私は .NET にかなり慣れていないので、XML ドキュメントの署名の検証に関するこのMSDN ガイドに従っています。
CheckSignatureオブジェクトでメソッドが呼び出されているステップ 7 にいSignedXmlます。が発生していますが、私ArgumentNullExceptionが書いたコードが原因ではありません。ガイドに名前の不一致があることはわかっており、コードで修正しました。
例外の詳細を見ると、それはParam nameあり、メソッドnameに渡されています。System.Security.Cryptography.CryptoConfig.CreateFromNameドキュメントとスタック オーバーフローに関する質問を何時間も読んでいますが、困惑しています。
編集:これがコードです。SAMLアサーションに付属する証明書を使用する方法を試しました。それでも同じ結果が得られます。
XmlDocument doc = new XmlDocument()
{
PreserveWhitespace = true
};
doc.LoadXml(DecodedAssertion); // this is a SAML assertion that has been base64 decoded
XmlNodeList SignatureNodes = doc.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#");
SignedXml AuthXml = new SignedXml(doc);
foreach (XmlNode Node in SignatureNodes)
{
XElement tmp = XElement.Load(Node.CreateNavigator().ReadSubtree());
XNamespace ds = "http://www.w3.org/2000/09/xmldsig#";
IEnumerable<XElement> certificate =
from el in tmp.Descendants(ds + "X509Certificate")
select el;
string x = certificate.First().Value;
X509Certificate2 cert = new X509Certificate2(Encoding.UTF8.GetBytes(x));
AuthXml.CheckSignature(cert, true);
}
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://fakeurl.com" ID="fakeid" IssueInstant="2015-08-27T13:52:37.356Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exk4sxs39xvadTNJp0h7</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#fakeid"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>Lkz8MM61fcUPxu4Yil1LPhaR8+BzPztYICIClnuM/UY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>iNW0vkYnbcC6Q7gQZJ1NMeNkcQa72GFCepJyMmql2gfPZ2W6HFc5HKZp91tzvFMTGfAmfOlP9Ew27HMdyph6JhxG3Nq5JqrwWUa0J8f93hPLcR28Qwoj6ZJKX9JNmyp5koi5H9iF1DSYysDr/LcMikP/E0wOscetIQvY5bm7Ul7CemlPOQAx2gsClV4adGdp7rUCKzC+VSyAlUSZuLe/RHhzXyY+ThwQoA833Fg/LVJxcPv1E5kg8wzxfqInU1icgeS4sVRJSzxcC6h7ePldxgoBiaajtoLGSu0+8lQgT3/6arvcpFfA4uvH4LFxmc+2BDThEyKAbSFI7A7MH2Y6Sw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDqjCCApKgAwIBAgIGAUsUmy2MMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFjAUBgNVBAMMDWRvbGJ5ZXh0ZXJuYWwxHDAaBgkqhkiG9w0B
CQEWDWluZm9Ab2t0YS5jb20wHhcNMTUwMTIzMDIyMzQ5WhcNNDUwMTIzMDIyNDQ5WjCBlTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTAL
BgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRYwFAYDVQQDDA1kb2xieWV4dGVybmFs
MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3TGQ4MaLiNbB4hhy6l7AAw575BexpbDKC/AvUrPkpZv0tUAzjnEpzo3hEBaw7jK/yIG0
mXdrmOxr/m9NuSLgMlxgjnnQp5DR5aaTJSFVFlNki4Ly32WgJTKcYKiUId+ocoukqAbzmWudumh8
vMNBthyK5tv/2mGi5qNhZQZlLaPUv+dQxc9lqpBUsNBw4oFUPQacfcx2SyfH2+SAicP6H9iqiRmS
+/Ye7eAux3VZv7cl0uQLMtx+MUYv0Y9JbGhSe8VYkt8P9B9tpolvZ4TVgPjdqPqwc8tJLB9JKY7+
nqVEtbMHr1QMD5WZvDFLvYpAGn2VbK8E122in9Sb0aMQawIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQAhmBUwef37u3WYZYFPLgeBDq5Uqg1usa4l+RUbtthz3+kqsHD9av8GyaYa32W2GV/yHMJjDZCo
