Question

我需要你的帮助。

所以我在java上使用Xml签名生成文档，当我尝试在C＃上验证时，我得到了false。然后我在C＃上生成带有签名的Same Document，这没关系。返回true。

这是我在C＃中生成的xml：

<GovTalkMessage xmlns="http://www.govtalk.gov.uk/CM/envelope">
  <EnvelopeVersion>2.0</EnvelopeVersion>
  <Header>
    <MessageDetails>
      <Class>**********</Class>
      <Qualifier>request</Qualifier>
      <Function>submit</Function>
      <CorrelationID></CorrelationID>
      <ResponseEndPoint PollInterval="0" />
      <GatewayTimestamp>2015-05-22 10:36:00 46</GatewayTimestamp>
    </MessageDetails>
    <SenderDetails>
      <IDAuthentication>
        <SenderID>*******</SenderID>
        <Authentication>
          <Method>clear</Method>
          <Value>******</Value>
        </Authentication>
      </IDAuthentication>
      <EmailAddress>nomail</EmailAddress>
    </SenderDetails>
  </Header>
  <Body>
    <Message xmlns="urn:g3.ge:cra:call:CRA_Xcrms_ProcessRequest:v1">
      <Request>
        <SubcontractId>*********</SubcontractId>
        <Parameters>
          <ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#" Id="b8fab299-1f02-4952-bc51-51c1a801cfbd">
            <NamedCurve URI="urn:oid:1.3.36.3.3.2.8.1.1.7" />
            <PublicKey>BHeO8NM3siFsm/4wOuZfuYqxEyHITRIw10nck6VWmsQeIpJ7SA6octSy6CribK+I8CfALnlPCi0ugcfhtndJjRo=</PublicKey>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
              <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="#b8fab299-1f02-4952-bc51-51c1a801cfbd">
                  <Transforms>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                  <DigestValue>dj0zX2jwmWo31ZHQZ8QD/oCofWM=</DigestValue>
                </Reference>
              </SignedInfo>
              <SignatureValue>WesZbraD0p0eW0GmhQ8ZpTyQ9Z3xiiWph/mIam2nhVPmXfJCdVVvPPxwL3IfseZLXUa4xQwOO4Goa6DOH8drqSbORdrHiTmB7f5QfeqL1kH3BB5sQuHWyHHtN37284e7/jB+1awxcyVkdE9Vk2lDsHmn4f3vjdk1tvKJOYlfsP0MEJQ4XG2fpCWgGebWHCy1oNUOI9X/hOLxQK+n5MVHM7hiO7xDcziSq2SgAOIoxHgAKEfDUR8fC1QPwQGTpClLoY2QD1wbv1h3FsnK9+Fg7Tx1g0iE6hyppb3dSveZBNWr8fOA9GMgeUzgB54bGQ8PPixRxIBs4L7Wb+Ro9qQG4w==</SignatureValue>
              <KeyInfo>
                <X509Data>
                  <X509Certificate>MIIFaDCCBFCgAwIBAgIKGKrxUAAAAAACYTANBgkqhkiG9w0BAQUFADBCMRIwEAYKCZImiZPyLGQBGRYCZ2UxEzARBgoJkiaJk/IsZAEZFgNjcmExFzAVBgNVBAMTDkNSQSBJU1NVSU5HIENBMB4XDTE2MDEwNDExMzgxOFoXDTE4MDEwMzExMzgxOFowgY8xCzAJBgNVBAYTAkdFMQwwCgYDVQQIEwNOL0ExEDAOBgNVBAcTB1RiaWxpc2kxEzARBgNVBAoTCkdlb0ZpblRlY2gxCzAJBgNVBAsTAklUMRowGAYDVQQDExFUYW1hciBEYXR1YXNodmlsaTEiMCAGCSqGSIb3DQEJARYTdGFtYXJAZ2VvZmludGVjaC5nZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvjGHYQc+6pE+S90YcQ72gIu+6Min/rIQdezK6AYuxCLNocQlWM5GN2yzxbFc4S1p6j8D8Q/QKBrJ6p6T/93EyiZcV/CwEE6RC+VZkyzgz14FsQKXvjn20y8iGVIdwN7+vyTnkfFS6QngzrAukJE5TUcBQxw9Ja7Pn5QRaH6r2qiroKgw3DqszpRONMi701RNOcKYhvHZSVNQG6ZN4k/1z1TIEG4BgyhGp/9923Yo1NE8bxai2e6GBULaDV9zgicIP4bQqpAjzKlfVPVD07zE+qQlzViiXUo3Ivkk6LhRX5LtJ7f783MHY4NKMSrrpvy3wXuhvmj5SI/GQCmevqfU8CAwEAAaOCAhAwggIMMAsGA1UdDwQEAwIFoDA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQiMrxOCxd0kgeWXFZnFboLIgn1ZherrPoWoyzkCAWQCAQkwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBRs+UHm6cklk/B9F+ftjFRbSTSPiDAfBgNVHSMEGDAWgBTDtujkuZ450dwAyTWTgpsCj5IwSTBOBgNVHR8ERzBFMEOgQaA/hj1odHRwOi8vY3JhLWlzc3VpbmdjYS5jcmEuZ2UvQ2VydEVucm9sbC9DUkElMjBJU1NVSU5HJTIwQ0EuY3JsMG4GCCsGAQUFBwEBBGIwYDBeBggrBgEFBQcwAoZSaHR0cDovL2NyYS1pc3N1aW5nY2EuY3JhLmdlL0NlcnRFbnJvbGwvQ1JBLUlTU1VJTkdDQS5jcmEuZ2VfQ1JBJTIwSVNTVUlORyUyMENBLmNydDA1BgNVHSUELjAsBgorBgEEAYI3FAICBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcKAwQwQwYJKwYBBAGCNxUKBDYwNDAMBgorBgEEAYI3FAICMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMEMAwGCisGAQQBgjcKAwQwDQYJKoZIhvcNAQEFBQADggEBAFPv8dF7lv0koP4qTnf6xyR3GW5hf0k0gOv7LMxuvwNZR6fnupVNx5QS4zEsQnJQoUII9qXyScxaXe96bPRKQqMaJLpMhxjsLMqpPRTLmdIvVExf4Jyo3ZPzquYx/+IokzhJaXK2qV2Z1P/kd0p1I03BYdWEabGz+MsARSer2s4IxeELgVSHKwk/aYY3LdsddbMJg1TO0Knmqvssri/rtJ6h9PAbtheijukEktmjWdLZ+A+/mATmX9i5FOKVkc9bdRmIw0M59ura+r3HThlZ+5J6amFuQJAxp7M6RwnLOqPyk21Hiaccufw4Hr6CvQ8c9lcjbK0k5z7dBDMt+JA4shI=</X509Certificate>
                </X509Data>
              </KeyInfo>
            </Signature>
          </ECKeyValue>
        </Parameters>
      </Request>
    </Message>
  </Body>
</GovTalkMessage>

