsigXPathTransform);
}
xadesSignedXml.AddReference(reference);
// ETSI TS 103 171 V2.1.1
// 6.2.2 Canonicalization of ds:SignedInfo element
xadesSignedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigC14NTransformUrl;//"http://www.w3.org/2001/10/xml-exc-c14n#";
//xadesSignedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
xadesSignedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
return(xadesSignedXml);
}
private static XadesSignedXml GetXadesSignedXml(X509Certificate2 certificate, XmlDocument originalDoc, string signatureid, string privateKeyPassword)
{
var secureString = new SecureString();
foreach (var ch in privateKeyPassword)
{
secureString.AppendChar(ch);
}
var provider = (Gost3410CryptoServiceProvider)certificate.PrivateKey;
provider.SetContainerPassword(secureString);
var signedXml = new XadesSignedXml(originalDoc)
{
SigningKey = provider
};
signedXml.Signature.Id = signatureid;
signedXml.SignatureValueId = $"{signatureid}-sigvalue";
var reference = new Reference
{
Uri = "#signed-data-container",
#pragma warning disable 612
DigestMethod = CPSignedXml.XmlDsigGost3411UrlObsolete,
#pragma warning restore 612
Id = $"{signatureid}-ref0"
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
#pragma warning disable 612
signedXml.SignedInfo.SignatureMethod = CPSignedXml.XmlDsigGost3410UrlObsolete;
#pragma warning restore 612
return(signedXml);
}
private void AddCertificateInfo()
{
SetCryptoServiceProvider();
_xadesSignedXml.SigningKey = _rsaKey;
KeyInfo keyInfo = new KeyInfo();
keyInfo.Id = "KeyInfoId-" + _signatureId;
keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)_signCertificate));
keyInfo.AddClause(new RSAKeyValue((RSA)_rsaKey));
_xadesSignedXml.KeyInfo = keyInfo;
Reference reference = new Reference();
reference.Id = "ReferenceKeyInfo";
reference.Uri = "#KeyInfoId-" + _signatureId;
_xadesSignedXml.AddReference(reference);
}
/// <summary>
/// Inserta un contenido XML para generar una firma enveloping.
/// </summary>
/// <param name="xmlDocument"></param>
public void SetContentEveloping(XmlDocument xmlDocument)
{
Reference reference = new Reference();
_xadesSignedXml = new XadesSignedXml();
XmlDocument doc = (XmlDocument)xmlDocument.Clone();
doc.PreserveWhitespace = true;
if (doc.ChildNodes[0].NodeType == XmlNodeType.XmlDeclaration)
{
doc.RemoveChild(doc.ChildNodes[0]);
}
//Add an object
string dataObjectId = "DataObject-" + Guid.NewGuid().ToString();
System.Security.Cryptography.Xml.DataObject dataObject = new System.Security.Cryptography.Xml.DataObject();
dataObject.Data = doc.ChildNodes;
dataObject.Id = dataObjectId;
_xadesSignedXml.AddObject(dataObject);
reference.Id = "Reference-" + Guid.NewGuid().ToString();
reference.Uri = "#" + dataObjectId;
reference.Type = SignedXml.XmlDsigNamespaceUrl + "Object";
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
reference.AddTransform(transform);
_objectReference = reference.Id;
_mimeType = "text/xml";
_xadesSignedXml.AddReference(reference);
_document = null;
}
/// <summary>
/// Inserta un documento para generar una firma internally detached.
/// </summary>
/// <param name="content"></param>
/// <param name="mimeType"></param>
public void SetContentInternallyDetached(byte[] content, string mimeType, string fileName = null)
{
_document = new XmlDocument();
XmlElement rootElement = _document.CreateElement("DOCFIRMA");
_document.AppendChild(rootElement);
string id = "CONTENT-" + Guid.NewGuid().ToString();
Reference reference = new Reference();
reference.Uri = "#" + id;
reference.Id = "Reference-" + Guid.NewGuid().ToString();
_objectReference = reference.Id;
_mimeType = mimeType;
XmlElement contentElement = _document.CreateElement("CONTENT");
if (mimeType == "text/xml")
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(new MemoryStream(content));
contentElement.InnerXml = doc.DocumentElement.OuterXml;
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
reference.AddTransform(transform);
}
else if (mimeType == "hash/sha256")
{
contentElement.SetAttribute("Encoding", "http://www.w3.org/2000/09/xmldsig#base64");
contentElement.SetAttribute("MimeType", mimeType);
if (!string.IsNullOrEmpty(fileName))
{
contentElement.SetAttribute("URI", Path.GetFileName(fileName));
}
using (SHA256 sha2 = SHA256.Create())
{
contentElement.InnerText = Convert.ToBase64String(sha2.ComputeHash(content));
}
XmlDsigBase64Transform transform = new XmlDsigBase64Transform();
reference.AddTransform(transform);
}
else
{
contentElement.SetAttribute("Encoding", "http://www.w3.org/2000/09/xmldsig#base64");
contentElement.InnerText = Convert.ToBase64String(content);
XmlDsigBase64Transform transform = new XmlDsigBase64Transform();
reference.AddTransform(transform);
}
contentElement.SetAttribute("Id", id);
rootElement.AppendChild(contentElement);
_xadesSignedXml = new XadesSignedXml(_document);
_xadesSignedXml.AddReference(reference);
}
/// <summary>
/// Realiza la contrafirma de la firma actual
/// </summary>
/// <param name="sigDocument"></param>
/// <param name="parameters"></param>
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters)
{
if (parameters.Signer == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
SignatureDocument.CheckSignatureDocument(sigDocument);
SignatureDocument counterSigDocument = new SignatureDocument();
counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone();
counterSigDocument.Document.PreserveWhitespace = true;
XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document);
SetSignatureId(counterSignature);
counterSignature.SigningKey = parameters.Signer.SigningKey;
_refContent = new Reference();
_refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId;
_refContent.Id = "Reference-" + Guid.NewGuid().ToString();
_refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature";
_refContent.AddTransform(new XmlDsigC14NTransform());
counterSignature.AddReference(_refContent);
_dataFormat = new DataObjectFormat();
_dataFormat.MimeType = "text/xml";
_dataFormat.Encoding = "UTF-8";
KeyInfo keyInfo = new KeyInfo();
keyInfo.Id = "KeyInfoId-" + counterSignature.Signature.Id;
keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate));
keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey));
counterSignature.KeyInfo = keyInfo;
Reference referenceKeyInfo = new Reference();
referenceKeyInfo.Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id;
referenceKeyInfo.Uri = "#KeyInfoId-" + counterSignature.Signature.Id;
counterSignature.AddReference(referenceKeyInfo);
XadesObject counterSignatureXadesObject = new XadesObject();
counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString();
counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id;
counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id;
AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties,
counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties,
counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters);
counterSignature.AddXadesObject(counterSignatureXadesObject);
foreach (Reference signReference in counterSignature.SignedInfo.References)
{
signReference.DigestMethod = parameters.DigestMethod.URI;
}
counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI;
counterSignature.AddXadesNamespace = true;
counterSignature.ComputeSignature();
UnsignedProperties unsignedProperties = sigDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature);
sigDocument.XadesSignature.UnsignedProperties = unsignedProperties;
UpdateXadesSignature(sigDocument);
counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone();
counterSigDocument.Document.PreserveWhitespace = true;
XmlElement signatureElement = (XmlElement)sigDocument.Document.SelectSingleNode("//*[@Id='" + counterSignature.Signature.Id + "']");
counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document);
counterSigDocument.XadesSignature.LoadXml(signatureElement);
return(counterSigDocument);
}
public static void FirmarXadesEPES(XmlDocument xmlDoc, X509Certificate2 cert)
{
// Precondiciones.
if (xmlDoc == null)
{
throw new ArgumentException("xmlDoc");
}
if (cert == null)
{
throw new ArgumentException("Cert");
}
//
String keyInfoID = "keyinfoID";
String signedPropertiestypeID = "SignedPropertiestypeID";
String signatureID = "FacturaeSignatureID";
// Creo el objeto de la firma.
XadesSignedXml signedXml = new XadesSignedXml(xmlDoc);
// Añado la clave privada.
signedXml.SigningKey = cert.PrivateKey;
// Creo una referencia al documento, se pasa "" para decir que es todo el documento
Reference reference = new Reference();
reference.Uri = "";
// Añado transformacion a enveloped a la referencia.
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
// Añado la referencia al objeto de la firma.
signedXml.AddReference(reference);
// Creo una referencia al keyInfo
Reference keyInfoReference = new Reference();
keyInfoReference.Uri = "#" + keyInfoID;
signedXml.AddReference(keyInfoReference);
//referencia al SignedProperiestype
Reference signedProperiestypeReference = new Reference();
signedProperiestypeReference.Uri = "#" + signedPropertiestypeID;
signedProperiestypeReference.Type = "http://uri.etsi.org/01903#SignedProperties";
signedProperiestypeReference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(signedProperiestypeReference);
// Añado la informacion del certificado
KeyInfo keyInfo = new KeyInfo();
keyInfo.Id = keyInfoID;
keyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.KeyInfo = keyInfo;
//info extra para xades-epes
QualifyingPropertiesType qualifyingProperties = new QualifyingPropertiesType();
qualifyingProperties.Target = "#" + signatureID;
qualifyingProperties.SignedProperties = new SignedPropertiesType();
qualifyingProperties.SignedProperties.Id = signedPropertiestypeID;
qualifyingProperties.SignedProperties.SignedSignatureProperties = new SignedSignaturePropertiesType();
qualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Today;
qualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier = new SignaturePolicyIdentifierType();
SignaturePolicyIdType signaturePolicyIdType = new SignaturePolicyIdType();
signaturePolicyIdType.SigPolicyId = new ObjectIdentifierType();
signaturePolicyIdType.SigPolicyId.Identifier = new IdentifierType();
signaturePolicyIdType.SigPolicyId.Identifier.Value = "http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf";
signaturePolicyIdType.SigPolicyId.Description = "facturae31";
signaturePolicyIdType.SigPolicyHash = new DigestAlgAndValueType();
signaturePolicyIdType.SigPolicyHash.DigestMethod = new DigestMethodType();
signaturePolicyIdType.SigPolicyHash.DigestMethod.Algorithm = "http://www.w3.org/2000/09/xmldsig#sha1";
signaturePolicyIdType.SigPolicyHash.DigestValue = Convert.FromBase64String("Ohixl6upD6av8N7pEvDABhEL6hM=");
qualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.Item = signaturePolicyIdType;
signedXml.AddQualifyingPropertiesObject(qualifyingProperties);
// Proceso la firma.
signedXml.ComputeSignature();
// Obtengo la representación de la firma en Xml.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Añado el xml de la firma al documento original.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
public static string Sign(string xml, X509Certificate2 x509)
{
// Wczytaj.
XmlDocument doc = new XmlDocument
{
PreserveWhitespace = true
};
doc.LoadXml(xml);
// SignedXml object
XadesSignedXml signedXml = new XadesSignedXml(doc);
signedXml.Signature.Id = "ID-1234";
signedXml.SigningKey = x509.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
// dodaj referencję na dokument
Reference reference = new Reference("#Dokument");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
// dodaj KeyInfo
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(x509)); // ??? WholeChain ???
signedXml.KeyInfo = keyInfo;
//
XadesObject xo = new XadesObject();
{
Cert cert = new Cert();
cert.IssuerSerial.X509IssuerName = x509.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = x509.SerialNumber;
{
SHA1 cryptoServiceProvider = new SHA1CryptoServiceProvider();
cert.CertDigest.DigestValue = cryptoServiceProvider.ComputeHash(x509.RawData);
cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
}
xo.QualifyingProperties.Target = "#" + signedXml.Signature.Id;
xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Now;
xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true;
xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
DataObjectFormat dof = new DataObjectFormat
{
ObjectReferenceAttribute = "#Dokument",
Description = "Dokument w formacie xml [XML]",
Encoding = SignedXml.XmlDsigBase64TransformUrl, // ...xmldsig/#base64
MimeType = "text/plain"
};
xo.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Add(dof);
}
signedXml.AddXadesObject(xo);
//// W dokumentacji 2.9.9.a, Id dla <ds:Object> ma mieć wartość "Dokument", ale nie ma tego w przykładach
var data = new DataObject("Dokument", "text/xml", "", doc.DocumentElement);
signedXml.AddObject(data);
// Podpisz
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
return(xmlDigitalSignature.OuterXml);
}
/// <summary>
/// Realiza la contrafirma de la firma actual
/// </summary>
/// <param name="certificate"></param>
/// <param name="signMethod"></param>
public void CounterSign(X509Certificate2 certificate, SignMethod?signMethod = null)
