Пример #1
0
        private void validateXmlSignature(string filePath)
        {
            var policy        = XmlPolicySpec.GetXmlDSigBasic(App.GetTrustArbitrator());
            var xmlSigLocator = new XmlSignatureLocator(File.ReadAllBytes(filePath));

            Signers.Clear();
            foreach (var signature in xmlSigLocator.GetSignatures())
            {
                var vr = signature.Validate(policy);
                Signers.Add(new SignerItem(getSignerDescription(signature, vr), vr));
            }
        }
Пример #2
0
        /**
         * This method defines the signature policy that will be used on the signatures.
         */
        private XmlPolicySpec getSignaturePolicy()
        {
            // The trust arbitrator determines which root certificates shall be trusted during certificate and signature validation. See Util.GetTrustArbitrator().
            var trustArbitrator = Util.GetTrustArbitrator();

            // The digest algorithm to be used on the signatures. The SHA-1 algorithm is no longer considered secure since February 2017 and is being
            // deprecated in favour of SHA-256. However, using SHA-256 may break implementations, for instance of the receiving parties. Check current
            // legislation or with the receiving parties if SHA-256 may be used.
            var digestAlg = DigestAlgorithm.SHA1;             // or, preferably, DigestAlgorithm.SHA256

            // Get the "basic" XmlDSig signature policy with the trust arbitrator and digest algorithm chosen above
            var policy = XmlPolicySpec.GetXmlDSigBasic(trustArbitrator, digestAlg);

            // Optionally customize policy. The customizations below are a suggestion based on existing signed COD XML documents.
            policy.Generation.XmlTransformations.Clear();
            policy.Generation.XmlTransformations.Add(XmlTransformation.EnvelopedSignature);
            policy.Generation.OmitSignatureElementIds = true;
            policy.Generation.IncludeKeyValue         = true;
            policy.Generation.X509DataCertificates    = InclusionLevel.SigningCertificateOnly;
            policy.Generation.X509DataFields          = X509DataFields.X509SubjectName;

            return(policy);
        }
Пример #3
0
        public IHttpActionResult Post(OpenXmlSignatureRequest request)
        {
            // This sample requires the FileId field is valid and corresponds to an existing file.
            if (string.IsNullOrEmpty(request.FileId))
            {
                return(BadRequest());
            }

            // Verifies the existence of the FileId and read its content.
            byte[] content;
            if (!Storage.TryGetFile(request.FileId, out content))
            {
                return(NotFound());
            }

            // Get an instance of the XmlSignatureLocator class, which is responsible to open the
            // signed XML.
            var xmlSignatureLocator = new XmlSignatureLocator(content);
            var signatures          = xmlSignatureLocator.GetSignatures();
            var validationPolicy    = XmlPolicySpec.GetXmlDSigBasic(Util.GetTrustArbitrator());
            var vrs = signatures.ToDictionary(s => s, s => s.Validate(validationPolicy));

            return(Ok(new OpenXmlSignatureResponse(signatures, vrs)));
        }