SignedXml 生成无效签名
我一直在尝试让 .NET 中的 XMLDSIG 支持正常运行,更具体地说是 SignedXml 类。 我正在实施第三方服务,他们最近刚刚开始要求所有消息都必须进行数字签名...
我的问题是,我似乎无法生成有效的签名。 第三方服务和我找到的在线签名验证程序都将签名报告为无效。 验证服务 (http://www.aleksey.com/xmlsec/xmldsig-verifier.html )报告摘要和数据之间不匹配,到目前为止我无法弄清楚我做错了什么。
这是相关的代码 - 希望有人能够发现我的错误;
public static XDocument SignDocument(XDocument originalDocument, X509Certificate2 certificate)
{
var document = new XmlDocument();
document.LoadXml(originalDocument.ToString(SaveOptions.DisableFormatting));
if (document.DocumentElement == null)
throw new InvalidOperationException("Invalid XML document; no root element found.");
var signedDocument = new SignedXml(document);
Reference signatureReference = GetSignatureReference();
KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate);
var dataObject = new DataObject("", "text/xml", "utf-8", document.DocumentElement);
signedDocument.AddReference(signatureReference);
signedDocument.AddObject(dataObject);
signedDocument.SigningKey = certificate.PrivateKey;
signedDocument.KeyInfo = certificateKeyInfo;
signedDocument.ComputeSignature();
return XDocument.Parse(signedDocument.GetXml().OuterXml, LoadOptions.PreserveWhitespace);
}
private static Reference GetSignatureReference()
{
var signatureReference = new Reference("");
signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
return signatureReference;
}
private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate)
{
var certificateKeyInfo = new KeyInfo();
certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate));
return certificateKeyInfo;
}
I've been trying to get the XMLDSIG support in .NET to behave properly, more specifically the SignedXml class. I'm implementing a third party service and they've just recently started requiring that all messages have to be digitally signed...
My problem is that, I can't seem to generate valid signatures. Both the third party service, and an online signature verifier I found, report the signature as invalid. The verification service (http://www.aleksey.com/xmlsec/xmldsig-verifier.html) reports that there's a mismatch between the digest and the data, and I've so far been unable to figure out what I'm doing wrong.
Here's the relevant code - hopefully someone will be able to spot my mistake;
public static XDocument SignDocument(XDocument originalDocument, X509Certificate2 certificate)
{
var document = new XmlDocument();
document.LoadXml(originalDocument.ToString(SaveOptions.DisableFormatting));
if (document.DocumentElement == null)
throw new InvalidOperationException("Invalid XML document; no root element found.");
var signedDocument = new SignedXml(document);
Reference signatureReference = GetSignatureReference();
KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate);
var dataObject = new DataObject("", "text/xml", "utf-8", document.DocumentElement);
signedDocument.AddReference(signatureReference);
signedDocument.AddObject(dataObject);
signedDocument.SigningKey = certificate.PrivateKey;
signedDocument.KeyInfo = certificateKeyInfo;
signedDocument.ComputeSignature();
return XDocument.Parse(signedDocument.GetXml().OuterXml, LoadOptions.PreserveWhitespace);
}
private static Reference GetSignatureReference()
{
var signatureReference = new Reference("");
signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
return signatureReference;
}
private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate)
{
var certificateKeyInfo = new KeyInfo();
certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate));
return certificateKeyInfo;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果有人感兴趣,我解决了这个问题并将其写在我的博客上:
http://thomasjo.com/blog/ 2009/08/04/xmldsig-in-the-net-framework.html
In case anyone is interested, I solved the problem and wrote about it on my blog:
http://thomasjo.com/blog/2009/08/04/xmldsig-in-the-net-framework.html