Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SignedXml generates invalid signatures

Tags:

c#

.net

signedxml

xml-signature

I've been trying to get the XMLDSIG support in .NET to behave properly, more specifically the SignedXml class. I'm implementing a third party service and they've just recently started requiring that all messages have to be digitally signed...

My problem is that, I can't seem to generate valid signatures. Both the third party service, and an online signature verifier I found, report the signature as invalid. The verification service (http://www.aleksey.com/xmlsec/xmldsig-verifier.html) reports that there's a mismatch between the digest and the data, and I've so far been unable to figure out what I'm doing wrong.

Here's the relevant code - hopefully someone will be able to spot my mistake;

public static XDocument SignDocument(XDocument originalDocument, X509Certificate2 certificate)
{
    var document = new XmlDocument();
    document.LoadXml(originalDocument.ToString(SaveOptions.DisableFormatting));
    if (document.DocumentElement == null)
        throw new InvalidOperationException("Invalid XML document; no root element found.");

    var signedDocument = new SignedXml(document);
    Reference signatureReference = GetSignatureReference();
    KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate);
    var dataObject = new DataObject("", "text/xml", "utf-8", document.DocumentElement);

    signedDocument.AddReference(signatureReference);
    signedDocument.AddObject(dataObject);
    signedDocument.SigningKey = certificate.PrivateKey;
    signedDocument.KeyInfo = certificateKeyInfo;
    signedDocument.ComputeSignature();

    return XDocument.Parse(signedDocument.GetXml().OuterXml, LoadOptions.PreserveWhitespace);
}


private static Reference GetSignatureReference()
{
    var signatureReference = new Reference("");
    signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());

    return signatureReference;
}


private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate)
{
    var certificateKeyInfo = new KeyInfo();
    certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate));

    return certificateKeyInfo;
}
like image 296
thomasjo Avatar asked Jul 30 '09 08:07

thomasjo

1 Answers

In case anyone is interested, I solved the problem and wrote about it on my blog: http://thomasjo.com/blog/2009/08/04/xmldsig-in-the-net-framework.html

like image 67
thomasjo Avatar answered Nov 17 '22 04:11

thomasjo
Sign in to Comment

Related questions

ASPX That Returns An Image - Output Cache-able?
Using Extension Methods with .NET Framework 2.0
How do I decipher the Select method docs on MSDN?
Trying to parse XML tree with Linq to XML (C#)
Visual Studio 'Publish' command fails
How do you call "Document Format" programmatically from C#?
Should I use a Field or Property within the class to set values
Freestanding functions in C# [closed]
Creating Delta Diff Patches of large Binary Files in C#
ASP.NET: avoid RequiredFieldValidator on navigate button postback
Setting image DPI in relation to height/width C#
oo question - mixing controller logic and business logic
How to resolve XSL includes in a Transformation that loads XSL from a String?
Why can't I do boolean logic on bytes?
file upload issue
Marshall to a thread manually
WPF DataTemplate and Binding
Using Mono for developing in C++
what does this security warning mean (.Net Process class)?
OOP - Message Passing in C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!