1

I am trying to create the following signed document in C# (I am posting only the part that matters): 

<?xml version="1.0" encoding="UTF-8"?>
<SignedSaveRequest xmlns="http://www.to2bs.com/products/sta/schemas/messages/v2" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
    <Header ID="header">
        <TimestampPolicy>S1</TimestampPolicy>
        <ReTimestampPolicy>R1</ReTimestampPolicy>
        <TwoStampsType>1P</TwoStampsType>
        <Hashes>
            <Hash>
                <Name>Test PDF.pdf</Name>
                <Digest hashAlgorithm="SHA256">2oN+8Z74rPqPwKqt+gVpr+z2EHx+OQwMQyxFgbjUgt0=</Digest>
            </Hash>
        </Hashes>
        <ShreddingPolicy>
            <Sign>U</Sign>
            <Period>1</Period>
        </ShreddingPolicy>
    </Header>
    <Security>
        <ns2:Signature>
            <ns2:SignedInfo>
                <ns2:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>                 
                <ns2:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> 
                <ns2:Reference URI="#header"> 
                    <ns2:Transforms>
                        <ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    </ns2:Transforms>
                    <ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ns2:DigestValue>wp+Gw43JannGYRSK3rjLW1JtSQDFTMoQU/iTEsHXCe0=</ns2:DigestValue>

I am having troubles to get the correct value for DigestValue (the last tag). If I understand the specification correctly, I should get the canonic version of the fragment containing the tag "Header", which is (one string, no line breaks): 

<Header ID="header"><TimestampPolicy>S1</TimestampPolicy><ReTimestampPolicy>R1</ReTimestampPolicy><TwoStampsType>1P</TwoStampsType><Hashes><Hash><Name>Test PDF.pdf</Name><Digest hashAlgorithm="SHA256">2oN+8Z74rPqPwKqt+gVpr+z2EHx+OQwMQyxFgbjUgt0=</Digest></Hash></Hashes><ShreddingPolicy><Sign>U</Sign><Period>1</Period></ShreddingPolicy></Header>

And then compute the SHA 256 and encode it into base64. So, I am doing this: 

HeaderDoc.LoadXml(headerOuterXml); // headerOuterXml is the string above
c14NormalizationTransform.LoadInput(HeaderDoc);
MemoryStream ms = 
  (MemoryStream)c14NormalizationTransform.GetOutput(typeof(System.IO.Stream));                                      
SHA256 sha = new SHA256Managed();
byte[] digestBytes = sha.ComputeHash(ms);                       
string digestBytes64 = Convert.ToBase64String(digestBytes);

And getting the result: 

fRLX327uHQnkztMHjGX/k5V70fgFKbvVGjyLj1biYFE=

which is different from the expected:

wp+Gw43JannGYRSK3rjLW1JtSQDFTMoQU/iTEsHXCe0=

What am I doing wrong?

4

1 に答える 1

0

手遅れではないことを願っています。

XMLの正規バージョンが1行であるというのは誤解です。仕様全体があります。XMLの正規バージョンを生成するためのルールをリストしたW3C正規XML(略してC14N)です。

.NET Frameworkには、これを使用できるAPIがあります。

于 2013-03-13T13:31:14.943 に答える