virtual protected void SignWithKeyInfo(String src, String dest, ICipherParameters pk, AsymmetricAlgorithm publicKey, String digestAlgorithm) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; //Set XfaXmlLocator to control getting and setting Document appearance.SetXmlLocator(new XfaXmlLocator(stamper)); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); KeyInfoClause keyInfo; if (publicKey is DSA) { keyInfo = new DSAKeyValue((DSA)publicKey); } else if (publicKey is RSA) { keyInfo = new RSAKeyValue((RSA)publicKey); } else { throw new ArgumentException("Invalid public key algorithm", "publicKey"); } MakeXmlSignature.SignXmlDSig(appearance, pks, keyInfo); }
private static KeyInfoClause GenerateKeyInfo(X509Certificate[] chain, XmlSignatureAppearance sap) { X509Certificate certificate = chain[0]; sap.SetCertificate(certificate); // Create a KeyInfo and add the KeyValue to it return(new KeyInfoX509Data(chain[0].GetEncoded())); }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) { VerifyArguments(sap, externalSignature); List<XmlElement> references = new List<XmlElement>(1); references.Add(GenerateContentReference(sap.GetXmlLocator().GetDocument(), sap, null)); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), null, false); Sign(signature, sap.GetXmlLocator(), externalSignature, references, null, keyInfo); sap.Close(); }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) { VerifyArguments(sap, externalSignature); List <XmlElement> references = new List <XmlElement>(1); references.Add(GenerateContentReference(sap.GetXmlLocator().GetDocument(), sap, null)); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), null, false); Sign(signature, sap.GetXmlLocator(), externalSignature, references, null, keyInfo); sap.Close(); }
virtual protected void SignWithCertificate(String src, String dest, ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; appearance.SetXmlLocator(new XfaXmlLocator(stamper)); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXmlDSig(appearance, pks, chain); }
virtual protected void SignWithPublicKey(String src, String dest, ICipherParameters pk, AsymmetricAlgorithm publicKey, String digestAlgorithm) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; //Set XfaXmlLocator to control getting and setting Document appearance.SetXmlLocator(new XfaXmlLocator(stamper)); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXmlDSig(appearance, pks, publicKey); }
private static void VerifyArguments(XmlSignatureAppearance sap, IExternalSignature externalSignature) { if (sap.GetXmlLocator() == null) { throw new DocumentException(MessageLocalization.GetComposedMessage("xmllocator.cannot.be.null")); } if (!externalSignature.GetHashAlgorithm().Equals(SecurityConstants.SHA1)) { throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("support.only.sha1.hash.algorithm")); } if (!externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA) && !externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.DSA)) { throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("support.only.rsa.and.dsa.algorithms")); } }
virtual protected void SignXades(String src, String dest, ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm, bool includeSignaturePolicy) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; appearance.SetXmlLocator(new XfaXmlLocator(stamper)); appearance.SetDescription("Simple xfa form"); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXades(appearance, pks, chain, includeSignaturePolicy); }
virtual protected void SignPackageWithCertificate(String src, String dest, XfaXpathConstructor.XdpPackage xdpPackage, ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; //Set XfaXmlLocator to control getting and setting Document appearance.SetXmlLocator(new XfaXmlLocator(stamper)); // Set XpathConstructor, to construct xpath expression for signing an xdp package appearance.SetXpathConstructor(new XfaXpathConstructor(xdpPackage)); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXmlDSig(appearance, pks, chain); }
/** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @param includeSignaturePolicy if true SignaturePolicyIdentifier will be included (XAdES-EPES) * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXades(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain, bool includeSignaturePolicy) { VerifyArguments(sap, externalSignature); String contentReferenceId = SecurityConstants.Reference_ + GetRandomId(); String signedPropertiesId = SecurityConstants.SignedProperties_ + GetRandomId(); String signatureId = SecurityConstants.Signature_ + GetRandomId(); XmlDocument doc = sap.GetXmlLocator().GetDocument(); doc.XmlResolver = null; KeyInfoClause keyInfo = GenerateKeyInfo(chain, sap); List <XmlElement> references = new List <XmlElement>(2); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), signatureId, true); String[] signaturePolicy = null; if (includeSignaturePolicy) { signaturePolicy = new String[2]; if (externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA)) { signaturePolicy[0] = SecurityConstants.OID_RSA_SHA1; signaturePolicy[1] = SecurityConstants.OID_RSA_SHA1_DESC; } else { signaturePolicy[0] = SecurityConstants.OID_DSA_SHA1; signaturePolicy[1] = SecurityConstants.OID_DSA_SHA1_DESC; } } XmlElement signedProperty; XmlElement dsObject = GenerateXadesObject(sap, signatureId, contentReferenceId, signedPropertiesId, signaturePolicy, out signedProperty); references.Add(GenerateCustomReference(doc, signedProperty, "#" + signedPropertiesId, SecurityConstants.SignedProperties_Type, null)); references.Add(GenerateContentReference(doc, sap, contentReferenceId)); Sign(signature, sap.GetXmlLocator(), externalSignature, references, dsObject, keyInfo); sap.Close(); }
/** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXadesBes(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain) { VerifyArguments(sap, externalSignature); String contentReferenceId = SecurityConstants.Reference_ + GetRandomId(); String signedPropertiesId = SecurityConstants.SignedProperties_ + GetRandomId(); String signatureId = SecurityConstants.Signature_ + GetRandomId(); XmlDocument doc = sap.GetXmlLocator().GetDocument(); KeyInfoClause keyInfo = GenerateKeyInfo(chain, sap); List <XmlElement> references = new List <XmlElement>(2); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), signatureId, true); XmlElement signedProperty; XmlElement dsObject = GenerateXadesBesObject(sap, signatureId, contentReferenceId, signedPropertiesId, out signedProperty); references.Add(GenerateCustomReference(doc, signedProperty, "#" + signedPropertiesId, SecurityConstants.SignedProperties_Type, null)); references.Add(GenerateContentReference(doc, sap, contentReferenceId)); Sign(signature, sap.GetXmlLocator(), externalSignature, references, dsObject, keyInfo); sap.Close(); }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param publicKey PublicKey for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, AsymmetricAlgorithm publicKey) { SignXmlDSig(sap, externalSignature, GenerateKeyInfo(publicKey)); }
private static XmlElement GenerateXadesObject(XmlSignatureAppearance sap, String signatureId, String contentReferenceId, String signedPropertiesId, String[] signaturePolicy, out XmlElement signedProperty) { HashAlgorithm md = new SHA1Managed(); X509Certificate cert = sap.GetCertificate(); XmlDocument doc = sap.GetXmlLocator().GetDocument(); XmlElement dsObject = doc.CreateElement("Object", SecurityConstants.XMLDSIG_URI); XmlElement QualifyingProperties = doc.CreateElement(SecurityConstants.XADES_QualifyingProperties, SecurityConstants.XADES_132_URI); QualifyingProperties.SetAttribute("Target", "#" + signatureId); XmlElement SignedProperties = doc.CreateElement(SecurityConstants.XADES_SignedProperties, SecurityConstants.XADES_132_URI); SignedProperties.SetAttribute("Id", signedPropertiesId); XmlElement