我有以下xsd:
<xsd:schema
targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
elementFormDefault="qualified" attributeFormDefault="unqualified"
blockDefault="#all" version="0.2">
<xsd:import namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" schemaLocation="../MSG/IRS-WSTimeStampElementMessage.xsd" />
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="../MSG/IRS-WSSignatureElementMessage.xsd"/>
<xsd:complexType name="SecurityHeaderType">
<xsd:annotation>
<xsd:documentation>This complexType defines header block to use for
security-relevant data directed at a specific SOAP actor.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element ref="ds:Signature" minOccurs="0"/>
<xsd:element ref="wsu:Timestamp" minOccurs="0"/>
</xsd:sequence>
<xsd:anyAttribute namespace="##other" processContents="lax" />
</xsd:complexType>
<xsd:element name="Security" type="wsse:SecurityHeaderType">
<xsd:annotation>
<xsd:documentation>This element defines the wsse:Security SOAP header
element per Section 4.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:schema>
这是我试图根据上面的模式验证的XML:
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="TS-E68EBBF1696C5DD4AA143353323390073">
<u:Created>2016-03-22T12:42:44.170Z</u:Created>
<u:Expires>2016-03-22T12:52:44.170Z</u:Expires>
</u:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>2gAU0kJV40nvR+Og=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>pISNeszVQ59HKCRbQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-E68EBBF1696C5DD4AA143353323390073">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>mh7+cJJPRtrrn/s4N15AE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>fhpY2IlKEdwBFWqNxbVEw7p+ojhw54+op+g==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>fshPnGE6H36KNqWMZqTf+X0oBls3dLz7TY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
我无法理解为什么在验证过程中我会收到以下错误:
ERROR: The element 'Security' in namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' has invalid child element 'Signature' in namespace 'http://www.w3.org/2000/09/xmldsig#'.
它看起来像在命名空间中定义的元素,但验证器似乎没有注意到它或者由于某种原因忽略了这个事实。
答案 0 :(得分:3)
它们出现的顺序错误。序列应按照声明的顺序出现..签名的最小出现次数为0,这就是为什么它没有给你一个问题,因为时间戳是第一个。< / p>
如果您不想强制执行您的孩子元素的出现顺序,那么您可以选择xsd :: all但它有自己的问题/规则Difference between <xsd:all> and <xsd:sequence> in schema definition?
答案 1 :(得分:0)
扩展@Rob所说的内容。
当我使用Signature对象的ComputeSignature()方法创建SignedXml元素后,我使用signedXml.GetXml()方法将XML输出到{{1对象。用于保存数字签名。我创建了一个XmlElement对象来保存XmlNode元素的引用,然后使用Security方法在InsertBefore FirstChild之前添加数字签名} element。
这样做会将Security元素的子元素按适当顺序放置。
Security