[英]Incorrect reference element signature XML C#
我需要實現 EBICS 協議,特別是 HPB 請求,我需要簽署我的 XML 文件:
<?xml version="1.0" encoding="UTF-8"?>
<ebicsNoPubKeyDigestsRequest xmlns="http://www.ebics.org/H003" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ebics.org/H003 http://www.ebics.org/H003/ebics_keymgmt_request.xsd" Version="H003" Revision="1">
<header authenticate="true">
<static>
<HostID>EBIXQUAL</HostID>
<Nonce>234AB2340FD2C23035764578FF3091C1</Nonce>
<Timestamp>2015-11-13T10:32:30.123Z</Timestamp>
<PartnerID>AD598</PartnerID>
<UserID>EF056</UserID>
<OrderDetails>
<OrderType>HPB</OrderType>
<OrderAttribute>DZHNN</OrderAttribute>
</OrderDetails>
<SecurityMedium>0000</SecurityMedium>
</static>
<mutable />
</header>
</ebicsNoPubKeyDigestsRequest>
所以我需要在元素上簽名
認證=“真”
為了在 C# 中簽署我的文檔,我編寫了以下代碼:
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = false;
xmlDoc.Load("hpbtest.xml");
RSA Key = new GestionCertificat("CN=XML_ENC_TEST_CERT4").getClePrivee();
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#xpointer(//*[@authenticate='true'])";
// Add an enveloped transformation to the reference.
XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
xmlDoc.Save("hpbtest.xml");
但是當我嘗試簽名時,我在線收到此錯誤
signedXml.ComputeSignature()
:
不正確的參考元素
你能幫我解決我的問題嗎?
先感謝您 !
托馬斯!
我通過 SignedXml 和 Reference 類對 XPointer 操作進行了逆向工程,然后……我可以在單獨的答案中為您提供所有詳細信息,但我現在得出的結論是,您只能有兩種類型的查詢:
#xpointer(/)
這是有效的,因為它被明確檢查,並且
#xpointer(id(
這再次被明確(使用 string.StartsWith)檢查。
因此,正如您在評論中指出的那樣,實現這一目標的唯一方法似乎是擴展 SignedXml 類並覆蓋 GetIdElement 方法,如下所示:
public class CustomSignedXml : SignedXml
{
XmlDocument xmlDocumentToSign;
public CustomSignedXml(XmlDocument xmlDocument) : base(xmlDocument)
{
xmlDocumentToSign = xmlDocument;
}
public override XmlElement GetIdElement(XmlDocument document, string idValue)
{
XmlElement matchingElement = null;
try
{
matchingElement = base.GetIdElement(document, idValue);
}
catch (Exception idElementException)
{
Trace.TraceError(idElementException.ToString());
}
if (matchingElement == null)
{
// at this point, idValue = xpointer(//*[@authenticate='true'])
string customXPath = idValue.TrimEnd(')');
customXPath = customXPath.Substring(customXPath.IndexOf('(') + 1);
matchingElement = xmlDocumentToSign.SelectSingleNode(customXPath) as XmlElement;
}
return matchingElement;
}
}
然后在消費者代碼中,只需將 SignedXml 更改為 CustomSignedXml:
CustomSignedXml signedXml = new CustomSignedXml(xmlDoc);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.