我在安全小白后悔的。我有一个XML文件,其中包括:
< XML版本=1.0编码=UTF-8独立=无&GT?;
< ID_VG_Response>
<结果>
<的subjectDN> CN =XX,SERIALNUMBER = XX / XX,C =与< / subjectDN中>
< UserIDN> XX< / UserIDN>
< CardNumber> XX< / CardNumber>
< TRANSACTIONTYPE> XX< / TRANSACTIONTYPE>
<状态>成功与LT; /状态>
< /结果>
<有效性和GT; 180℃/有效性和GT;
< SignatureTime>
<日期> 20150726< /日期>
<时间> 15:01:51:927< /时间>
< / SignatureTime>
<签名的xmlns =http://www.w3.org/2000/09/xmldsig#>
<的SignedInfo>
< CanonicalizationMethod的算法=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments/>
<算法是SignatureMethod =http://www.w3.org/2001/04/xmldsig-more#rsa-sha256/>
<参考URI =>
<变换>
<变换算法=http://www.w3.org/2000/09/xmldsig#enveloped-signature/>
< /变换>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue> XXX< /的DigestValue>
< /参考>
< /的SignedInfo>
<的SignatureValue> XXXXXXXXXX< /的SignatureValue>
<密钥信息>
<的X509Data>
< x509证书> XXXX< / x509证书>
< /的X509Data>
< /密钥信息>
< /签名>
< / ID_VG_Response>
和一些CER文件。现在我需要用C#中的CER文件以验证的SignatureValue。任何人都可以帮助我吗?一位同事给我发了一个java文件,以验证这一点,但我需要做这在C#?这是用java code,
进口java.io.ByteArrayInputStream中;
进口的java.io.File;
进口java.io.FileInputStream中;
进口java.io.FileNotFoundException;
进口的java.io.InputStream;
进口java.security.InvalidKeyException;
进口java.security.Key中;
进口java.security.NoSuchAlgorithmException;
进口java.security.NoSuchProviderException;
进口java.security.PublicKey;
进口java.security.SignatureException;
进口java.text.SimpleDateFormat的;
进口的java.util.ArrayList;
进口java.util.Date;
进口java.util.Iterator的;
进口javax.security.cert.CertificateException;
进口javax.security.cert.X509Certificate;
进口javax.xml.crypto.AlgorithmMethod;
进口javax.xml.crypto.KeySelector;
进口javax.xml.crypto.KeySelectorException;
进口javax.xml.crypto.KeySelectorResult;
进口javax.xml.crypto.XMLCryptoContext;
进口javax.xml.crypto.XMLStructure;
进口javax.xml.crypto.dsig.SignatureMethod;
进口javax.xml.crypto.dsig.XMLSignature;
进口javax.xml.crypto.dsig.XMLSignatureFactory;
进口javax.xml.crypto.dsig.dom.DOMValidateContext;
进口javax.xml.crypto.dsig.keyinfo.KeyInfo;
进口javax.xml.crypto.dsig.keyinfo.X509Data;
进口javax.xml.parsers.DocumentBuilder中;
进口javax.xml.parsers.DocumentBuilderFactory中;
进口org.w3c.dom.Document中;
进口org.w3c.dom.NodeList;
进口sun.misc.BASE64De codeR;
进口sun.security.x509.X509CertImpl;
公共类XMLSignatureValidator {
私人字符串userIDN;
公共静态无效的主要(字串[] args)抛出异常{
XMLSignatureValidator验证=新XMLSignatureValidator();
//布尔核实= validator.verifyVGResponse(新的FileInputStream(
//C:/ID_VG_Response.xml),CA);
的FileInputStream FIS =新的FileInputStream(C:/ID_VG_Response.xml);
byte []的数据=新的字节[fis.available()];
fis.read(数据);
fis.close();
布尔核实= validator.verifyVGResponse(新的String(数据)
E:/ EIDA工具包/ VG相关/ ADSIC_Prod / VG响应证书);
的System.out.println(认证);
}
公共布尔verifyVGResponse(最后弦乐vgResponse,
最后弦乐cAFolderPath)抛出异常{
byte []的XML =新BASE64De codeR()去codeBuffer(vgResponse)。
返回verifyVGResponse(新ByteArrayInputStream的(XML),cAFolderPath);
}
公共布尔verifyVGResponse(最终的InputStream vgResponse,
最后弦乐cAFolderPath)抛出异常{
x509证书[]证书= getCertificates(cAFolderPath);
DocumentBuilderFactory的DBF = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(真正的);
DocumentBuilder的建设者= dbf.newDocumentBuilder();
文档DOC = builder.parse(vgResponse);
NodeList的NL = doc.getElementsByTagNameNS(XMLSignature.XMLNS,
签名);
如果(nl.getLength()== 0){
抛出新的异常(无法找到Signature元素);
}
最后X509KeySelector的KeySelectors =新X509KeySelector();
以DOMValidateContext valContext =新使用DOMValidateContext(的KeySelectors,
nl.item(0));
的XMLSignatureFactory厂= XMLSignatureFactory.getInstance(DOM,
新org.jcp.xml.dsig.internal.dom.XMLDSigRI());
最后的XMLSignature的签名=工厂
.unmarshalXMLSignature(valContext);
//验证签名。
布尔coreValidity = signature.validate(valContext);
如果(coreValidity){
//验证完整的证书链。
最后X509CertImpl signerCertImpl =(X509CertImpl)的KeySelectors
