public override object EncodeCMS(X509Certificate2 certificate, string xmlFilePath)
{
XmlDocument Document = new XmlDocument();
Document.PreserveWhitespace = true;
XmlTextReader XmlFile = new XmlTextReader(xmlFilePath);
Document.Load(XmlFile);
XmlFile.Close();
XmlNodeList SignaturesList = Document.GetElementsByTagName("Signature");
// Remove existing signatures, this is not a countersigning.
for (int i = 0; i < SignaturesList.Count; i++)
{
SignaturesList[i].ParentNode.RemoveChild(SignaturesList[i]);
i--;
}
SignedXml SignedXml = new SignedXml(Document);
SignedXml.SigningKey = certificate.PrivateKey;
Reference Reference = new Reference();
Reference.Uri = "";
XmlDsigEnvelopedSignatureTransform EnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
Reference.AddTransform(EnvelopedSignatureTransform);
SignedXml.AddReference(Reference);
KeyInfo Key = new KeyInfo();
Key.AddClause(new KeyInfoX509Data(certificate));
SignedXml.KeyInfo = Key;
SignedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement XmlDigitalSignature = SignedXml.GetXml();
return XmlDigitalSignature;
}
private static string SignXml(XmlDocument unsignedXml,
AsymmetricAlgorithm key)
{
if (unsignedXml.DocumentElement == null)
{
throw new ArgumentNullException("unsignedXml");
}
// Create a reference to be signed. Blank == Everything
var emptyReference = new Reference { Uri = "" };
// Add an enveloped transformation to the reference.
var envelope = new XmlDsigEnvelopedSignatureTransform();
emptyReference.AddTransform(envelope);
var signedXml = new SignedXml(unsignedXml) { SigningKey = key };
signedXml.AddReference(emptyReference);
signedXml.ComputeSignature();
var digitalSignature = signedXml.GetXml();
unsignedXml.DocumentElement.AppendChild(
unsignedXml.ImportNode(digitalSignature, true));
var signedXmlOut = new StringBuilder();
using (var swOut = new StringWriter(signedXmlOut))
{
unsignedXml.Save(swOut);
}
return signedXmlOut.ToString();
}
// Sign an XML file.
// This document cannot be verified unless the verifying
// code has the key with which it was signed.
public static void SignXml(XmlDocument xmlDoc, RSA Key)
{
// Check arguments.
if (xmlDoc == null)
throw new ArgumentException("xmlDoc");
if (Key == null)
throw new ArgumentException("Key");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
public static void Sign(this XmlDocument xmlDocument, X509Certificate2 cert)
{
if (xmlDocument == null)
{
throw new ArgumentNullException("xmlDocument");
}
if (cert == null)
{
throw new ArgumentNullException("cert");
}
var signedXml = new SignedXml(xmlDocument);
// The transform XmlDsigExcC14NTransform and canonicalization method XmlDsigExcC14NTransformUrl is important for partially signed XML files
// see: http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.xmldsigexcc14ntransformurl(v=vs.110).aspx
// The reference URI has to be set correctly to avoid assertion injections
// For both, the ID/Reference and the Transform/Canonicalization see as well:
// https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf section 5.4.2 and 5.4.3
signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
var reference = new Reference { Uri = "#" + xmlDocument.DocumentElement.GetAttribute("ID") };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signedXml.GetXml(), true));
}
private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, System.Deployment.Internal.CodeSigning.CmiManifestSigner signer, string timeStampUrl)
{
if (signer.Certificate.PublicKey.Key.GetType() != typeof(RSACryptoServiceProvider))
{
throw new NotSupportedException();
}
System.Deployment.Internal.CodeSigning.ManifestSignedXml xml = new System.Deployment.Internal.CodeSigning.ManifestSignedXml(licenseDom) {
SigningKey = signer.Certificate.PrivateKey
};
xml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
xml.KeyInfo.AddClause(new RSAKeyValue(signer.Certificate.PublicKey.Key as RSA));
xml.KeyInfo.AddClause(new KeyInfoX509Data(signer.Certificate, signer.IncludeOption));
Reference reference = new Reference {
Uri = ""
};
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
xml.AddReference(reference);
