Domanda
Every time I try to send a signed XML, the web service verifier rejects it.
To sign the document I just adapted this sample code provided by Microsoft:
http://msdn.microsoft.com/es-es/library/ms229745(v=vs.110).aspx
My implementation:
https://stackoverflow.com/questions/23394654
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian public static XmlDocument FirmarXML(XmlDocument xmlDoc)
{
try
{
X509Certificate2 myCert = null;
var store = new X509Store(StoreLocation.CurrentUser); //StoreLocation.LocalMachine fails too
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates;
foreach (var certificate in certificates)
{
if (certificate.Subject.Contains("xxx"))
{
myCert = certificate;
break;
}
}
if (myCert != null)
{
RSA rsaKey = ((RSA)myCert.PrivateKey);
// Sign the XML document.
SignXml(xmlDoc, rsaKey);
}
}
catch (Exception e)
{
MessageBox.Show(e.Message);
}
return xmlDoc;
}
// Sign an XML file.
// This document cannot be verified unless the verifying
// code has the key with which it was signed.
public static void SignXml(XmlDocument xmlDoc, RSA Key)
{
// Check arguments.
if (xmlDoc == null)
throw new ArgumentException("xmlDoc");
if (Key == null)
throw new ArgumentException("Key");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
I think I am following the same steps using my own certificate, however it doesn't works as expected.
Any suggestion will be welcome.
Soluzione
How does the server know what certificate the document is signed with? You seem to not to include the cert in the signed document:
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoData = new KeyInfoX509Data( Key );
keyInfo.AddClause( keyInfoData );
signedXml.KeyInfo = keyInfo;
If you need more details, consult my blog entry
http://www.wiktorzychla.com/2012/12/interoperable-xml-digital-signatures-c_20.html
Altri suggerimenti
It's a long time since this post has been created. I got the same problem with the digital signature can not be validated.
For whom who has the same issue. In my case the difference is XmlDocument.PreserveWhitespace option.
When the PreserveWhitespace = true, the document is not valid when checking against the public key. PreserveWhitespace = false makes the signed XML valid.
I guess that when saving the signed XML to file and sending it to server. There is some space or special characters are inserted to the document and make it invalid.