这是我在java中生成的xml：

<GovTalkMessage xmlns="http://www.govtalk.gov.uk/CM/envelope">
  <EnvelopeVersion>2.0</EnvelopeVersion>
  <Header>
    <MessageDetails>
      <Class>*******</Class>
      <Qualifier>request</Qualifier>
      <Function>submit</Function>
      <CorrelationID/>
      <ResponseEndPoint PollInterval="0"/>
      <GatewayTimestamp>2015-05-22 10:36:00 46</GatewayTimestamp>
    </MessageDetails>
    <SenderDetails>
      <IDAuthentication>
        <SenderID>*******</SenderID>
        <Authentication>
          <Method>clear</Method>
          <Value>*******</Value>
        </Authentication>
      </IDAuthentication>
      <EmailAddress>nomail</EmailAddress>
    </SenderDetails>
  </Header>
  <Body>
    <Message xmlns="urn:g3.ge:cra:call:CRA_Xcrms_ProcessRequest:v1">
      <Request>
        <SubcontractId>*******</SubcontractId>
        <Parameters>
          <ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#" Id="e05606fa-f84f-4f03-b979-59e3ab07c431">
            <NamedCurve URI="urn:oid:1.3.36.3.3.2.8.1.1.7"/>
            <PublicKey>BHCX/TfxYEqT+RkvWwe7FUwgcfYv4Delhn4Gh3VDwYdfiPNsbdSrpdTifdzjW4xF2t18Dv6oWHvnxj4vzulyLLU=</PublicKey>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
              <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <Reference URI="#e05606fa-f84f-4f03-b979-59e3ab07c431">
                  <Transforms>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <DigestValue>bkpr3QO9lbDyLHfN78AptsaAiDA=</DigestValue>
                </Reference>
              </SignedInfo>
              <SignatureValue>tKSd9QHighByIW87N/Flkpt5KlaeOCQjT3ot3oNycNA5143GLjo/LZr6LyILiCef9fkLtxotnANXgAxtU2VQePKJcrqksKxwFeRQg4ZaPv5R41LbNQVNlgM1pa70JpFtRgFwFIm8qzKokcd0dpBG/i+Q3318CRKbAJHXqnOvCU3g8hgWhcKDo8KISkOkvVvDiOXLlmVVspYEc9Miz+2SlXK0psMcpEZTs8Qwl2eUabcQq457pV3sWw+kWQCWWBJbU2t2sXTLw2jqT4gSvz68Txn5WwS5km0ArdmEwN7DqEpBWd9ItSVlQuq45Xi7ymwuHB4cUkx0EYwFjeOa6Y4hZw==</SignatureValue>
              <KeyInfo>
                <X509Data>
                  <X509Certificate>MIIFaDCCBFCgAwIBAgIKGKrxUAAAAAACYTANBgkqhkiG9w0BAQUFADBCMRIwEAYKCZImiZPyLGQBGRYCZ2UxEzARBgoJkiaJk/IsZAEZFgNjcmExFzAVBgNVBAMTDkNSQSBJU1NVSU5HIENBMB4XDTE2MDEwNDExMzgxOFoXDTE4MDEwMzExMzgxOFowgY8xCzAJBgNVBAYTAkdFMQwwCgYDVQQIEwNOL0ExEDAOBgNVBAcTB1RiaWxpc2kxEzARBgNVBAoTCkdlb0ZpblRlY2gxCzAJBgNVBAsTAklUMRowGAYDVQQDExFUYW1hciBEYXR1YXNodmlsaTEiMCAGCSqGSIb3DQEJARYTdGFtYXJAZ2VvZmludGVjaC5nZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvjGHYQc+6pE+S90YcQ72gIu+6Min/rIQdezK6AYuxCLNocQlWM5GN2yzxbFc4S1p6j8D8Q/QKBrJ6p6T/93EyiZcV/CwEE6RC+VZkyzgz14FsQKXvjn20y8iGVIdwN7+vyTnkfFS6QngzrAukJE5TUcBQxw9Ja7Pn5QRaH6r2qiroKgw3DqszpRONMi701RNOcKYhvHZSVNQG6ZN4k/1z1TIEG4BgyhGp/9923Yo1NE8bxai2e6GBULaDV9zgicIP4bQqpAjzKlfVPVD07zE+qQlzViiXUo3Ivkk6LhRX5LtJ7f783MHY4NKMSrrpvy3wXuhvmj5SI/GQCmevqfU8CAwEAAaOCAhAwggIMMAsGA1UdDwQEAwIFoDA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQiMrxOCxd0kgeWXFZnFboLIgn1ZherrPoWoyzkCAWQCAQkwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBRs+UHm6cklk/B9F+ftjFRbSTSPiDAfBgNVHSMEGDAWgBTDtujkuZ450dwAyTWTgpsCj5IwSTBOBgNVHR8ERzBFMEOgQaA/hj1odHRwOi8vY3JhLWlzc3VpbmdjYS5jcmEuZ2UvQ2VydEVucm9sbC9DUkElMjBJU1NVSU5HJTIwQ0EuY3JsMG4GCCsGAQUFBwEBBGIwYDBeBggrBgEFBQcwAoZSaHR0cDovL2NyYS1pc3N1aW5nY2EuY3JhLmdlL0NlcnRFbnJvbGwvQ1JBLUlTU1VJTkdDQS5jcmEuZ2VfQ1JBJTIwSVNTVUlORyUyMENBLmNydDA1BgNVHSUELjAsBgorBgEEAYI3FAICBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcKAwQwQwYJKwYBBAGCNxUKBDYwNDAMBgorBgEEAYI3FAICMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMEMAwGCisGAQQBgjcKAwQwDQYJKoZIhvcNAQEFBQADggEBAFPv8dF7lv0koP4qTnf6xyR3GW5hf0k0gOv7LMxuvwNZR6fnupVNx5QS4zEsQnJQoUII9qXyScxaXe96bPRKQqMaJLpMhxjsLMqpPRTLmdIvVExf4Jyo3ZPzquYx/+IokzhJaXK2qV2Z1P/kd0p1I03BYdWEabGz+MsARSer2s4IxeELgVSHKwk/aYY3LdsddbMJg1TO0Knmqvssri/rtJ6h9PAbtheijukEktmjWdLZ+A+/mATmX9i5FOKVkc9bdRmIw0M59ura+r3HThlZ+5J6amFuQJAxp7M6RwnLOqPyk21Hiaccufw4Hr6CvQ8c9lcjbK0k5z7dBDMt+JA4shI=</X509Certificate>
                </X509Data>
              </KeyInfo>
            </Signature>
          </ECKeyValue>
        </Parameters>
      </Request>
    </Message>
  </Body>
</GovTalkMessage>

我生成了这些文件十亿次，但这个C＃代码就像从C＃生成的文件，但我有java生成的问题文件：

        //it's income xml request
        string requestFromService = "myxmlFile.xml";


        XmlDocument xmlDocument = new XmlDocument();
        xmlDocument.LoadXml(Helpers.readAllFromFile(requestFromService));

        XmlElement xml = xmlDocument.DocumentElement;
        XmlElement keyValue = xml.GetElementsByTagName("ECKeyValue").Item(0) as XmlElement;

        XmlElement signatureElement = xml.GetElementsByTagName("Signature").Item(0) as XmlElement;

        keyValue.RemoveChild(signatureElement);

        //
        var signedXml = new SignedXml(keyValue);
        signedXml.LoadXml(signatureElement);
        bool result = signedXml.CheckSignature();

        Console.WriteLine(String.Format("Result : {0}", result));

System.Security.Cryptography.Xml.SignedXml如何工作。为什么xml签名无效？请帮忙。

Answer 1

请注意，签名时XML格式很重要。

如果文档的格式如问题中所示，则它们包含大量空格。 .NET通常会忽略它。您需要设置一个标志来保留空格：

XmlDocument xmlDocument = new XmlDocument
{
  PreserveWhitespace = true
};
xmlDocument.LoadXml(Helpers.readAllFromFile(requestFromService));

此外，您不应在验证之前删除Signature元素，而应使用xml dsig包含变换来为您执行此操作。

SignedXml checksignature返回false。

1 个答案: