问题
I'm trying to validate a signature on a signed SOAP message. (Just to get this out of the way, I have no control at all over the message I'm receiving) The Body of the message is signed and sent over by a Java appliance.
The SignedXml.CheckSignature method fails but I'm certain that the message I'm receiving is correct.
relevant bit:
Dim sdoc As New SignedXml(doc)
Dim nodeList As XmlNodeList = doc.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
sdoc.LoadXml(CType(nodeList.Item(0), XmlElement))
Dim result As Boolean = sdoc.CheckSignature(cert, False)
'Also tried sdoc.CheckSignature()
signature:
<E:Envelope xmlns:E="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Header xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-SEC:Signature SOAP:mustUnderstand="1" xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>xxxc</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>xxx</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate />
<X509IssuerSerial>
<X509IssuerName>OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network</X509IssuerName>
<X509SerialNumber>xxx</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</KeyInfo>
</Signature>
</SOAP-SEC:Signature>
</SOAP:Header>
<E:Body id="Body">
来源:https://stackoverflow.com/questions/12270032/wcf-signedxml-checksignature-failing-on-signed-soap-body