.net – SignedXml.CheckSignature抛出异常:值不能为null.参数
我正在编写一段代码来验证X509证书中的Xml签名,并在主题行中获得异常消息.
我的示例代码 Dim cert As X509Certificate2 = GetCertificate("Certificate Name") Dim signedXml As SignedXml = New SignedXml(Me.samlResponseXml) If (signedXml.CheckSignature(cert,True)) Then ' The signature is valid Else ' The signature is invalid Throw New ArgumentException("Invalid signature found in Saml Xml.") End If 我已成功从证书存储区加载证书(代码的第1行). 当我调用signedXml.CheckSignature(cert,True)函数时抛出异常.消息很不清楚:
有什么问题在这里有什么不妥? 调用堆栈:
更新1 SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignatureMethod)作为SignatureDescription; 很显然,SignatureMethod是一个包装 public string SignatureMethod { get { return m_signature.SignedInfo.SignatureMethod; } } m_signature.SignedInfo.SignatureMethod是空值.我在MSDN上再次阅读了SignatureMethod在http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.signaturemethod.aspx的解释,并在下面粘贴了带有签名部分的Xml代码.我有一个SignatureMethod标记,其中包含值,但为什么SignedXml无法处理它? <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#_ea559faf-417b-407f-bdc2-bccc76dab76c"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>fvQx+J90ZGKhwj8Mfhg6v/esOtI=</DigestValue> </Reference> </SignedInfo> <SignatureValue>Ft2mQEA3a39uRq5N94pDI8Y6B/UGLXHkZJ+/besOQmEtZoi630vBDzQfIxx5Djgg6YYeF/s67iF+KLgfvBrHxoe3E8xiqTwBigem41+PJdITlwgrOTkLo2sSdj4DaFdxeN+SCy6KfKXpDBvDyN4i/R0hBKodGwytfzK/DMeOhHU=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIICBjCCAXOgAwIBAgIQ3VhOVESMV71O0q5EttLxxDAJBgUrDgMCHQUAMBwxGjAYBgNVBAMTEUlkZW50aXR5UHJvdmlkZXIxMB4XDTExMDkwMTA1MDAwMFoXDTQwMTIzMTA1MDAwMFowHDEaMBgGA1UEAxMRSWRlbnRpdHlQcm92aWRlcjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMBVhtKneTweMOgmvwO+i8AvZ5p0/PGatzLKNXVctTROcXb48u3L9JR3sVPasAFNsafq086xqaWyuFM7jAHtYHTQg/oLt+wGCKd7w/n4s0crxM3NVahDmSUPnBW9RZM2XD4pOs9DTu8aEEQGN/p01jrIMgPYhdlVsTJSg43lLyzjAgMBAAGjUTBPME0GA1UdAQRGMESAEHDoTOJwf2lSgqgCU4TXI2ShHjAcMRowGAYDVQQDExFJZGVudGl0eVByb3ZpZGVyMYIQ3VhOVESMV71O0q5EttLxxDAJBgUrDgMCHQUAA4GBAKvsy5KkU9dDNWDRW55/+s7txFfl4ZmWw45AmZYXEA90g+xzALFtWbX/QGqCOx4C0h5fB5Oco084B7gJK/uf2a8oaYvxYGwlxgRxJ9Dq5XBx5ZhOuobT8G2xVy575cbaGnFbObG6/E33Mva1gAYdw7rvGaz/dYuBeChsEIvzROYU</X509Certificate> </X509Data> </KeyInfo> </Signature> 解决方法
SignedXml需要两个步骤进行验证.第1步是构造,在其中为其提供将在其中找到已签名元素的文档或元素.第二部分是你必须通过LoadXml方法加载Signature元素(可能来自不同的文档).
要从the SignedXml MSDN page中获取示例,但要为证书修改它: public static Boolean VerifyXmlFile(XmlElement samlResponseXml,X509Certificate2 cert) { // Create a new SignedXml object and pass it the XML. SignedXml signedXml = new SignedXml(samlResponseXml); // Find the "Signature" node and create a new XmlNodeList object. XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature"); // TODO: Error checking. Was it found? Were too many found? // Load the signature node. signedXml.LoadXml((XmlElement)nodeList[0]); // Check the signature and return the result. return signedXml.CheckSignature(cert,true); } 使用SignedXml时,请注意MSDN页面上“备注”部分中的问题.特别是,确保签名密钥适合签名内容(类似于在TLS会话期间执行主机名验证). (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |