我正在为政府计费系统编写一些代码,在阅读了几个星期后,我走到了死胡同。
我需要验证从服务器收到的 xml 文件中的至少两个签名,当我是使用 cert 文件或 x509store 签名的人时,我基于公共 MSDN 编写了一些代码来验证签名,并且工作正常,我可以根据他们的参考毫无问题地签署和验证每个签名。
但是,当我收到文件时,我不知道如何验证它,因为我没有证书文件,我当然知道里面有标签,如果我得到那个值并将它放在 openssl.exe 我可以验证签名者的身份,但不知道如何检查签名是否正确
http://puu.sh/dypRH/c45e200202.png
过去我用过
if (signedXml.CheckSignature(cert, true))
现在我尝试 signedXml.CheckSignature())
每次都失败,我无法参考要选择的签名,所以我做了一个 for
foreach (XmlNode node1 in nodeList)
{
testt = node1.OuterXml;
testt = testt.Replace(Environment.NewLine, string.Empty);
ttt.PreserveWhitespace = true;
ttt.LoadXml(testt);
testt = testt.Replace(Environment.NewLine, string.Empty);
signedXml.LoadXml(ttt.DocumentElement);
//if (signedXml.CheckSignature(cert, true))
if (signedXml.CheckSignature())
{
Console.WriteLine("The XML signature is valid.");
}
else
{
Console.WriteLine("The XML signature is not valid.");
}
#endregion
}
但他们仍然失败
我还根据xml文件制作了证书,
X509Certificate c = X509Certificate.CreateFromSignedFile("test.xml");
theCertificate = new X509Certificate2(c);
验证,但也失败了
我现在真的不知道该怎么办,我有点绝望,这是xml文件
http://puu.sh/dyqcv/356dd289ae.xml
我需要验证签名,在此之后我必须制作一个响应文件并将其发送回服务器(它已准备好但由于我无法验证签名我不想继续)
哦,是的,我在签名检查/计算之前删除了命名空间并线性化了所有内容
public static XElement RemoveAllNamespaces(XElement e)
{
return new XElement(e.Name.LocalName,
(from n in e.Nodes()
select ((n is XElement) ? RemoveAllNamespaces(n as XElement) : n)),
(e.HasAttributes) ? (from a in e.Attributes()
where (!a.IsNamespaceDeclaration)
select new XAttribute(a.Name.LocalName, a.Value)) : null);
}
我真的很感激各种帮助,即使是我应该在哪里尝试的一点点也会有所帮助。
哦,对不起,但我真的检查了所有网站,我希望这个问题不会重复,上次我真的被猛烈抨击并失去了我所有的代表:(
但我有足够的动力再问一次
https://stackoverflow.com/questions/27158035/replace-string-with-another-string-does-not-work
我受此苦
问候!
编辑:根据 user409104 的要求,这是整个文件的签名值(三个中的第一个),它也包括签名节点和 keyinfo 值
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#SetDoc">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>pIQ3XhBvaULXo7vPOktydkK+c3g=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
n/bgCyPOI01quzrpt0OLRUbBnUd5vzjyv44S/3Oow56fS/DEtBF+83g1I4WXsw13h81rFhiApgku
tffdWuu23ox3ubGtuAVihK1xaOYBqim8dIBoLBN84M6P3H2+NDi4x01/c+4w7wtNCGedGNrjguwQ
0b864BTj0iavTpu0urUicWipsmxCv9p6JlkyVxmUdlgEvP5pPlv43qHopWvUDrYhXP9m45ap4ubg
47Zwpa7QCadghf4vEYUQOcrGcf4oDYa7KUc71VKTY8cAgmdTool8ugYD2ipNV75R5i3Cfbe8Jsyt
q9wy8iuo2Xc3FpUShojyr3JMl7meJupnmT4qGg==
</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
