I'm building soap message which requires wse security and for some reason, the client requires KeyInfo, subject and serial #. but the serial # displayued for the x509 is hex and doesn't fit the xsd requirements for X509SerialNumber node which is integer. I've read that this needs to the the issuer serial # but it isn't part of the cert. This is a self signed certificate. How can I determine what the serial # is?
Please DO NOT tell me to use WCF. If I could use it, I would. I know WCF would make it easier, I hold an MCTS for WCF.
I found what I needed. http://www.dotnetmonster.com/Uwe/Forum.aspx/dotnet-security/2875/Manually-computing-sha1-digest-of-reference-containing
Just needed to add some code. the X509ChainElement.Certificate.GetSerialNumberString() gives me what I need and I don't have to calc anything.
Here is the code I'm now using
public static XmlElement GenerateSignature(XmlElement xmlToSign, StoreName storeName, StoreLocation storeLocation, X509Certificate2 certificate, string referenceID)
{
SignedXml signedXml = new SignedXml(xmlToSign);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SigningKey = certificate.PrivateKey;
Reference tRef = new Reference(referenceID);
XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();
tRef.AddTransform(env);
signedXml.AddReference(tRef);
KeyInfo keyInfo = new KeyInfo();
X509Chain x509Chain = new X509Chain();
x509Chain.Build(certificate);
foreach (X509ChainElement element in x509Chain.ChainElements)
{
KeyInfoX509Data x509Data = new KeyInfoX509Data(element.Certificate);
string issuer = element.Certificate.Issuer;
x509Data.AddIssuerSerial(issuer, element.Certificate.GetSerialNumberString());
keyInfo.AddClause(x509Data);
}
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDsig = signedXml.GetXml();
return xmlDsig;
}