2

Because of specifications imposed on me I have written my own C# code to sign XML, and to validate signed XML. Much like the SignedXml class does, but this way I'm more flexible e.g. in using XML namespace prefixes or not (it seems SignedXml does NOT like namespace prefixes in the signature XML, but my XML specs say I must have them), and in the algorithm for the signature (specs now say sha256).

Everything seems to work, but an "imperfection" that bothers me is that - for example - when validating the xml, I need to transform or verify data using a particular class of object, and all I have to go by is the algorithm URI specified in the XML. An example would be canonicalization: if the XML says "http://www.w3.org/2001/10/xml-exc-c14n#" I know I can use the XmlDsigExcC14NTransform class, but my question is: is there a way to get from such a URI (or any URI) to a particular class of object?

I now use a list of URI's known to me and the object classes (I think) they refer to (or compare it to the Algorithm property of a list of known object classes, e.g. XmlDsigExcC14NTransform.Algorithm), which is not really what I like.

Lance Roberts
  • 22,383
  • 32
  • 112
  • 130
Bob van Steijnen
  • 23
  • 3

1 Answers1

1

This is not well documented but System.Security.Cryptography.CryptoConfig.CreateFromName(string) will return you the transform associated with an URI.

poupou
  • 43,413
  • 6
  • 77
  • 174
  • Thanks poupou: from the transform URI I can now indeed get the associated transform. A similar association is needed for the signature method. For example: "SHA256" is associated with URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" and the SHA256Managed class. *CryptoConfig.CreateFromName("SHA256")* will return a SHA256Managed class object; *CryptoConfig.MapNameToOID("SHA256")* will return the OID I need for RSACryptoServiceProvider's SignData() and VerifyData() methods. Is there a way to get from "SHA256" to "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" and/or vice versa? – Bob van Steijnen Jul 19 '12 at 14:56
  • No, strings like `"SHA256"` could be mapped to several URI which would mean your application would still need to decide which one applies. Since your application *needs to know* there little value in such an API. – poupou Jul 19 '12 at 15:11
  • No problem :-) To help others please click on the checkmark under the answer vote count so future search will show an answer is available. – poupou Jul 19 '12 at 15:41