I have the following XML data that needs a digital signature:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-utility-1.0.xsd"
wsu:Id="XWSSGID705">
<wsu:Created>2038-01-19T03:14:07Z</wsu:Created>
<wsu:Expires>2038-01-19T03:14:07Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</S:Header>
<S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd"
wsu:Id="XWSSGID131">
<ns2:clientsToVerify xmlns:ns2="http://ws.game.es/VerifyClients/">
<clients>
<ssn>123456789</ssn>
<firstName>A</firstName>
<lastName>B</lastName>
<DOB>9999-99-99</DOB>
</clients>
<clients>
<ssn>123456789</ssn>
<firstName>C</firstName>
<lastName>D</lastName>
<DOB>9999-99-99</DOB>
</clients>
</ns2:clientsToVerify>
</S:Body>
</S:Envelope>
I am working with C#, and if I run the provided example in “Reference.Uri Property”, I get the signature for the entire XML data block. However, I need to sign the Id’s individually, specified as wsu:Id="XWSSGID705" and wsu:Id="XWSSGID131" in the XML data.
Example:
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#XWSSGID705">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>uVmWY1Vfjnd5NxTYceLHhkmQx0Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID131">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ovHJ8CbnjXObbQupmJq6f++T+1A=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
So I need to specify which part of the XML data that should be signed before ComputeSignature() call. If I understand the example code given, it should be possible by specifying a reference:
…
// Create a reference to be signed.
Reference reference =newReference();
reference.Uri ="";
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
…
An empty string should calculate the signature for the entire XML, but how do I specify a reference given by an Id? I tried a few options like:
reference.Uri ="XWSSGID705";
and
reference.Uri ="#XWSSGID705";
I either get “Unable to resolve Uri…” or “Malformed reference element”.