xml.ComputeSignature();
XmlElement node = xml.GetXml();
node.SetAttribute("Id", "AuthenticodeSignature");
XmlNamespaceManager nsmgr = new XmlNamespaceManager(licenseDom.NameTable);
nsmgr.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
(licenseDom.SelectSingleNode("r:license/r:issuer", nsmgr) as XmlElement).AppendChild(licenseDom.ImportNode(node, true));
if ((timeStampUrl != null) && (timeStampUrl.Length != 0))
{
TimestampSignedLicenseDom(licenseDom, timeStampUrl);
}
licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"http://schemas.microsoft.com/windows/rel/2005/reldata\">" + licenseDom.OuterXml + "</msrel:RelData>";
}
/// <summary>
/// Use an X509 certificate to append a computed signature to an XML serialized Response
/// </summary>
/// <param name="XMLSerializedSAMLResponse"></param>
/// <param name="ReferenceURI">Assertion ID from SAML Response</param>
/// <param name="SigningCert">X509 Certificate for signing</param>
/// <remarks>Referenced this article:
/// http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature
/// </remarks>
public static void AppendSignatureToXMLDocument(ref XmlDocument XMLSerializedSAMLResponse, String ReferenceURI, X509Certificate2 SigningCert)
{
XmlNamespaceManager ns = new XmlNamespaceManager(XMLSerializedSAMLResponse.NameTable);
ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
XmlElement xeAssertion = XMLSerializedSAMLResponse.DocumentElement.SelectSingleNode("saml:Assertion", ns) as XmlElement;
//SignedXml signedXML = new SignedXml(XMLSerializedSAMLResponse);
SignedXml signedXML = new SignedXml(xeAssertion);
signedXML.SigningKey = SigningCert.PrivateKey;
signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference();
reference.Uri = ReferenceURI;
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXML.AddReference(reference);
signedXML.ComputeSignature();
XmlElement signature = signedXML.GetXml();
XmlElement xeResponse = XMLSerializedSAMLResponse.DocumentElement;
xeResponse.AppendChild(signature);
}
public static string Sign(string xml, X509Certificate2 certificate)
{
if (xml == null) throw new ArgumentNullException("xml");
if (certificate == null) throw new ArgumentNullException("certificate");
if (!certificate.HasPrivateKey) throw new ArgumentException("certificate", "Certificate should have a private key");
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(xml);
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = certificate.PrivateKey;
// Attach certificate KeyInfo
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Attach transforms
var reference = new Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false));
reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false));
signedXml.AddReference(reference);
// Compute signature
signedXml.ComputeSignature();
var signatureElement = signedXml.GetXml();
// Add signature to bundle
doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true));
return doc.OuterXml;
}
public XmlDocument assinaturaXmlEnviar(XmlDocument _xml)
{
XmlDocument xmlDocAss = _xml;
try
{
if (cert == null)
throw new Exception("Nao foi encontrado o certificado: " + config.configNFCe.NomeCertificadoDigital);
Reference reference = new Reference();
SignedXml docXML = new SignedXml(xmlDocAss);
docXML.SigningKey = cert.PrivateKey;
XmlAttributeCollection uri = xmlDocAss.GetElementsByTagName("infNFe").Item(0).Attributes;
foreach (XmlAttribute atributo in uri)
{
if (atributo.Name == "Id")
reference.Uri = "#" + atributo.InnerText;
}
XmlDsigEnvelopedSignatureTransform envelopedSigntature = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(envelopedSigntature);
XmlDsigC14NTransform c14Transform = new XmlDsigC14NTransform();
reference.AddTransform(c14Transform);
docXML.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(cert));
docXML.KeyInfo = keyInfo;
docXML.ComputeSignature();
XmlElement xmlDigitalSignature = docXML.GetXml();
foreach (var _nfe in xmlDocAss.GetElementsByTagName("NFe").Cast<XmlElement>())
_nfe.AppendChild(xmlDocAss.ImportNode(xmlDigitalSignature, true));
xmlDocAss.PreserveWhitespace = true;
return xmlDocAss;
}
catch (Exception e)
{