.getSignerCertificate();
最后x509证书signerCert = javax.security.cert.X509Certificate
.getInstance(signerCertImpl.getEn codeD());
布尔核实= verifyCertificate(signerCert,证书);
如果(认证){
节点列表NL2 = doc.getElementsByTagName(状态);
如果(!nl2.item(0).getFirstChild()。getNodeValue()
.equalsIgnoreCase(成功)){
抛出新的异常(状态元素没有设置成功);
}
长signerTime =新的SimpleDateFormat(YYYYMMDD HH:MM:SS:SSS)
.parse(doc.getElementsByTagName(日)。项目(0)
.getFirstChild()。getNodeValue()
+
+ doc.getElementsByTagName(时间)。项目(0)
.getFirstChild()。getNodeValue())
.getTime();
INT validitySec =的Integer.parseInt(DOC
.getElementsByTagName(效力)。项目(0)
。.getFirstChild()getNodeValue());
的System.out.println(签名时间:+ signerTime);
的System.out.println(签名者时间日期:+新的日期(signerTime));
的System.out.println(validitySec:+ validitySec);
的System.out.println(validitySec * 1000:+ validitySec * 1000);
日期D =新的日期();
的System.out.println(服务器上的日期是:+ D);
的System.out.println(服务器上的毫秒时间:+ d.getTime());
的System.out.println(d.getTime()> signerTime + validitySec * 1000);
如果(d.getTime()> signerTime + validitySec * 1000){
抛出新的异常(VG响应过期);
}
userIDN = doc.getElementsByTagName(UserIDN)。项(0)
。.getFirstChild()getNodeValue();
返回true;
} 其他 {
抛出新的异常(证书无效。);
}
}
抛出新的异常(签名无效);
}
// CHECKSTYLE_IGNORE_START
私人最终布尔verifyCertificate(最终X509证书signerCert,
最后的X509Certificate []证书)抛出InvalidKeyException将,
抛出:NoSuchAlgorithmException,NoSuchProviderException,
SignatureException,CertificateException {
// CHECKSTYLE_IGNORE_END
signerCert.checkValidity();
x509证书issuerCert = NULL;
字符串issuerDN = signerCert.getIssuerDN()的getName()。
的for(int i = 0; I< certificates.length;我++){
如果(证书[I] .getSubjectDN()的getName()。等于(issuerDN)){
issuerCert =证书[I]
打破;
}
}
如果(issuerCert == NULL){
返回false;
}
signerCert.verify(issuerCert.getPublicKey());
的for(int i = 0; I< certificates.length;我++){
如果(signerCert.getSerialNumber()。等于(
证书[I] .getSerialNumber())){
返回true;
}
}
返回false;
}
// CHECKSTYLE_IGNORE_START
私有类SimpleKeySelectorResult实现KeySelectorResult {
密钥pk =无效;
SimpleKeySelectorResult(主要_PK){
PK = _PK;
}
// @覆盖
公钥getKey(){
返回PK;
}
}
// CHECKSTYLE_IGNORE_END
公共类X509KeySelector扩展的KeySelectors {
私人X509CertImpl证书;
@燮pressWarnings(rawtypes)
公共KeySelectorResult选择(密钥信息的密钥信息,
KeySelector.Purpose目的,AlgorithmMethod方法,
XMLCryptoContext上下文)抛出KeySelectorException {
。迭代器き= keyInfo.getContent()迭代();
而(ki.hasNext()){
XMLStructure的信息=(XMLStructure组成)ki.next();
如果(!(的instanceof的X509Data资讯)){
继续;
}
的X509Data的X509Data =(的X509Data)信息;
。迭代器曦= x509Data.getContent()迭代();
而(xi.hasNext()){
对象o = xi.next();
如果(O的instanceof x509证书){
//当前未使用,返回的对象是
// X509CertImpl
公钥密钥=((x509证书)O).getPublicKey();
//确保该算法的兼容
//与方法。
如果(algEquals(method.getAlgorithm(),key.getAlgorithm())){
返回新SimpleKeySelectorResult(密钥);
}
}
如果(O的instanceof X509CertImpl){
证书=((X509CertImpl)O);
公钥密钥=((X509CertImpl)O).getPublicKey();
//确保该算法的兼容
//与方法。
如果(algEquals(method.getAlgorithm(),key.getAlgorithm())){
返回新SimpleKeySelectorResult(密钥);
}
}
}
}
抛出新KeySelectorException(无钥匙找到了!);
}
公共X509CertImpl getSignerCertificate(){
返回证书;
}
// CHECKSTYLE_IGNORE_START
布尔algEquals(字符串algURI,字符串algName){
如果(algName.equalsIgnoreCase(DSA)
&功放;&安培; algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)){
返回true;
}否则,如果(algName.equalsIgnoreCase(RSA)
&功放;&安培; algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)){
返回true;
}否则,如果(algName.equalsIgnoreCase(RSA)
&功放;&安培; algURI
.equalsIgnoreCase(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256)){
返回true;
} 其他 {
返回false;
}
}
// CHECKSTYLE_IGNORE_END
}
私有静态的X509Certificate [] getCertificates(字符串cAFolderPath)
抛出FileNotFoundException异常,CertificateException {
ArrayList的< x509证书>证书=新的ArrayList< x509证书>();
文件F =新的文件(cAFolderPath);
如果(f.isDirectory()){
文件[]文件= f.listFiles();
