引用元素签名XML C#不正确
本文关键字:不正确 XML 元素 引用 | 更新日期: 2023-09-27 18:21:56
我需要实现EBICS协议,特别是HPB请求,我需要签署我的XML文件:
<?xml version="1.0" encoding="UTF-8"?>
<ebicsNoPubKeyDigestsRequest xmlns="http://www.ebics.org/H003" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ebics.org/H003 http://www.ebics.org/H003/ebics_keymgmt_request.xsd" Version="H003" Revision="1">
<header authenticate="true">
<static>
<HostID>EBIXQUAL</HostID>
<Nonce>234AB2340FD2C23035764578FF3091C1</Nonce>
<Timestamp>2015-11-13T10:32:30.123Z</Timestamp>
<PartnerID>AD598</PartnerID>
<UserID>EF056</UserID>
<OrderDetails>
<OrderType>HPB</OrderType>
<OrderAttribute>DZHNN</OrderAttribute>
</OrderDetails>
<SecurityMedium>0000</SecurityMedium>
</static>
<mutable />
</header>
</ebicsNoPubKeyDigestsRequest>
所以我需要在所在的元素上签名
authenticate="true"
为了在C#中签署我的文档,我写了这样的代码:
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = false;
xmlDoc.Load("hpbtest.xml");
RSA Key = new GestionCertificat("CN=XML_ENC_TEST_CERT4").getClePrivee();
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#xpointer(//*[@authenticate='true'])";
// Add an enveloped transformation to the reference.
XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
xmlDoc.Save("hpbtest.xml");
但当我试图签名时,我在线上收到了这个错误
signedXml.ComputeSignature()
:
参考元件不正确
你能帮我解决我的问题吗?
提前谢谢!
托马斯!
我通过SignedXml和Reference类和..对XPointer操作进行了反向工程。。我可以在一个单独的答案中给你所有的细节,但我现在的结论是,你只能有两种类型的查询:
#xpointer(/)
这是有效的,因为它是明确检查,和
#xpointer(id(
再次显式选中此项(使用string.StartsWith)。
因此,正如您在评论中指出的,实现这一点的唯一方法似乎是扩展SignedXml类并重写GetIdElement方法,如下所示:
public class CustomSignedXml : SignedXml
{
XmlDocument xmlDocumentToSign;
public CustomSignedXml(XmlDocument xmlDocument) : base(xmlDocument)
{
xmlDocumentToSign = xmlDocument;
}
public override XmlElement GetIdElement(XmlDocument document, string idValue)
{
XmlElement matchingElement = null;
try
{
matchingElement = base.GetIdElement(document, idValue);
}
catch (Exception idElementException)
{
Trace.TraceError(idElementException.ToString());
}
if (matchingElement == null)
{
// at this point, idValue = xpointer(//*[@authenticate='true'])
string customXPath = idValue.TrimEnd(')');
customXPath = customXPath.Substring(customXPath.IndexOf('(') + 1);
matchingElement = xmlDocumentToSign.SelectSingleNode(customXPath) as XmlElement;
}
return matchingElement;
}
}
然后在使用者代码中,只需将SignedXml更改为CustomSignedXml:
CustomSignedXml signedXml = new CustomSignedXml(xmlDoc);