private void AddKeyInfo(X509Certificate2 certificate, XAdESSignedXml signature) { var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(certificate)); signature.KeyInfo = keyInfo; }
/// <summary> /// Create XAdES-BES compatible signature and optionally embedd it in the document. /// Return the signature /// </summary> public XmlElement Sign(XmlDocument document, X509Certificate2 certificate, bool embeddSignature = true) { if (document == null || certificate == null) { return(null); } var signature = new XAdESSignedXml(document); signature.Signature.Id = SignatureId; signature.SigningKey = certificate.PrivateKey; AddSignatureReference(signature); AddKeyInfo(certificate, signature); AddXAdESProperties(document, certificate, signature); // compute the signature signature.ComputeSignature(); var signatureXml = signature.GetXml(); // import the signature into the document if (signatureXml != null && embeddSignature) { document.DocumentElement.AppendChild(document.ImportNode(signatureXml, true)); } return(signatureXml); }
private void AddSignatureReference(XAdESSignedXml signature) { var signatureReference = new Reference { Uri = "", }; signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signature.AddReference(signatureReference); }
/// <summary> /// Create simplest XAdES-BES compliant ds:Object /// Based on https://stackoverflow.com/questions/50096199/c-sharp-how-to-properly-sign-message-with-xades-using-signedxml /// </summary> private void AddXAdESProperties(XmlDocument document, X509Certificate2 certificate, XAdESSignedXml signature) { var xadesReference = new Reference { Uri = string.Format("#{0}", SignaturePropertiesId), Type = XADES_SignedProperties }; //var c14t = new XmlDsigC14NTransform(); //xadesReference.AddTransform(c14t); xadesReference.AddTransform(new XmlDsigExcC14NTransform()); signature.AddReference(xadesReference); // <Object> var objectNode = document.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl); // <Object><QualifyingProperties> var qualifyingPropertiesNode = document.CreateElement(XADES_Prefix, "QualifyingProperties", Namespaces.XADES); qualifyingPropertiesNode.SetAttribute("Target", string.Format("#{0}", SignatureId)); objectNode.AppendChild(qualifyingPropertiesNode); // <Object><QualifyingProperties><SignedProperties> var signedPropertiesNode = document.CreateElement(XADES_Prefix, "SignedProperties", Namespaces.XADES); signedPropertiesNode.SetAttribute("Id", SignaturePropertiesId); qualifyingPropertiesNode.AppendChild(signedPropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> var signedSignaturePropertiesNode = document.CreateElement(XADES_Prefix, "SignedSignatureProperties", Namespaces.XADES); signedPropertiesNode.AppendChild(signedSignaturePropertiesNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties> </SigningTime> var signingTime = document.CreateElement(XADES_Prefix, "SigningTime", Namespaces.XADES); signingTime.InnerText = DateTime.UtcNow.ToString("s") + "Z"; signedSignaturePropertiesNode.AppendChild(signingTime); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate> var signingCertificateNode = document.CreateElement(XADES_Prefix, "SigningCertificate", Namespaces.XADES); signedSignaturePropertiesNode.AppendChild(signingCertificateNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert> var certNode = document.CreateElement(XADES_Prefix, "Cert", Namespaces.XADES); signingCertificateNode.AppendChild(certNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> var certDigestNode = document.CreateElement(XADES_Prefix, "CertDigest", Namespaces.XADES); certNode.AppendChild(certDigestNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod> var digestMethod = document.CreateElement("DigestMethod", SignedXml.XmlDsigNamespaceUrl); var digestMethodAlgorithmAtribute = document.CreateAttribute("Algorithm"); digestMethodAlgorithmAtribute.InnerText = SignedXml.XmlDsigSHA1Url; //digestMethodAlgorithmAtribute.InnerText = SignedXml.XmlDsigSHA256Url; digestMethod.Attributes.Append(digestMethodAlgorithmAtribute); certDigestNode.AppendChild(digestMethod); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><CertDigest> </DigestMethod> var digestValue = document.CreateElement("DigestValue", SignedXml.XmlDsigNamespaceUrl); digestValue.InnerText = Convert.ToBase64String(certificate.GetCertHash()); //digestValue.InnerText = Convert.ToBase64String(new SHA256Managed().ComputeHash(signingCertificate.GetRawCertData())); certDigestNode.AppendChild(digestValue); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> var issuerSerialNode = document.CreateElement(XADES_Prefix, "IssuerSerial", Namespaces.XADES); certNode.AppendChild(issuerSerialNode); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509IssuerName> var x509IssuerName = document.CreateElement("X509IssuerName", SignedXml.XmlDsigNamespaceUrl); x509IssuerName.InnerText = certificate.Issuer; issuerSerialNode.AppendChild(x509IssuerName); // <Object><QualifyingProperties><SignedProperties><SignedSignatureProperties><SigningCertificate><Cert><IssuerSerial> </X509SerialNumber> var x509SerialNumber = document.CreateElement("X509SerialNumber", SignedXml.XmlDsigNamespaceUrl); x509SerialNumber.InnerText = certificate.SerialNumber.ToDecimalString(); issuerSerialNode.AppendChild(x509SerialNumber); // register newly created nodes var dataObject = new DataObject(); dataObject.Data = qualifyingPropertiesNode.SelectNodes("."); signature.RegisterObject(dataObject); }