SignedSignatureProperties = doc.CreateElement(SecurityConstants.XADES_SignedSignatureProperties, SecurityConstants.XADES_132_URI); XmlElement SigningTime = doc.CreateElement(SecurityConstants.XADES_SigningTime, SecurityConstants.XADES_132_URI); String result = sap.GetSignDate().ToString(SecurityConstants.SigningTimeFormat); SigningTime.AppendChild(doc.CreateTextNode(result)); SignedSignatureProperties.AppendChild(SigningTime); XmlElement SigningCertificate = doc.CreateElement(SecurityConstants.XADES_SigningCertificate, SecurityConstants.XADES_132_URI); XmlElement Cert = doc.CreateElement(SecurityConstants.XADES_Cert, SecurityConstants.XADES_132_URI); XmlElement CertDigest = doc.CreateElement(SecurityConstants.XADES_CertDigest, SecurityConstants.XADES_132_URI); XmlElement DigestMethod = doc.CreateElement(SecurityConstants.DigestMethod, SecurityConstants.XMLDSIG_URI); DigestMethod.SetAttribute(SecurityConstants.Algorithm, SecurityConstants.XMLDSIG_URI_SHA1); CertDigest.AppendChild(DigestMethod); XmlElement DigestValue = doc.CreateElement(SecurityConstants.DigestValue, SecurityConstants.XMLDSIG_URI); DigestValue.AppendChild(doc.CreateTextNode(Convert.ToBase64String(md.ComputeHash(cert.GetEncoded())))); CertDigest.AppendChild(DigestValue); Cert.AppendChild(CertDigest); XmlElement IssueSerial = doc.CreateElement(SecurityConstants.XADES_IssuerSerial, SecurityConstants.XADES_132_URI); XmlElement X509IssuerName = doc.CreateElement(SecurityConstants.X509IssuerName, SecurityConstants.XMLDSIG_URI); X509IssuerName.AppendChild(doc.CreateTextNode(GetX509IssuerName(cert))); IssueSerial.AppendChild(X509IssuerName); XmlElement X509SerialNumber = doc.CreateElement(SecurityConstants.X509SerialNumber, SecurityConstants.XMLDSIG_URI); X509SerialNumber.AppendChild(doc.CreateTextNode(GetX509SerialNumber(cert))); IssueSerial.AppendChild(X509SerialNumber); Cert.AppendChild(IssueSerial); SigningCertificate.AppendChild(Cert); SignedSignatureProperties.AppendChild(SigningCertificate); if (signaturePolicy != null) { XmlElement SignaturePolicyIdentifier = doc.CreateElement(SecurityConstants.XADES_SignaturePolicyIdentifier, SecurityConstants.XADES_132_URI); XmlElement SignaturePolicyId = doc.CreateElement(SecurityConstants.XADES_SignaturePolicyId, SecurityConstants.XADES_132_URI); XmlElement SigPolicyId = doc.CreateElement(SecurityConstants.XADES_SigPolicyId, SecurityConstants.XADES_132_URI); XmlElement Identifier = doc.CreateElement(SecurityConstants.XADES_Identifier, SecurityConstants.XADES_132_URI); Identifier.AppendChild(doc.CreateTextNode(signaturePolicy[0])); Identifier.SetAttribute(SecurityConstants.Qualifier, SecurityConstants.OIDAsURN); SigPolicyId.AppendChild(Identifier); //ANSI X9.57 DSA signature generated with SHA-1 hash (DSA x9.30) XmlElement Description = doc.CreateElement(SecurityConstants.XADES_Description, SecurityConstants.XADES_132_URI); Description.AppendChild(doc.CreateTextNode(signaturePolicy[1])); SigPolicyId.AppendChild(Description); SignaturePolicyId.AppendChild(SigPolicyId); XmlElement SigPolicyHash = doc.CreateElement(SecurityConstants.XADES_SigPolicyHash, SecurityConstants.XADES_132_URI); DigestMethod = doc.CreateElement(SecurityConstants.DigestMethod, SecurityConstants.XMLDSIG_URI); DigestMethod.SetAttribute(SecurityConstants.Algorithm, SecurityConstants.XMLDSIG_URI_SHA1); SigPolicyHash.AppendChild(DigestMethod); DigestValue = doc.CreateElement(SecurityConstants.DigestValue, SecurityConstants.XMLDSIG_URI); byte[] policyIdContent = System.Text.Encoding.UTF8.GetBytes(SigPolicyId.OuterXml); DigestValue.AppendChild(doc.CreateTextNode(Convert.ToBase64String((md.ComputeHash(policyIdContent))))); SigPolicyHash.AppendChild(DigestValue); SignaturePolicyId.AppendChild(SigPolicyHash); SignaturePolicyIdentifier.AppendChild(SignaturePolicyId); SignedSignatureProperties.AppendChild(SignaturePolicyIdentifier); } SignedProperties.AppendChild(SignedSignatureProperties); XmlElement