xUg5RWGM6yKTu1hctQ0J9VZtr6+7VOQ75lDq7MeqxDTJgkHxO+P49GV/hRjLv3rCXvo9JBM8AKj5
U+/uue5OE6PgeqdS+M7HBF4ieD33wVsRYWuu2TLrw+/DRd6yEs61mPVRLDrIqjxxpa41VUAfwPXV
ksCZ7RNklyfSa5D+Zm6sx3v5kGPylWVpdW+k3BFYmUCW2j1rjGb5X9zV9Egi2VGe2SGsYLNu1aJS
HHAIPc+COJIBMENga/syQSNF2l4/GNUkn84RnlW5P75rPg6Oa+y2UwfUgmgrCeMcyJJKDMy6heqm
6huvgaxOTr9DZqWkxJYW5GGWTUUiq64JB3EjOQ==
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>
MIIElTCCA32gAwIBAgIBLjANBgkqhkiG9w0BAQUFADCBpTEUMBIGA1UEAxMLU0lJLUNBLTIwMTMx
GjAYBgNVBAcTEVNhbnRpYWdvIGRlIENoaWxlMR0wGwYDVQQIExRSZWdpb24gTWV0cm9wb2xpdGFu
YTELMAkGA1UEBhMCQ0wxHDAaBgkqhkiG9w0BCQEWDXNpaS1jYUBzaWkuY2wxJzAlBgNVBAoTHlNl
cnZpY2lvIGRlIEltcHVlc3RvcyBJbnRlcm5vczAeFw0xMzA0MjQxMDM0NDJaFw0xNTA0MjQxMDM0
NDJaMIIBATE6MDgGA1UECxMxRGVwdG8uIGRlIEF0ZW5jaW9uIHkgQXNpc3RlbmNpYSBkZSBDb250
cmlidXllbnRlczEnMCUGA1UEChMeU2VydmljaW8gZGUgSW1wdWVzdG9zIEludGVybm9zMQswCQYD
VQQGEwJDTDEdMBsGA1UECBMUUmVnaW9uIE1ldHJvcG9saXRhbmExGjAYBgNVBAcTEVNhbnRpYWdv
IGRlIENoaWxlMSYwJAYJKoZIhvcNAQkBFhdTSUlfZHRlX2ltcHJlc29zQHNpaS5jbDEqMCgGA1UE
AxMhQ2VydGlmaWNhY2lvbiAgQ0NNICBEZXNhcnJvbGxhZG9yMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxUg5RWGM6yKTu1hctQ0J9VZtr6+7VOQ75lDq7MeqxDTJgkHxO+P49GV/hRjL
v3rCXvo9JBM8AKj5U+/uue5OE6PgeqdS+M7HBF4ieD33wVsRYWuu2TLrw+/DRd6yEs61mPVRLDrI
qjxxpa41VUAfwPXVksCZ7RNklyfSa5D+Zm6sx3v5kGPylWVpdW+k3BFYmUCW2j1rjGb5X9zV9Egi
2VGe2SGsYLNu1aJSHHAIPc+COJIBMENga/syQSNF2l4/GNUkn84RnlW5P75rPg6Oa+y2UwfUgmgr
CeMcyJJKDMy6heqm6huvgaxOTr9DZqWkxJYW5GGWTUUiq64JB3EjOQIDAQABo3EwbzAJBgNVHRME
AjAAMD0GA1UdEQQ2MDSgGAYIKwYBBAHBAQGgDBMKNDUwMDAwNTItM6AYBggrBgEEAcEBA6AMEwo2
MDgwMzAwMC1LMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBMKNjA4MDMwMDAtSzANBgkqhkiG9w0B
AQUFAAOCAQEAWbf4jOaJgvx4676oKqHoHlO5/y/8umb2eCjddVKWxrytL4Ncx/6aJSgmMBj52Whe
gHJf3+SCarDYgo2L7AzaIL7/nM1KtlKpcpqFU+LC+AFf4MctSe8nthdg7VaKze1f5W2ZKvVBDNwI
1LFrbBEn6w3PlkcJ0AjvlJBEgPlMzQVEKSEGdPOTbsiWvSxdxj8HuFFKx3R+bH9ZkNjP5s06nTFh
SFVVIYZvCQ/qIYyUCBe4ZvH02ekYK8KeO6suiDI8cctoC+DWGfSvcLEt07AuwuVbqzAde32ACnC2
lqqstjt3FuB3nYymxbrnzhJjpPkTt9m9MbSFvJzrAgQ7joO1Dw==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
我已经根据xml文件创建了这个密钥,但我无法选择选择哪个,我猜它使用第一个找到的,(但xml中有3个)也不知道如何使用它来验证。
我不能用 RSAKeyValue 制作 x509certificate/2 对吗?
XmlElement XmlSignature;
XmlSignature = (XmlElement)fix2.DocumentElement.SelectSingleNode("//Signature");
RSAKeyValue key = new RSAKeyValue();
key.LoadXml(XmlSignature);