public static XmlElement SignWithXAdES(X509Certificate2 signingCertificate, XmlDocument xmlDocument) { var signedXml = new XadesSignedXml(xmlDocument); signedXml.Signature.Id = SignatureId; signedXml.SigningKey = signingCertificate.PrivateKey; var signatureReference = new Reference { Uri = "", }; signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(signatureReference); var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(signingCertificate)); signedXml.KeyInfo = keyInfo; AddXAdESProperties(xmlDocument, signedXml, signingCertificate); signedXml.ComputeSignature(); return(signedXml.GetXml()); }
/// <summary> /// Carga el documento XML especificado y establece para firmar el elemento especificado en elementId /// </summary> /// <param name="xmlDocument"></param> /// <param name="elementId"></param> /// <param name="mimeType"></param> public void SetContentInternallyDetached(XmlDocument xmlDocument, string elementId, string mimeType) { _document = (XmlDocument)xmlDocument.Clone(); _document.PreserveWhitespace = true; Reference reference = new Reference(); reference.Uri = "#" + elementId; reference.Id = "Reference-" + Guid.NewGuid().ToString(); _objectReference = reference.Id; _mimeType = mimeType; if (mimeType == "text/xml") { XmlDsigC14NTransform transform = new XmlDsigC14NTransform(); reference.AddTransform(transform); } else { XmlDsigBase64Transform transform = new XmlDsigBase64Transform(); reference.AddTransform(transform); } _xadesSignedXml = new XadesSignedXml(_document); _xadesSignedXml.AddReference(reference); }
public static XadesSignedXml GetXadesSignedXml(SigningKeyProvider provider, XmlDocument originalDoc, string signatureid) { var signedXml = new XadesSignedXml(originalDoc) { SigningKey = provider.SigningKey }; signedXml.Signature.Id = signatureid; signedXml.SignatureValueId = String.Format("{0}-sigvalue", signatureid); var reference = new Reference { Uri = "#signed-data-container", DigestMethod = provider.DigestMethod, Id = String.Format("{0}-ref0", signatureid) }; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; signedXml.SignedInfo.SignatureMethod = provider.SignatureMethod; return(signedXml); }
/// <summary> /// Construye el documento enveloped /// </summary> private void CreateEnvelopedDocument() { Reference reference = new Reference(); _xadesSignedXml = new XadesSignedXml(_document); reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Uri = ""; for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++) { if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase)) { reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value; break; } } XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(xmlDsigEnvelopedSignatureTransform); _objectReference = reference.Id; _xadesSignedXml.AddReference(reference); }
/// <summary> /// Añade una firma al documento /// </summary> /// <param name="certificate"></param> /// <param name="signMethod"></param> public void CoSign(X509Certificate2 certificate, SignMethod?signMethod = null) { if (_xadesSignedXml == null) { throw new Exception("No hay ninguna firma XADES creada previamente."); } if (certificate == null) { throw new Exception("Es necesario un certificado válido para la firma."); } Reference refContent = _xadesSignedXml.SignedInfo.References[0] as Reference; if (refContent == null) { throw new Exception("No se ha podido encontrar la referencia del contenido firmado."); } if (_xadesSignedXml.XadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Count > 0) { foreach (DataObjectFormat dof in _xadesSignedXml.XadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection) { if (dof.ObjectReferenceAttribute == ("#" + refContent.Id)) { _mimeType = dof.MimeType; break; } } } var destination = _xadesSignedXml.GetSignatureElement().ParentNode; _xadesSignedXml = new XadesSignedXml(_document); refContent.Id = "Reference-" + Guid.NewGuid().ToString(); _xadesSignedXml.AddReference(refContent); if (destination.NodeType != XmlNodeType.Document) { _xadesSignedXml.SignatureNodeDestination = (XmlElement)destination; } else { _xadesSignedXml.SignatureNodeDestination = ((XmlDocument)destination).DocumentElement; } _objectReference = refContent.Id; SetSignatureId(); Sign(certificate, signMethod); }
