/// <summary>
/// Creates a KeyInfo object based on information from specified certificate
/// </summary>
/// <param name="certificate">The certificate used to create the KeyInfo from</param>
/// <returns>KeyInfo object</returns>
private static KeyInfo CreateKeyInfoFromCertificate(X509Certificate2 certificate)
{
// create KeyInfoX509Data object & include certificate subject
KeyInfoX509Data kiData = new KeyInfoX509Data(certificate);
kiData.AddSubjectName(certificate.Subject);
// create KeyInfo object with specified KeyInfoX509Data
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(kiData);
return keyInfo;
}
private KeyInfo getKeyInfo()
{
X509Extension extension = this.settings.Certificate.Extensions[1];
AsnEncodedData asndata = new AsnEncodedData(extension.Oid, extension.RawData);
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(this.settings.Certificate.Issuer, this.settings.Certificate.SerialNumber);
keyInfoData.AddSubjectName(this.settings.Certificate.SubjectName.Name);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoData);
return keyInfo;
}
public static void SignXml(ref XmlDocument document, X509Certificate2 certificate, RequestType requestType)
{
document.PreserveWhitespace = true;
if (requestType == RequestType.Invoice || requestType == RequestType.Buisness_premise)
{
XmlNode nodeTaxNumber = document.GetElementsByTagName("fu:TaxNumber")[0];
nodeTaxNumber.InnerText = AppLink.VATNumber;
string taxNumber = nodeTaxNumber.InnerText;
if (requestType == RequestType.Invoice)
{
string issueDate = DateTime.Now.ToUniversalTime().ToString("s");
XmlNode nodeIssueDate = document.GetElementsByTagName("fu:IssueDateTime")[0];
nodeIssueDate.InnerText = issueDate;
XmlNode nodeInvoiceNumber = document.GetElementsByTagName("fu:InvoiceNumber")[0];
string invoiceNumber = nodeInvoiceNumber.InnerText;
XmlNode nodeBusinessPremiseID = document.GetElementsByTagName("fu:BusinessPremiseID")[0];
string businessPremiseID = nodeBusinessPremiseID.InnerText;
XmlNode nodeElectronicDeviceID = document.GetElementsByTagName("fu:ElectronicDeviceID")[0];
string electronicDeviceID = nodeElectronicDeviceID.InnerText;
XmlNode nodeInvoiceAmount = document.GetElementsByTagName("fu:InvoiceAmount")[0];
string invoiceAmount = nodeInvoiceAmount.InnerText;
string zoi = CalculateZOI(taxNumber, issueDate, invoiceNumber, businessPremiseID, electronicDeviceID, invoiceAmount, certificate);
XmlNode nodeZoi = document.GetElementsByTagName("fu:ProtectedID")[0];
nodeZoi.InnerText = zoi;
}
}
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
if (document == null)
throw new ArgumentException("xmlDoc");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(document);
byte[] data = certificate.GetPublicKey();
string base64 = Convert.ToBase64String(data);
RSACryptoServiceProvider rsaCSP = (RSACryptoServiceProvider)certificate.PrivateKey;
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = rsaCSP.CspKeyContainerInfo.KeyContainerName;
cspParameters.KeyNumber = rsaCSP.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2;
RSACryptoServiceProvider rsaAesCSP = new RSACryptoServiceProvider(cspParameters);
signedXml.SigningKey = rsaAesCSP; //newKey;
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(certificate.Issuer, certificate.SerialNumber);
X509Extension extension = certificate.Extensions[1];
AsnEncodedData asndata = new AsnEncodedData(extension.Oid, extension.RawData);
keyInfoData.AddSubjectName(certificate.SubjectName.Name);
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#test";
reference.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
XmlNode element;
if (requestType == RequestType.Invoice)
{
element = document.GetElementsByTagName("fu:InvoiceRequest")[0];
}
else
{
element = document.GetElementsByTagName("fu:BusinessPremiseRequest")[0];
}
element.AppendChild(xmlDigitalSignature);
}
///////////////////////////////////////////////////////////////////////
///
/// <summary>
/// Carry out the Sign command.
