[英]Signing a json document or string with x509 certificate
如何使用x509證書簽署json文檔或字符串?
public static void fund()
{
string filePath = @"C:\Users\VIKAS\Desktop\Data.xml";
//Read the file
XmlDocument xmlDoc = new XmlDocument();
XElement ele = XElement.Load(filePath);
String Xml = ele.ToString();
xmlDoc.LoadXml(Xml);
string signature = SignedXMLCert(xmlDoc);
bool verified = ValidateSignature(signature);
}
public static string SignedXMLCert(XmlDocument xmlDoc)
{
string startupPath = AppDomain.CurrentDomain.BaseDirectory + @"Certificates\unidesk.p12";
// startupPath = AppDomain.CurrentDomain.BaseDirectory + @"\Certificates\BBPS_enc.cer";
//X509Certificate2 cert = new X509Certificate2(@"D:\Sonal\AXISOU_TEST.P12", "axisbank", X509KeyStorageFlags.Exportable);
X509Certificate2 cert = new X509Certificate2(startupPath, "axisbank", X509KeyStorageFlags.Exportable);
// string PrivateKey = GetRSAPrivateKeyBase64(cert);
var privateKey = cert.PrivateKey as RSACryptoServiceProvider;
SignedXml signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = privateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
KeyInfo keyInfo = new KeyInfo();
//startupPath = AppDomain.CurrentDomain.BaseDirectory + @"\Certificates\BBPS_enc.cer";
X509Certificate MSCert = new X509Certificate(startupPath, "axisbank", X509KeyStorageFlags.Exportable);
// X509Certificate MSCert = X509Certificate.CreateFromCertFile(startupPath);
keyInfo.AddClause(new KeyInfoX509Data(MSCert));
signedXml.KeyInfo = keyInfo;
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
return xmlDoc.InnerXml.ToString();
}
public static bool ValidateSignature(String signedServiceMetadataContent)
{
bool result = false;
X509Certificate2 cert = GetCertificate();
//Load the key
CspParameters csp = new CspParameters();
csp.KeyContainerName = cert.PublicKey.Key.ToString();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
//Load XML document
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.LoadXml(signedServiceMetadataContent);
//create a SignedXml and load the xml document
SignedXml signedXml = new SignedXml(xmlDocument);
//find signature and create signature node list
XmlNodeList xmlNodeList = xmlDocument.GetElementsByTagName("Signature");
if (xmlNodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
// if more than one signature was found.
if (xmlNodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
//Load signature into SignedXml
signedXml.LoadXml((XmlElement)xmlNodeList[0]);
//check the signature
result = signedXml.CheckSignature(cert, true);
//result = signedXml.CheckSignature(rsa);
return result;
}
private static X509Certificate2 GetCertificate()
{
string startupPath = AppDomain.CurrentDomain.BaseDirectory + @"Certificates\unidesk.p12";
X509Certificate2 cert = new X509Certificate2(startupPath, "axisbank", X509KeyStorageFlags.Exportable);
return new X509Certificate2(cert);
}
XMLDsig簽名格式僅適用於XML文檔。 您可以應用專為JSON文檔設計的JSON Web簽名(JWS)。
具有緊湊序列化的JWS由表示(請參閱RFC7515 )
BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature)
JWS保護的標頭
最簡單的標頭由alg
組成。 RS256
表示具有SHA-256的算法RSA
{"alg":"RS256"}
您可以添加其他參數,例如x5c
(X.509證書鏈)或cty
(內容類型)
JWS有效負載
有效負載是您的JSON對象,編碼為base64url
eyJ1cGRhdGVTUlJlcSI6IHsgImluY2lkZW50SUQiOiAiIiwgImNyZWF0ZWRCeSI6ICIwMzcwMjIwMDAwNDIwNDgiLCAiZGVzY3JpcHRpb24iOiAiMDM3MDIyMDAwMDQyMDQ4IiwgImlzVmlzaWJsZVRvQ3VzdG9tZXIiOiAiMyIsICJ1cGRhdGVUeXBlIjogIjIiLCAiYWN0aXZpdHlUeXBlIjogIjIiLCAiY3JlYXRlZE9uIjogIjIwMTYtMDktMDggMTc6NTciLCAibGFzdFVwZGF0ZSI6ICIyMDE2LTA5LTA4IDE3OjU3IiwgInN0YXR1cyI6ICIyIiwgImNsb3NlZFRpbWUiOiAiIiB9LCAic3ViSGVhZGVyIjogeyAidmFsdWUiOiB7ICJyZXF1ZXN0VVVJRCI6ICIxMjMiLCAiU2VydmljZVJlcXVlc3RJZCI6ICJBRS5NQVBTLlVESy5TU1RQIiwgIlNlcnZpY2VSZXF1ZXN0VmVyc2lvbiI6ICIxLjAiLCAiQ2hhbm5lbElkIjogIk1BUFMifX19
JWS簽名
JWS簽名的計算依據
BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload))
構建以下字符串,並使用證書的私鑰應用RSA數字簽名算法
eyJhbGciOiJSUzI1NiJ9.eyJ1cGRhdGVTUlJlcSI6IHsgImluY2lkZW50SUQiOiAiIiwgImNyZWF0ZWRCeSI6ICIwMzcwMjIwMDAwNDIwNDgiLCAiZGVzY3JpcHRpb24iOiAiMDM3MDIyMDAwMDQyMDQ4IiwgImlzVmlzaWJsZVRvQ3VzdG9tZXIiOiAiMyIsICJ1cGRhdGVUeXBlIjogIjIiLCAiYWN0aXZpdHlUeXBlIjogIjIiLCAiY3JlYXRlZE9uIjogIjIwMTYtMDktMDggMTc6NTciLCAibGFzdFVwZGF0ZSI6ICIyMDE2LTA5LTA4IDE3OjU3IiwgInN0YXR1cyI6ICIyIiwgImNsb3NlZFRpbWUiOiAiIiB9LCAic3ViSGVhZGVyIjogeyAidmFsdWUiOiB7ICJyZXF1ZXN0VVVJRCI6ICIxMjMiLCAiU2VydmljZVJlcXVlc3RJZCI6ICJBRS5NQVBTLlVESy5TU1RQIiwgIlNlcnZpY2VSZXF1ZXN0VmVyc2lvbiI6ICIxLjAiLCAiQ2hhbm5lbElkIjogIk1BUFMifX19
最后,將簽名編碼為base64url並將結果附加到以前的數據中以進行簽名。 你會得到一個JWS這樣hhhhh.ppppp.sssss
其中hhhhh
是頭ppppp
的有效載荷和sssss
簽名
使用以下鏈接
要從緊湊格式hhhhh.ppppp.sssss
驗證簽名,base64url對簽名sssss
解碼,並使用簽名數據hhhhh.ppppp
和使用的證書來驗證簽名。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.