/// <summary> /// Construye el documento enveloped /// </summary> private void CreateEnvelopedDocument() { Reference reference = new Reference(); _xadesSignedXml = new XadesSignedXml(_document); reference.DigestMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; reference.Id = "r-id-1"; reference.Type = ""; reference.Uri = ""; //for (int i = 0; i < _document.DocumentElement.Attributes.Count; i++) //{ // if (_document.DocumentElement.Attributes[i].Name.Equals("id", StringComparison.InvariantCultureIgnoreCase)) // { // reference.Uri = "#" + _document.DocumentElement.Attributes[i].Value; // break; // } //} // ** XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); //xmlDsigEnvelopedSignatureTransform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116"; XmlDocument doc = new XmlDocument(); XmlElement xpathElem = doc.CreateElement("XPath"); xpathElem.InnerText = "not(ancestor-or-self::ds:Signature)"; XmlDsigXPathTransform xform = new XmlDsigXPathTransform(); xform.LoadInnerXml(xpathElem.SelectNodes(".")); xform.Algorithm = "http://www.w3.org/TR/1999/REC-xpath-19991116"; //xform.PropagatedNamespaces.Add("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#"); reference.AddTransform(xform); XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform(); reference.AddTransform(transform); //reference.AddTransform(xmlDsigEnvelopedSignatureTransform); _objectReference = reference.Id; _xadesSignedXml.AddReference(reference); }
/// <summary> /// Inserta un documento para generar una firma externally detached. /// </summary> /// <param name="fileName"></param> public void SetContentExternallyDetached(string fileName) { Reference reference = new Reference(); _document = new XmlDocument(); _xadesSignedXml = new XadesSignedXml(); reference.Uri = "file://" + fileName.Replace("\\", "/"); reference.Id = "Reference-" + Guid.NewGuid().ToString(); if (reference.Uri.EndsWith(".xml") || reference.Uri.EndsWith(".XML")) { _mimeType = "text/xml"; reference.AddTransform(new XmlDsigC14NTransform()); } _objectReference = reference.Id; _xadesSignedXml.AddReference(reference); }
private static XadesSignedXml CreateFromXmlDocument(XmlDocument envelopedSignatureXmlDocument) { XmlDsigEnvelopedSignatureTransform xmlDsigEnvelopedSignatureTransform; Reference reference; reference = new Reference(); var xadesSignedXml = new XadesSignedXml(envelopedSignatureXmlDocument); reference.Uri = ""; reference.Id = "xml_ref_id"; //TODO jbonilla - Parameter? //reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; reference.DigestMethod = SignedXml.XmlDsigSHA1Url; // ETSI TS 103 171 V2.1.1 // 6.2.4 Transforms within ds:Reference element { //XmlDsigC14NTransform xmlDsigC14NTransform = new XmlDsigC14NTransform(); //reference.AddTransform(xmlDsigC14NTransform); xmlDsigEnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(xmlDsigEnvelopedSignatureTransform); //jbonilla - Para permitir multifirmas (co-firmas) Dictionary <string, string> namespaces = new Dictionary <string, string>(); namespaces.Add("ds", "http://www.w3.org/2000/09/xmldsig#"); var xmlDsigXPathTransform = CreateXPathTransform("not(ancestor-or-self::ds:Signature)", namespaces); reference.AddTransform(xmlDsigXPathTransform); } xadesSignedXml.AddReference(reference); // ETSI TS 103 171 V2.1.1 // 6.2.2 Canonicalization of ds:SignedInfo element xadesSignedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigC14NTransformUrl;//"http://www.w3.org/2001/10/xml-exc-c14n#"; //xadesSignedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; xadesSignedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url; return(xadesSignedXml); }
private static XadesSignedXml GetXadesSignedXml(X509Certificate2 certificate, XmlDocument originalDoc, string signatureid, string privateKeyPassword) { var secureString = new SecureString(); foreach (var ch in privateKeyPassword) { secureString.AppendChar(ch); } var provider = (Gost3410CryptoServiceProvider)certificate.PrivateKey; provider.SetContainerPassword(secureString); var signedXml = new XadesSignedXml(originalDoc) { SigningKey = provider }; signedXml.Signature.Id = signatureid; signedXml.SignatureValueId = $"{signatureid}-sigvalue"; var reference = new Reference { Uri = "#signed-data-container", #pragma warning disable 612 DigestMethod = CPSignedXml.XmlDsigGost3411UrlObsolete, #pragma warning restore 612 Id = $"{signatureid}-ref0" }; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; #pragma warning disable 612 signedXml.SignedInfo.SignatureMethod = CPSignedXml.XmlDsigGost3410UrlObsolete; #pragma warning restore 612 return(signedXml); }
private void AddCertificateInfo() { SetCryptoServiceProvider(); _xadesSignedXml.SigningKey = _rsaKey; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + _signatureId; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)_signCertificate)); keyInfo.AddClause(new RSAKeyValue((RSA)_rsaKey)); _xadesSignedXml.KeyInfo = keyInfo; Reference reference = new Reference(); reference.Id = "ReferenceKeyInfo"; reference.Uri = "#KeyInfoId-" + _signatureId; _xadesSignedXml.AddReference(reference); }
/// <summary> /// Inserta un contenido XML para generar una firma enveloping. /// </summary> /// <param name="xmlDocument"></param> public void SetContentEveloping(XmlDocument xmlDocument) { Reference reference = new Reference(); _xadesSignedXml = new XadesSignedXml(); XmlDocument doc = (XmlDocument)xmlDocument.Clone(); doc.PreserveWhitespace = true; if (doc.ChildNodes[0].NodeType == XmlNodeType.XmlDeclaration) { doc.RemoveChild(doc.ChildNodes[0]); } //Add an object string dataObjectId = "DataObject-" + Guid.NewGuid().ToString(); System.Security.Cryptography.Xml.DataObject dataObject = new System.Security.Cryptography.Xml.DataObject(); dataObject.Data = doc.ChildNodes; dataObject.Id = dataObjectId; _xadesSignedXml.AddObject(dataObject); reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Uri = "#" + dataObjectId; reference.Type = SignedXml.XmlDsigNamespaceUrl + "Object"; XmlDsigC14NTransform transform = new XmlDsigC14NTransform(); reference.AddTransform(transform); _objectReference = reference.Id; _mimeType = "text/xml"; _xadesSignedXml.AddReference(reference); _document = null; }
/// <summary> /// Inserta un documento para generar una firma internally detached. /// </summary> /// <param name="content"></param> /// <param name="mimeType"></param> public void SetContentInternallyDetached(byte[] content, string mimeType, string fileName = null) { _document = new XmlDocument(); XmlElement rootElement = _document.CreateElement("DOCFIRMA"); _document.AppendChild(rootElement); string id = "CONTENT-" + Guid.NewGuid().ToString(); Reference reference = new Reference(); reference.Uri = "#" + id; reference.Id = "Reference-" + Guid.NewGuid().ToString(); _objectReference = reference.Id; _mimeType = mimeType; XmlElement contentElement = _document.CreateElement("CONTENT"); if (mimeType == "text/xml") { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(new MemoryStream(content)); contentElement.InnerXml = doc.DocumentElement.OuterXml; XmlDsigC14NTransform transform = new XmlDsigC14NTransform(); reference.AddTransform(transform); } else if (mimeType == "hash/sha256") { contentElement.SetAttribute("Encoding", "http://www.w3.org/2000/09/xmldsig#base64"); contentElement.SetAttribute("MimeType", mimeType); if (!string.IsNullOrEmpty(fileName)) { contentElement.SetAttribute("URI", Path.GetFileName(fileName)); } using (SHA256 sha2 = SHA256.Create()) { contentElement.InnerText = Convert.ToBase64String(sha2.ComputeHash(content)); } XmlDsigBase64Transform transform = new XmlDsigBase64Transform(); reference.AddTransform(transform); } else { contentElement.SetAttribute("Encoding", "http://www.w3.org/2000/09/xmldsig#base64"); contentElement.InnerText = Convert.ToBase64String(content); XmlDsigBase64Transform transform = new XmlDsigBase64Transform(); reference.AddTransform(transform); } contentElement.SetAttribute("Id", id); rootElement.AppendChild(contentElement); _xadesSignedXml = new XadesSignedXml(_document); _xadesSignedXml.AddReference(reference); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="sigDocument"></param> /// <param name="parameters"></param> public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("Es necesario un certificado válido para la firma."); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument counterSigDocument = new SignatureDocument(); counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone(); counterSigDocument.Document.PreserveWhitespace = true; XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document); SetSignatureId(counterSignature); counterSignature.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference(); _refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId; _refContent.Id = "Reference-" + Guid.NewGuid().ToString(); _refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature"; _refContent.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(_refContent); _dataFormat = new DataObjectFormat(); _dataFormat.MimeType = "text/xml"; _dataFormat.Encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + counterSignature.Signature.Id; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference(); referenceKeyInfo.Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id; referenceKeyInfo.Uri = "#KeyInfoId-" + counterSignature.Signature.Id; counterSignature.AddReference(referenceKeyInfo); XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString(); counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id; AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = parameters.DigestMethod.URI; } counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = sigDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); sigDocument.XadesSignature.UnsignedProperties = unsignedProperties; UpdateXadesSignature(sigDocument); counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone(); counterSigDocument.Document.PreserveWhitespace = true; XmlElement signatureElement = (XmlElement)sigDocument.Document.SelectSingleNode("//*[@Id='" + counterSignature.Signature.Id + "']"); counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document); counterSigDocument.XadesSignature.LoadXml(signatureElement); return(counterSigDocument); }
public static void FirmarXadesEPES(XmlDocument xmlDoc, X509Certificate2 cert) { // Precondiciones. if (xmlDoc == null) { throw new ArgumentException("xmlDoc"); } if (cert == null) { throw new ArgumentException("Cert"); } // String keyInfoID = "keyinfoID"; String signedPropertiestypeID = "SignedPropertiestypeID"; String signatureID = "FacturaeSignatureID"; // Creo el objeto de la firma. XadesSignedXml signedXml = new XadesSignedXml(xmlDoc); // Añado la clave privada. signedXml.SigningKey = cert.PrivateKey; // Creo una referencia al documento, se pasa "" para decir que es todo el documento Reference reference = new Reference(); reference.Uri = ""; // Añado transformacion a enveloped a la referencia. reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); // Añado la referencia al objeto de la firma. signedXml.AddReference(reference); // Creo una referencia al keyInfo Reference keyInfoReference = new Reference(); keyInfoReference.Uri = "#" + keyInfoID; signedXml.AddReference(keyInfoReference); //referencia al SignedProperiestype Reference signedProperiestypeReference = new Reference(); signedProperiestypeReference.Uri = "#" + signedPropertiestypeID; signedProperiestypeReference.Type = "http://uri.etsi.org/01903#SignedProperties"; signedProperiestypeReference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(signedProperiestypeReference); // Añado la informacion del certificado KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = keyInfoID; keyInfo.AddClause(new KeyInfoX509Data(cert)); signedXml.KeyInfo = keyInfo; //info extra para xades-epes QualifyingPropertiesType qualifyingProperties = new QualifyingPropertiesType(); qualifyingProperties.Target = "#" + signatureID; qualifyingProperties.SignedProperties = new SignedPropertiesType(); qualifyingProperties.SignedProperties.Id = signedPropertiestypeID; qualifyingProperties.SignedProperties.SignedSignatureProperties = new SignedSignaturePropertiesType(); qualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Today; qualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier = new SignaturePolicyIdentifierType(); SignaturePolicyIdType signaturePolicyIdType = new SignaturePolicyIdType(); signaturePolicyIdType.SigPolicyId = new ObjectIdentifierType(); signaturePolicyIdType.SigPolicyId.Identifier = new IdentifierType(); signaturePolicyIdType.SigPolicyId.Identifier.Value = "http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf"; signaturePolicyIdType.SigPolicyId.Description = "facturae31"; signaturePolicyIdType.SigPolicyHash = new DigestAlgAndValueType(); signaturePolicyIdType.SigPolicyHash.DigestMethod = new DigestMethodType(); signaturePolicyIdType.SigPolicyHash.DigestMethod.Algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"; signaturePolicyIdType.SigPolicyHash.DigestValue = Convert.FromBase64String("Ohixl6upD6av8N7pEvDABhEL6hM="); qualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.Item = signaturePolicyIdType; signedXml.AddQualifyingPropertiesObject(qualifyingProperties); // Proceso la firma. signedXml.ComputeSignature(); // Obtengo la representación de la firma en Xml. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Añado el xml de la firma al documento original. xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true)); }
public static string Sign(string xml, X509Certificate2 x509) { // Wczytaj. XmlDocument doc = new XmlDocument { PreserveWhitespace = true }; doc.LoadXml(xml); // SignedXml object XadesSignedXml signedXml = new XadesSignedXml(doc); signedXml.Signature.Id = "ID-1234"; signedXml.SigningKey = x509.PrivateKey; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url; // dodaj referencję na dokument Reference reference = new Reference("#Dokument"); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(reference); // dodaj KeyInfo KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(x509)); // ??? WholeChain ??? signedXml.KeyInfo = keyInfo; // XadesObject xo = new XadesObject(); { Cert cert = new Cert(); cert.IssuerSerial.X509IssuerName = x509.