stackoom
  简体   繁体   中英

Adding namespace to XML Digital Signature

 原文  2014-12-03 16:54:58       xml/ saml-2.0/ xml-signature

Question

I'm signing a SAML token with an X509 certificate, and getting what looks like a good signature except for one issue that seems relatively small, but that is causing me a huge headache. My signature looks like this: 

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
   <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="#[removed]">
         <Transforms>
            <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
         </Transforms>
         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
         <DigestValue>S4...ku4=</DigestValue>
      </Reference>
   </SignedInfo>
   <SignatureValue>oav...T7E=</SignatureValue>
   <KeyInfo>
      <X509Data>
         <X509Certificate>MII...KFl</X509Certificate>
      </X509Data>
   </KeyInfo>
</Signature>

What I need is to add a namespace, ds, so that the signature looks like this: 

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
   <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference URI="#[removed]">
         <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
         </ds:Transforms>
         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
         <ds:DigestValue>S4...ku4=</ds:DigestValue>
      </ds:Reference>
   </ds:SignedInfo>
   <ds:SignatureValue>oav...T7E=</ds:SignatureValue>
   <ds:KeyInfo>
      <ds:X509Data>
         <ds:X509Certificate>MII...KFl</ds:X509Certificate>
      </ds:X509Data>
   </ds:KeyInfo>
</ds:Signature>

It seems like this should be something I could do during while computing the signature or importing the signature block back into the existing XML document, but, for the life of me, I can't figure out how I should be doing it. I've searched online and found several people having this issue, but haven't found a good example on how to fix the problem.

1 answers

solution1
 0  2015-03-11 10:49:51

Since all tags need that starting namespace, you can try to treat the signature as a string with vb.net, c# or java, or any other compiler, and use a string.replace method. I give you an example with vb.net: 

Dim signature as string = 'place here your file with a stringreader
signature = signature.Replace("<", "<ds:") 'first, all tags
signature = signature.Replace("<ds:/", "</ds:") 'then we correct closing tags

Hope it helps

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding Digital Signature to an XML Document for TLS Sign XML with digital signature XML Digital Signature validation XML Digital Signature and Canonicalization XML Digital Signature in Ruby XML Digital Signature Java Adding Digital Signature to an XML Document - Error Bad UID Generate Digital Signature but with a Specific Namespace Prefix (“ds:”) Generate digital XML signature for large XML file Removing digital Signature tags from an xml file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM