不正確的參考元素簽名 XML C#

Question

我需要實現 EBICS 協議，特別是 HPB 請求，我需要簽署我的 XML 文件：

    <?xml version="1.0" encoding="UTF-8"?>
<ebicsNoPubKeyDigestsRequest xmlns="http://www.ebics.org/H003" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ebics.org/H003 http://www.ebics.org/H003/ebics_keymgmt_request.xsd" Version="H003" Revision="1">
  <header authenticate="true">
    <static>
      <HostID>EBIXQUAL</HostID>
      <Nonce>234AB2340FD2C23035764578FF3091C1</Nonce>
      <Timestamp>2015-11-13T10:32:30.123Z</Timestamp>
      <PartnerID>AD598</PartnerID>
      <UserID>EF056</UserID>
      <OrderDetails>
        <OrderType>HPB</OrderType>
        <OrderAttribute>DZHNN</OrderAttribute>
      </OrderDetails>
      <SecurityMedium>0000</SecurityMedium>
    </static>
    <mutable />
  </header>
</ebicsNoPubKeyDigestsRequest>

所以我需要在元素上簽名

認證=“真”

為了在 C# 中簽署我的文檔，我編寫了以下代碼：

XmlDocument xmlDoc = new XmlDocument();
        xmlDoc.PreserveWhitespace = false;
        xmlDoc.Load("hpbtest.xml");
        RSA Key = new GestionCertificat("CN=XML_ENC_TEST_CERT4").getClePrivee();
        // Create a SignedXml object.
        SignedXml signedXml = new SignedXml(xmlDoc);
        // Add the key to the SignedXml document.
        signedXml.SigningKey = Key;
        // Create a reference to be signed.
        Reference reference = new Reference();
        reference.Uri = "#xpointer(//*[@authenticate='true'])";
        // Add an enveloped transformation to the reference.
        XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();
        reference.AddTransform(env);
        // Add the reference to the SignedXml object.
        signedXml.AddReference(reference);
        // Compute the signature.
        signedXml.ComputeSignature();
        // Get the XML representation of the signature and save
        // it to an XmlElement object.
        XmlElement xmlDigitalSignature = signedXml.GetXml();
        // Append the element to the XML document.
        xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
        xmlDoc.Save("hpbtest.xml");

但是當我嘗試簽名時，我在線收到此錯誤

signedXml.ComputeSignature()

：

不正確的參考元素

你能幫我解決我的問題嗎？

先感謝您 ！

托馬斯！

Answer 1

我通過 SignedXml 和 Reference 類對 XPointer 操作進行了逆向工程，然后……我可以在單獨的答案中為您提供所有詳細信息，但我現在得出的結論是，您只能有兩種類型的查詢：

#xpointer(/)

這是有效的，因為它被明確檢查，並且

#xpointer(id(

這再次被明確（使用 string.StartsWith）檢查。

因此，正如您在評論中指出的那樣，實現這一目標的唯一方法似乎是擴展 SignedXml 類並覆蓋 GetIdElement 方法，如下所示：

public class CustomSignedXml : SignedXml
{
    XmlDocument xmlDocumentToSign;

    public CustomSignedXml(XmlDocument xmlDocument) : base(xmlDocument)
    {
        xmlDocumentToSign = xmlDocument;
    }

    public override XmlElement GetIdElement(XmlDocument document, string idValue)
    {
        XmlElement matchingElement = null;
        try
        {
            matchingElement = base.GetIdElement(document, idValue);
        }
        catch (Exception idElementException)
        {
            Trace.TraceError(idElementException.ToString());
        }

        if (matchingElement == null)
        {
            // at this point, idValue = xpointer(//*[@authenticate='true'])
            string customXPath = idValue.TrimEnd(')');
            customXPath = customXPath.Substring(customXPath.IndexOf('(') + 1);
            matchingElement = xmlDocumentToSign.SelectSingleNode(customXPath) as XmlElement;
        }

        return matchingElement;
    }
}

然后在消費者代碼中，只需將 SignedXml 更改為 CustomSignedXml：

CustomSignedXml signedXml = new CustomSignedXml(xmlDoc);