private void validateXmlSignature(string filePath) { var policy = XmlPolicySpec.GetXmlDSigBasic(App.GetTrustArbitrator()); var xmlSigLocator = new XmlSignatureLocator(File.ReadAllBytes(filePath)); Signers.Clear(); foreach (var signature in xmlSigLocator.GetSignatures()) { var vr = signature.Validate(policy); Signers.Add(new SignerItem(getSignerDescription(signature, vr), vr)); } }
/** * This method defines the signature policy that will be used on the signatures. */ private XmlPolicySpec getSignaturePolicy() { // The trust arbitrator determines which root certificates shall be trusted during certificate and signature validation. See Util.GetTrustArbitrator(). var trustArbitrator = Util.GetTrustArbitrator(); // The digest algorithm to be used on the signatures. The SHA-1 algorithm is no longer considered secure since February 2017 and is being // deprecated in favour of SHA-256. However, using SHA-256 may break implementations, for instance of the receiving parties. Check current // legislation or with the receiving parties if SHA-256 may be used. var digestAlg = DigestAlgorithm.SHA1; // or, preferably, DigestAlgorithm.SHA256 // Get the "basic" XmlDSig signature policy with the trust arbitrator and digest algorithm chosen above var policy = XmlPolicySpec.GetXmlDSigBasic(trustArbitrator, digestAlg); // Optionally customize policy. The customizations below are a suggestion based on existing signed COD XML documents. policy.Generation.XmlTransformations.Clear(); policy.Generation.XmlTransformations.Add(XmlTransformation.EnvelopedSignature); policy.Generation.OmitSignatureElementIds = true; policy.Generation.IncludeKeyValue = true; policy.Generation.X509DataCertificates = InclusionLevel.SigningCertificateOnly; policy.Generation.X509DataFields = X509DataFields.X509SubjectName; return(policy); }
public IHttpActionResult Post(OpenXmlSignatureRequest request) { // This sample requires the FileId field is valid and corresponds to an existing file. if (string.IsNullOrEmpty(request.FileId)) { return(BadRequest()); } // Verifies the existence of the FileId and read its content. byte[] content; if (!Storage.TryGetFile(request.FileId, out content)) { return(NotFound()); } // Get an instance of the XmlSignatureLocator class, which is responsible to open the // signed XML. var xmlSignatureLocator = new XmlSignatureLocator(content); var signatures = xmlSignatureLocator.GetSignatures(); var validationPolicy = XmlPolicySpec.GetXmlDSigBasic(Util.GetTrustArbitrator()); var vrs = signatures.ToDictionary(s => s, s => s.Validate(validationPolicy)); return(Ok(new OpenXmlSignatureResponse(signatures, vrs))); }