To check the signature of a signed Xml Document, there is a class SigendXml in the .NET Framework, which can validate and sign XML Documents.
This Example shows a signed Xml Document. The Document is in this form not valid because the pretty print, changes the whitespace and so the hash is not the same. So be sure not change anything in a signed document.
<test>
<data name="test1">value1</data>
<data name="test1">value1</data>
<data name="test1">value1</data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>PDdixiJvxakVD6MvIAbR5SysLh0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>dqwuYsXEsaV5k4GL41B230AuXV+hCroCqCtyCRt1u5O97dwZgUbDY3Ns34Bbw+w+czxgUk4rF6m5vhflbeErb7zSyn8qwXi3QnE1g96w6sQzYc7I9qTgqRw8DuufDYfhn6/1D+FflYXYOfj3dglEpTXbcPhV76GmsPL4g+CLPKo=</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>4VGrIlDzCmgbIL2dZiSxP+bqgu3CL3qgwhfAU01FziPOyJMtk76+9hPDefN8qdifKjlRXHkGl4IbPUZQsdHqtE7M8HtkM9Pb5xogpma8mWcWhu3CIO9YJr8EEj2XmNa98XI2Nr0PAr7YLtneRktVWq1BKdttckcq2gtUp8amXas=</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</test>
1. This Example shows how to validate a signed Xml Document.
// Load the Signed Xml Document with all Whitespace.
XmlDocument xDoc = new XmlDocument();
xDoc.PreserveWhitespace = true;
xDoc.Load(fileName);
// Create the SignedXml object.
SignedXml signedXml = new SignedXml(xDoc.DocumentElement);
// Set the signiture and the key. which must be checked.
signedXml.LoadXml((XmlElement)xDoc.DocumentElement.SelectSingleNode("*[local-name(.) = 'Signature' and namespace-uri(.) = 'http://www.w3.org/2000/09/xmldsig#']"));
// Check the signature
bool valid = signedXml.CheckSignature();
The PreserveWhitespace Option is necessary because all white spaces are also a part of the hash which was signed.
2. This Example shows how to check an Xml Document with a specified X509 Certificate.
// Load the Signed Xml Document with all Whitespace.
XmlDocument xDoc = new XmlDocument();
xDoc.PreserveWhitespace = true;
xDoc.Load(fileName);
// Create the SignedXml object.
SignedXml signedXml = new SignedXml(xDoc.DocumentElement);
// Gets The Key, which must the document must be signed.
KeyInfo info1 = new KeyInfo();
KeyInfoX509Data data1 = new KeyInfoX509Data(refCertifcate);
info1.AddClause(data1);
// Set the signiture and the key. which must be checked.
signedXml.LoadXml((XmlElement)xDoc.DocumentElement.SelectSingleNode("*[local-name(.) = 'Signature' and namespace-uri(.) = 'http://www.w3.org/2000/09/xmldsig#']"));
signedXml.KeyInfo = info1;
signedXml.SigningKey = refCert.PublicKey.Key;
// Check the signature
bool valid = signedXml.CheckSignature();
3. If the Signed Document is a part of another document (e.g. a Soap Message), and the reference Uri is empty. The Signed Part must be first imported in a new document, before it can be added to the SigendXml.
// Create a new XmlDocument with only the signed part
xDoc = new XmlDocument();
XmlNode copyNode = xDoc.ImportNode(xmlElement, true);
xDoc.AppendChild(copyNode);
References:
XML-Signature Standard
Posted
Mar 05 2007, 11:14 PM
by
Rolf Nebhuth