Question

我试图用camel生成一个分离的XML签名文档。我注意到如果我篡改命名空间的名称，文档就会失效。例如。改变＆＃34;肥皂＆＃34;到＆＃34; soap1＆＃34;命名空间使文档无效。我得到了：

org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidValueException: 
           Signature validation failed. The signature value could not be 
           validated by the public key. Either the message has been 
           tampered or the public key is not correct.

应该是这样吗？

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <anotherSample attr="1234"/>
        <sample ID="sampleID"/>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#sampleID">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>....</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>...</ds:SignatureValue>
            <ds:KeyInfo>....</ds:KeyInfo>
        </ds:Signature>
    </soap:Body>
</soap:Envelope>

Answer 1

来自Canonical XML spec：By virtue of the XPath data model, XML canonicalization is namespace-aware.所以是的，更改命名空间会导致签名发生变化。

XML根元素的更改是否应更改子元素的签名值？

1 个答案: