我得到回复:哈希值不匹配。
我有以下代码:
public string SignSoapMessageVersion(string soapRequest,X509Certificate2 certificate)
{
RSA privateKey = certificate.GetRSAPrivateKey();
// Load the SOAP request into an XML document
XmlDocument soapEnvelope = new XmlDocument();
soapEnvelope.PreserveWhitespace = true; // Preserve whitespace
soapEnvelope.LoadXml(soapRequest);
KeyInfo keyInfo = AddKeyInfoPFX(certificate,soapEnvelope);
SignedXmlWithId signedXml = new SignedXmlWithId(soapEnvelope);
signedXml.SigningKey = privateKey;
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.SignatureMethod =
"http://www.w3.org/2000/09/xmldsig#rsa-sha1";
signedXml.SignedInfo.CanonicalizationMethod =
SignedXml.XmlDsigExcC14NTransformUrl;
AddReferencesToSignedXml(signedXml);
signedXml.ComputeSignature();
XmlElement signatureElement = signedXml.GetXml();
InsertSignatureIntoEnvelope(soapEnvelope, signatureElement);
// Convert the modified XML document back to string
StringWriter stringWriter = new StringWriter();
XmlTextWriter xmlTextWriter = new XmlTextWriter(stringWriter);
soapEnvelope.WriteTo(xmlTextWriter);
string signedSoapRequest = stringWriter.ToString();
return signedSoapRequest;
}
创建signedSoapRequest后,我通过HTTP发送它。因为哈希不匹配,我希望更改 xml,但我找不到。我还检查了我的 CanonicalizationMethod,但它是正确的。我已经找了好几个小时了,但我看不出问题所在。
XML如下:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns="http://logius.nl/digipoort/koppelvlakservices/1.2/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd" wsu:Id="soap-id">
<soapenv:Header xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsa="http://www.w3.org/2005/08/addressing" wsu:Id="header-
id">
<wsse:Security xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-
1.0.xsd">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd" EncodingType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-soap-message-security-
1.0#Base64Binary" ValueType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-
1.0#X509v3" wsu:Id="BST-
daW0db2sMi2xKB4vf21Qij+gHzU=">MyBinarySecurityToken
</wsse:BinarySecurityToken>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd" wsu:Id="timestamp-id">
<wsu:Created>2024-03-13T23:51:44Z</wsu:Created>
<wsu:Expires>2024-03-13T23:56:44Z</wsu:Expires>
</wsu:Timestamp>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#id-2828">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>xfMJtd2LNORdDHd8FrWvZ3v6bKk=</DigestValue>
</Reference>
<Reference URI="#timestamp-id">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>U5/Kj0HuVAesXWR3xruIpfBoGsk=</DigestValue>
</Reference>
<Reference URI="#id-2830">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Zne8qDKNG8EoX7jEb/GiGUuwrn4=</DigestValue>
</Reference>
<Reference URI="#id-2831">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>rhTgRqv1al0xXnIIaUiWIlYmJSk=</DigestValue>
</Reference>
<Reference URI="#id-2832">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>W0zDCg76HEpF5kk4uM8QrMGewJw=</DigestValue>
</Reference>
<Reference URI="#id-2829">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>NMDB73UNT5oviV5V8OuG/tqItSA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Value</SignatureValue>
<KeyInfo Id="KeyId-daW0db2sMi2xKB4vf21Qij+gHzU=">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd"
wsu:Id="STRId-daW0db2sMi2xKB4vf21Qij+gHzU=">
<wsse:KeyIdentifier ValueType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-
1.0#X509v3">daW0db2sMi2xKB4vf21Qij+gHzU=</wsse:KeyIdentifier>
<wsse:Reference xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-
x509-token-profile-1.0#X509v3" URI="#KeyId-
daW0db2sMi2xKB4vf21Qij+gHzU="/>
</wsse:SecurityTokenReference>
<X509Data>
<X509Certificate>MyCertificate</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</wsse:Security>
警告1
Severity Code Description Project File Line Suppression State
Warning The 'http://www.w3.org/2000/09/xmldsig#:SignatureValue' element is invalid - The value 'Value' is invalid according to its datatype 'http://www.w3.org/2000/09/xmldsig#:SignatureValueType' - Invalid length for a Base-64 char array or string. ConsoleApp10 C:\Users\joel\source\repos\ConsoleApp10\ConsoleApp10\XMLFile1.xml 87
警告2
Severity Code Description Project File Line Suppression State
Warning The 'Id' attribute is invalid - The value 'KeyId-daW0db2sMi2xKB4vf21Qij+gHzU=' is invalid according to its datatype 'http://www.w3.org/2001/XMLSchema:ID' - The '+' character, hexadecimal value 0x2B, cannot be included in a name. ConsoleApp10 C:\Users\joel\source\repos\ConsoleApp10\ConsoleApp10\XMLFile1.xml 88
警告3
Severity Code Description Project File Line Suppression State
Warning The 'http://www.w3.org/2000/09/xmldsig#:X509Certificate' element is invalid - The value 'MyCertificate' is invalid according to its datatype 'http://www.w3.org/2001/XMLSchema:base64Binary' - Invalid length for a Base-64 char array or string. ConsoleApp10 C:\Users\joel\source\repos\ConsoleApp10\ConsoleApp10\XMLFile1.xml 104
警告4
Severity Code Description Project File Line Suppression State
Warning The element 'Envelope' in namespace 'http://schemas.xmlsoap.org/soap/envelope/' has incomplete content. List of possible elements expected: 'Body' in namespace 'http://schemas.xmlsoap.org/soap/envelope/'. ConsoleApp10 C:\Users\joel\source\repos\ConsoleApp10\ConsoleApp10\XMLFile1.xml 110