/// </summary>
///
static void DoSignCommand(string title, X509Certificate2 certificate) {
Console.WriteLine();
Console.WriteLine("Signing Xml file \"" + fileNames[0] + "\"...");
Console.WriteLine();
// display more details for verbose operation.
if (verbose) {
DisplayDetail(null, certificate, detached);
}
SignedXml signedXml = new SignedXml();
ICspAsymmetricAlgorithm csp = (ICspAsymmetricAlgorithm) certificate.PrivateKey;
if (csp.CspKeyContainerInfo.RandomlyGenerated)
throw new InternalException("Internal error: This certificate does not have a corresponding private key.");
signedXml.SigningKey = (AsymmetricAlgorithm) csp;
Console.WriteLine(signedXml.SigningKey.ToXmlString(false));
if (detached) {
Reference reference = new Reference();
reference.Uri = "file://" + Path.GetFullPath((string) fileNames[0]);
signedXml.AddReference(reference);
} else {
Reference reference = new Reference();
reference.Uri = "#object-1";
// Add an object
XmlDocument dataObject = new XmlDocument();
dataObject.PreserveWhitespace = true;
XmlElement dataElement = (XmlElement) dataObject.CreateElement("DataObject", SignedXml.XmlDsigNamespaceUrl);
dataElement.AppendChild(dataObject.CreateTextNode(new UTF8Encoding(false).GetString(ReadFile((string) fileNames[0]))));
dataObject.AppendChild(dataElement);
DataObject obj = new DataObject();
obj.Data = dataObject.ChildNodes;
obj.Id = "object-1";
signedXml.AddObject(obj);
signedXml.AddReference(reference);
}
signedXml.KeyInfo = new KeyInfo();
if (includeOptions.Count == 0) {
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(certificate, X509IncludeOption.ExcludeRoot));
} else {
KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data();
foreach (IncludeOptions includeOption in includeOptions) {
switch (includeOption) {
case IncludeOptions.ExcludeRoot:
case IncludeOptions.EndCertOnly:
case IncludeOptions.WholeChain:
keyInfoX509Data = new KeyInfoX509Data(certificate, (X509IncludeOption) includeOption);
break;
case IncludeOptions.SubjectName:
keyInfoX509Data.AddSubjectName(certificate.SubjectName.Name);
break;
case IncludeOptions.SKI:
X509ExtensionCollection extensions = certificate.Extensions;
foreach (X509Extension extension in extensions) {
if (extension.Oid.Value == "2.5.29.14") { // OID for SKI extension
X509SubjectKeyIdentifierExtension ski = extension as X509SubjectKeyIdentifierExtension;
if (ski != null) {
keyInfoX509Data.AddSubjectKeyId(ski.SubjectKeyIdentifier);
break;
}
}
}
break;
case IncludeOptions.IssuerSerial:
keyInfoX509Data.AddIssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber);
break;
}
signedXml.KeyInfo.AddClause(keyInfoX509Data);
}
}
// compute the signature
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
// write it out
XmlTextWriter xmltw = new XmlTextWriter((string) fileNames[1], new UTF8Encoding(false));
xmlDigitalSignature.WriteTo(xmltw);
xmltw.Close();
Console.WriteLine();
Console.WriteLine("Signature written to file \"" + fileNames[1] + "\".");
Console.WriteLine();
return;
}
public void Complex ()
{
KeyInfoX509Data data1 = new KeyInfoX509Data (cert);
KeyInfoX509Data data2 = new KeyInfoX509Data ();
XmlElement xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
byte[] c = (data1.Certificates[0] as X509Certificate).GetRawCertData();
AssertCrypto.AssertEquals ("Certificate[0]", cert, c);
// add a second X.509 certificate
X509Certificate x509 = new X509Certificate (cert2);
data1.AddCertificate (x509);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
c = (data1.Certificates [1] as X509Certificate).GetRawCertData();
Assert.AreEqual (cert2, c, "Certificate[1]");
// add properties from a third X.509 certificate
x509 = new X509Certificate (cert3);
data1.AddIssuerSerial (x509.GetIssuerName (), x509.GetSerialNumberString ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
// TODO: The type of IssuerSerial isn't documented
// X509Certificate doesn't export SubjectKeyId so we must improvise
byte[] skid = { 0xDE, 0xAD, 0xC0, 0xDE };
data1.AddSubjectKeyId (skid);
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
Assert.AreEqual (skid, (byte[])data1.SubjectKeyIds[0], "SubjectKeyId");
data1.AddSubjectName (x509.GetName ());
xel = data1.GetXml ();
data2.LoadXml (xel);
Assert.AreEqual ((data1.GetXml ().OuterXml), (data2.GetXml ().OuterXml), "data1==data2");
string s = (string) data1.SubjectNames [0];
Assert.AreEqual (x509.GetName (), s, "SubjectName");
}
public void AddSubjectName_Null ()
{
KeyInfoX509Data data = new KeyInfoX509Data ();
data.AddSubjectName (null);
Assert.IsNull (data.Certificates, "Certificates");
Assert.IsNull (data.CRL, "Certificates");
Assert.IsNull (data.IssuerSerials, "IssuerSerials");
Assert.IsNull (data.SubjectKeyIds, "SubjectKeyIds");
Assert.AreEqual (1, data.SubjectNames.Count, "SubjectNames");
Assert.IsNull (data.SubjectNames[0], "SubjectNames[0]");
Assert.AreEqual ("<X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509SubjectName></X509SubjectName></X509Data>", data.GetXml ().OuterXml, "XML");
}
public static void SignDetachedResource(string inputFile, string outputSignatureXML, string certFile, String certPassword)
{
X509Certificate2 certxml = new X509Certificate2(certFile, certPassword);
RSACryptoServiceProvider Key = (RSACryptoServiceProvider)certxml.PrivateKey;
String XmlSigFileName = outputSignatureXML;
// Sign the detached resourceand save the signature in an XML file.
