SignedXml generates invalid signatures
我一直试图让 .NET 中的 XMLDSIG 支持正常运行,更具体地说是 SignedXml 类。我正在实施第三方服务,他们最近才开始要求所有消息都必须进行数字签名...
我的问题是,我似乎无法生成有效的签名。第三方服务和我发现的在线签名验证器都将签名报告为无效。验证服务 (http://www.aleksey.com/xmlsec/xmldsig-verifier.html) 报告摘要和数据之间存在不匹配,到目前为止我无法弄清楚我的\\'我做错了。
这是相关代码 - 希望有人能够发现我的错误;
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | public static XDocument SignDocument(XDocument originalDocument, X509Certificate2 certificate) { var document = new XmlDocument(); document.LoadXml(originalDocument.ToString(SaveOptions.DisableFormatting)); if (document.DocumentElement == null) throw new InvalidOperationException("Invalid XML document; no root element found."); var signedDocument = new SignedXml(document); Reference signatureReference = GetSignatureReference(); KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate); var dataObject = new DataObject("","text/xml","utf-8", document.DocumentElement); signedDocument.AddReference(signatureReference); signedDocument.AddObject(dataObject); signedDocument.SigningKey = certificate.PrivateKey; signedDocument.KeyInfo = certificateKeyInfo; signedDocument.ComputeSignature(); return XDocument.Parse(signedDocument.GetXml().OuterXml, LoadOptions.PreserveWhitespace); } private static Reference GetSignatureReference() { var signatureReference = new Reference(""); signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); return signatureReference; } private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate) { var certificateKeyInfo = new KeyInfo(); certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate)); return certificateKeyInfo; } |
如果有人感兴趣,我解决了这个问题并在我的博客上写了:
http://thomasjo.com/blog/2009/08/04/xmldsig-in-the-net-framework.html