我正在尝试验证签名 SOAP 消息上的签名。(只是为了解决这个问题,我完全无法控制我收到的消息)消息的正文由 Java 设备签名和发送。
SignedXml.CheckSignature 方法失败,但我确定我收到的消息是正确的。
相关位:
Dim sdoc As New SignedXml(doc)
Dim nodeList As XmlNodeList = doc.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
sdoc.LoadXml(CType(nodeList.Item(0), XmlElement))
Dim result As Boolean = sdoc.CheckSignature(cert, False)
'Also tried sdoc.CheckSignature()
签名:
<E:Envelope xmlns:E="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Header xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-SEC:Signature SOAP:mustUnderstand="1" xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>xxxc</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>xxx</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate />
<X509IssuerSerial>
<X509IssuerName>OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network</X509IssuerName>
<X509SerialNumber>xxx</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</KeyInfo>
</Signature>
</SOAP-SEC:Signature>
</SOAP:Header>
<E:Body id="Body">