.netxmlsslxades

Signing detached xml secured by jwt and tls


I have problem with signing XML Document. I need to sign external (detached) document like it’s made in this url : https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.signedxml.computesignature?view=net-5.0 This example works in my code but, my xml document is secured by JWT and TLS certificate so when I try computeSignature I reach exception “cannot create secured ssl/tls channel” :/ I had similar error when i tried create get request on the server and when i attached tls certificate problem solved. Unfortunetly I don’t have idea how can I attach jwt token and tls in this case (in sign mechanism) :/


Solution

  • So... after some hour of work i found some solution. Problem is in System.Security.Cryptography.Xml Reference class. In this class when reference is to some external xml, method GetHash make simple GET request and you cant sign Your own resolver. unfortunately i cant edit System.Security.Cryptography .dll. BUT i can edit Medicom.XADES, so in method BuildDigestedReferences i need to comment this line : //object m_containingDocument = SignedXml_m_containingDocument.GetValue(this); //Reference_UpdateHashValue.Invoke(reference2, new object[] { m_containingDocument, refList });

    And prepare my own DigestValue for reference :

    reference2.DigestValue = GetHashXML(reference2); 
    

    Where GetHashXML(Reference reference) is method which make request to external (secured by ssl/tls ) xml, and then compute SHA256 hash and return its value by BYTE to reference2.DigestValue