我正在努力签署一份要作为SAML 2.0请求发送的XML文档。我需要在Asp.Net Core中执行此操作。
.NET Core中没有提供帮助我解决此问题的库System.Security.Cryptography.Xml。我在想是否有一种手动方式来签署带有指定签名算法和规范化方法的xml文档。
初始的xml文档是:
<saml2p:AuthnRequest ID="_6cf0de52-7baa-42a6-bde9-1b3758876e23" Version="2.0" IssueInstant="2017-08-08T12:36:52.5360695Z" Destination="*hidden*" AssertionConsumerServiceURL="*hidden*"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer>*hidden*</saml2:Issuer>
<saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>
我需要获得:
<saml2p:AuthnRequest ID="_6cf0de52-7baa-42a6-bde9-1b3758876e23" Version="2.0" IssueInstant="2017-08-08T12:36:52.5360695Z" Destination="*hidden*" AssertionConsumerServiceURL="*hidden*"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer>*hidden*</saml2:Issuer>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_6cf0de52-7baa-42a6-bde9-1b3758876e23">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>ECaUeAOFJKloXmSPfKqB67S8QWU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Rpj8w+29giFaKvnWO9Fjz4cs12mm+VcchYK3Y7T2iT7y48TejOYzKhBHIQ5JUZ/dRZ+B7Rc+PeAmixyR43WYyLpOoHGHL7kBj/Ols5eO5OXNAlcTocv1PUhAxn0onJeuX7vzWewmuRf9t8fItXrZFopFSaGHkDk0gYuRCEBf15seukaf9XT9EwRKt/bz8a5LaCqDH+sWEt8OUZucpUOlrMTaP9zx1/0+M6V3YM5DvndPuZcSKlyStELp1okXnxeMENwGBGB1XJwSP+VwbWADz6J0SB9sqNzMNF7YOAvZCdkYhxalIJ5VQll3dg+ZT5g/vGmKHehNhPDsjsnK+5W2OQ==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDETCCAf2gAwIBAgIQ8VcaEM0KNqNKVdi240uVlTAJBgUrDgMCHQUAMB4xHDAaBgNVBAMTE3NhbXBsZS5tcGFzcy5nb3YubWQwHhcNMTQwNzE2MTExMjI4WhcNMzkxMjMxMjM1OTU5WjAeMRwwGgYDVQQDExNzYW1wbGUubXBhc3MuZ292Lm1kMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJB1ZunoQVBBcIDUGDnDogjSzzYOZ+jaLFHGHIABA05IbPqLl6xJqKOT9ykC/jIYHbNkNiBF6FSrpU3qWfALJ7rZHef4IksQHEz0vqXq4LMVDBBVBCon4YtE9uZWmZU+m2us63MI0RQrj4mg4+u2RvQqEbDTPG5u5mmbcrLcl/tnN2wsOnLvCNFT9j2RLMKgEB9jKubRszKG1dEVkphgxm5S7lqmOXQWX24n9rBHro2fuuA5DE7GIF6YU9B3oCIFB5jRJcoWL3rX30cUb0sxlJXmVKEt1pOqt8n5aheWPFPtnBtIH13hLxVTqmWW7JUk+SgMdPLGpqxmtv6sPWOI2QIDAQABo1MwUTBPBgNVHQEESDBGgBC5sKpnobhhHkO5u+Vp8jpXoSAwHjEcMBoGA1UEAxMTc2FtcGxlLm1wYXNzLmdvdi5tZIIQ8VcaEM0KNqNKVdi240uVlTAJBgUrDgMCHQUAA4IBAQASmfVnZjEGPlmWK3X+vMZdSUw/FU11NdHIjwO8YA6OqNYHrHPOwLlgUlycr/VYs73s0wI1b+SaC2/lsbkXAF1w83jy3FHnipFjEkV1+d0ogmox4WFX0PVyeAwVO99swzU1ERrEoXQ/kIgtGe7FYrZ+3H+x0nae9fKnGOlW0GctwoZmG0zk2reU0AuQHj9GAkHK5nF7KAQg1VEdI/WsMxaz+ZS/ZS1882GEl6ZNKrhRIGrO4tGRFI9yYHEW2qzjewKIUrAba/ifdPsk37nJwJvlAD+gSUUeENCzHbZvx8iiNmxcGr1/6gB6Dub+Qc8NvrvVcWvPq+0Gox1rSQi/yQT0</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml2p:NameIDPolicy AllowCreate="true" />
</saml2p:AuthnRequest>
提前谢谢。
答案 0 :(得分:0)
SignedXml类可在.NET Core 2.0 Preview 2中使用,但您需要明确引用System.Security.Cryptography.Xml package,因为它不是.NET Standard的一部分。
如果您无法迁移到.NET Core 2.0(应该会在接下来的几周内随时发布),那么您必须找到第三方库或自己编写。鉴于xmldsig和c14n规范有多复杂,我强烈建议不要自己编写。