gpt4 book ai didi

c# - SignedXml 的自定义命名空间问题

转载 作者:数据小太阳 更新时间:2023-10-29 01:43:43 25 4
gpt4 key购买 nike

当我签署包含 namespace 前缀的 XML 文档时出现问题和命名空间引用,然后对其进行验证。验证总是失败(返回 false)在这种情况下。当我删除命名空间前缀和来自 XML 的 namespace 引用、签名和验证工作正常。

你能帮帮我吗?

这是我的代码:

从 SignedXml 继承类

namespace Xmldsig
{
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Xml;

public sealed class SignaturePropertiesSignedXml : SignedXml
{
private XmlDocument doc;
private XmlElement signaturePropertiesRoot;
private XmlElement qualifyingPropertiesRoot;

private string signaturePropertiesId;

public SignaturePropertiesSignedXml(XmlDocument doc)
: base(doc)
{
return;
}

public SignaturePropertiesSignedXml(XmlDocument doc, string signatureId, string propertiesId)
: base(doc)
{
this.signaturePropertiesId = propertiesId;
this.doc = null;
this.signaturePropertiesRoot = null;
if (string.IsNullOrEmpty(signatureId))
{
throw new ArgumentException("signatureId cannot be empty", "signatureId");
}
if (string.IsNullOrEmpty(propertiesId))
{
throw new ArgumentException("propertiesId cannot be empty", "propertiesId");
}

this.doc = doc;
base.Signature.Id = signatureId;

this.qualifyingPropertiesRoot = doc.CreateElement("QualifyingProperties", "http://www.w3.org/2000/09/xmldsig#");
this.qualifyingPropertiesRoot.SetAttribute("Target", "#" + signatureId);

this.signaturePropertiesRoot = doc.CreateElement("SignedProperties", "http://www.w3.org/2000/09/xmldsig#");
this.signaturePropertiesRoot.SetAttribute("Id", propertiesId);


qualifyingPropertiesRoot.AppendChild(signaturePropertiesRoot);
DataObject dataObject = new DataObject
{
Data = qualifyingPropertiesRoot.SelectNodes("."),
Id = "idObject"
};
AddObject(dataObject);


}

public void AddProperty(XmlElement content)
{
if (content == null)
{
throw new ArgumentNullException("content");
}

XmlElement newChild = this.doc.CreateElement("SignedSignatureProperties", "http://www.w3.org/2000/09/xmldsig#");

newChild.AppendChild(content);
this.signaturePropertiesRoot.AppendChild(newChild);
}

public override XmlElement GetIdElement(XmlDocument doc, string id)
{
if (String.Compare(id, signaturePropertiesId, StringComparison.OrdinalIgnoreCase) == 0)
return this.signaturePropertiesRoot;

if (String.Compare(id, this.KeyInfo.Id, StringComparison.OrdinalIgnoreCase) == 0)
return this.KeyInfo.GetXml();

return base.GetIdElement(doc, id);
}
}
}

签署xml的类

namespace Xmldsig
{
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Xml;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography.X509Certificates;
using Security.Cryptography;
using System.Security.Principal;
using System.Collections;

public class VerifyResult
{
public string Timestamp { get; set; }
public X509Certificate2 SigningCertificate { get; set; }
}

public class XmldsigClass
{
public static XmlDocument SignDocument(XmlDocument doc, string RefUri)
{
string idSignProperties = "idSignedProperties";
SignaturePropertiesSignedXml signer = new SignaturePropertiesSignedXml(doc, "Uzb_sig_v001", idSignProperties);

X509Certificate2 cert = GetCertificate();

RSA key = (RSACryptoServiceProvider)cert.PrivateKey;
signer.SigningKey = key;
signer.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
signer.SignedInfo.SignatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

// create a timestamp property
XmlElement timestamp = doc.CreateElement("SigningTime", SignedXml.XmlDsigNamespaceUrl);
timestamp.InnerText = DateTimeToCanonicalRepresentation();
signer.AddProperty(timestamp);


var certificateKeyInfo = new KeyInfo();
certificateKeyInfo.Id = "idKeyInfo";
certificateKeyInfo.AddClause(new KeyInfoX509Data(cert));
signer.KeyInfo = certificateKeyInfo;

Reference reference = new Reference(RefUri);
reference.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signer.AddReference(reference);


Reference propertiesRefki = new Reference();
propertiesRefki.Uri = "#idKeyInfo";
propertiesRefki.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
signer.AddReference(propertiesRefki);

Reference reference2 = new Reference();
reference2.Uri = "#" + idSignProperties;
reference2.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
signer.AddReference(reference2);


signer.ComputeSignature();

doc.DocumentElement.AppendChild(signer.GetXml());

return doc;
}


public static bool CheckSignature(XmlDocument xmlDoc)
{
SignedXml signedXml = new SignedXml(xmlDoc);
XmlNodeList elementsByTagName = xmlDoc.GetElementsByTagName("Signature");
signedXml.LoadXml((XmlElement)elementsByTagName[0]);
bool sigCheck = signedXml.CheckSignature();

return sigCheck;
}

private static X509Certificate2 GetCertificate()
{

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 card = null;
foreach (X509Certificate2 cert in store.Certificates)
{
if (!cert.HasPrivateKey) continue;
AsymmetricAlgorithm aa = cert.PrivateKey;
ICspAsymmetricAlgorithm caa = aa as ICspAsymmetricAlgorithm;
if (caa == null) continue;
if (caa.CspKeyContainerInfo.HardwareDevice)
{
card = cert;
break;
}
}
store.Close();

return card;
}

private static string DateTimeToCanonicalRepresentation()
{
var ahora = DateTime.Now.ToUniversalTime();
return ahora.Year.ToString("0000") + "-" + ahora.Month.ToString("00") +
"-" + ahora.Day.ToString("00") +
"T" + ahora.Hour.ToString("00") + ":" +
ahora.Minute.ToString("00") + ":" + ahora.Second.ToString("00") +
"Z";
}
}
}

我在这里调用签名方法

        XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
if (openFileDialog1.ShowDialog() == DialogResult.OK)
{
xmlDoc.Load(openFileDialog1.FileName);

XmlDocument resxml = Xmldsig.XmldsigClass.SignDocument(xmlDoc, "#Uzb_doc_v001");


var name = openFileDialog1.FileName + ".xml";
xmlDoc.Save(name);

var bytes = System.IO.File.ReadAllBytes(name);
System.IO.File.WriteAllBytes(name, bytes.Skip(3).ToArray());
MessageBox.Show("Signed");
}

并进行验证

        XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
if (openFileDialog1.ShowDialog() == DialogResult.OK)
{
xmlDoc.Load(openFileDialog1.FileName);

bool b = Xmldsig.XmldsigClass.CheckSignature(xmlDoc);

MessageBox.Show(b.ToString());
}

这是我签名的 xml

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<uz:CreditcardEnveloppe xmlns:uz="http://aaaa.com/CreditcardEnveloppe/transport" Id="Uzb_doc_v001" Version="1.0">
<uz:creditcard>
<uz:number>19834209</uz:number>
<uz:expiry>02/02/2002</uz:expiry>
</uz:creditcard>
<Signature Id="sig_v001" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#Uzb_doc_v001">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>RnpNXyhxQcjr/SWqVlWY31S1xpj2opZhlsT4d1iyBKI=</DigestValue>
</Reference>
<Reference URI="#idKeyInfo">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>O0Z2BU5ODwgOZOhpFvkcSaO/jmWFykBwnxMUD5a5SwM=</DigestValue>
</Reference>
<Reference URI="#idSignedProperties">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>UVjk8Jkq0Y6OxFqiB4q/4vqli/KJT5pYEPzlNTkfIhY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>prOZXn..</SignatureValue>
<KeyInfo Id="idKeyInfo">
<X509Data>
<X509Certificate>MIIE7TCCA9WgAwIBAgISESBS...</X509Certificate>
</X509Data>
</KeyInfo>
<Object Id="idObject">
<QualifyingProperties Target="#sig_v001">
<SignedProperties Id="idSignedProperties">
<SignedSignatureProperties>
<SigningTime>2011-03-30T06:01:48Z</SigningTime>
</SignedSignatureProperties>
</SignedProperties>
</QualifyingProperties>
</Object>
</Signature>
</uz:CreditcardEnveloppe>

先谢谢你!

最佳答案

将 XmlDsigExcC14NTransform 添加到所有符合条件的引用中即可解决问题。我认为 .NET Framework 中有问题导致了这个问题。

reference2.AddTransform(new XmlDsigExcC14NTransform() );

关于c# - SignedXml 的自定义命名空间问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5495336/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com