验证XML的Signature元素对XSD失败

时间:2011-12-22 19:39:06

标签: xml xsd

我有一个验证模式的XML文件。但是在我们的网站上,我们使用Fiddler来监控它发出的请求,并注意到我认为与我们的XML和XSD定义有关的很多请求。

这一切都与我希望使用微软 SignedXML 对象为我从应用程序生成的XML添加签名有关。我有问题只是让这个签名验证,并在下面的评论的一些帮助设法完成它。但是现在这个问题正在发生。

我已尝试在Notepad ++中对其进行验证,但我得到的是“无法解析模式文件”错误。

我的XML是:

<?xml version="1.0" encoding="utf-8"?>
<EngineRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" EngineVersion="6.0" RequestTime="2012-01-07T12:46:15.31868+13:00" xmlns="analysis.org.nz">
  <Analysis xmlns="">
  ... Various elements here
  </Analysis>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>QDhgJy28UHmqhB2SA825mudXkr0=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>fVxTK70NBoDuMw/76Sxx8lH5bWrEDbx2w+RfB1pkuUCLpjafG06U1PptjM0ndHMFGxWBa7lhaqyQV3fQOQ/KFzyYdeijQRXdOsV39Ex0GBhM+Ajo5YCdm6XfQaLheoSGaAf5TX7H7+mxwiFd71VENxWDWKmnQEVA3nUaWRumHOM=</SignatureValue>
  </Signature>
</EngineRequest>

我的XSD是:

<?xml version="1.0"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"            
            xmlns:tns="analysis.org.nz"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"            
            targetNamespace="analysis.org.nz"
            attributeFormDefault="unqualified"
            >

  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.mywebsite.co.nz/xsd/xmldsig-core-schema.xsd"/>

  <xsd:complexType name="AnalysisType">
  ... Various elements etc here
  </xsd:complexType>
   <xsd:element name="EngineRequest">
    <xsd:complexType>
      <xsd:sequence>
        <xsd:element name="Analysis" type="tns:AnalysisType" />
        <xsd:element ref="ds:Signature" minOccurs="0" maxOccurs="1" />
      </xsd:sequence>
      <xsd:attribute name="EngineVersion" type="xsd:string" />
      <xsd:attribute name="RequestTime"   type="xsd:dateTime" use="required"/>
    </xsd:complexType>
  </xsd:element>
</xsd:schema>

Fiddler输出是:

www.mywebsite.co.nz/xsd/xmldsig-core-schema.xsd
www.w3.org/2001/XMLSchema.dtd
www.w3.org/2001/datatypes
www.mywebsite.co.nz/xsd/xmldsig-core-schema.xsd

这是我的代码端进行验证的C#,我认为这会导致Fiddler中出现多个请求:

public static bool Validate(String input)
    {
        _isValid = true; // set to false if any error occurs
        _message.Clear();

        StringReader xml = new StringReader(input);

        // load embedded schema resource to validate against
        Assembly assembly = Assembly.GetExecutingAssembly();

        // validation settings
        XmlReaderSettings settings = new XmlReaderSettings();            
        settings.ValidationType = ValidationType.Schema;

        settings.ValidationFlags |= XmlSchemaValidationFlags.ProcessInlineSchema;
        settings.ValidationFlags |= XmlSchemaValidationFlags.ProcessSchemaLocation;
        settings.ValidationFlags |= XmlSchemaValidationFlags.ReportValidationWarnings;
        settings.ValidationEventHandler += new System.Xml.Schema.ValidationEventHandler(ValidationEventHandler);

        // add schemas for validation
        AddSchema(assembly, settings);
        AddSignatureSchema(assembly, settings);

        // create xml validation reader            
        XmlReader reader = XmlReader.Create(xml, settings);

        // validation node by node
        while (reader.Read()) ;

        reader.Close();

        return IsValid;
    }

    private static void AddSchema(Assembly assembly, XmlReaderSettings settings)
    {
        Stream xsdStream = assembly.GetManifestResourceStream("Engine.Schema.Engine.xsd");
        XmlReader xsdReader = XmlReader.Create(xsdStream);

        settings.Schemas.Add("mywebsite.org.nz", xsdReader);
    }

    private static void AddSignatureSchema(Assembly assembly, XmlReaderSettings settings)
    {
        XmlReaderSettings sigSettings = new XmlReaderSettings()
        {
            ValidationType = ValidationType.DTD,
            DtdProcessing = DtdProcessing.Parse
        };

        Stream sigStream = assembly.GetManifestResourceStream("Engine.Schema.xmldsig-core-schema.xsd");
        XmlReader sigReader = XmlReader.Create(sigStream, sigSettings); 

        settings.Schemas.Add(null, sigReader); // signature schema

    }

理想情况下,我不想像那样导入Signature命名空间,但是如果我不这样做,我就无法访问Signature元素。当我尝试创建自己的Signature元素以匹配xmldsig-core-schema时,由于Microsofts SignedXML()对象放置xmlns =“http://www.w3.org/2000/09/xmldsig#”,我得到验证错误生成的XML中出错。

注意:此问题已从原始问题更新,因为我修改了XML和XSD后错误略有变化。但是我的问题仍然存在,因为我正在努力添加看似简单的东西?

2 个答案:

答案 0 :(得分:2)

你有几个问题:

XSD说

  • {mynamespace}请求必须是根元素。
  • {mynamespace}分析必须在Signature
    • 之前进行

答案 1 :(得分:1)

问题似乎与AddSignatureSchema()方法有关。这导致每次调用时都会在http://www.mywebsite.co.nz/xsd/xmldsig-core-schema.xsd下载DTD。

我所要做的就是将XMLResolver设置为null,这样就不会发生这种下载。我在Prevent DTD download when parsing xml

的另一个问题中找到了这个问题

我还设置了DtdProcessing = DtdProcessing.Ignore标志。该方法看起来像

    private static void AddSignatureSchema(Assembly assembly, XmlReaderSettings settings)
    {
        XmlReaderSettings sigSettings = new XmlReaderSettings()
        {
            ValidationType = ValidationType.DTD,
            DtdProcessing = DtdProcessing.Ignore
        };

        // Prevent the DTD from downloading
        sigSettings.XmlResolver = null;

        Stream sigStream = assembly.GetManifestResourceStream("Engine.Schema.xmldsig-core-schema.xsd");
        XmlReader sigReader = XmlReader.Create(sigStream, sigSettings); 

        settings.Schemas.Add(null, sigReader); // signaturte schema

    }
相关问题
最新问题