的for(int i = 0; I< files.length;我++){
x509证书证书= x509证书
.getInstance(新的FileInputStream(文件[I]));
certificates.add(证书);
}
x509证书[]证书=新的X509Certificate [certificates.size()];
如果(certificates.size()!= 0){
的for(int i = 0; I< certs.length;我++){
证书[I] = certificates.get(ⅰ);
}
返回证书;
}
}
返回null;
}
公共字符串getUserIDN(){
返回userIDN;
}
公共无效setUserIDN(字符串userIDN){
this.userIDN = userIDN;
}
}
解决方案
如果您有公钥(类似):
< RSAKeyValue>
<模量GT; tt5QV .... kJqsMZ2yuxZfoyQ ==< /模量>
<指数> AQAB< /指数>
< / RSAKeyValue>
您应该能够核实就像一个签名的XML文档:
私人布尔TryGetValidDocument(字符串公钥,XmlDocument的DOC)
{
VAR RSA =新的RSACryptoServiceProvider();
rsa.FromXmlString(公钥);
VAR nsMgr =新的XmlNamespaceManager(doc.NameTable);
nsMgr.AddNamespace(签名,http://www.w3.org/2000/09/xmldsig#);
VAR signedXml =新的SignedXml(DOC);
VAR SIG =(的XmlElement)doc.SelectSingleNode(// SIG:签名,nsMgr);
如果(SIG == NULL)
{
Console.WriteLine(找不到签名节点);
返回false;
}
signedXml.LoadXml(SIG);
返回signedXml.CheckSignature(RSA);
}
有关更多信息按照此链接
有关证书是非常相似的。在code应该是这样的:
私人布尔TryGetValidDocument(X509Certificate2证书,XmlDocument的DOC)
{
VAR nsMgr =新的XmlNamespaceManager(doc.NameTable);
nsMgr.AddNamespace(签名,http://www.w3.org/2000/09/xmldsig#);
VAR signedXml =新的SignedXml(DOC);
VAR SIG =(的XmlElement)doc.SelectSingleNode(// SIG:签名,nsMgr);
如果(SIG == NULL)
{
Logger.Warn(找不到签名节点);
返回false;
}
signedXml.LoadXml(SIG);
返回signedXml.CheckSignature(证书,真正的);
}
一个完整的例子可以发现这里
I am noob in security sorry for that. I have an xml file which include,
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ID_VG_Response>
<Result>
<SubjectDN>CN="XX", SERIALNUMBER=XX/XX, C=IN</SubjectDN>
<UserIDN>XX</UserIDN>
<CardNumber>XX</CardNumber>
<TransactionType>XX</TransactionType>
<Status>Success</Status>
</Result>
<Validity>180</Validity>
<SignatureTime>
<date>20150726</date>
<time>15:01:51:927</time>
</SignatureTime>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>XXX</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XXXXXXXXXX</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>XXXX</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</ID_VG_Response>
and some cer files. Now I need to verify the SignatureValue using the cer files in C#. Can anyone help me please? One of colleague sent me a java file to validate this but I need to do this in C#? Here is java code,
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import sun.misc.BASE64Decoder;
import sun.security.x509.X509CertImpl;
public class XMLSignatureValidator {
private String userIDN;
public static void main(String[] args) throws Exception {
XMLSignatureValidator validator = new XMLSignatureValidator();
//boolean verified = validator.verifyVGResponse(new FileInputStream(
// "C:/ID_VG_Response.xml"), "CA");
FileInputStream fis = new FileInputStream("C:/ID_VG_Response.xml");
byte[] data = new byte[fis.available()];
fis.read(data);
fis.close();
boolean verified = validator.verifyVGResponse(new String(data),
"E:/EIDA Toolkit/VG Related/ADSIC_Prod/VG Response Cert");
System.out.println(verified);
}
public boolean verifyVGResponse(final String vgResponse,
final String cAFolderPath) throws Exception {
byte[] xml = new BASE64Decoder().decodeBuffer(vgResponse);
return verifyVGResponse(new ByteArrayInputStream(xml), cAFolderPath);
}
public boolean verifyVGResponse(final InputStream vgResponse,
final String cAFolderPath) throws Exception {
X509Certificate[] certificates = getCertificates(cAFolderPath);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(vgResponse);
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}
final X509KeySelector keySelector = new X509KeySelector();
DOMValidateContext valContext = new DOMValidateContext(keySelector,
nl.item(0));
XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM",
