我一直在努力使.NET中的
XMLDSIG支持正常运行,更具体地说是SignedXml类.我正在实施第三方服务,他们最近才开始要求所有消息都必须经过数字签名……
我的问题是,我似乎无法生成有效的签名.第三方服务和我找到的在线签名验证器都将签名报告为无效.验证服务(http://www.aleksey.com/xmlsec/xmldsig-verifier.html)报告摘要和数据之间存在不匹配,到目前为止我还无法弄清楚我做错了什么.
public static XDocument SignDocument(XDocument originalDocument,X509Certificate2 certificate) { var document = new XmlDocument(); document.LoadXml(originalDocument.ToString(SaveOptions.disableFormatting)); if (document.DocumentElement == null) throw new InvalidOperationException("Invalid XML document; no root element found."); var signedDocument = new SignedXml(document); Reference signatureReference = GetSignatureReference(); KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate); var dataObject = new DataObject("","text/xml","utf-8",document.DocumentElement); signedDocument.AddReference(signatureReference); signedDocument.Addobject(dataObject); signedDocument.SigningKey = certificate.PrivateKey; signedDocument.KeyInfo = certificateKeyInfo; signedDocument.ComputeSignature(); return XDocument.Parse(signedDocument.GetXml().OuterXml,LoadOptions.PreserveWhitespace); } private static Reference GetSignatureReference() { var signatureReference = new Reference(""); signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); return signatureReference; } private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate) { var certificateKeyInfo = new KeyInfo(); certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate)); return certificateKeyInfo; }
解决方法
如果有人有兴趣,我解决了这个问题并在我的博客上写了这篇文章:
http://thomasjo.com/blog/2009/08/04/xmldsig-in-the-net-framework.html
http://thomasjo.com/blog/2009/08/04/xmldsig-in-the-net-framework.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。