EAykKVN0578Qt6bwfY7Jn4P6fjaA2eyL8lTbxtUOfnSIBXtuJKBwH3TjnUCvOmjkUausvGGpNOyL
GvVHNqhVDavcN6FbCZqWOnkRoCfmQR49hJj5WPkXfDt0j4WLSWmBQHXKxqyG9EDoaxZSwbsfOS5P
cRYWCPgBsgVAMQHfEQUdfK1FNnLHDxWIbLEnYHqwW+n1gtnK89jj5sRjme7fNxrEVGgS5w1rZG4c
8MJMDVlBEo/Zblh9IeMN+dvdsPKiK1M5MtoZstEt</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="fakeid2" IssueInstant="2015-08-27T13:52:37.356Z" Version="2.0"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/issuergoeshere</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#fakeid2"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>R2Qqgf4W6J5xC9mw5hF/kgoB/0Ks9n1WeGZ+DGPDOPI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>kJMgYFflTmKaSd3kCScEvVYKgoHWhelo+YUjxONJUPxvBC66VUj6zL4ikvXml2UMoUA/i/VePot/numcRtRzOFrFUbIfPgAPjGdyYEQFxjd0UkR2LlFMGDI4XvcRDXbiZCh2GloRreue80sS3xm77YEDqeCgpN0mN11vdSxkWJrUBKJzOjsFriQFkWnk5sfT/6Z8zJwyPnxdY5aKYmhjbNsqrrUWBqSE1TgoMs073CLTWRXYlv318Qzs5sVdzh+nU/Rx66RDvobf2CLH7c3ipKybYq1U3lu2f91Xt9RTLAKRIam4iOvXEZesty+vdFPMxYfxZDr6aEDhJM8kO7ww6w==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDqjCCApKgAwIBAgIGAUsUmy2MMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFjAUBgNVBAMMDWRvbGJ5ZXh0ZXJuYWwxHDAaBgkqhkiG9w0B
CQEWDWluZm9Ab2t0YS5jb20wHhcNMTUwMTIzMDIyMzQ5WhcNNDUwMTIzMDIyNDQ5WjCBlTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTAL
BgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRYwFAYDVQQDDA1kb2xieWV4dGVybmFs
MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3TGQ4MaLiNbB4hhy6l7AAw575BexpbDKC/AvUrPkpZv0tUAzjnEpzo3hEBaw7jK/yIG0
mXdrmOxr/m9NuSLgMlxgjnnQp5DR5aaTJSFVFlNki4Ly32WgJTKcYKiUId+ocoukqAbzmWudumh8
vMNBthyK5tv/2mGi5qNhZQZlLaPUv+dQxc9lqpBUsNBw4oFUPQacfcx2SyfH2+SAicP6H9iqiRmS
+/Ye7eAux3VZv7cl0uQLMtx+MUYv0Y9JbGhSe8VYkt8P9B9tpolvZ4TVgPjdqPqwc8tJLB9JKY7+
nqVEtbMHr1QMD5WZvDFLvYpAGn2VbK8E122in9Sb0aMQawIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQAhmBUwef37u3WYZYFPLgeBDq5Uqg1usa4l+RUbtthz3+kqsHD9av8GyaYa32W2GV/yHMJjDZCo
EAykKVN0578Qt6bwfY7Jn4P6fjaA2eyL8lTbxtUOfnSIBXtuJKBwH3TjnUCvOmjkUausvGGpNOyL
GvVHNqhVDavcN6FbCZqWOnkRoCfmQR49hJj5WPkXfDt0j4WLSWmBQHXKxqyG9EDoaxZSwbsfOS5P
cRYWCPgBsgVAMQHfEQUdfK1FNnLHDxWIbLEnYHqwW+n1gtnK89jj5sRjme7fNxrEVGgS5w1rZG4c
8MJMDVlBEo/Zblh9IeMN+dvdsPKiK1M5MtoZstEt</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">username@domain.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2015-08-27T13:57:37.356Z" Recipient="http://fakeurl.com"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2015-08-27T13:47:37.356Z" NotOnOrAfter="2015-08-27T13:57:37.356Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AudienceRestriction><saml2:Audience>http://fakeurl.com/metadata</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2015-08-27T13:52:37.356Z" SessionIndex="id1440683557356.976202148" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>