SignedDataObjectProperties = doc.CreateElement(SecurityConstants.XADES_SignedDataObjectProperties, SecurityConstants.XADES_132_URI); XmlElement DataObjectFormat = doc.CreateElement(SecurityConstants.XADES_DataObjectFormat, SecurityConstants.XADES_132_URI); DataObjectFormat.SetAttribute(SecurityConstants.ObjectReference, "#" + contentReferenceId); String descr = sap.GetDescription(); if (descr != null) { XmlElement Description = doc.CreateElement(SecurityConstants.XADES_Description, SecurityConstants.XADES_132_URI); Description.AppendChild(doc.CreateTextNode(descr)); DataObjectFormat.AppendChild(Description); } XmlElement MimeType = doc.CreateElement(SecurityConstants.XADES_MimeType, SecurityConstants.XADES_132_URI); MimeType.AppendChild(doc.CreateTextNode(sap.GetMimeType())); DataObjectFormat.AppendChild(MimeType); String enc = sap.GetXmlLocator().GetEncoding(); if (enc != null) { XmlElement Encoding = doc.CreateElement(SecurityConstants.XADES_Encoding, SecurityConstants.XADES_132_URI); Encoding.AppendChild(doc.CreateTextNode(enc)); DataObjectFormat.AppendChild(Encoding); } SignedDataObjectProperties.AppendChild(DataObjectFormat); SignedProperties.AppendChild(SignedDataObjectProperties); QualifyingProperties.AppendChild(SignedProperties); dsObject.AppendChild(QualifyingProperties); signedProperty = SignedProperties; return(dsObject); }
private static XmlElement GenerateContentReference(XmlDocument doc, XmlSignatureAppearance sap, String referenceId) { IXpathConstructor xpathConstructor = sap.GetXpathConstructor(); XmlElement reference = doc.CreateElement("Reference", SecurityConstants.XMLDSIG_URI); reference.SetAttribute("URI", ""); if (referenceId != null) { reference.SetAttribute("Id", referenceId); } XmlElement transforms = doc.CreateElement("Transforms", SecurityConstants.XMLDSIG_URI); XmlElement transform = doc.CreateElement("Transform", SecurityConstants.XMLDSIG_URI); transform.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_ENVELOPED); transforms.AppendChild(transform); byte[] md = null; if (xpathConstructor != null && xpathConstructor.GetXpathExpression().Length > 0) { XmlNodeList nodelist = doc.SelectNodes(xpathConstructor.GetXpathExpression(), xpathConstructor.GetNamespaceManager()); if (nodelist.Count == 1 && nodelist[0].NodeType == XmlNodeType.Element) { XmlElement xpathSelect = (XmlElement)nodelist[0].CloneNode(true); NormalizeNamespaces(nodelist[0].CreateNavigator(), xpathSelect.CreateNavigator()); XmlDocument digestDoc = new XmlDocument(doc.NameTable); digestDoc.LoadXml(xpathSelect.OuterXml); md = CalculateC14nDigest(digestDoc, new SHA1Managed()); transform = doc.CreateElement("Transform", SecurityConstants.XMLDSIG_URI); transform.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_XPATH_FILTER2); XmlElement xpath = doc.CreateElement("XPath", SecurityConstants.XMLDSIG_URI); xpath.SetAttribute("xmlns", SecurityConstants.XMLDSIG_URI_XPATH_FILTER2); xpath.SetAttribute("Filter", "intersect"); XmlNode xpathNode = doc.CreateTextNode(xpathConstructor.GetXpathExpression()); xpath.AppendChild(xpathNode); transform.AppendChild(xpath); transforms.AppendChild(transform); } } if (md == null) { md = CalculateC14nDigest(doc, new SHA1Managed()); } reference.AppendChild(transforms); XmlElement digestMethod = doc.CreateElement("DigestMethod", SecurityConstants.XMLDSIG_URI); digestMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_SHA1); reference.AppendChild(digestMethod); XmlElement digestValue = doc.CreateElement("DigestValue", SecurityConstants.XMLDSIG_URI); digestValue.AppendChild(doc.CreateTextNode(Convert.ToBase64String(md))); reference.AppendChild(digestValue); return(reference); }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param publicKey PublicKey for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, PublicKey publicKey) { throw new NotImplementedException("Xml signatures are not supported yet"); }
/** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @param includeSignaturePolicy if true SignaturePolicyIdentifier will be included (XAdES-EPES) * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXades(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain, bool includeSignaturePolicy) { VerifyArguments(sap, externalSignature); String contentReferenceId = SecurityConstants.Reference_ + GetRandomId(); String signedPropertiesId = SecurityConstants.SignedProperties_ + GetRandomId(); String signatureId = SecurityConstants.Signature_ + GetRandomId(); XmlDocument doc = sap.GetXmlLocator().GetDocument(); KeyInfoClause keyInfo = GenerateKeyInfo(chain, sap); List<XmlElement> references = new List<XmlElement>(2); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), signatureId, true); String[] signaturePolicy = null; if(includeSignaturePolicy) { signaturePolicy = new String[2]; if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA)) { signaturePolicy[0] = SecurityConstants.OID_RSA_SHA1; signaturePolicy[1] = SecurityConstants.OID_RSA_SHA1_DESC; } else { signaturePolicy[0] = SecurityConstants.OID_DSA_SHA1; signaturePolicy[1] = SecurityConstants.OID_DSA_SHA1_DESC; } } XmlElement signedProperty; XmlElement dsObject = GenerateXadesObject(sap, signatureId, contentReferenceId, signedPropertiesId, signaturePolicy, out signedProperty); references.Add(GenerateCustomReference(doc, signedProperty, "#" + signedPropertiesId, SecurityConstants.SignedProperties_Type, null)); references.Add(GenerateContentReference(doc, sap, contentReferenceId)); Sign(signature, sap.GetXmlLocator(), externalSignature, references, dsObject, keyInfo); sap.Close(); }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain) { SignXmlDSig(sap, externalSignature, new KeyInfoX509Data(chain[0].GetEncoded())); }
/** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXadesBes(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain) { VerifyArguments(sap, externalSignature); String contentReferenceId = SecurityConstants.Reference_ + GetRandomId(); String signedPropertiesId = SecurityConstants.SignedProperties_ + GetRandomId(); String signatureId = SecurityConstants.Signature_ + GetRandomId(); XmlDocument doc = sap.GetXmlLocator().GetDocument(); KeyInfoClause keyInfo = GenerateKeyInfo(chain, sap); List<XmlElement> references = new List<XmlElement>(2); XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), signatureId, true); XmlElement signedProperty; XmlElement dsObject = GenerateXadesBesObject(sap, signatureId, contentReferenceId, signedPropertiesId, out signedProperty); references.Add(GenerateCustomReference(doc, signedProperty, "#" + signedPropertiesId, SecurityConstants.SignedProperties_Type, null)); references.Add(GenerateContentReference(doc, sap, contentReferenceId)); Sign(signature, sap.GetXmlLocator(), externalSignature, references, dsObject, keyInfo); sap.Close(); }
/** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignXadesEpes(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain) { SignXades(sap, externalSignature, chain, true); }
private static XmlElement GenerateContentReference(XmlDocument doc, XmlSignatureAppearance sap, String referenceId) { IXpathConstructor xpathConstructor = sap.GetXpathConstructor(); XmlElement reference = doc.CreateElement("Reference", SecurityConstants.XMLDSIG_URI); reference.SetAttribute("URI", ""); if (referenceId != null) reference.SetAttribute("Id", referenceId); XmlElement transforms = doc.CreateElement("Transforms", SecurityConstants.XMLDSIG_URI); XmlElement transform = doc.CreateElement("Transform", SecurityConstants.XMLDSIG_URI); transform.