kreta/Kreta.EESZTInterface/STS/SignHelper.cs

using System;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Xml;

namespace Kreta.EESZTInterface.STS
{
    class SignHelper
    {

        public static XmlDocument SignMessage(XmlDocument mySoap, X509Certificate2 cert, string IdBody, string IdTs, string idX509)
        {
            PrefixedSignedXML signedXml = new PrefixedSignedXML(mySoap);
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
            signedXml.SigningKey = cert.GetRSAPrivateKey();
            signedXml.Signature.Id = "SIG-" + Guid.NewGuid().ToString().Replace("-", "");

            var kInfo = new KeyInfo();
            kInfo.Id = "KI-" + Guid.NewGuid().ToString().Replace("-", "");
            XmlElement securityTokenReference = mySoap.CreateElement("wsse", "SecurityTokenReference", Namespaces.wsseNs);
            securityTokenReference.SetAttribute("Id", Namespaces.wsuNs, "STR-" + Guid.NewGuid().ToString().Replace("-", ""));
            XmlElement reference = mySoap.CreateElement("wsse", "Reference", Namespaces.wsseNs);
            reference.SetAttribute("ValueType", STSValues.x509v3Value);
            reference.SetAttribute("URI", idX509);
            securityTokenReference.AppendChild(reference);
            KeyInfoNode kInfoNode = new KeyInfoNode();
            kInfoNode.Value = securityTokenReference;
            kInfo.AddClause(kInfoNode);
            signedXml.Signature.KeyInfo = kInfo;

            XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXml.SignedInfo.CanonicalizationMethodObject;
            canMethod.InclusiveNamespacesPrefixList = "ns soap";

            Reference tRef = new Reference() { DigestMethod = STSValues.digestMethodSHA1Value };
            tRef.Uri = IdBody;
            XmlDsigExcC14NTransform c14n = new XmlDsigExcC14NTransform("ns");
            tRef.AddTransform(c14n);
            signedXml.AddReference(tRef);

            tRef = new Reference() { DigestMethod = STSValues.digestMethodSHA1Value };
            tRef.Uri = IdTs;
            c14n = new XmlDsigExcC14NTransform("wsse ns soap");
            tRef.AddTransform(c14n);
            signedXml.AddReference(tRef);

            tRef = new Reference() { DigestMethod = STSValues.digestMethodSHA1Value };
            tRef.Uri = idX509;
            c14n = new XmlDsigExcC14NTransform("");
            tRef.AddTransform(c14n);
            signedXml.AddReference(tRef);

            signedXml.ComputeSignature();
            var ret = signedXml.CheckSignature(cert, true);
            var xmlDsig = signedXml.GetXml();

            XmlElement SecElement = XmlHelper.GetElement(XmlHelper.SecurityElementName, Namespaces.wsseNs, mySoap.DocumentElement);

            SecElement.InsertAfter(mySoap.ImportNode(xmlDsig, true), XmlHelper.GetElementId(mySoap, idX509.Replace("#", "")));

            if (mySoap.FirstChild is XmlDeclaration)
            {
                mySoap.RemoveChild(mySoap.FirstChild);
            }

            return mySoap;
        }

        public static bool CheckSignature(XmlDocument mySoap, X509Certificate2 cert)
        {
            var signedXml = new PrefixedSignedXML(mySoap);

            var nodeList = XmlHelper.GetElement(XmlHelper.SignatureElementName, Namespaces.dsNs, mySoap.DocumentElement);

            signedXml.LoadXml(nodeList);

            return signedXml.CheckSignature(cert, true);
        }

    }

}