Utils.Logger.getInstance.error(e);
return null;
throw new Exception(e.ToString());
}
}
public string AssinarComCertificado(string textXML, X509Certificate2 certificado)
{
try
{
string xmlString = textXML;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = false;
doc.LoadXml(xmlString);
Reference reference = new Reference();
reference.Uri = "";
XmlDocument documentoNovo = new XmlDocument();
documentoNovo.LoadXml(doc.OuterXml);
SignedXml signedXml = new SignedXml(documentoNovo);
signedXml.SigningKey = certificado.PrivateKey;
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigC14NTransform c14 = new XmlDsigC14NTransform();
reference.AddTransform(c14);
signedXml.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(certificado));
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
XmlNode sign = doc.ImportNode(xmlDigitalSignature, true);
doc.ChildNodes.Item(0).AppendChild(sign);
XmlDocument XMLDoc = new XmlDocument();
XMLDoc.PreserveWhitespace = false;
XMLDoc = doc;
return XMLDoc.OuterXml;
} catch (Exception error)
{
throw new Exception(error.Message);
}
}
public static XmlDocument SignDocument(XmlDocument doc)
{
////////////////
string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713";
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);
X509Certificate2 signingCertificate = GetCertificate();
//
/* add the following lines of code after var signingCertificate = GetCertificate();*/
CspParameters cspParams = new CspParameters(24);
//cspParams.KeyContainerName = "XML_DISG_RSA_KEY";
RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams);
var strKey = signingCertificate.PrivateKey.ToXmlString(true);
key.FromXmlString(strKey);
/*assign the new key to signer's SigningKey */
//metadataSigner.SigningKey = key;
//
SignedXml signer = new SignedXml(doc);
signer.SigningKey = key;//signingCertificate.PrivateKey;
signer.KeyInfo = new KeyInfo();
signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
signer.SignedInfo.SignatureMethod = signatureMethod;
XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();
Reference signatureReference = new Reference("#FATCA");
signatureReference.Uri = signatureReferenceURI;
signatureReference.AddTransform(envelopeTransform);
signatureReference.AddTransform(cn14Transform);
signatureReference.DigestMethod = digestMethod;
signer.AddReference(signatureReference);
signer.ComputeSignature();
XmlElement signatureElement = signer.GetXml();
doc.DocumentElement.AppendChild(signer.GetXml());
return doc;
}
private static XmlDocument SignXmlDocument(XmlDocument xmlDocument, X509Certificate2 signingCertificate)
{
// Создание подписчика XML-документа
var signedXml = new GostSignedXml(xmlDocument);
// Установка ключа для создания подписи
signedXml.SetSigningCertificate(signingCertificate);
// Ссылка на узел, который нужно подписать, с указанием алгоритма хэширования
var dataReference = new Reference { Uri = "#Id1", DigestMethod = GostSignedXml.XmlDsigGost3411Url };
// Метод преобразования, применяемый к данным перед их подписью
var dataTransform = CreateDataTransform();
dataReference.AddTransform(dataTransform);
// Установка ссылки на узел
signedXml.AddReference(dataReference);
// Установка информации о сертификате, который использовался для создания подписи
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
signedXml.KeyInfo = keyInfo;
// Вычисление подписи
signedXml.ComputeSignature();
// Получение XML-представления подписи
var signatureXml = signedXml.GetXml();
// Добавление подписи в исходный документ
xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signatureXml, true));
return xmlDocument;
}
public static void Sign(this XmlDocument xmlDocument, X509Certificate2 cert)
{
if(xmlDocument == null)
{
throw new ArgumentNullException("xmlDocument");
}
if (cert == null)
{
throw new ArgumentNullException("cert");
}
var signedXml = new SignedXml(xmlDocument);
signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;
var reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signedXml.GetXml(), true));
}
/// <summary>
/// Adds a digital signature to the outgoing request message, before sending it to Acquirer.
/// </summary>
/// <param name="requestXml">
/// The unsigned request XML message.
/// </param>
/// <returns>
/// The request message, including digital signature.
/// </returns>
public string SignRequestXml(XDocument requestXml)
{
XmlDocument document = ToXmlDocument(requestXml);
RSACryptoServiceProvider key = ExtractPrivateKeyFrom(acceptantPrivateCertificate);
var signedXml = new SignedXml(document) { SigningKey = key };
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
// Add a signing reference, the uri is empty and so the whole document is signed.
var reference = new Reference { DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256" };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.Uri = "";
signedXml.AddReference(reference);
// Add the certificate as key info. Because of this, the certificate
// with the public key will be added in the signature part.
var keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoName(acceptantPrivateCertificate.Thumbprint));
signedXml.KeyInfo = keyInfo;
// Generate the signature.
signedXml.ComputeSignature();
XmlElement xmlSignature = signedXml.GetXml();
document.DocumentElement.AppendChild(document.ImportNode(xmlSignature, true));
// Check that outgoing signature is valid. Private certificate also contains public part.
VerifyDocumentSignature(document, acceptantPrivateCertificate);
return GetContentsFrom(document);
}
public void ComputeSignature(X509Certificate2 certificate, X509IncludeOption includeOption, string id)
{
SigningKey = (RSACryptoServiceProvider)certificate.PrivateKey;
SignedInfo.CanonicalizationMethod = Saml2SignedXml.XmlDsigExcC14NTransformUrl;
//SignedInfo.SignatureMethod = SecurityAlgorithms.RsaSha256Signature;
var reference = new Reference("#" + id);
// reference.DigestMethod = SecurityAlgorithms.Sha1Digest;
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
AddReference(reference);
ComputeSignature();
KeyInfo = new KeyInfo();
KeyInfo.AddClause(new KeyInfoX509Data(certificate, includeOption));
}
/// <summary>
/// Obtiene los datos de la referencia
/// </summary>
private Reference GetReference(string strReferenceToSign)
{ Reference objXmlReference = new Reference();
// Crea una referencia a firmar
objXmlReference.Uri = "#" + strReferenceToSign;
// Añade una transformación a la referencia
objXmlReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
// Devuelve la referencia creada
return objXmlReference;
}
/// <summary>
/// Use an X509 certificate to append a computed signature to an XML serialized Response
/// </summary>
/// <param name="XMLSerializedSAMLResponse"></param>
/// <param name="ReferenceURI">Assertion ID from SAML Response</param>
/// <param name="SigningCert">X509 Certificate for signing</param>
/// <remarks>Referenced this article:
/// http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature
/// </remarks>
public static void AppendSignatureToXMLDocument(ref XmlDocument XMLSerializedSAMLResponse, String ReferenceURI, X509Certificate2 SigningCert)
{
SignedXml signedXML = new SignedXml(XMLSerializedSAMLResponse);
signedXML.SigningKey = SigningCert.PrivateKey;
signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference();
reference.Uri = "#" + ReferenceURI;
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXML.AddReference(reference);
signedXML.ComputeSignature();
XmlElement signature = signedXML.GetXml();
XmlElement xeResponse = XMLSerializedSAMLResponse.DocumentElement;
xeResponse.AppendChild(signature);
}
public static void SignSingleEntity(
this GisGmp.Message message,
X509Certificate2 certificate,
XmlNode entityXml)
{
XmlDocument signingDoc = new XmlDocument();
signingDoc.LoadXml(entityXml.OuterXml);
SmevSignedXml signedXml = new SmevSignedXml(signingDoc);
signedXml.SigningKey = certificate.PrivateKey;
Reference reference = new Reference();
reference.Uri = "";
