当前位置: 文江博客话题详情

为 .NET 中的 XMLSerialized 对象生成哈希签名 (HMAC) 的最佳方法?

发布于 2024-08-08 21:28:27 字数 1116 浏览 6 评论 0原文

我需要为使用 .NET 框架中的 XMLSerializer 序列化的对象生成 HMAC。每个对象将包含一个名为“HMAC”的属性,该属性将包含对象值本身的哈希值,但不包括“HMAC”字段。我发现这个问题提到CLR 中的内置解决方案,但没有详细说明其名称或我如何使用它?

示例对象看起来像这样:

[Serializable]
[XmlRoot("request", IsNullable = false)]
public class Request
{

    [XmlElement(ElementName = "hmac")]
    public string Hmac { get; set; } 

    [XmlElement(ElementName = "nonce")]
    public string Nonce { get; set; }

    [XmlElement(ElementName = "expiration")]
    public DateTime Expiration { get; set; }

    /* A bunch of other properties to be serialized */

    private Request() { }

    public Request(string hmac, string nonce, DateTime expiration)
    {
        Hmac = hmac;
        Nonce = nonce;
        Expiration = expiration;
    }
}

HMAC 属性需要设置为整个对象的序列化,不包括 HMAC 对象本身。我的第一个想法是设置某种两遍序列化,其中涉及:

  1. 在第一遍上为 HMAC 对象设置 xmlignore 属性
  2. 序列化整个对象 对
  3. 结果进行哈希处理,并设置 HMAC 属性的值
  4. 重新序列化整个对象事情再次发生,准备传输。

这是最好的方法吗?以前有人做过类似的事情吗?您发现什么是最干净的方法???

原文

I need to generate a HMAC for objects that I am serializing using the XMLSerializer found in the .NET framework. Each object will contain a property called "HMAC" that will contain a hash of the object's values itself but excluding the "HMAC" field. I've found this question that mentions a built-in solution within the CLR but doesn't elaborate on exactly what its called or how I go about using it?

A sample object would look something like this:

[Serializable]
[XmlRoot("request", IsNullable = false)]
public class Request
{

    [XmlElement(ElementName = "hmac")]
    public string Hmac { get; set; } 

    [XmlElement(ElementName = "nonce")]
    public string Nonce { get; set; }

    [XmlElement(ElementName = "expiration")]
    public DateTime Expiration { get; set; }

    /* A bunch of other properties to be serialized */

    private Request() { }

    public Request(string hmac, string nonce, DateTime expiration)
    {
        Hmac = hmac;
        Nonce = nonce;
        Expiration = expiration;
    }
}

The HMAC property will need to be set as a serialization of the entire object, excluding the HMAC object itself. My first thoughts are setting up some sort of two-pass serialization, which involves:

  1. Setting an xmlignore property to the HMAC object on the first pass
  2. Serializing the entire object
  3. Hashing the result, and setting the value of the HMAC property
  4. Re-serializing the whole thing again, ready for transmission.

Is this the best way to go about it? Has anyone done anything like this before, and what have you found to be the cleanest way of going about it???

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

空气里的味道 2024-08-15 21:28:27

我认为你必须将其序列化两次才能获得你所描述的确切效果。一种更简单的方法是不使用 XmlIgnore,而是添加一个公共指定属性(.NET XML 序列化专门处理该属性,以编程方式控制是否发出类似命名的属性):

 [XmlIgnore]
 public bool HmacSpecified
 {
     get { return !String.IsNullOrEmpty(this.Hmac); }
     set { }
 }

这只会发出 hmac XML 节点(如果存在)。使用 DefaultValueAttribute 可以实现类似的效果,但我发现它存在一些不一致之处(例如,null 有时在编译期间被替换为 "" )。另外,如果您的逻辑比单个常量哨兵值更复杂,您可以在属性中处理它,但不能在静态属性中处理。

get { return !this.IsCalculatingHmac(); }

如果格式必须与您所描述的完全匹配,我就会这样做。

如果输出格式具有灵活性,您可能会考虑使用一个消息容器,其中包含消息正文(您当前的 XML 文档)和 HMAC 签名值。这样您只需序列化文档一次。

即使信封是较大序列化文档的一部分,您也可以在信封上实现 IXmlSerialized.WriteXml 接口。这将允许您仔细地将消息序列化为字符串,然后执行哈希,然后通过 XmlWriter.WriteRaw 将 HMAC 和消息元素全部写出。

如果性能很重要,我就会这样做。

I think you will have to serialize it twice to get the exact effect you described. One way to make that easier would be to not use XmlIgnore but instead add a public specified property (which .NET XML serialization treats specially to programmatically control whether to emit the similarly named property):

 [XmlIgnore]
 public bool HmacSpecified
 {
     get { return !String.IsNullOrEmpty(this.Hmac); }
     set { }
 }

What this will do is only emit the hmac XML node if one exists. A similar effect could be achieved with the DefaultValueAttribute but I've found some inconsistencies with it (e.g. null is sometimes replaced with "" during compilation). Plus if your logic was more complex than a single contant sentinel value you could handle that in the property but not in a static attribute.

get { return !this.IsCalculatingHmac(); }

This would be the way I would do it if the format had to exactly match what you've described.

If you have flexibility in the output format, another approach you might consider is having a message container which contains the message body (your current XML doc) and an HMAC Signature value. This way you would only need to serialize the document once.

Even if the envelope were part of a larger serialization document you could implement an IXmlSerializable.WriteXml interface on the envelope. This would allow you to carefully serialize the message to a string, then perform the hash, then write out the HMAC and message elements all in one via XmlWriter.WriteRaw.

This would be the way I would do it if performance was important.

回复 原文
~没有更多了~

关于作者

彡翼

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文