[英]Trouble verifying signatures of XML files INCLUDING COMMENTS in c#
我想向XML文件添加数字签名,其特殊之处在于,在对文件签名之前,我想在文件内部添加xml注释,然后登录。
签名部分似乎工作正常。 即对于我的评论或文件中的不同内容,我获得了不同的签名。 此外,规范化属性正确显示,并明确显示签名包括注释。
但是,当在XML文件上添加签名时,注释的内容将被忽略。 即, 如果我更改评论的内容,则签名在每种情况下均被认定为有效 。
我不明白的一点是,如果签名为注释中的不同内容生成不同的值,这怎么可能。
可能是什么问题?
我的示例文件:
原始XML文件:
<?xml version="1.0" encoding="utf-8"?>
<test>
<ThisIsATest></ThisIsATest>
</test>
带有示例注释的签名文件:
<?xml version="1.0" encoding="utf-8"?>
<test><!--Comment 1-->
<ThisIsATest></ThisIsATest>
<!--Comment 1-->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>0XZNOavY/0SEZPoU1cBJZs+rAlo=</DigestValue></Reference></SignedInfo><SignatureValue>T9xYVBwbWX3qg4IfsB3XJkviTaOh0pmEJ4Acimf9PA5Y5eDQ+ML8cWXkRPj4pYaGPa13TuwXkc0OK2izen4Cajrg4IZJRW8bLAIEt19wf1F8bduEN02WW2GZVN65OwUqSDqkC4vqMQ07IsVKap0KQaiyOrguZEEtygmSDES1OdM=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>yi0TzN4OQ+mhHSDTZLcZPMnzbSrF51T9yLnWpnkkA+zUyhN6vEHBPgTjDst7RWQNg3G74NR4a88EiBCGzUdEH0a61cyUgHLW1/0IpBIr37jyhwFkLNmogpCltwO5KXNFOuqfq+yXYupHMkgW0BMn7AZfqr3XpuQsjGu2SQUxvr0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></test>
带有不同示例注释的签名文件:
<?xml version="1.0" encoding="utf-8"?>
<test><!--Comment 2-->
<ThisIsATest></ThisIsATest>
<!--Comment 2-->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>0XZNOavY/0SEZPoU1cBJZs+rAlo=</DigestValue></Reference></SignedInfo><SignatureValue>gnAIkBy2Bi6CaxT6mCPCMw97BboX6EZ2l5tTuSj9zbPIdznScjMMhuUIFYGnl2Q73Nmify3HX2PHCyONfk9aaBcoP2v0G754NiH5T86gkGqo1IaMJVE9zXhjv5mMI7qV+o0lqvBLnvrr1hooIdUt6OL4j3OXgVG0OzhChaOz8K8=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>nvH+jxiGv3BCqW3yWgsEr+VGiDIOdCn11FwHsU6CDVVIkzufMpyLnOPZQ5nSV1lWRS2KDUCLdp2FlJKNnJPnD0O3WBcpTN7+q9XrSYvu7UihEL4T1dT0QoBhBoKOLj08y45ZJ02tKqOmsN0LlDCr/dGiidZywPbr4s5uPQCJxLM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></test>
我的代码中添加注释并签名的部分:
public XmlDocument SignXMLString2(string xmlStringToSign) {
var originalDocument = new XmlDocument { PreserveWhitespace = true };
originalDocument.LoadXml(xmlStringToSign);
string commentString = "Comment 1";
var documentElement = originalDocument.DocumentElement;
var commentElement1 = originalDocument.CreateComment(commentString);
var commentElement2 = originalDocument.CreateComment(commentString);
documentElement.PrependChild(commentElement1);
documentElement.AppendChild(commentElement2);
documentElement.AppendChild(originalDocument.CreateTextNode("\n"));
var transformEnveloped = new XmlDsigEnvelopedSignatureTransform();
var reference = new Reference { Uri = "" };
reference.AddTransform(transformEnveloped);
var xmldsig = new SignedXml(originalDocument);
xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationWithCommentsUrl;// tried different one's here
// xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl;
// xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigC14NWithCommentsTransformUrl;
xmldsig.AddReference(reference);
xmldsig.SigningKey = new RSACryptoServiceProvider();
xmldsig.KeyInfo = new KeyInfo();
xmldsig.KeyInfo.AddClause(new RSAKeyValue((RSA)xmldsig.SigningKey));
xmldsig.ComputeSignature();
XmlElement signature = xmldsig.GetXml();
XmlNode signatureNode = originalDocument.ImportNode(signature, true);
originalDocument.DocumentElement.AppendChild(signatureNode);
return originalDocument;
}
我的代码中已验证签名的部分:
public bool Validate2(string pathSigned) {
string xmlString = File.ReadAllText(path: pathSigned, encoding: Encoding.UTF8);
var signedDocument = new XmlDocument { PreserveWhitespace = true };
signedDocument.LoadXml(xmlString);
var xmldsig = new SignedXml(signedDocument);
var signature = (XmlElement)signedDocument.GetElementsByTagName("Signature")[0];
xmldsig.LoadXml(signature);
Console.WriteLine("xmldsig.SignedInfo.CanonicalizationMethod=" + xmldsig.SignedInfo.CanonicalizationMethod);//This shows the proper canonicalization
bool result = xmldsig.CheckSignature();
return result;
}
您正在使用URI:“”。 这是一个相同文档的URI(请参阅http://www.w3.org/TR/xmldsig-core/#sec-Same-Document )。 在这种情况下,注释节点将被删除(甚至在任何规范化之前),并且不包括在已签名的部件中。
希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.