reference.DigestMethod = CryptoPro.Sharpei.Xml.CPSignedXml.XmlDsigGost3411UrlObsolete;
XmlDsigEnvelopedSignatureTransform envelopedSignature = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(envelopedSignature);
XmlDsigExcC14NTransform c14 = new XmlDsigExcC14NTransform();
reference.AddTransform(c14);
KeyInfo ki = new KeyInfo();
ki.AddClause(new KeyInfoX509Data(certificate));
signedXml.KeyInfo = ki;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = CryptoPro.Sharpei.Xml.CPSignedXml.XmlDsigGost3410UrlObsolete;
signedXml.AddReference(reference);
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
signingDoc.DocumentElement.AppendChild(xmlDigitalSignature);
XmlDocumentFragment signedFinalPayment = message.Xml.CreateDocumentFragment();
signedFinalPayment.InnerXml = signingDoc.OuterXml;
var documentNode = entityXml.ParentNode;
documentNode.RemoveChild(entityXml);
documentNode.AppendChild(signedFinalPayment);
}
public override string SignXml(XmlDocument Document)
{
SignedXmlWithId signedXml = new SignedXmlWithId(Document);
signedXml.SigningKey = manager.Certificate.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env =
new XmlDsigEnvelopedSignatureTransform(true);
reference.AddTransform(env);
if (c14)
{
XmlDsigC14NTransform c14t = new XmlDsigC14NTransform();
reference.AddTransform(c14t);
}
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(manager.Certificate);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
Document.DocumentElement.AppendChild(
Document.ImportNode(xmlDigitalSignature, true));
return Document.OuterXml;
}
public string SignXml(XDocument xml)
{
using (MemoryStream streamIn = new MemoryStream())
{
xml.Save(streamIn);
streamIn.Position = 0;
// var rsaKey = (RSACryptoServiceProvider)_privateCertificate.PrivateKey; // Create rsa crypto provider from private key contained in certificate, weirdest cast ever!;
// string sCertFileLocation = @"C:\plugins\idealtest\bin\Debug\certficate.pfx";
// X509Certificate2 certificate = new X509Certificate2(sCertFileLocation, "D3M@ast3rsR0cks");
RSA rsaKey = (RSACryptoServiceProvider)_privateCertificate.PrivateKey;
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.Load(streamIn);
SignedXml signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = rsaKey;
Reference reference = new Reference();
reference.Uri = "";
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
signedXml.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
KeyInfoName kin = new KeyInfoName();
kin.Value = _privateCertificate.Thumbprint;
keyInfo.AddClause(kin);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
using (MemoryStream sout = new MemoryStream())
{
xmlDoc.Save(sout);
sout.Position = 0;
using (StreamReader reader = new StreamReader(sout))
{
string xmlOut = reader.ReadToEnd();
return xmlOut;
}
}
}
}
/// <summary>
/// Signs an XML Document for a Saml Response
/// </summary>
/// <param name="xml"></param>
/// <param name="cert2"></param>
/// <param name="referenceId"></param>
/// <returns></returns>
public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue)
{
SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
// Add the key to the SignedXml xmlDocument.
sig.SigningKey = cert2.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = String.Empty;
// reference.Uri = "#" + referenceValue;
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new
XmlDsigEnvelopedSignatureTransform();
XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform();
reference.AddTransform(env);
reference.AddTransform(env2);
// Add the reference to the SignedXml object.
sig.AddReference(reference);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);
keyInfo.AddClause(keyData);
sig.KeyInfo = keyInfo;
// Compute the signature.
sig.ComputeSignature();
// Get the XML representation of the signature and save it to an XmlElement object.
