XSignComponent2 - checking digital signature component

XSignComponent2 DEMO

A digital signature component for web applications. Sign XML documents on the client side with users certificate from Windows Certificate Store, USB tokens or Smart Cards.

Works on all major browsers including Chrome, Edge and Firefox

This is a simple demo page. Similar page to test digital signature component should be on your web site. This is a sample page to demonstrate XML signature using XSignComponent2 component from www.lizard-labs.com.
In production environment this should be a page on customers site. Check the page source to see the JavaScript code for calling XSignComponent2 digital signature component.

Enter a sample XML document and click on the button to sign it using our digital signature component.

You will be asked to select signing certificate from Windows Certificate Store so if certificate is issued on USB token or Smart Card, appropriate drivers should be installed to access the cert trough the store. After the process is finisher you will see success or error message

How to test the signing component with this page:

1. Put your XML in the text box.
2. Optionally you can put Certificate Hash (Thumb-print) of the signing certificate. XSignComponent uses personal certificates from Windows Certificate Store. It can't sign document if it can't access the certificate from the store.
3. You can set additional comma separated options for the signing process:
IgnoreXmlWhitespaces, ReturnSignatureOnly, RememberSelectedCertificate, CanonicalizationWithComments, Enveloping, UseSha256, UseSha384, UseSha512, DoNotIncludeKeyValueInKeyInfo, DoNotIncludeX509DataInKeyInfo, XmlDocumentIsUtf8Base64Encoded)
4. Click on Sign XML button to begin signing process. If the certificate hash is not present, a pop-up dialog box will ask you which certificate you want to use to sign the document.
5. After the document is signed you can send it on the server for validation. If something is wrong, you will see an error message

XML Document:

Signing certificate thumbprint/hash (optional):

Options (optional):

Signature value:

Sample code used in this demo

This Javascript code was used on the client side to sign the document (you can also check the page source):

        function signTestDocument() {
            try {

                document.getElementById("txtSignedDocument").value = ""; // clear signature

                var doc = document.getElementById("txtXmlDocument").value; // get the document text

                var certhash = document.getElementById("txtCertificateThumbprint").value; // get certificate hash if needed

                if (doc.trim().length == 0) {
                    alert("Please enter an XML document");
                    return false;
                }

                var signature = sign_with_XSignComponent2_component(doc, certhash, '');

                if (signature.startsWith("ERROR:")) {
                    alert(signature);
                    return false;
                }
                else {
                    // set signature and submit for validation

                    document.getElementById("txtSignedDocument").value = signature;
                    return true;
                }
            } catch (e) {
                alert("Unexpected error using digital signature component: " + e.message);
            }

        }

        // Parameters:
        // xml is XML document as a string
        // certhash is a hash (thumbprint) of the siging certificate). If empty, certificate user must select from certificate store
        // options can be GetXmlSignatureWithoutKeyInfo to return XML signature document without the certificate info

        function sign_with_XSignComponent2_component(xml, certhash = '', options = '') {
            try {
                var http = new XMLHttpRequest();
                var url = 'https://127.0.0.1:36912/sign'; // port number may be changed
                http.open('POST', url, false);

                var doc = options + '\n' + certhash + '\n' + xml;

                http.send('params=' + escape(doc));
                if (http.readyState == 4) {
                    if (http.status == 200) {
                        if (http.responseText.startsWith("ERROR:")) {
                            return ("ERROR: Error during the signature process. Please check the component log for more details. This is the component response:\n\n" + http.responseText);
                        }
                        else
                            return http.responseText;
                    }
                }
                else {
                    return ("ERROR: digital signature component is not active or the browser can't access the component service. Please restart the component and try again. Error status code: " + http.status);
                }
            } catch (e) {
                return ("ERROR: unexpected error using digital signature component. Digital signature component is not active or the browser can't access the component service. Please restart the component and try again. Error details: " + e.message);
            }

            return "ERROR: nothing to return";
        }

This C# code was used on the server side to verify the signature:

        private bool CheckSignature(string signedxmldata, bool bPreserveWhitespace = true)
        {
            XmlDocument xdoc = new XmlDocument() { PreserveWhitespace = bPreserveWhitespace };
            xdoc.LoadXml(signedxmldata);
            xdoc.GetElementsByTagName("Signature")[0].ParentNode.RemoveChild(xdoc.GetElementsByTagName("Signature")[0]);

            XmlDocument sxmlDocument = new XmlDocument();
            sxmlDocument.LoadXml(signedxmldata);

            SignedXml signedXml = new SignedXml(xdoc);
            signedXml.LoadXml((XmlElement) sxmlDocument.GetElementsByTagName("Signature")[0]);

            // Get the signing certificate info. If no KeyInfo is present, load keys from external file
            string base64cert = signedXml.KeyInfo.GetXml().GetElementsByTagName("X509Certificate")[0].InnerText;
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(base64cert));
            

            bool valid = signedXml.CheckSignature();

            // Here you can do something with certificate if you want. Sample
            if(valid)
            {
                lblMessage.ForeColor = System.Drawing.Color.Green;
                lblMessage.Text = $"SUCESS: signature is valid. <BR /> Document signed by {cert.Subject}. Certificate issued by {cert.Issuer} with serial no {cert.SerialNumber}";
            }

            return valid;
        }

        protected void btnSign_Click(object sender, EventArgs e)
        {
            try
            {
                // Try with PreserveWhitespace set to TRUE or FALSE. By default digital signature compoent preserves XML whitespaces.
                if (!CheckSignature(txtSignedDocument.Text, true))
                    if (!CheckSignature(txtSignedDocument.Text, false))
                    {
                        lblMessage.ForeColor = System.Drawing.Color.Orange;
                        lblMessage.Text = "FAIL: signature is not valid";
                    }
            }
            catch(Exception ex)
            {
                lblMessage.ForeColor = System.Drawing.Color.Red;
                lblMessage.Text = "Error validation the signature: " + ex.Message;
            }
        }

You can also try other tools to verify the signature (for instance this one powered by popular C library Libxml2 https://www.aleksey.com/xmlsec/xmldsig-verifier.html)

For more information about this digital signature component visit our website www.lizard-labs.com