{
SetSignatureId();
if (_xadesSignedXml == null)
{
throw new Exception("No hay ninguna firma XADES cargada previamente.");
}
if (certificate == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
if (signMethod.HasValue)
{
this.SignMethod = signMethod.Value;
}
_signCertificate = certificate;
XadesSignedXml counterSignature = new XadesSignedXml(_document);
SetCryptoServiceProvider();
counterSignature.SigningKey = _rsaKey;
Reference reference = new Reference();
reference.Uri = "#" + _xadesSignedXml.SignatureValueId;
reference.Id = "Reference-" + Guid.NewGuid().ToString();
reference.Type = "http://uri.etsi.org/01903#CountersignedSignature";
reference.AddTransform(new XmlDsigC14NTransform());
counterSignature.AddReference(reference);
_objectReference = reference.Id;
KeyInfo keyInfo = new KeyInfo();
keyInfo.Id = "KeyInfoId-" + _signatureId;
keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)_signCertificate));
keyInfo.AddClause(new RSAKeyValue((RSA)_rsaKey));
counterSignature.KeyInfo = keyInfo;
Reference referenceKeyInfo = new Reference();
referenceKeyInfo.Id = "ReferenceKeyInfo-" + _signatureId;
referenceKeyInfo.Uri = "#KeyInfoId-" + _signatureId;
counterSignature.AddReference(referenceKeyInfo);
counterSignature.Signature.Id = _signatureId;
counterSignature.SignatureValueId = _signatureValueId;
XadesObject counterSignatureXadesObject = new XadesObject();
counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString();
counterSignatureXadesObject.QualifyingProperties.Target = "#" + _signatureId;
counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + _signatureId;
AddSignatureProperties(counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties,
counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties,
counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties,
"text/xml", _signCertificate);
counterSignature.AddXadesObject(counterSignatureXadesObject);
foreach (Reference signReference in counterSignature.SignedInfo.References)
{
signReference.DigestMethod = _refsMethodUri;
}
counterSignature.AddXadesNamespace = true;
counterSignature.ComputeSignature();
UnsignedProperties unsignedProperties = _xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature);
_xadesSignedXml.UnsignedProperties = unsignedProperties;
UpdateDocument();
_xadesSignedXml = new XadesSignedXml(_document);
XmlNode xmlNode = _document.SelectSingleNode("//*[@Id='" + _signatureId + "']");
_xadesSignedXml.LoadXml((XmlElement)xmlNode);
}
private static void AddXAdESProperties(XmlDocument document, XadesSignedXml xadesSignedXml, X509Certificate2 signingCertificate)
{
var parametersSignature = new Reference
{
Uri = $"#{SignaturePropertiesId}",
Type = XadesSignedXml.XmlDsigSignatureProperties,
};
xadesSignedXml.AddReference(parametersSignature);
// <Object>
var objectNode = document.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl);
// <Object><QualifyingProperties>
var qualifyingPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "QualifyingProperties", XadesSignedXml.XadesNamespaceUrl);
qualifyingPropertiesNode.SetAttribute("Target", $"#{SignatureId}");
objectNode.AppendChild(qualifyingPropertiesNode);
// <Object><QualifyingProperties><SignedProperties>
var signedPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedProperties", XadesSignedXml.XadesNamespaceUrl);
signedPropertiesNode.SetAttribute("Id", SignaturePropertiesId);
qualifyingPropertiesNode.AppendChild(signedPropertiesNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties>
var signedSignaturePropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedSignatureProperties", XadesSignedXml.XadesNamespaceUrl);
signedPropertiesNode.AppendChild(signedSignaturePropertiesNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> </SigningTime>
var signingTime = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningTime", XadesSignedXml.XadesNamespaceUrl);
signingTime.InnerText = $"{DateTime.UtcNow.ToString("s")}Z";
signedSignaturePropertiesNode.AppendChild(signingTime);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate>
var signingCertificateNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningCertificate", XadesSignedXml.XadesNamespaceUrl);
signedSignaturePropertiesNode.AppendChild(signingCertificateNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert>
var certNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Cert", XadesSignedXml.XadesNamespaceUrl);
signingCertificateNode.AppendChild(certNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest>
var certDigestNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CertDigest", XadesSignedXml.XadesNamespaceUrl);