// Create a SignedXml object.
SignedXml signedXml = new SignedXml();
// Assign the key to the SignedXml object.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
// Add the passed Refrence to the reference object.
reference.Uri = inputFile;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue((RSA)Key));
if (certxml != null)
{
KeyInfoX509Data kinfox509 = new KeyInfoX509Data(certxml, X509IncludeOption.WholeChain);
kinfox509.AddIssuerSerial(certxml.Issuer, certxml.SerialNumber);
kinfox509.AddSubjectName(certxml.Subject);
keyInfo.AddClause(kinfox509);
}
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Save the signed XML document to a file specified
// using the passed string.
XmlTextWriter xmltw = new XmlTextWriter(XmlSigFileName, new UTF8Encoding(false));
xmlDigitalSignature.WriteTo(xmltw);
xmltw.Close();
}
public static void SignDetachedResourceWithToken(String inputFile, String outputXmlFile, String tokenPassword, String KeyContainerName)
{
var pass = new SecureString();
foreach (char c in tokenPassword.ToCharArray())
{
pass.AppendChar(c);
}
CspParameters csp = new CspParameters(1,
CertUtils.ProviderName,
KeyContainerName,
new System.Security.AccessControl.CryptoKeySecurity(),
pass);
try
{
RSACryptoServiceProvider rsaCsp = new RSACryptoServiceProvider(csp);
// the pin code will be cached for next access to the smart card
}
catch (Exception ex)
{
Console.WriteLine("Crypto error: " + ex.Message);
return;
}
X509Store store = new X509Store("My");
store.Open(OpenFlags.ReadOnly);
X509Certificate2 cert = null;
foreach (X509Certificate2 cert2 in store.Certificates)
{
if (cert2.HasPrivateKey)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert2.PrivateKey;
if (rsa == null) continue; // not smart card cert again
if (rsa.CspKeyContainerInfo.HardwareDevice) // sure - smartcard
{
if ((rsa.CspKeyContainerInfo.KeyContainerName == CertUtils.KeyContainerName) && (rsa.CspKeyContainerInfo.ProviderName == CertUtils.ProviderName))
{
//we find it
cert = cert2;
break;
}
}
}
}
if (cert == null)
{
Console.WriteLine("Certificate not found");
return;
}
RSACryptoServiceProvider tokenKey = (RSACryptoServiceProvider)cert.PrivateKey;
// Sign the detached resourceand save the signature in an XML file.
// Create a SignedXml object.
SignedXml signedXml = new SignedXml();
// Assign the key to the SignedXml object.
signedXml.SigningKey = tokenKey;
// Create a reference to be signed.
Reference reference = new Reference();
// Add the passed Refrence to the reference object.
reference.Uri = inputFile;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue((RSA)tokenKey));
if (cert != null)
{
KeyInfoX509Data kinfox509 = new KeyInfoX509Data(cert, X509IncludeOption.EndCertOnly);
kinfox509.AddIssuerSerial(cert.Issuer, cert.SerialNumber);
kinfox509.AddSubjectName(cert.Subject);
keyInfo.AddClause(kinfox509);
}
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Save the signed XML document to a file specified
// using the passed string.
