关于 c#:SignedXml 生成无效签名

SignedXml generates invalid signatures

我一直试图让 .NET 中的 XMLDSIG 支持正常运行,更具体地说是 SignedXml 类。我正在实施第三方服务,他们最近才开始要求所有消息都必须进行数字签名...

我的问题是,我似乎无法生成有效的签名。第三方服务和我发现的在线签名验证器都将签名报告为无效。验证服务 (http://www.aleksey.com/xmlsec/xmldsig-verifier.html) 报告摘要和数据之间存在不匹配,到目前为止我无法弄清楚我的\\'我做错了。

这是相关代码 - 希望有人能够发现我的错误;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
public static XDocument SignDocument(XDocument originalDocument, X509Certificate2 certificate)
{
    var document = new XmlDocument();
    document.LoadXml(originalDocument.ToString(SaveOptions.DisableFormatting));
    if (document.DocumentElement == null)
        throw new InvalidOperationException("Invalid XML document; no root element found.");

    var signedDocument = new SignedXml(document);
    Reference signatureReference = GetSignatureReference();
    KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate);
    var dataObject = new DataObject("","text/xml","utf-8", document.DocumentElement);

    signedDocument.AddReference(signatureReference);
    signedDocument.AddObject(dataObject);
    signedDocument.SigningKey = certificate.PrivateKey;
    signedDocument.KeyInfo = certificateKeyInfo;
    signedDocument.ComputeSignature();

    return XDocument.Parse(signedDocument.GetXml().OuterXml, LoadOptions.PreserveWhitespace);
}


private static Reference GetSignatureReference()
{
    var signatureReference = new Reference("");
    signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform());

    return signatureReference;
}


private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate)
{
    var certificateKeyInfo = new KeyInfo();
    certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate));

    return certificateKeyInfo;
}

如果有人感兴趣,我解决了这个问题并在我的博客上写了:
http://thomasjo.com/blog/2009/08/04/xmldsig-in-the-net-framework.html