[英]How to get the Certificate information from clickonce deployment manifest xml file
我正在尝试解析xml文件以从ClickOnce Manifest获取证书信息。 我需要的是X509Certificate信息。 示例文件如下所示:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<asmv1:assemblyIdentity name="someName.Xbap.exe" version="2.5.18.1" publicKeyToken="3i3cc7f44s0b9526" language="neutral" processorArchitecture="msil" type="win32" />
<application />
<entryPoint>
<assemblyIdentity name="someName.AFW.Xbap" version="2.5.18.1" language="neutral" processorArchitecture="msil" />
<commandLine file="someName.AFW.Xbap.exe" parameters="" />
<hostInBrowser xmlns="urn:schemas-microsoft-com:asm.v3" />
</entryPoint>
<publisherIdentity name="CN=HOSTNAME" issuerKeyHash="4534734c4984227c4fa0asdd4eb114524aaed397" />
<Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>MVvHBmUFm2j7PwKjbzig0y7jdBo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue</SignatureValue>
<KeyInfo Id="StrongNameKeyInfo">
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomModulusValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<msrel:RelData xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/reldata">
<r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode">
<r:grant>
<as:ManifestInformation Hash="manifesthash" Description="" Url="">
<as:assemblyIdentity name="Somename.Xbap.exe" version="1.0.18.51" publicKeyToken="3b3bc7b44b4b8810" language="neutral" processorArchitecture="msil" type="win32" />
</as:ManifestInformation>
<as:SignedBy />
<as:AuthenticodePublisher>
<as:X509SubjectName>CN=HostName</as:X509SubjectName>
</as:AuthenticodePublisher>
</r:grant>
<r:issuer>
<Signature Id="AuthenticodeSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>asdasda+asdaasdasdad=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomSignatureValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>!!!this is the required certificate information!!!</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</r:issuer>
</r:license>
</msrel:RelData>
</KeyInfo>
</Signature>
</asmv1:assembly>
我尝试解析它:
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(filePath);
XmlNode securityNode = xmlDoc.SelectSingleNode("/Signature/KeyInfo/msrel:RelData/r:license/r:issuer/Signature/KeyInfo/X509Data/X509Certificate");
当我执行它时,我得到XPathException
我也试过一个名称空间变体。
这些是你错过的一些步骤。 首先,您需要使用XmlNamespaceManager
来注册prefix-to-namespaceUri映射:
var nsMapping = new XmlNamespaceManager(xmlDoc.NameTable);
nsMapping.AddNamespace("msrel", "http://schemas.microsoft.com/windows/rel/2005/reldata");
nsMapping.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
其次,除了2个以上的命名空间之外,还需要注册默认命名空间(声明没有前缀的命名空间)以便在XPath中使用:
nsMapping.AddNamespace("d", "http://www.w3.org/2000/09/xmldsig#");
第三,除了在XPath中正确使用已注册的前缀之外,还将命名空间管理器作为SelectSingleNode()
第二个参数传递:
var xpath = "//d:Signature/d:KeyInfo/msrel:RelData/r:license/r:issuer/d:Signature/d:KeyInfo/d:X509Data/d:X509Certificate";
XmlNode securityNode = xmlDoc.SelectSingleNode(xpath, nsMapping);
如上所述,特别缺少步骤会触发XPathException 。 顺便说一句,以下更简单的XPath也适用于这种情况:
var xpath = "//d:X509Certificate";
该文档包含命名空间不同的命名空间 当访问使用命名空间的XML结构内的节点时,也应该寻址命名空间,否则名称不完整 ,看起来好像它不存在。
使用LINQ2XML的一种可能的解决方案可能如下所示:
// load the xml document
var xml = XDocument.Load(@"d:\input.xml");
// find the signature node
var signature = xml.Root.Elements().FirstOrDefault(r => r.Value.Contains("Signature"));
if (signature != null)
{
// get the namespace of the signature node in order to search for the sub nodes
var ns = signature.GetDefaultNamespace();
// find the certificate node
var certificate = signature.Descendants(ns + "X509Certificate").FirstOrDefault();
if (certificate != null)
{
// take the value
Console.WriteLine(certificate.Value);
}
}
输出是:
!!!this is the required certificate information!!!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.