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_ENVELOPED); transforms.AppendChild(transform); byte[] md = null; if (xpathConstructor != null && xpathConstructor.GetXpathExpression().Length > 0) { XmlNodeList nodelist = doc.SelectNodes(xpathConstructor.GetXpathExpression(), xpathConstructor.GetNamespaceManager()); if (nodelist.Count == 1 && nodelist[0].NodeType == XmlNodeType.Element) { XmlElement xpathSelect = (XmlElement) nodelist[0].CloneNode(true); NormalizeNamespaces(nodelist[0].CreateNavigator(), xpathSelect.CreateNavigator()); XmlDocument digestDoc = new XmlDocument(doc.NameTable); digestDoc.LoadXml(xpathSelect.OuterXml); md = CalculateC14nDigest(digestDoc, new SHA1Managed()); transform = doc.CreateElement("Transform", SecurityConstants.XMLDSIG_URI); transform.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_XPATH_FILTER2); XmlElement xpath = doc.CreateElement("XPath", SecurityConstants.XMLDSIG_URI); xpath.SetAttribute("xmlns", SecurityConstants.XMLDSIG_URI_XPATH_FILTER2); xpath.SetAttribute("Filter", "intersect"); XmlNode xpathNode = doc.CreateTextNode(xpathConstructor.GetXpathExpression()); xpath.AppendChild(xpathNode); transform.AppendChild(xpath); transforms.AppendChild(transform); } } if (md == null) md = CalculateC14nDigest(doc, new SHA1Managed()); reference.AppendChild(transforms); XmlElement digestMethod = doc.CreateElement("DigestMethod", SecurityConstants.XMLDSIG_URI); digestMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_SHA1); reference.AppendChild(digestMethod); XmlElement digestValue = doc.CreateElement("DigestValue", SecurityConstants.XMLDSIG_URI); digestValue.AppendChild(doc.CreateTextNode(Convert.ToBase64String(md))); reference.AppendChild(digestValue); return reference; }
/** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ //public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) { // VerifyArguments(sap, externalSignature); // List<XmlElement> references = new List<XmlElement>(1); // references.Add(GenerateContentReference(sap.GetXmlLocator().GetDocument(), sap, null)); // XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), null, false); // Sign(signature, sap.GetXmlLocator(), externalSignature, references, null, keyInfo); // sap.Close(); //} /** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @param includeSignaturePolicy if true SignaturePolicyIdentifier will be included (XAdES-EPES) * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ //public static void SignXades(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain, // bool includeSignaturePolicy) { // VerifyArguments(sap, externalSignature); // String contentReferenceId = SecurityConstants.Reference_ + GetRandomId(); // String signedPropertiesId = SecurityConstants.SignedProperties_ + GetRandomId(); // String signatureId = SecurityConstants.Signature_ + GetRandomId(); // XmlDocument doc = sap.GetXmlLocator().GetDocument(); // KeyInfoClause keyInfo = GenerateKeyInfo(chain, sap); // List<XmlElement> references = new List<XmlElement>(2); // XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), signatureId, true); // String[] signaturePolicy = null; // if(includeSignaturePolicy) { // signaturePolicy = new String[2]; // if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA)) { // signaturePolicy[0] = SecurityConstants.OID_RSA_SHA1; // signaturePolicy[1] = SecurityConstants.OID_RSA_SHA1_DESC; // } // else { // signaturePolicy[0] = SecurityConstants.OID_DSA_SHA1; // signaturePolicy[1] = SecurityConstants.OID_DSA_SHA1_DESC; // } // } // XmlElement signedProperty; // XmlElement dsObject = GenerateXadesObject(sap, signatureId, contentReferenceId, signedPropertiesId, signaturePolicy, out signedProperty); // references.Add(GenerateCustomReference(doc, signedProperty, "#" + signedPropertiesId, SecurityConstants.SignedProperties_Type, null)); // references.Add(GenerateContentReference(doc, sap, contentReferenceId)); // Sign(signature, sap.GetXmlLocator(), externalSignature, references, dsObject, keyInfo); // sap.Close(); //} /** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ //public static void SignXadesBes(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain) { // SignXades(sap, externalSignature, chain, false); //} /** * Signs the xml with XAdES BES