certNode.AppendChild(certDigestNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod>
var digestMethod = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl);
var digestMethodAlgorithmAtribute = document.CreateAttribute("Algorithm");
digestMethodAlgorithmAtribute.InnerText = SignedXml.XmlDsigSHA1Url;
digestMethod.Attributes.Append(digestMethodAlgorithmAtribute);
certDigestNode.AppendChild(digestMethod);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod>
var digestValue = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl);
digestValue.InnerText = Convert.ToBase64String(signingCertificate.GetCertHash());
certDigestNode.AppendChild(digestValue);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial>
var issuerSerialNode = document.CreateElement(XadesSignedXml.XadesPrefix, "IssuerSerial", XadesSignedXml.XadesNamespaceUrl);
certNode.AppendChild(issuerSerialNode);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509IssuerName>
var x509IssuerName = document.CreateElement("X509IssuerName", SignedXml.XmlDsigNamespaceUrl);
x509IssuerName.InnerText = signingCertificate.Issuer;
issuerSerialNode.AppendChild(x509IssuerName);
// <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509SerialNumber>
var x509SerialNumber = document.CreateElement("X509SerialNumber", SignedXml.XmlDsigNamespaceUrl);
x509SerialNumber.InnerText = ToDecimalString(signingCertificate.SerialNumber);
issuerSerialNode.AppendChild(x509SerialNumber);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties>
var signedDataObjectPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedDataObjectProperties", XadesSignedXml.XadesNamespaceUrl);
signedPropertiesNode.AppendChild(signedDataObjectPropertiesNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication>
var commitmentTypeIndicationNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeIndication", XadesSignedXml.XadesNamespaceUrl);
signedDataObjectPropertiesNode.AppendChild(commitmentTypeIndicationNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId>
var commitmentTypeIdNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeId", XadesSignedXml.XadesNamespaceUrl);
commitmentTypeIndicationNode.AppendChild(commitmentTypeIdNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId><Identifier>
var identifierNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Identifier", XadesSignedXml.XadesNamespaceUrl);
identifierNode.InnerText = XadesSignedXml.XadesProofOfApproval;
commitmentTypeIdNode.AppendChild(identifierNode);
// <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><AllSignedDataObjects>
var allSignedDataObjectsNode = document.CreateElement(XadesSignedXml.XadesPrefix, "AllSignedDataObjects", XadesSignedXml.XadesNamespaceUrl);
commitmentTypeIndicationNode.AppendChild(allSignedDataObjectsNode);
var dataObject = new DataObject();
dataObject.Data = qualifyingPropertiesNode.SelectNodes(".");
xadesSignedXml.AddObject(dataObject);
}
public static XadesSignedXml GetXadesSignedXml(X509Certificate2 certificate, XmlDocument originalDoc, string signatureid, string privateKeyPassword)
{
var secureString = new SecureString();
foreach (var ch in privateKeyPassword)
secureString.AppendChar(ch);
var provider = (Gost3410CryptoServiceProvider)certificate.PrivateKey;
provider.SetContainerPassword(secureString);
var signedXml = new XadesSignedXml(originalDoc) { SigningKey = provider };
signedXml.Signature.Id = signatureid;
signedXml.SignatureValueId = String.Format("{0}-sigvalue", signatureid);
var reference = new Reference
{
Uri = "#signed-data-container",
DigestMethod = CPSignedXml.XmlDsigGost3411UrlObsolete,
Id = String.Format("{0}-ref0", signatureid)
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
signedXml.SignedInfo.SignatureMethod = CPSignedXml.XmlDsigGost3410UrlObsolete;
return signedXml;
}
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters)
{
if (parameters.Signer == null)
{
throw new Exception("Es necesario un certificado válido para la firma.");
}
SignatureDocument.CheckSignatureDocument(sigDocument);
SignatureDocument signatureDocument = new SignatureDocument();
signatureDocument.Document = (XmlDocument)sigDocument.Document.Clone();
signatureDocument.Document.PreserveWhitespace = true;
XadesSignedXml xadesSignedXml = new XadesSignedXml(signatureDocument.Document);
xadesSignedXml.Signature.Id = "xmldsig-" + Guid.NewGuid().ToString();
xadesSignedXml.SignatureValueId = sigDocument.XadesSignature.Signature.Id + "-sigvalue";
xadesSignedXml.SigningKey = parameters.Signer.SigningKey;
_refContent = new Reference();
_refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId;
Reference refContent = _refContent;
Guid guid = Guid.NewGuid();
refContent.Id = "Reference-" + guid.ToString();
_refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature";
_refContent.AddTransform(new XmlDsigC14NTransform());
xadesSignedXml.AddReference(_refContent);
_mimeType = "text/xml";
_encoding = "UTF-8";
KeyInfo keyInfo = new KeyInfo();
keyInfo.Id = "KeyInfoId-" + xadesSignedXml.Signature.Id;
keyInfo.AddClause(new KeyInfoX509Data(parameters.Signer.Certificate));
keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey));
xadesSignedXml.KeyInfo = keyInfo;
Reference reference = new Reference();
reference.Id = "ReferenceKeyInfo-" + xadesSignedXml.Signature.Id;
reference.Uri = "#KeyInfoId-" + xadesSignedXml.Signature.Id;
xadesSignedXml.AddReference(reference);
XadesObject xadesObject = new XadesObject();
XadesObject xadesObject2 = xadesObject;
guid = Guid.NewGuid();
xadesObject2.Id = "CounterSignatureXadesObject-" + guid.ToString();
xadesObject.QualifyingProperties.Target = "#" + xadesSignedXml.Signature.Id;
xadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + xadesSignedXml.Signature.Id;
AddSignatureProperties(signatureDocument, xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, xadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, xadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters);
xadesSignedXml.AddXadesObject(xadesObject);
foreach (Reference reference2 in xadesSignedXml.SignedInfo.References)
{
reference2.DigestMethod = parameters.DigestMethod.URI;
}
xadesSignedXml.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI;
xadesSignedXml.AddXadesNamespace = true;
xadesSignedXml.ComputeSignature();
signatureDocument.XadesSignature = new XadesSignedXml(signatureDocument.Document);
signatureDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml());
UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(xadesSignedXml);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
signatureDocument.UpdateDocument();
return(signatureDocument);
}
/// <summary>
/// Realiza la contrafirma de la firma actual
/// </summary>
/// <param name="sigDocument"></param>
/// <param name="parameters"></param>
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters)
{
if (parameters.Signer == null)
{
throw new Exception("A valid certificate is required for the signature");
}
SignatureDocument.CheckSignatureDocument(sigDocument);
SignatureDocument counterSigDocument = new SignatureDocument
{
Document = (XmlDocument)sigDocument.Document.Clone()
};
counterSigDocument.Document.PreserveWhitespace = true;
XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document);
SetSignatureId(counterSignature);
counterSignature.SigningKey = parameters.Signer.SigningKey;
_refContent = new Reference
{
Uri = "#" + sigDocument.XadesSignature.SignatureValueId,
Id = "Reference-" + Guid.NewGuid().ToString(),
Type = "http://uri.etsi.org/01903#CountersignedSignature"
};
_refContent.AddTransform(new XmlDsigC14NTransform());
counterSignature.AddReference(_refContent);
_mimeType = "text/xml";
_encoding = "UTF-8";
KeyInfo keyInfo = new KeyInfo
{
Id = "KeyInfoId-" + counterSignature.Signature.Id
};
keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate));
keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey));
counterSignature.KeyInfo = keyInfo;
Reference referenceKeyInfo = new Reference
{
Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id,
Uri = "#KeyInfoId-" + counterSignature.Signature.Id
};
counterSignature.AddReference(referenceKeyInfo);
XadesObject counterSignatureXadesObject = new XadesObject
{
Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString()
};
counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id;
counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id;
AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties,
counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties,
counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters);
counterSignature.AddXadesObject(counterSignatureXadesObject);
foreach (Reference signReference in counterSignature.SignedInfo.References)
{
signReference.DigestMethod = parameters.DigestMethod.URI;
}
counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI;
counterSignature.AddXadesNamespace = true;
counterSignature.ComputeSignature();
counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document);
counterSigDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml());
UnsignedProperties unsignedProperties = counterSigDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature);
counterSigDocument.XadesSignature.UnsignedProperties = unsignedProperties;
counterSigDocument.UpdateDocument();
return(counterSigDocument);
}
