我正在尝试在 C# 中创建以下签名文档(我只发布重要的部分):
<?xml version="1.0" encoding="UTF-8"?>
<SignedSaveRequest xmlns="http://www.to2bs.com/products/sta/schemas/messages/v2" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
<Header ID="header">
<TimestampPolicy>S1</TimestampPolicy>
<ReTimestampPolicy>R1</ReTimestampPolicy>
<TwoStampsType>1P</TwoStampsType>
<Hashes>
<Hash>
<Name>Test PDF.pdf</Name>
<Digest hashAlgorithm="SHA256">2oN+8Z74rPqPwKqt+gVpr+z2EHx+OQwMQyxFgbjUgt0=</Digest>
</Hash>
</Hashes>
<ShreddingPolicy>
<Sign>U</Sign>
<Period>1</Period>
</ShreddingPolicy>
</Header>
<Security>
<ns2:Signature>
<ns2:SignedInfo>
<ns2:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ns2:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ns2:Reference URI="#header">
<ns2:Transforms>
<ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ns2:Transforms>
<ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ns2:DigestValue>wp+Gw43JannGYRSK3rjLW1JtSQDFTMoQU/iTEsHXCe0=</ns2:DigestValue>
我无法获得 DigestValue(最后一个标签)的正确值。如果我正确理解规范,我应该得到包含标签“Header”的片段的规范版本,它是(一个字符串,没有换行符):
<Header ID="header"><TimestampPolicy>S1</TimestampPolicy><ReTimestampPolicy>R1</ReTimestampPolicy><TwoStampsType>1P</TwoStampsType><Hashes><Hash><Name>Test PDF.pdf</Name><Digest hashAlgorithm="SHA256">2oN+8Z74rPqPwKqt+gVpr+z2EHx+OQwMQyxFgbjUgt0=</Digest></Hash></Hashes><ShreddingPolicy><Sign>U</Sign><Period>1</Period></ShreddingPolicy></Header>
然后计算 SHA 256 并将其编码为 base64。所以,我正在这样做:
HeaderDoc.LoadXml(headerOuterXml); // headerOuterXml is the string above
c14NormalizationTransform.LoadInput(HeaderDoc);
MemoryStream ms =
(MemoryStream)c14NormalizationTransform.GetOutput(typeof(System.IO.Stream));
SHA256 sha = new SHA256Managed();
byte[] digestBytes = sha.ComputeHash(ms);
string digestBytes64 = Convert.ToBase64String(digestBytes);
并得到结果:
fRLX327uHQnkztMHjGX/k5V70fgFKbvVGjyLj1biYFE=
这与预期的不同:
wp+Gw43JannGYRSK3rjLW1JtSQDFTMoQU/iTEsHXCe0=
我究竟做错了什么?