none
XML签名的问题 RRS feed

 > 

  • 问题

  • Question
    登录进行投票
    0
    登录进行投票 
    <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
  <trust:RequestSecurityTokenResponse Context="http://XX">
    <trust:Lifetime>
      <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-10T05:50:33.041Z</wsu:Created>
      <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-10T09:50:33.041Z</wsu:Expires>
    </trust:Lifetime>
    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsa:Address>urn:XXXX</wsa:Address>
      </wsa:EndpointReference>
    </wsp:AppliesTo>
    <trust:RequestedSecurityToken>
      <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_6b8d4d4a-a8d0-424b-b4f4-cc3650791828" Issuer="http://XXXX" IssueInstant="2015-07-10T05:50:33.267Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
        <saml:Conditions NotBefore="2015-07-10T05:50:33.041Z" NotOnOrAfter="2015-07-10T09:50:33.041Z">
          <saml:AudienceRestrictionCondition>
            <saml:Audience>urn:XXXX</saml:Audience>
          </saml:AudienceRestrictionCondition>
        </saml:Conditions>
        <saml:AttributeStatement>
          <saml:Subject>
            <saml:SubjectConfirmation>
              <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
            </saml:SubjectConfirmation>
          </saml:Subject>
          <saml:Attribute AttributeName="upn" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
            <saml:AttributeValue>XXXX</saml:AttributeValue>
          </saml:Attribute>
          <saml:Attribute AttributeName="CommonName" AttributeNamespace="http://schemas.xmlsoap.org/claims">
            <saml:AttributeValue>XXX</saml:AttributeValue>
          </saml:Attribute>
          <saml:Attribute AttributeName="role" AttributeNamespace="http://schemas.microsoft.com/ws/2008/06/identity/claims">
            <saml:AttributeValue>XXX</saml:AttributeValue>
            <saml:AttributeValue>XXX</saml:AttributeValue>
          </saml:Attribute>
        </saml:AttributeStatement>
      </saml:Assertion>
    </trust:RequestedSecurityToken>
    <trust:RequestedAttachedReference>
      <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_6b8d4d4a-a8d0-424b-b4f4-cc3650791828</o:KeyIdentifier>
      </o:SecurityTokenReference>
    </trust:RequestedAttachedReference>
    <trust:RequestedUnattachedReference>
      <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_6b8d4d4a-a8d0-424b-b4f4-cc3650791828</o:KeyIdentifier>
      </o:SecurityTokenReference>
    </trust:RequestedUnattachedReference>
    <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
    <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
    <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
  </trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>

    这是一段的令牌中包含SAML 1.1用户声明的,是一段XML,也是XML文件的一部分,我需要用X509证书对其进行签名,但是由于没有ID字段,

    SignedXml signedXml = new SignedXml(Doc);
        
        //获取签名证书
            X509Certificate2 x = CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, issuer);
        signedXml.SigningKey = x.PrivateKey;

        //引用
        //指定了在哈希运算之前应当如何对将要签名的数据进行处理。
        //URI属性标识要签名的数据,而Transforms元素指定如何处理数据。
        Reference reference = new Reference("#_6b8d4d4a-a8d0-424b-b4f4-cc3650791828");
            //reference.Uri = "#_6b8d4d4a-a8d0-424b-b4f4-cc3650791828"; //空字符串,它指定对整个文档进行签名并且包含签名,需要特别注意的是文档中如果已经存在<Signature>节点,在签名前将先被移除。
        XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();  //使用包封式签名转换
        reference.AddTransform(env);
        signedXml.AddReference(reference);

        //向签名的接收方提供签名证书的信息,在验证签名的同时可以验证签名证书
        KeyInfoX509Data keyInfoX509 = new KeyInfoX509Data(x, X509IncludeOption.EndCertOnly);
        signedXml.KeyInfo.AddClause(keyInfoX509);

        //签名
        signedXml.ComputeSignature();
    用这段代码进行签名会提示Reference 元素的格式不正确。该如何对那段XML实现签名呢?

    ...

    2015年7月17日 8:51
    |