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = x509.SerialNumber; { SHA1 cryptoServiceProvider = new SHA1CryptoServiceProvider(); cert.CertDigest.DigestValue = cryptoServiceProvider.ComputeHash(x509.RawData); cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; } xo.QualifyingProperties.Target = "#" + signedXml.Signature.Id; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningTime = DateTime.Now; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; xo.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningCertificate.CertCollection.Add(cert); DataObjectFormat dof = new DataObjectFormat { ObjectReferenceAttribute = "#Dokument", Description = "Dokument w formacie xml [XML]", Encoding = SignedXml.XmlDsigBase64TransformUrl, // ...xmldsig/#base64 MimeType = "text/plain" }; xo.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormatCollection.Add(dof); } signedXml.AddXadesObject(xo); //// W dokumentacji 2.9.9.a, Id dla <ds:Object> ma mieć wartość "Dokument", ale nie ma tego w przykładach var data = new DataObject("Dokument", "text/xml", "", doc.DocumentElement); signedXml.AddObject(data); // Podpisz signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); return(xmlDigitalSignature.OuterXml); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="certificate"></param> /// <param name="signMethod"></param> public void CounterSign(X509Certificate2 certificate, SignMethod?signMethod = null) { SetSignatureId(); if (_xadesSignedXml == null) { throw new Exception("No hay ninguna firma XADES cargada previamente."); } if (certificate == null) { throw new Exception("Es necesario un certificado válido para la firma."); } if (signMethod.HasValue) { this.SignMethod = signMethod.Value; } _signCertificate = certificate; XadesSignedXml counterSignature = new XadesSignedXml(_document); SetCryptoServiceProvider(); counterSignature.SigningKey = _rsaKey; Reference reference = new Reference(); reference.Uri = "#" + _xadesSignedXml.SignatureValueId; reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Type = "http://uri.etsi.org/01903#CountersignedSignature"; reference.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(reference); _objectReference = reference.Id; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + _signatureId; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)_signCertificate)); keyInfo.AddClause(new RSAKeyValue((RSA)_rsaKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference(); referenceKeyInfo.Id = "ReferenceKeyInfo-" + _signatureId; referenceKeyInfo.Uri = "#KeyInfoId-" + _signatureId; counterSignature.AddReference(referenceKeyInfo); counterSignature.Signature.Id = _signatureId; counterSignature.SignatureValueId = _signatureValueId; XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString(); counterSignatureXadesObject.QualifyingProperties.Target = "#" + _signatureId; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + _signatureId; AddSignatureProperties(counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, "text/xml", _signCertificate); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = _refsMethodUri; } counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = _xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); _xadesSignedXml.UnsignedProperties = unsignedProperties; UpdateDocument(); _xadesSignedXml = new XadesSignedXml(_document); XmlNode xmlNode = _document.SelectSingleNode("//*[@Id='" + _signatureId + "']"); _xadesSignedXml.LoadXml((XmlElement)xmlNode); }
private static void AddXAdESProperties(XmlDocument document, XadesSignedXml xadesSignedXml, X509Certificate2 signingCertificate) { var parametersSignature = new Reference { Uri = $"#{SignaturePropertiesId}", Type = XadesSignedXml.XmlDsigSignatureProperties, }; xadesSignedXml.AddReference(parametersSignature); // <Object> var objectNode = document.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl); // <Object><QualifyingProperties> var qualifyingPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "QualifyingProperties", XadesSignedXml.XadesNamespaceUrl); qualifyingPropertiesNode.SetAttribute("Target", $"#{SignatureId}"); objectNode.AppendChild(qualifyingPropertiesNode); // <Object><QualifyingProperties><SignedProperties> var signedPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedProperties", XadesSignedXml.XadesNamespaceUrl); signedPropertiesNode.SetAttribute("Id", SignaturePropertiesId); qualifyingPropertiesNode.AppendChild(signedPropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> var signedSignaturePropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedSignatureProperties", XadesSignedXml.XadesNamespaceUrl); signedPropertiesNode.AppendChild(signedSignaturePropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> </SigningTime> var signingTime = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningTime", XadesSignedXml.XadesNamespaceUrl); signingTime.InnerText = $"{DateTime.UtcNow.ToString("s")}Z"; signedSignaturePropertiesNode.AppendChild(signingTime); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate> var signingCertificateNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SigningCertificate", XadesSignedXml.XadesNamespaceUrl); signedSignaturePropertiesNode.AppendChild(signingCertificateNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert> var certNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Cert", XadesSignedXml.XadesNamespaceUrl); signingCertificateNode.AppendChild(certNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> var certDigestNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CertDigest", XadesSignedXml.XadesNamespaceUrl); certNode.AppendChild(certDigestNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod> var digestMethod = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl); var digestMethodAlgorithmAtribute = document.CreateAttribute("Algorithm"); digestMethodAlgorithmAtribute.InnerText = SignedXml.XmlDsigSHA1Url; digestMethod.Attributes.Append(digestMethodAlgorithmAtribute); certDigestNode.AppendChild(digestMethod); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod> var digestValue = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl); digestValue.InnerText = Convert.ToBase64String(signingCertificate.GetCertHash()); certDigestNode.AppendChild(digestValue); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> var issuerSerialNode = document.CreateElement(XadesSignedXml.XadesPrefix, "IssuerSerial", XadesSignedXml.XadesNamespaceUrl); certNode.AppendChild(issuerSerialNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509IssuerName> var x509IssuerName = document.CreateElement("X509IssuerName", SignedXml.XmlDsigNamespaceUrl); x509IssuerName.InnerText = signingCertificate.Issuer; issuerSerialNode.AppendChild(x509IssuerName); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509SerialNumber> var x509SerialNumber = document.CreateElement("X509SerialNumber", SignedXml.XmlDsigNamespaceUrl); x509SerialNumber.InnerText = ToDecimalString(signingCertificate.SerialNumber); issuerSerialNode.AppendChild(x509SerialNumber); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties> var signedDataObjectPropertiesNode = document.CreateElement(XadesSignedXml.XadesPrefix, "SignedDataObjectProperties", XadesSignedXml.XadesNamespaceUrl); signedPropertiesNode.AppendChild(signedDataObjectPropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication> var commitmentTypeIndicationNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeIndication", XadesSignedXml.XadesNamespaceUrl); signedDataObjectPropertiesNode.AppendChild(commitmentTypeIndicationNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId> var commitmentTypeIdNode = document.CreateElement(XadesSignedXml.XadesPrefix, "CommitmentTypeId", XadesSignedXml.XadesNamespaceUrl); commitmentTypeIndicationNode.AppendChild(commitmentTypeIdNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><CommitmentTypeId><Identifier> var identifierNode = document.CreateElement(XadesSignedXml.XadesPrefix, "Identifier", XadesSignedXml.XadesNamespaceUrl); identifierNode.InnerText = XadesSignedXml.XadesProofOfApproval; commitmentTypeIdNode.AppendChild(identifierNode); // <Object><QualifyingProperties><SignedProperties><SignedDataObjectProperties><CommitmentTypeIndication><AllSignedDataObjects> var allSignedDataObjectsNode = document.CreateElement(XadesSignedXml.XadesPrefix, "AllSignedDataObjects", XadesSignedXml.XadesNamespaceUrl); commitmentTypeIndicationNode.AppendChild(allSignedDataObjectsNode); var dataObject = new DataObject(); dataObject.Data = qualifyingPropertiesNode.SelectNodes("."); xadesSignedXml.AddObject(dataObject); }
public static XadesSignedXml GetXadesSignedXml(X509Certificate2 certificate, XmlDocument originalDoc, string signatureid, string privateKeyPassword) { var secureString = new SecureString(); foreach (var ch in privateKeyPassword) secureString.AppendChar(ch); var provider = (Gost3410CryptoServiceProvider)certificate.PrivateKey; provider.SetContainerPassword(secureString); var signedXml = new XadesSignedXml(originalDoc) { SigningKey = provider }; signedXml.Signature.Id = signatureid; signedXml.SignatureValueId = String.Format("{0}-sigvalue", signatureid); var reference = new Reference { Uri = "#signed-data-container", DigestMethod = CPSignedXml.XmlDsigGost3411UrlObsolete, Id = String.Format("{0}-ref0", signatureid) }; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(reference); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; signedXml.SignedInfo.SignatureMethod = CPSignedXml.XmlDsigGost3410UrlObsolete; return signedXml; }
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("Es necesario un certificado válido para la firma."); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument signatureDocument = new SignatureDocument(); signatureDocument.Document = (XmlDocument)sigDocument.Document.Clone(); signatureDocument.Document.PreserveWhitespace = true; XadesSignedXml xadesSignedXml = new XadesSignedXml(signatureDocument.Document); xadesSignedXml.Signature.Id = "xmldsig-" + Guid.NewGuid().ToString(); xadesSignedXml.SignatureValueId = sigDocument.XadesSignature.Signature.Id + "-sigvalue"; xadesSignedXml.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference(); _refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId; Reference refContent = _refContent; Guid guid = Guid.NewGuid(); refContent.Id = "Reference-" + guid.ToString(); _refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature"; _refContent.AddTransform(new XmlDsigC14NTransform()); xadesSignedXml.AddReference(_refContent); _mimeType = "text/xml"; _encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + xadesSignedXml.Signature.Id; keyInfo.AddClause(new KeyInfoX509Data(parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); xadesSignedXml.KeyInfo = keyInfo; Reference reference = new Reference(); reference.Id = "ReferenceKeyInfo-" + xadesSignedXml.Signature.Id; reference.Uri = "#KeyInfoId-" + xadesSignedXml.Signature.Id; xadesSignedXml.AddReference(reference); XadesObject xadesObject = new XadesObject(); XadesObject xadesObject2 = xadesObject; guid = Guid.NewGuid(); xadesObject2.Id = "CounterSignatureXadesObject-" + guid.ToString(); xadesObject.QualifyingProperties.Target = "#" + xadesSignedXml.Signature.Id; xadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + xadesSignedXml.Signature.Id; AddSignatureProperties(signatureDocument, xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, xadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, xadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); xadesSignedXml.AddXadesObject(xadesObject); foreach (Reference reference2 in xadesSignedXml.SignedInfo.References) { reference2.DigestMethod = parameters.DigestMethod.URI; } xadesSignedXml.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; xadesSignedXml.AddXadesNamespace = true; xadesSignedXml.ComputeSignature(); signatureDocument.XadesSignature = new XadesSignedXml(signatureDocument.Document); signatureDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml()); UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(xadesSignedXml); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); return(signatureDocument); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="sigDocument"></param> /// <param name="parameters"></param> public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("A valid certificate is required for the signature"); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument counterSigDocument = new SignatureDocument { Document = (XmlDocument)sigDocument.Document.Clone() }; counterSigDocument.Document.PreserveWhitespace = true; XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document); SetSignatureId(counterSignature); counterSignature.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference { Uri = "#" + sigDocument.XadesSignature.SignatureValueId, Id = "Reference-" + Guid.NewGuid().ToString(), Type = "http://uri.etsi.org/01903#CountersignedSignature" }; _refContent.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(_refContent); _mimeType = "text/xml"; _encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo { Id = "KeyInfoId-" + counterSignature.Signature.Id }; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference { Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id, Uri = "#KeyInfoId-" + counterSignature.Signature.Id }; counterSignature.AddReference(referenceKeyInfo); XadesObject counterSignatureXadesObject = new XadesObject { Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString() }; counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id; AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = parameters.DigestMethod.URI; } counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document); counterSigDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml()); UnsignedProperties unsignedProperties = counterSigDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); counterSigDocument.XadesSignature.UnsignedProperties = unsignedProperties; counterSigDocument.UpdateDocument(); return(counterSigDocument); }