Certificate 在NET中验证Java生成的签名Xml
我有下面的XMLCertificate 在NET中验证Java生成的签名Xml,certificate,java,.net,validation,xml,Certificate,Java,.net,Validation,Xml,我有下面的XML <?xml version="1.0" encoding="UTF-8" standalone="no"?> <Response xmlns="http://www.site.ae/g"> <Message xml:id="message"> <Header> <Service>Read</
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Response xmlns="http://www.site.ae/g">
<Message xml:id="message">
<Header>
<Service>Read</Service>
<Action>SomeAction</Action>
</Header>
<Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="SomeDataType">
<Status>Success</Status>
<Data>
<Id>123</Id>
</Data>
</Body>
</Message>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#message">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>SomeValue</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
SomeValue
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
SomeValue
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Response>
一个是根,第二个是中间,第三个是证书。我已经创建了下面的代码
var xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.Load("above.xml");
bool result = VerifyXml(xmlDoc, clientCert);
private static Boolean VerifyXml(XmlDocument Doc, X509Certificate2 Key)
{
// Create a new SignedXml object and pass it
// the XML document class.
var signedXml = new System.Security.Cryptography.Xml.SignedXml(Doc);
// Find the "Signature" node and create a new XmlNodeList object.
XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");
// Throw an exception if no signature was found.
if (nodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
// Though it is possible to have multiple signatures on
// an XML document, this app only supports one signature for
// the entire XML document. Throw an exception
// if more than one signature was found.
if (nodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
// Load the first <signature> node.
signedXml.LoadXml((XmlElement)nodeList[0]);
// Check the signature and return the result.
return signedXml.CheckSignature(Key, true);
}
var xmlDoc=new XmlDocument();
xmlDoc.PreserveWhitespace=true;
Load(“over.xml”);
bool result=VerifyXml(xmlDoc,clientCert);
私有静态布尔验证XML(XmlDocument文档,X509Certificate2密钥)
{
//创建一个新的SignedXml对象并传递它
//XML文档类。
var signedXml=newsystem.Security.Cryptography.Xml.signedXml(Doc);
//找到“Signature”节点并创建一个新的XmlNodeList对象。
XmlNodeList nodeList=Doc.GetElementsByTagName(“签名”);
//如果未找到签名,则引发异常。
如果(nodeList.Count=2)
{
抛出新的加密异常(“验证失败:为文档找到了多个签名。”);
}
//加载第一个节点。
signedXml.LoadXml((xmlement)节点列表[0]);
//检查签名并返回结果。
返回signedXml.CheckSignature(Key,true);
}
但是上面的代码结果总是返回false。有什么东西我遗漏了吗?NET支持验证从java生成的xml吗
从…得到答复
您能用Java验证签名是否有效吗?证书和链是否可信?@DanielFisherlennybacon我在“谢谢”上得到了答案
var xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.Load("above.xml");
bool result = VerifyXml(xmlDoc, clientCert);
private static Boolean VerifyXml(XmlDocument Doc, X509Certificate2 Key)
{
// Create a new SignedXml object and pass it
// the XML document class.
var signedXml = new System.Security.Cryptography.Xml.SignedXml(Doc);
// Find the "Signature" node and create a new XmlNodeList object.
XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");
// Throw an exception if no signature was found.
if (nodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
// Though it is possible to have multiple signatures on
// an XML document, this app only supports one signature for
// the entire XML document. Throw an exception
// if more than one signature was found.
if (nodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
// Load the first <signature> node.
signedXml.LoadXml((XmlElement)nodeList[0]);
// Check the signature and return the result.
return signedXml.CheckSignature(Key, true);
}