// This function is called by the Index method (see above). It contains examples of signature validation parameters.
private static void setValidationParameters(XmlSignatureExplorer sigExplorer, int caseNumber)
{
switch (caseNumber)
{
/*
* Example #1: accept any valid XmlDSig signature as long as the signer has an ICP-Brasil certificate
*
* These parameters will only accept signatures made with ICP-Brasil certificates that comply with the
* minimal security features defined in the XmlDSig standard. The signatures need not, however, follow
* the extra requirements defined in the ICP-Brasil signature policy documentation (DOC-ICP-15.03).
*/
case 1:
// By omitting the accepted policies catalog and defining a default policy, we're telling Rest PKI to validate
// all signatures in the file with the default policy -- even signatures with an explicit signature policy.
sigExplorer.AcceptableExplicitPolicies = null;
sigExplorer.DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic;
// The XmlDSigBasic policy requires us to choose a security context
sigExplorer.SecurityContextId = StandardSecurityContexts.PkiBrazil;
break;
/*
* Example #2: accept any valid XmlDSig signature as long as the signer is trusted by Windows
*
* Same case as example #1, but using the WindowsServer trust arbitrator
*/
case 2:
sigExplorer.AcceptableExplicitPolicies = null;
sigExplorer.DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic;
sigExplorer.SecurityContextId = StandardSecurityContexts.WindowsServer;
break;
}
}
public async Task <ActionResult> Index(string userfile)
{
// Our action only works if a userfile is given to work with
if (string.IsNullOrEmpty(userfile))
{
return(HttpNotFound());
}
var filename = userfile.Replace("_", ".");
// Note: we're receiving the userfile argument with "_" as "." because of limitations of
// ASP.NET MVC.
// Get an instance of the XmlSignatureExplorer class, used to open/validate XML signatures.
var sigExplorer = new XmlSignatureExplorer(Util.GetRestPkiClient())
{
// Specify that we want to validate the signatures in the file, not only inspect them.
Validate = true,
// Specify the parameters for the signature validation:
// Accept any valid XmlDSig signature as long as the signer has an ICP-Brasil certificate.
DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic,
// We have encapsulated the security context choice on Util.cs.
SecurityContextId = Util.GetSecurityContextId()
};
// Set the XML file
sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename));
// Call the Open() method, which returns a list of signatures found in the XML file
var signatures = await sigExplorer.OpenAsync();
// Render the signatures' information. (see file Views/OpenXmlSignature/Index.html for more
// information on the information returned)
return(View(signatures));
}
public ActionResult Index(string userfile)
{
// Our action only works if a userfile is given to work with
if (string.IsNullOrEmpty(userfile))
{
return(HttpNotFound());
}
var filename = userfile.Replace("_", "."); // Note: we're passing the filename argument with "." as "_" because of limitations of ASP.NET MVC
// Get an instance of the XmlSignatureExplorer class, used to open/validate XML signatures
var sigExplorer = new XmlSignatureExplorer(Util.GetRestPkiClient())
{
Validate = true // Specify that we want to validate the signatures in the file, not only inspect them
};
// Set the XML file
sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename));
// Parameters for the signature validation. We have encapsulated this code in a method to include several
// possibilities depending on the argument passed. Experiment changing the argument to see different validation
// configurations. Once you decide which is best for your case, you can place the code directly here.
setValidationParameters(sigExplorer, 1);
// try changing this number ---------^ for different validation parameters
// Call the Open() method, which returns a list of signatures found in the XML file
var signatures = sigExplorer.Open();
// Render the signatures' information (see file Views/OpenXmlSignature/Index.html for more information on the information returned)
return(View(signatures));
}
public async Task <ActionResult> Index(string userfile)
{
// Our action only works if a userfile is given to work with.
string userfilePath;
if (!StorageMock.TryGetFile(userfile, out userfilePath))
{
return(HttpNotFound());
}
// Get an instance of the XmlSignatureExplorer class, used to open/validate XML signatures.
var sigExplorer = new XmlSignatureExplorer(Util.GetRestPkiClient())
{
// Specify that we want to validate the signatures in the file, not only inspect them.
Validate = true,
// Specify the parameters for the signature validation:
// Accept any valid XmlDSig signature as long as the signer has an ICP-Brasil certificate.
DefaultSignaturePolicyId = StandardXmlSignaturePolicies.XmlDSigBasic,
// Specify the security context to be used to determine trust in the certificate chain. We
// have encapsulated the security context choice on Util.cs.
SecurityContextId = Util.GetSecurityContextId()
};
// Set the XML file.
sigExplorer.SetSignatureFile(userfilePath);
// Call the Open() method, which returns a list of signatures found in the XML file.
var signatures = await sigExplorer.OpenAsync();
// Render the signatures' information (see file OpenXmlSignature/Index.html for more
// information on the information returned).
return(View(new OpenXmlSignatureModel()
{
Signatures = signatures
}));
}