XmlTextWriter xmltw = new XmlTextWriter(outputXmlFile, new UTF8Encoding(false));
xmlDigitalSignature.WriteTo(xmltw);
xmltw.Close();
}
public static void Sign(XmlDocument doc)
{
string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);
X509Certificate2 signingCertificate = GetCertificate();
SignedXml signer = new SignedXml(doc);
CspParameters cspParams = new CspParameters(24);
cspParams.KeyContainerName = "XML_DISG_RSA_KEY";
RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams);
var strKey = signingCertificate.PrivateKey.ToXmlString(true);
key.FromXmlString(strKey);
signer.SigningKey = key;
signer.KeyInfo = new KeyInfo();
var x509Data = new KeyInfoX509Data(signingCertificate);
//SubjectName
var dname = new X500DistinguishedName(signingCertificate.SubjectName);
Console.WriteLine("X500DistinguishedName: {0}{1}", dname.Name, Environment.NewLine);
x509Data.AddSubjectName(dname.Name);
signer.KeyInfo.AddClause(x509Data);
signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
signer.SignedInfo.SignatureMethod = signatureMethod;
//XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
Transform cn14Transform = new XmlDsigExcC14NTransform();
//Transform cn14Transform = new XmlDsigC14NTransform();
Reference signatureReference = new Reference("#FATCA");
//signatureReference.Uri = signatureReferenceURI;
//signatureReference.AddTransform(envelopeTransform);
signatureReference.AddTransform(cn14Transform);
signatureReference.DigestMethod = digestMethod;
signer.AddReference(signatureReference);
//signer.AddReference(new Reference("#tag1"));
//signer.AddReference(new Reference("#tag3"));
signer.ComputeSignature();
XmlElement signatureElement = signer.GetXml();
Console.WriteLine(signatureElement.NamespaceURI);
String strDoc = signatureElement.OuterXml;
XmlDocument docResult = new XmlDocument();
docResult.LoadXml(strDoc);
Console.WriteLine(signatureElement.NamespaceURI);
//XmlElement obj = docResult.CreateElement("Object",docResult.FirstChild.NamespaceURI);
//obj.SetAttribute("Id", "FACTA");
var xfrag = docResult.CreateDocumentFragment();
xfrag.InnerXml = doc.OuterXml;
//xfrag.FirstChild.Attributes.Append(xfrag.C.CreateAttribute("xx")).Value = docResult.NamespaceURI;
//obj.AppendChild(xfrag);
//docResult.DocumentElement.AppendChild(obj);
if (docResult.DocumentElement == null)
throw new Exception("docResult.DocumentElement no puede ser NULL");
var node = docResult.DocumentElement.AppendChild(xfrag);
//node.FirstChild.Attributes.Append(doc.CreateAttribute("xx")).Value = docResult.NamespaceURI;
//doc.DocumentElement.AppendChild(signer.GetXml());
var settings = new XmlWriterSettings();
settings.OmitXmlDeclaration = false;
settings.Indent = true;
var writer = XmlWriter.Create("output1.xml", settings);
docResult.Save(writer);
//docResult.Save("output.xml");
Console.WriteLine("Namespace:{0}",docResult.FirstChild.NamespaceURI);
//Console.ReadLine();
}
//source http://objectmix.com/dotnet/794749-digitally-sign-xml-doc-x509certificate-solution.html
//which came from the msdn tutorial
//Certificate get Signature method
private XmlElement SignXml(XmlDocument xmlDoc, X509Certificate2 cert)
{
//preserve ws - difference here I noticed - mine was set to true
xmlDoc.PreserveWhitespace = false;
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Load the certificate into a KeyInfoX509Data object
// and add it to the KeyInfo object.
//// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
if (map.getProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64).Equals("true", StringComparison.CurrentCultureIgnoreCase))
keyInfo.AddClause(new KeyInfoX509Data(cert));
if (map.getProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN).Equals("true", StringComparison.CurrentCultureIgnoreCase))
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddSubjectName(cert.SubjectName.Name);
keyInfo.AddClause(data);
}
if (map.getProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL).Equals("true", StringComparison.CurrentCultureIgnoreCase))
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddIssuerSerial(cert.IssuerName.Name, cert.SerialNumber);
keyInfo.AddClause(data);
}
signedXml.KeyInfo = keyInfo;
//CANON method
signedXml.SignedInfo.CanonicalizationMethod = map.getProperty(DigSigUtil.CANONICALIZATIONMETHOD);
if (String.IsNullOrEmpty(signedXml.SignedInfo.CanonicalizationMethod))
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl;
signedXml.SignedInfo.SignatureMethod = map.getProperty(DigSigUtil.SIGNATURE_METHOD);
if (String.IsNullOrEmpty(signedXml.SignedInfo.SignatureMethod))
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
// Set the rsaKey to the certificate's private key
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey;
// Add the key to the SignedXml document.
signedXml.SigningKey = rsaKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Now we can compute the signature.
signedXml.ComputeSignature();
return signedXml.GetXml();
// return signedXml;
}