我正在尝试验证使用 python signxml 库生成的签名,但检查签名返回 false 但与 python 代码交叉验证它返回 true
来自.Net的签名XML确实具有规范化方法xml-c14n11的实现我正在使用以下答案来创建xml-c14n11类并添加到cryto配置算法
SignedXml CanonicalizationMethod - http://www.w3.org/2006/12/ xml-c14n11
并且还尝试使用上述转换对 XML 进行签名,但它向生成的 XML 添加了默认转换:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR /2001/REC-xml-c14n-20010315" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:参考 URI= ""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www. w3.org/TR/2001/REC-xml-c14n-20010315" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" / ><ds:DigestValue>gGNoKEZ9BXIhdhdCPpB7X+XES3d9xOrlNys1hT69uG0=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>RNUKnnx/me3Sb463Qgu2rKHuXK79FsGjUGTimWnd7nPwsnc9Pyjb17W8Y8SNluuflGgo5rrbInoh/WdJmOaiqWR2nq8nxrvdcy0ass/9AzjSQzDRsIlGI1dDmn/fl8HThBKfb0WaYeMOAnka8u68LPLP8Dz7Cp5qCHiWY/5cOVYpSBAf7ZmbrL2Jq/A7r1Ulr8I2bXlpzjH5LeSbfBanBmyHBuhbYDkFlaD9s/CxUFgsWSu4nUZxkkj/EpL2Oo3LGZLXiUoUphnTSNUgSyTnxq5A1eqUtvPaIBvadQIY6ybYEnAkWQC40hYwAnB8487zbj0RoF98QmNwY5xhe3uO0Q==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGJzCCBA+/dzLh2kWxaXbsx9F05J82QLtRYxydjsp2Di91UnJJ9XNLc375avXM+CJ0a+eYlBHR+VrfGO2VuXagBN5X+ZkspuCL/emk4IW47dgW3aPXhZf/igu4MQR+aCWmejheERbgRYwtF6gBc677B23pVF0+j5F7AsvAVB7GHbt4Ym6S4DN6r2Yc/r5lNzuVKBPjWxOh3dFRe29uWOCuHcCAwEAAaOCAZkwggGVMB8GA1wAoZZaHR0cDovL2xlaWNhYmlvc3lzdGVtcy5jcnQuaW90LnNlY3RpZ28uY29tL0xlaWNhQmlvc3lzdGVtc0dsb2JhbEFwcGxpY2F0aW9uc0lzc3VpbmdDQS5jcnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9sZWljYWJpb3N5c3RlbXMub2NzcC5pb3Quc2VjdGlnby5jbYCK5TYUMNMsbe+Q4HSWc8yMNaoQvPHR2IXRNUK5MZD71Ol5S23BjamVWjd9n6lG2V0Bg==</ds:X509Certificate></ds:X509Data><ds:X509Data><ds:X509Certificate>MIIHAzCCBOugAwIBAgIQWkkxaxJSVrgyR/uAkXpvBTANBgkqhkiG9w0BAQwFADCBgzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRYwFAYDVQQHEw1CdWZmYWxvIEdyb3ZlMRkwFwYDVQQKExBMZWljYSBCaW9zeXN0ZW1zMS4wLAYDVQQDEyVMZWljYSBCaW9zeXN0ZW1zIC0gUHJvZHVjdHMgLSBSb290IENBMB4XDTIwMTAyOTE0NTgyMloXDTQwMTAyOTE0NTgyMVowgZExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEWMBQGA1UEBxMNQnVmZmFsbyBHcm92ZTEZMBcGA1UEChMQTGVpY2EgQmlvc3lzdGVtczE8MDoGA1UEAxMzTGVpY2EgQmlvc3lzdGVtcyAtIEdsb2JhbCBBcHBsaWNhdGlvbnMgLSBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsT5vKnrSZ4j3aA09au/Y2WHCwDZsjsYGdPgJgK8hTSqQcEbPths/HfWQcrNe3HMl7tTyYO95XkvNafRgCxZmSYigTN/BYxbyGKhtHFowuWoE+NPmhs+9VNySH0lAAlBHhZrkCTvVjphtzsbgYUSMuG1Ds0pm6cs3IlCG2gpXnRDZ35ARjwbHcakfXLptpQN1lBENhuHhbSCiI1GqhzkSVi0Wh0Il5WJGxcAyuQeHR+81+vzIka0ylu0qQJ8iOogfYQedD//ke5lUKQp8M8SJQPb6ACINIftnJu06551G6STp1fEaZmQJU2l0i6F3UWvv5IDicAlZ2LzGBTT6bKF3N+AC7F9Luj24hu+fgwA9d2inQJrSnlVdUfU9bDzPNToz2pAiGcya5Rb0FnJ2P26JseZotI1ezg0oaYZ/QOl+3bM3SAQJqHybQUngBFdl9bPBkzeztCrc9GfrYeP4H9VnSKexVIwkswmSPLbOYCRDMrKSLRc13EOpj48=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
如何将 xml-c14n11 添加到规范化方法并在我签名的 xml 中进行转换?