new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
final XMLSignature signature = factory
.unmarshalXMLSignature(valContext);
// Verify signature.
boolean coreValidity = signature.validate(valContext);
if (coreValidity) {
// Verify the complete certificate chain.
final X509CertImpl signerCertImpl = (X509CertImpl) keySelector
.getSignerCertificate();
final X509Certificate signerCert = javax.security.cert.X509Certificate
.getInstance(signerCertImpl.getEncoded());
boolean verified = verifyCertificate(signerCert, certificates);
if (verified) {
NodeList nl2 = doc.getElementsByTagName("Status");
if (!nl2.item(0).getFirstChild().getNodeValue()
.equalsIgnoreCase("Success")) {
throw new Exception("Status element not set to success");
}
long signerTime = new SimpleDateFormat("yyyyMMdd HH:mm:ss:SSS")
.parse(doc.getElementsByTagName("date").item(0)
.getFirstChild().getNodeValue()
+ " "
+ doc.getElementsByTagName("time").item(0)
.getFirstChild().getNodeValue())
.getTime();
int validitySec = Integer.parseInt(doc
.getElementsByTagName("Validity").item(0)
.getFirstChild().getNodeValue());
System.out.println("signer time: " + signerTime);
System.out.println("signer time date: " + new Date(signerTime));
System.out.println("validitySec: " + validitySec);
System.out.println("validitySec * 1000: " + validitySec * 1000);
Date d = new Date();
System.out.println("Date on the server is: " + d);
System.out.println("Date on server in milliseconds: " + d.getTime());
System.out.println(d.getTime() > signerTime + validitySec * 1000);
if (d.getTime() > signerTime + validitySec * 1000) {
throw new Exception("VG response expired");
}
userIDN = doc.getElementsByTagName("UserIDN").item(0)
.getFirstChild().getNodeValue();
return true;
} else {
throw new Exception("Certificate Not Valid");
}
}
throw new Exception("Signature Not Valid");
}
// CHECKSTYLE_IGNORE_START
private final boolean verifyCertificate(final X509Certificate signerCert,
final X509Certificate[] certificates) throws InvalidKeyException,
NoSuchAlgorithmException, NoSuchProviderException,
SignatureException, CertificateException {
// CHECKSTYLE_IGNORE_END
signerCert.checkValidity();
X509Certificate issuerCert = null;
String issuerDN = signerCert.getIssuerDN().getName();
for (int i = 0; i < certificates.length; i++) {
if (certificates[i].getSubjectDN().getName().equals(issuerDN)) {
issuerCert = certificates[i];
break;
}
}
if (issuerCert == null) {
return false;
}
signerCert.verify(issuerCert.getPublicKey());
for (int i = 0; i < certificates.length; i++) {
if (signerCert.getSerialNumber().equals(
certificates[i].getSerialNumber())) {
return true;
}
}
return false;
}
// CHECKSTYLE_IGNORE_START
private class SimpleKeySelectorResult implements KeySelectorResult {
Key pk = null;
SimpleKeySelectorResult(Key _pk) {
pk = _pk;
}
// @Override
public Key getKey() {
return pk;
}
}
// CHECKSTYLE_IGNORE_END
public class X509KeySelector extends KeySelector {
private X509CertImpl cert;
@SuppressWarnings("rawtypes")
public KeySelectorResult select(KeyInfo keyInfo,
KeySelector.Purpose purpose, AlgorithmMethod method,
XMLCryptoContext context) throws KeySelectorException {
Iterator ki = keyInfo.getContent().iterator();
while (ki.hasNext()) {
XMLStructure info = (XMLStructure) ki.next();
if (!(info instanceof X509Data)) {
continue;
}
X509Data x509Data = (X509Data) info;
Iterator xi = x509Data.getContent().iterator();
while (xi.hasNext()) {
Object o = xi.next();
if (o instanceof X509Certificate) {
// Currently not used, the object returned is
// X509CertImpl
PublicKey key = ((X509Certificate) o).getPublicKey();
// Make sure the algorithm is compatible
// with the method.
