WCF - SignedXml.CheckSignature failing on signed soap body

杀马特。学长 韩版系。学妹 提交于 2019-12-11 12:05:52

问题


I'm trying to validate a signature on a signed SOAP message. (Just to get this out of the way, I have no control at all over the message I'm receiving) The Body of the message is signed and sent over by a Java appliance.

The SignedXml.CheckSignature method fails but I'm certain that the message I'm receiving is correct.

relevant bit:

        Dim sdoc As New SignedXml(doc)
        Dim nodeList As XmlNodeList = doc.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
        sdoc.LoadXml(CType(nodeList.Item(0), XmlElement))
        Dim result As Boolean = sdoc.CheckSignature(cert, False)
        'Also tried sdoc.CheckSignature()

signature:

   <E:Envelope xmlns:E="http://schemas.xmlsoap.org/soap/envelope/">
      <SOAP:Header xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
         <SOAP-SEC:Signature SOAP:mustUnderstand="1" xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12">
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
              <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="#Body">
                  <Transforms>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                   <DigestValue>xxxc</DigestValue>
                </Reference>
             </SignedInfo>
      <SignatureValue>xxx</SignatureValue>
            <KeyInfo>
              <X509Data>
                <X509Certificate />
                <X509IssuerSerial>
                  <X509IssuerName>OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network</X509IssuerName>
                  <X509SerialNumber>xxx</X509SerialNumber>
                </X509IssuerSerial>
             </X509Data>
            </KeyInfo>
          </Signature>
      </SOAP-SEC:Signature>
    </SOAP:Header>
    <E:Body id="Body">

来源:https://stackoverflow.com/questions/12270032/wcf-signedxml-checksignature-failing-on-signed-soap-body

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!