SOAP RSA验证/验证数字签名

时间:2019-07-15 13:14:49

标签: .net validation wcf soap certificate

由于我以相同的方式对消息签名,因此以下方法始终返回false。 请帮助,问题出在哪里。

公共布尔验证(字符串soapMessage,X509Certificate2证书)         {

     CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), " http://www.w3.org/2000/09/xmldsig#rsa-sha1");

        XmlDocument xmlDoc = new XmlDocument();
        xmlDoc.LoadXml(soapMessage);
        xmlDoc.PreserveWhitespace = true;

        // *** Load the doc this time
        SignedXml sdoc = new SignedXml(xmlDoc);

        // *** Find the signature and load it into SignedXml
        XmlNodeList nodeList = xmlDoc.GetElementsByTagName("Signature");


        if (nodeList == null)
            throw new CryptographicException("The XML document has no signature.");
        if (nodeList.Count > 1)
            throw new CryptographicException("The XML document has more than one signature.");

        sdoc.LoadXml((XmlElement)nodeList[0]);
       // sdoc.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
        sdoc.SigningKey = (RSACryptoServiceProvider)cert.PublicKey.Key;
        // *** Now read the actual signature and validate
        bool result = sdoc.CheckSignature(cert, true);

        return result;
    }

1 个答案:

答案 0 :(得分:0)

此处如何对文档签名

   public XmlDocument SignSoapBody(string soapMessage, X509Certificate2 cert)
   {

    XmlDocument xmlDoc = new XmlDocument();
        xmlDoc.LoadXml(soapMessage);  //loading soap message as string
        XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable);
        ns.AddNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/");

        XmlElement Envelope = xmlDoc.DocumentElement.SelectSingleNode(@"//SOAP-ENV:Envelope", ns) as XmlElement;
        Envelope.SetAttribute("xmlns:SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/");
                   XmlElement body = xmlDoc.DocumentElement.SelectSingleNode(@"//SOAP-ENV:Body", ns) as XmlElement;
        if (body == null)
            throw new ApplicationException("No body tag found");
        body.SetAttribute("id", "Body");
        SignedXml signedXml = new SignedXml(xmlDoc);
        KeyInfo keyInfo = new KeyInfo();
        RSACryptoServiceProvider rsaprovider = (RSACryptoServiceProvider)cert.PublicKey.Key;
        RSAKeyValue rkv = new RSAKeyValue(rsaprovider);
        keyInfo.AddClause(rkv);
        signedXml.KeyInfo = keyInfo;
        signedXml.SigningKey = cert.PrivateKey;
        signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";  
        Reference reference = new Reference();
        reference.Uri = "#Body";  // reference id=body section in same doc   
        reference.DigestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
        //reference.AddTransform(new XmlDsigExcC14NTransform());  
        signedXml.AddReference(reference);
        signedXml.ComputeSignature();
        XmlElement signedElement = signedXml.GetXml();
        AssignNameSpacePrefixToElementTree(signedElement, "ds");
        XmlElement soapSignature = xmlDoc.CreateElement("Signature", "http://schemas.xmlsoap.org/soap/security/2000-12");
        soapSignature.Prefix = "SOAP-SEC";
        soapSignature.AppendChild(signedElement);
        XmlElement soapHeader = xmlDoc.DocumentElement.SelectSingleNode("//SOAP-ENV:Header", ns) as XmlElement;
        if (soapHeader == null)
        {
            soapHeader = xmlDoc.CreateElement("SOAP-ENV", "Header", "http://schemas.xmlsoap.org/soap/envelope/");
            xmlDoc.DocumentElement.InsertBefore(soapHeader, xmlDoc.DocumentElement.ChildNodes[0]);
        }
        soapHeader.AppendChild(xmlDoc.ImportNode(soapSignature, true));
        return xmlDoc;
    }
相关问题
最新问题