public static string Sign(string xml, X509Certificate2 certificate) { if (xml == null) throw new ArgumentNullException("xml"); if (certificate == null) throw new ArgumentNullException("certificate"); if (!certificate.HasPrivateKey) throw new ArgumentException("certificate", "Certificate should have a private key"); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xml); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = certificate.PrivateKey; // Attach certificate KeyInfo KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(keyInfoData); signedXml.KeyInfo = keyInfo; // Attach transforms var reference = new Reference(""); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false)); reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false)); signedXml.AddReference(reference); // Compute signature signedXml.ComputeSignature(); var signatureElement = signedXml.GetXml(); // Add signature to bundle doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true)); return doc.OuterXml; }
private void Sign(Message message, string[] elementIdsToSign, string[] attachmentsToSign, string wssNamespace, X509Certificate2 certificate) { //Prepare XML to encrypt and sign var element = this.PrepareEncyrptSign(message); bool signEntireDocument = true; string elementToBeSigned = string.Empty; var signedMessage = new XmlDocument(); signedMessage.AppendChild(signedMessage.ImportNode(element, true)); SignatureType signAs = SignatureType.InternallyDetached; signedMessage.PreserveWhitespace = false; OverrideSignedXml signedXml = new OverrideSignedXml(signedMessage); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (elementIdsToSign != null && elementIdsToSign.Length > 0) { bool isContentTransform = this.IsSignatureContentTransform; foreach (string s in elementIdsToSign) { // Create a reference to be signed. Reference reference = new Reference(string.Format("#{0}", s)); reference.AddTransform(new XmlDsigExcC14NTransform()); reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; // Add the reference to the SignedXml object. signedXml.AddReference(reference); } signEntireDocument = false; } // Reference attachments to sign if (attachmentsToSign != null && attachmentsToSign.Length > 0) { bool isContentTransform = this.IsSignatureContentTransform; foreach (string attachmentId in attachmentsToSign) { // Create a reference to be signed. Reference reference = new Reference(string.Format("{0}{1}", Constants.CidUriScheme, attachmentId)); reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; if (isContentTransform) { AttachmentContentSignatureTransform env = new AttachmentContentSignatureTransform(); reference.AddTransform(env); } else { AttachmentCompleteSignatureTransform env = new AttachmentCompleteSignatureTransform(); reference.AddTransform(env); } // Add the reference to the SignedXml object. signedXml.AddReference(reference); } signEntireDocument = false; } if (signEntireDocument) { Reference reference = new Reference(); reference.Uri = ""; reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signAs = SignatureType.Enveloped; } string x509CertificateReferenceId = string.Format("{0}-{1}", Constants.IdAttributeName, Guid.NewGuid().ToString("N")); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509SecurityTokenReference(string.Format("#{0}", x509CertificateReferenceId), wssNamespace)); signedXml.KeyInfo = keyInfo; signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; RSA key = (RSACryptoServiceProvider) certificate.PrivateKey; signedXML.SigningKey = key; CidWebRequest.Message = message; signedXml.ComputeSignature(); var xmlSignature = signedXml.GetXml(); XmlDocument unsignedEnvelopeDoc = new XmlDocument(); unsignedEnvelopeDoc.LoadXml(message.MessageAsString); }