The second part of the XMLDSig tutorial. Make sure you don’t miss the previous entries:
In this part of the tutorial we will learn how to create and validate XML digital signatures in C#.
What we demonstrate is three different approaches to:
These three approaches will correspond to Enveloped, Enveloping and Detached signatures (refer to the previous part of the tutorial).
We have to start with a helper class to access X509 certificates:
Then we will have a base class with a common code to verify XML documents. This is interesting – since we have three types of signatures we surely need three different approaches to signing. However, the same method will be used to validate three different types of signatures, regardless of the type of the signature! The code is rather straightforward and requires no additional comments.
Next, we need three different providers for three different types of signatures.
Enveloping. This one requires a comment. You see, the XML document embedded in the signature is wrapped in an auxiliary DataObject element. The API requires that the DataObject points to a XmlNodeList and this is unfortunate since we only need a single node, the document we are about to sign. As it turns out, there is no public implementation of a class inheriting from the abstract XmlNodeList class so that I had to provide the CustomXmlNodeList class just to satisfy object contracts. This is a small limitation of the API and a smal inconvenience.
Detached. Nothing unusual this time.
All these three implementations allow me to sign my XML documents with a signature of my choice. Also, all three should correctly verify signed documents.
In the next part we will discuss Java implementation.