if (algEquals(method.getAlgorithm(), key.getAlgorithm())) {
return new SimpleKeySelectorResult(key);
}
}
if (o instanceof X509CertImpl) {
cert = ((X509CertImpl) o);
PublicKey key = ((X509CertImpl) o).getPublicKey();
// Make sure the algorithm is compatible
// with the method.
if (algEquals(method.getAlgorithm(), key.getAlgorithm())) {
return new SimpleKeySelectorResult(key);
}
}
}
}
throw new KeySelectorException("No key found!");
}
public X509CertImpl getSignerCertificate() {
return cert;
}
// CHECKSTYLE_IGNORE_START
boolean algEquals(String algURI, String algName) {
if (algName.equalsIgnoreCase("DSA")
&& algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
return true;
} else if (algName.equalsIgnoreCase("RSA")
&& algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
return true;
} else if (algName.equalsIgnoreCase("RSA")
&& algURI
.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")) {
return true;
} else {
return false;
}
}
// CHECKSTYLE_IGNORE_END
}
private static X509Certificate[] getCertificates(String cAFolderPath)
throws FileNotFoundException, CertificateException {
ArrayList<X509Certificate> certificates = new ArrayList<X509Certificate>();
File f = new File(cAFolderPath);
if (f.isDirectory()) {
File[] files = f.listFiles();
for (int i = 0; i < files.length; i++) {
X509Certificate cert = X509Certificate
.getInstance(new FileInputStream(files[i]));
certificates.add(cert);
}
X509Certificate[] certs = new X509Certificate[certificates.size()];
if (certificates.size() != 0) {
for (int i = 0; i < certs.length; i++) {
certs[i] = certificates.get(i);
}
return certs;
}
}
return null;
}
public String getUserIDN() {
return userIDN;
}
public void setUserIDN(String userIDN) {
this.userIDN = userIDN;
}
}
解决方案
If you have the public key (something like):
<RSAKeyValue>
<Modulus>tt5QV .... kJqsMZ2yuxZfoyQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
You should be able to verify a signed xml document like:
private bool TryGetValidDocument(string publicKey, XmlDocument doc)
{
var rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(publicKey);
var nsMgr = new XmlNamespaceManager(doc.NameTable);
nsMgr.AddNamespace("sig", "http://www.w3.org/2000/09/xmldsig#");
var signedXml = new SignedXml(doc);
var sig = (XmlElement) doc.SelectSingleNode("//sig:Signature", nsMgr);
if (sig == null)
{
Console.WriteLine("Could not find the signature node");
return false;
}
signedXml.LoadXml(sig);
return signedXml.CheckSignature(rsa);
}
For more info follow this link
For Certificates is very similar. The code should look like:
private bool TryGetValidDocument(X509Certificate2 cert, XmlDocument doc)
{
var nsMgr = new XmlNamespaceManager(doc.NameTable);
nsMgr.AddNamespace("sig", "http://www.w3.org/2000/09/xmldsig#");
var signedXml = new SignedXml(doc);
var sig = (XmlElement) doc.SelectSingleNode("//sig:Signature", nsMgr);
if (sig == null)
{
Logger.Warn("Could not find the signature node");
return false;
}
signedXml.LoadXml(sig);
return signedXml.CheckSignature(cert, true);
}
A full example can be found here