C# 如何从clickonce部署清单xml文件中获取证书信息
我正试图解析xml文件以从ClickOnce清单中获取证书信息。 我需要的是X509证书信息。 示例文件如下所示:C# 如何从clickonce部署清单xml文件中获取证书信息,c#,.net,xml,xpath,xmldocument,C#,.net,Xml,Xpath,Xmldocument,我正试图解析xml文件以从ClickOnce清单中获取证书信息。 我需要的是X509证书信息。 示例文件如下所示: <?xml version="1.0" encoding="utf-8"?> <asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-micro
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<asmv1:assemblyIdentity name="someName.Xbap.exe" version="2.5.18.1" publicKeyToken="3i3cc7f44s0b9526" language="neutral" processorArchitecture="msil" type="win32" />
<application />
<entryPoint>
<assemblyIdentity name="someName.AFW.Xbap" version="2.5.18.1" language="neutral" processorArchitecture="msil" />
<commandLine file="someName.AFW.Xbap.exe" parameters="" />
<hostInBrowser xmlns="urn:schemas-microsoft-com:asm.v3" />
</entryPoint>
<publisherIdentity name="CN=HOSTNAME" issuerKeyHash="4534734c4984227c4fa0asdd4eb114524aaed397" />
<Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>MVvHBmUFm2j7PwKjbzig0y7jdBo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue</SignatureValue>
<KeyInfo Id="StrongNameKeyInfo">
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomModulusValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<msrel:RelData xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/reldata">
<r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode">
<r:grant>
<as:ManifestInformation Hash="manifesthash" Description="" Url="">
<as:assemblyIdentity name="Somename.Xbap.exe" version="1.0.18.51" publicKeyToken="3b3bc7b44b4b8810" language="neutral" processorArchitecture="msil" type="win32" />
</as:ManifestInformation>
<as:SignedBy />
<as:AuthenticodePublisher>
<as:X509SubjectName>CN=HostName</as:X509SubjectName>
</as:AuthenticodePublisher>
</r:grant>
<r:issuer>
<Signature Id="AuthenticodeSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>asdasda+asdaasdasdad=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomSignatureValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>!!!this is the required certificate information!!!</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</r:issuer>
</r:license>
</msrel:RelData>
</KeyInfo>
</Signature>
</asmv1:assembly>
// load the xml document
var xml = XDocument.Load(@"d:\input.xml");
// find the signature node
var signature = xml.Root.Elements().FirstOrDefault(r => r.Value.Contains("Signature"));
if (signature != null)
{
// get the namespace of the signature node in order to search for the sub nodes
var ns = signature.GetDefaultNamespace();
// find the certificate node
var certificate = signature.Descendants(ns + "X509Certificate").FirstOrDefault();
if (certificate != null)
{
// take the value
Console.WriteLine(certificate.Value);
}
}
当我执行它时,我得到了XPathException
我还尝试了一种名称空间变体。文档包含不同名称空间定义的名称空间。当访问使用名称空间的XML结构内的节点时,名称空间也应该被寻址,否则名称不完整,看起来似乎不存在 使用的一种可能的解决方案如下所示:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<asmv1:assemblyIdentity name="someName.Xbap.exe" version="2.5.18.1" publicKeyToken="3i3cc7f44s0b9526" language="neutral" processorArchitecture="msil" type="win32" />
<application />
<entryPoint>
<assemblyIdentity name="someName.AFW.Xbap" version="2.5.18.1" language="neutral" processorArchitecture="msil" />
<commandLine file="someName.AFW.Xbap.exe" parameters="" />
<hostInBrowser xmlns="urn:schemas-microsoft-com:asm.v3" />
</entryPoint>
<publisherIdentity name="CN=HOSTNAME" issuerKeyHash="4534734c4984227c4fa0asdd4eb114524aaed397" />
<Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>MVvHBmUFm2j7PwKjbzig0y7jdBo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue</SignatureValue>
<KeyInfo Id="StrongNameKeyInfo">
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomModulusValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<msrel:RelData xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/reldata">
<r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode">
<r:grant>
<as:ManifestInformation Hash="manifesthash" Description="" Url="">
<as:assemblyIdentity name="Somename.Xbap.exe" version="1.0.18.51" publicKeyToken="3b3bc7b44b4b8810" language="neutral" processorArchitecture="msil" type="win32" />
</as:ManifestInformation>
<as:SignedBy />
<as:AuthenticodePublisher>
<as:X509SubjectName>CN=HostName</as:X509SubjectName>
</as:AuthenticodePublisher>
</r:grant>
<r:issuer>
<Signature Id="AuthenticodeSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>asdasda+asdaasdasdad=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomSignatureValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>!!!this is the required certificate information!!!</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</r:issuer>
</r:license>
</msrel:RelData>
</KeyInfo>
</Signature>
</asmv1:assembly>
// load the xml document
var xml = XDocument.Load(@"d:\input.xml");
// find the signature node
var signature = xml.Root.Elements().FirstOrDefault(r => r.Value.Contains("Signature"));
if (signature != null)
{
// get the namespace of the signature node in order to search for the sub nodes
var ns = signature.GetDefaultNamespace();
// find the certificate node
var certificate = signature.Descendants(ns + "X509Certificate").FirstOrDefault();
if (certificate != null)
{
// take the value
Console.WriteLine(certificate.Value);
}
}
输出为:
!!!this is the required certificate information!!!
这些是你错过的一些步骤。首先,您需要使用
XmlNamespaceManager
将前缀注册到namespaceUri映射:
var nsMapping = new XmlNamespaceManager(xmlDoc.NameTable);
nsMapping.AddNamespace("msrel", "http://schemas.microsoft.com/windows/rel/2005/reldata");
nsMapping.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
其次,除了上述两个名称空间之外,还需要注册默认名称空间(声明为不带前缀的名称空间),以便在XPath中使用:
nsMapping.AddNamespace("d", "http://www.w3.org/2000/09/xmldsig#");
var xpath = "//d:Signature/d:KeyInfo/msrel:RelData/r:license/r:issuer/d:Signature/d:KeyInfo/d:X509Data/d:X509Certificate";
XmlNode securityNode = xmlDoc.SelectSingleNode(xpath, nsMapping);
第三,除了在XPath中正确使用注册前缀之外,还将命名空间管理器作为SelectSingleNode()
的第二个参数传递:
nsMapping.AddNamespace("d", "http://www.w3.org/2000/09/xmldsig#");
var xpath = "//d:Signature/d:KeyInfo/msrel:RelData/r:license/r:issuer/d:Signature/d:KeyInfo/d:X509Data/d:X509Certificate";
XmlNode securityNode = xmlDoc.SelectSingleNode(xpath, nsMapping);
如您在问题中所述,缺少上述步骤将触发XPathException。顺便说一句,以下更简单的XPath也适用于这种情况:
var xpath = "//d:X509Certificate";