XmlElement xmlDigitalSignature = sig.GetXml();
return xmlDigitalSignature;
}
internal static XmlElement GetXmlDigitalSignature(XmlDocument doc, AsymmetricAlgorithm key) {
if(IsDebugEnabled)
log.Debug("암호화된 Xml 문서를 만듭니다...");
var signedXml = new SignedXml(doc) { SigningKey = key };
var reference = new Reference { Uri = string.Empty };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
return signedXml.GetXml();
}
/// <summary>
/// Use an X509 certificate to append a computed signature to an XML serialized Response
/// </summary>
/// <param name="XMLSerializedSAMLResponse"></param>
/// <param name="ReferenceURI">Assertion ID from SAML Response</param>
/// <param name="SigningCert">X509 Certificate for signing</param>
/// <remarks>Referenced this article:
/// http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature
/// </remarks>
public static void AppendSignatureToXMLDocument(ref XmlDocument XMLSerializedSAMLResponse, String ReferenceURI)
{
var signCertificate = SAMLConfiguration.Current.GetLocalIdentityProviderCertificate();
var signedXML = new PrefixedSignedXml(XMLSerializedSAMLResponse);
signedXML.SigningKey = signCertificate.PrivateKey;
signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
var reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXML.AddReference(reference);
signedXML.ComputeSignature("ds");
var signature = signedXML.GetXml("ds");
var xeResponse = XMLSerializedSAMLResponse.DocumentElement;
xeResponse.AppendChild(signature);
}
public void References ()
{
Reference r1 = new Reference ();
r1.Uri = "http://www.go-mono.com/";
r1.AddTransform (new XmlDsigBase64Transform ());
info.AddReference (r1);
AssertEquals ("References.Count 1", 1, info.References.Count);
Reference r2 = new Reference ("http://www.motus.com/");
r2.AddTransform (new XmlDsigBase64Transform ());
info.AddReference (r2);
AssertEquals ("References.Count 2", 2, info.References.Count);
info.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
}
private Reference getReference(XmlNode mainNode)
{
Reference reference = new Reference();
XmlAttribute mainNodeAttr = mainNode.Attributes["Id"];
if (mainNodeAttr == null)
throw new ArgumentException("Element 'Invoice' nima argumenta 'Id' / Node 'Invoice' is missing 'Id' attribute");
string mainNodeID = mainNode.Attributes["Id"].InnerText;
reference.Uri = "#" + mainNodeID;
reference.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
return reference;
}
public static XmlElement GenerateSignature(XmlDocument licenseDocument, IPrivateCryptoKey privateKey)
{
using (var privateKeyProvider = new RsaPrivateKeyProvider())
{
var reference = new Reference { Uri = string.Empty };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
var signedXml = new SignedXml(licenseDocument) { SigningKey = privateKeyProvider.Recreate(privateKey) };
signedXml.AddReference(reference);
signedXml.ComputeSignature();
return signedXml.GetXml();
}
}
private static void AddSignatureToXmlDocument(XmlDocument toSign, X509Certificate2 cert)
{
var signedXml = new SignedXml(toSign);
signedXml.SigningKey = cert.PrivateKey;
var reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
toSign.DocumentElement.AppendChild(toSign.ImportNode(xmlDigitalSignature, true));
if (toSign.FirstChild is XmlDeclaration) {
toSign.RemoveChild(toSign.FirstChild);
}
}
public bool Execute()
{
Console.Out.WriteLine("Signing xml file");
Console.Out.WriteLine("input file = {0}", _inputFile);
Console.Out.WriteLine("output file = {0}", _signatureFile);
Console.Out.WriteLine("key file = {0}", _keyFile);
using (var key = new RSACryptoServiceProvider())
{
key.FromXmlString(File.ReadAllText(_keyFile));
var doc = new XmlDocument {PreserveWhitespace = true};
doc.Load(new XmlTextReader(_inputFile));
var signedXml = new SignedXml(doc) {SigningKey = key};
var xmlSignature = signedXml.Signature;
var reference = new Reference("");
var env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
xmlSignature.SignedInfo.AddReference(reference);
var keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
xmlSignature.KeyInfo = keyInfo;
signedXml.ComputeSignature();
var xmlDigitalSignature = signedXml.GetXml();
using (var writer = new XmlTextWriter(_signatureFile, new UTF8Encoding(false)))
{
var signatureDocument = new XmlDocument();
var importNode = signatureDocument.ImportNode(xmlDigitalSignature, true);
signatureDocument.AppendChild(importNode);
signatureDocument.WriteTo(writer);
writer.Close();
}
}
Console.Out.WriteLine("done");
return true;
}
public override string SignXml(XmlDocument Document)
{
// create detached envelope
XmlDocument envelope = new XmlDocument();
envelope.PreserveWhitespace = true;
envelope.AppendChild(envelope.CreateElement("Envelope"));
XmlElement message = envelope.CreateElement("Message");
message.InnerXml = Document.DocumentElement.OuterXml;
message.SetAttribute("Id", "MyObjectID");
envelope.DocumentElement.AppendChild(message);
SignedXmlWithId signedXml = new SignedXmlWithId(envelope);
signedXml.SigningKey = manager.Certificate.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#MyObjectID";
if (c14)
{
XmlDsigC14NTransform env = new XmlDsigC14NTransform();
reference.AddTransform(env);
}
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(manager.Certificate);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
envelope.DocumentElement.AppendChild(
envelope.ImportNode(xmlDigitalSignature, true));
return envelope.OuterXml;
}
public override string SignXml(XmlDocument Document)
{
SignedXmlWithId signedXml = new SignedXmlWithId(Document);
signedXml.SigningKey = manager.Certificate.PrivateKey;
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(manager.Certificate);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// the DataObject has to point to a XmlNodeList
DataObject dataObject = new DataObject();
dataObject.Id = "MyObjectID1";
dataObject.Data =
new CustomXmlNodeList(new[] { Document.DocumentElement });
signedXml.AddObject(dataObject);
// Add the reference to the SignedXml object.
Reference reference = new Reference();
reference.Uri = "#MyObjectID1";
signedXml.AddReference(reference);
// Create a reference to be signed.
if (c14)
{
XmlDsigC14NTransform env = new XmlDsigC14NTransform();
reference.AddTransform(env);
}
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// create detached envelope
XmlDocument envelope = new XmlDocument();
envelope.AppendChild(envelope.CreateElement("Envelope"));
envelope.DocumentElement.AppendChild(
envelope.ImportNode(xmlDigitalSignature, true));
return envelope.OuterXml;
}
public string GenerateSignedXml(LicenseDetails details)
{
if (details == null)
throw new ArgumentNullException("details");
string rawXml;
var serializer = new XmlSerializer(typeof (LicenseDetails));
using (var stream = new MemoryStream())
{
serializer.Serialize(stream, details);
stream.Position = 0;
using (var streamReader = new StreamReader(stream))
rawXml = streamReader.ReadToEnd();
}
// Sign the xml
var doc = new XmlDocument();
TextReader reader = new StringReader(rawXml);
doc.Load(reader);
var signedXml = new SignedXml(doc);
signedXml.SigningKey = _key;
var reference = new Reference { Uri = "" };
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var signature = signedXml.GetXml();
if (doc.DocumentElement != null)
doc.DocumentElement.AppendChild(doc.ImportNode(signature, true));
if (doc.FirstChild is XmlDeclaration)
doc.RemoveChild(doc.FirstChild);
// Return the resulting xml
using (var stringWriter = new StringWriter())
using (var xmlTextWriter = XmlWriter.Create(stringWriter))
{
doc.WriteTo(xmlTextWriter);
xmlTextWriter.Flush();
return stringWriter.GetStringBuilder().ToString();
}
}