using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ //public static void SignXadesEpes(XmlSignatureAppearance sap, IExternalSignature externalSignature, X509Certificate[] chain) { // SignXades(sap, externalSignature, chain, true); //} /** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ //public static void SignXmlDSig(XmlSignatureAppearance sap, // IExternalSignature externalSignature, X509Certificate[] chain) { // SignXmlDSig(sap, externalSignature, new KeyInfoX509Data(chain[0].GetEncoded())); //} /** * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param publicKey PublicKey for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ //public static void SignXmlDSig(XmlSignatureAppearance sap, // IExternalSignature externalSignature, AsymmetricAlgorithm publicKey) { // SignXmlDSig(sap, externalSignature, GenerateKeyInfo(publicKey)); //} private static void VerifyArguments(XmlSignatureAppearance sap, IExternalSignature externalSignature) { if (sap.GetXmlLocator() == null) throw new DocumentException(MessageLocalization.GetComposedMessage("xmllocator.cannot.be.null")); if (!externalSignature.GetHashAlgorithm().Equals(SecurityConstants.SHA1)) throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("support.only.sha1.hash.algorithm")); if (!externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA) && !externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.DSA)) throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("support.only.rsa.and.dsa.algorithms")); }
private static XmlElement GenerateXadesObject(XmlSignatureAppearance sap, String signatureId,String contentReferenceId, String signedPropertiesId, String[] signaturePolicy, out XmlElement signedProperty) { HashAlgorithm md = new SHA1Managed(); X509Certificate cert = sap.GetCertificate(); XmlDocument doc = sap.GetXmlLocator().GetDocument(); XmlElement dsObject = doc.CreateElement("Object", SecurityConstants.XMLDSIG_URI); XmlElement QualifyingProperties = doc.CreateElement(SecurityConstants.XADES_QualifyingProperties, SecurityConstants.XADES_132_URI); QualifyingProperties.SetAttribute("Target", "#"+signatureId); XmlElement SignedProperties = doc.CreateElement(SecurityConstants.XADES_SignedProperties, SecurityConstants.XADES_132_URI); SignedProperties.SetAttribute("Id", signedPropertiesId); XmlElement SignedSignatureProperties = doc.CreateElement(SecurityConstants.XADES_SignedSignatureProperties, SecurityConstants.XADES_132_URI); XmlElement SigningTime = doc.CreateElement(SecurityConstants.XADES_SigningTime, SecurityConstants.XADES_132_URI); String result = sap.GetSignDate().ToString(SecurityConstants.SigningTimeFormat); SigningTime.AppendChild(doc.CreateTextNode(result)); SignedSignatureProperties.AppendChild(SigningTime); XmlElement SigningCertificate = doc.CreateElement(SecurityConstants.XADES_SigningCertificate, SecurityConstants.XADES_132_URI); XmlElement Cert = doc.CreateElement(SecurityConstants.XADES_Cert, SecurityConstants.XADES_132_URI); XmlElement CertDigest = doc.CreateElement(SecurityConstants.XADES_CertDigest, SecurityConstants.XADES_132_URI); XmlElement DigestMethod = doc.CreateElement(SecurityConstants.DigestMethod, SecurityConstants.XMLDSIG_URI); DigestMethod.SetAttribute(SecurityConstants.Algorithm, SecurityConstants.XMLDSIG_URI_SHA1); CertDigest.AppendChild(DigestMethod); XmlElement DigestValue = doc.CreateElement(SecurityConstants.DigestValue, SecurityConstants.XMLDSIG_URI); DigestValue.AppendChild(doc.CreateTextNode(Convert.ToBase64String(md.ComputeHash(cert.GetEncoded())))); CertDigest.AppendChild(DigestValue); Cert.AppendChild(CertDigest); XmlElement IssueSerial = doc.CreateElement(SecurityConstants.XADES_IssuerSerial, SecurityConstants.XADES_132_URI); XmlElement X509IssuerName = doc.CreateElement(SecurityConstants.X509IssuerName, SecurityConstants.XMLDSIG_URI); X509IssuerName.AppendChild(doc.CreateTextNode(GetX509IssuerName(cert))); IssueSerial.AppendChild(X509IssuerName); XmlElement