1

我正在努力签署要作为 SAML 2.0 请求发送的 XML 文档。我需要在 Asp.Net Core 中执行此操作。

System.Security.Cryptography.Xml.NET Core 中没有可以帮助我解决此问题的库。我在想是否有一种手动方法可以使用指定的签名算法和规范化方法对 xml 文档进行签名。

最初的 xml 文档是:

<saml2p:AuthnRequest ID="_6cf0de52-7baa-42a6-bde9-1b3758876e23" Version="2.0" IssueInstant="2017-08-08T12:36:52.5360695Z" Destination="*hidden*" AssertionConsumerServiceURL="*hidden*" 
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml2:Issuer>*hidden*</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

我需要获得:

<saml2p:AuthnRequest ID="_6cf0de52-7baa-42a6-bde9-1b3758876e23" Version="2.0" IssueInstant="2017-08-08T12:36:52.5360695Z" Destination="*hidden*" AssertionConsumerServiceURL="*hidden*" 
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml2:Issuer>*hidden*</saml2:Issuer>
    <Signature 
        xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="#_6cf0de52-7baa-42a6-bde9-1b3758876e23">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>ECaUeAOFJKloXmSPfKqB67S8QWU=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>Rpj8w+29giFaKvnWO9Fjz4cs12mm+VcchYK3Y7T2iT7y48TejOYzKhBHIQ5JUZ/dRZ+B7Rc+PeAmixyR43WYyLpOoHGHL7kBj/Ols5eO5OXNAlcTocv1PUhAxn0onJeuX7vzWewmuRf9t8fItXrZFopFSaGHkDk0gYuRCEBf15seukaf9XT9EwRKt/bz8a5LaCqDH+sWEt8OUZucpUOlrMTaP9zx1/0+M6V3YM5DvndPuZcSKlyStELp1okXnxeMENwGBGB1XJwSP+VwbWADz6J0SB9sqNzMNF7YOAvZCdkYhxalIJ5VQll3dg+ZT5g/vGmKHehNhPDsjsnK+5W2OQ==</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIIDETCCAf2gAwIBAgIQ8VcaEM0KNqNKVdi240uVlTAJBgUrDgMCHQUAMB4xHDAaBgNVBAMTE3NhbXBsZS5tcGFzcy5nb3YubWQwHhcNMTQwNzE2MTExMjI4WhcNMzkxMjMxMjM1OTU5WjAeMRwwGgYDVQQDExNzYW1wbGUubXBhc3MuZ292Lm1kMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJB1ZunoQVBBcIDUGDnDogjSzzYOZ+jaLFHGHIABA05IbPqLl6xJqKOT9ykC/jIYHbNkNiBF6FSrpU3qWfALJ7rZHef4IksQHEz0vqXq4LMVDBBVBCon4YtE9uZWmZU+m2us63MI0RQrj4mg4+u2RvQqEbDTPG5u5mmbcrLcl/tnN2wsOnLvCNFT9j2RLMKgEB9jKubRszKG1dEVkphgxm5S7lqmOXQWX24n9rBHro2fuuA5DE7GIF6YU9B3oCIFB5jRJcoWL3rX30cUb0sxlJXmVKEt1pOqt8n5aheWPFPtnBtIH13hLxVTqmWW7JUk+SgMdPLGpqxmtv6sPWOI2QIDAQABo1MwUTBPBgNVHQEESDBGgBC5sKpnobhhHkO5u+Vp8jpXoSAwHjEcMBoGA1UEAxMTc2FtcGxlLm1wYXNzLmdvdi5tZIIQ8VcaEM0KNqNKVdi240uVlTAJBgUrDgMCHQUAA4IBAQASmfVnZjEGPlmWK3X+vMZdSUw/FU11NdHIjwO8YA6OqNYHrHPOwLlgUlycr/VYs73s0wI1b+SaC2/lsbkXAF1w83jy3FHnipFjEkV1+d0ogmox4WFX0PVyeAwVO99swzU1ERrEoXQ/kIgtGe7FYrZ+3H+x0nae9fKnGOlW0GctwoZmG0zk2reU0AuQHj9GAkHK5nF7KAQg1VEdI/WsMxaz+ZS/ZS1882GEl6ZNKrhRIGrO4tGRFI9yYHEW2qzjewKIUrAba/ifdPsk37nJwJvlAD+gSUUeENCzHbZvx8iiNmxcGr1/6gB6Dub+Qc8NvrvVcWvPq+0Gox1rSQi/yQT0</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
    <saml2p:NameIDPolicy AllowCreate="true" />
</saml2p:AuthnRequest>

先感谢您。

4

1 回答 1

1

该类SignedXml.NET Core 2.0 Preview 2中可用,但您需要显式引用System.Security.Cryptography.Xml 包,因为它不是 .NET Standard 的一部分。

如果您无法迁移到 .NET Core 2.0(应该会在接下来的几周内随时发布),那么您必须找到一个 3rd 方库或自己编写它。鉴于 xmldsig 和 c14n 规范有多复杂,我强烈建议您不要自己编写它。

于 2017-08-08T15:08:36.253 回答