X509SerialNumber = doc.CreateElement(SecurityConstants.X509SerialNumber, SecurityConstants.XMLDSIG_URI); X509SerialNumber.AppendChild(doc.CreateTextNode(GetX509SerialNumber(cert))); IssueSerial.AppendChild(X509SerialNumber); Cert.AppendChild(IssueSerial); SigningCertificate.AppendChild(Cert); SignedSignatureProperties.AppendChild(SigningCertificate); if(signaturePolicy != null) { XmlElement SignaturePolicyIdentifier = doc.CreateElement(SecurityConstants.XADES_SignaturePolicyIdentifier, SecurityConstants.XADES_132_URI); XmlElement SignaturePolicyId = doc.CreateElement(SecurityConstants.XADES_SignaturePolicyId, SecurityConstants.XADES_132_URI); XmlElement SigPolicyId = doc.CreateElement(SecurityConstants.XADES_SigPolicyId, SecurityConstants.XADES_132_URI); XmlElement Identifier = doc.CreateElement(SecurityConstants.XADES_Identifier, SecurityConstants.XADES_132_URI); Identifier.AppendChild(doc.CreateTextNode(signaturePolicy[0])); Identifier.SetAttribute(SecurityConstants.Qualifier, SecurityConstants.OIDAsURN); SigPolicyId.AppendChild(Identifier); //ANSI X9.57 DSA signature generated with SHA-1 hash (DSA x9.30) XmlElement Description = doc.CreateElement(SecurityConstants.XADES_Description, SecurityConstants.XADES_132_URI); Description.AppendChild(doc.CreateTextNode(signaturePolicy[1])); SigPolicyId.AppendChild(Description); SignaturePolicyId.AppendChild(SigPolicyId); XmlElement SigPolicyHash = doc.CreateElement(SecurityConstants.XADES_SigPolicyHash, SecurityConstants.XADES_132_URI); DigestMethod = doc.CreateElement(SecurityConstants.DigestMethod, SecurityConstants.XMLDSIG_URI); DigestMethod.SetAttribute(SecurityConstants.Algorithm, SecurityConstants.XMLDSIG_URI_SHA1); SigPolicyHash.AppendChild(DigestMethod); DigestValue = doc.CreateElement(SecurityConstants.DigestValue, SecurityConstants.XMLDSIG_URI); byte[] policyIdContent = System.Text.Encoding.UTF8.GetBytes(SigPolicyId.OuterXml); DigestValue.AppendChild(doc.CreateTextNode(Convert.ToBase64String((md.ComputeHash(policyIdContent))))); SigPolicyHash.AppendChild(DigestValue); SignaturePolicyId.AppendChild(SigPolicyHash); SignaturePolicyIdentifier.AppendChild(SignaturePolicyId); SignedSignatureProperties.AppendChild(SignaturePolicyIdentifier); } SignedProperties.AppendChild(SignedSignatureProperties); XmlElement SignedDataObjectProperties = doc.CreateElement(SecurityConstants.XADES_SignedDataObjectProperties, SecurityConstants.XADES_132_URI); XmlElement DataObjectFormat = doc.CreateElement(SecurityConstants.XADES_DataObjectFormat, SecurityConstants.XADES_132_URI); DataObjectFormat.SetAttribute(SecurityConstants.ObjectReference, "#" + contentReferenceId); String descr = sap.GetDescription(); if (descr != null) { XmlElement Description = doc.CreateElement(SecurityConstants.XADES_Description, SecurityConstants.XADES_132_URI); Description.AppendChild(doc.CreateTextNode(descr)); DataObjectFormat.AppendChild(Description); } XmlElement MimeType = doc.CreateElement(SecurityConstants.XADES_MimeType, SecurityConstants.XADES_132_URI); MimeType.AppendChild(doc.CreateTextNode(sap.GetMimeType())); DataObjectFormat.AppendChild(MimeType); String enc = sap.GetXmlLocator().GetEncoding(); if (enc != null) { XmlElement Encoding = doc.CreateElement(SecurityConstants.XADES_Encoding, SecurityConstants.XADES_132_URI); Encoding.AppendChild(doc.CreateTextNode(enc)); DataObjectFormat.AppendChild(Encoding); } SignedDataObjectProperties.AppendChild(DataObjectFormat); SignedProperties.AppendChild(SignedDataObjectProperties); QualifyingProperties.AppendChild(SignedProperties); dsObject.AppendChild(QualifyingProperties); signedProperty = SignedProperties; return dsObject; }
private static KeyInfoClause GenerateKeyInfo(X509Certificate[] chain, XmlSignatureAppearance sap) { X509Certificate certificate = chain[0]; sap.SetCertificate(certificate); // Create a KeyInfo and add the KeyValue to it return new KeyInfoX509Data(chain[0].GetEncoded()); }