Quantcast
Channel: XML, System.Xml, MSXML and XmlLite forum
Viewing all articles
Browse latest Browse all 935

XMLDSIG, Reference, URI and Id

$
0
0

I have the following XML data that needs a digital signature:

 

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">

    <S:Header>

        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-secext-1.0.xsd">

            <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-utility-1.0.xsd"

            wsu:Id="XWSSGID705">

                <wsu:Created>2038-01-19T03:14:07Z</wsu:Created>

                <wsu:Expires>2038-01-19T03:14:07Z</wsu:Expires>

            </wsu:Timestamp>

        </wsse:Security>

    </S:Header>

    <S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd"

            wsu:Id="XWSSGID131">

        <ns2:clientsToVerify xmlns:ns2="http://ws.game.es/VerifyClients/">

            <clients>

                <ssn>123456789</ssn>

                <firstName>A</firstName>

                <lastName>B</lastName>

                <DOB>9999-99-99</DOB>

            </clients>

            <clients>

                <ssn>123456789</ssn>

                <firstName>C</firstName>

                <lastName>D</lastName>

                <DOB>9999-99-99</DOB>

            </clients>

        </ns2:clientsToVerify>

    </S:Body>

</S:Envelope>

 

I am working with C#, and if I run the provided example in “Reference.Uri Property”, I get the signature for the entire XML data block. However, I need to sign the Id’s individually, specified as wsu:Id="XWSSGID705" and wsu:Id="XWSSGID131" in the XML data.

 

Example:

            <ds:SignedInfo>

               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                  <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse S" />

               </ds:CanonicalizationMethod>

               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

               <ds:Reference URI="#XWSSGID705">

                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                  <ds:DigestValue>uVmWY1Vfjnd5NxTYceLHhkmQx0Y=</ds:DigestValue>

               </ds:Reference>

               <ds:Reference URI="#XWSSGID131">

                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                  <ds:DigestValue>ovHJ8CbnjXObbQupmJq6f++T+1A=</ds:DigestValue>

               </ds:Reference>

            </ds:SignedInfo>  

 

So I need to specify which part of the XML data that should be signed before ComputeSignature() call. If I understand the example code given, it should be possible by specifying a reference:

 

 

      // Create a reference to be signed.

       Reference reference =newReference();

        reference.Uri ="";

 

       // Add the reference to the SignedXml object.

       signedXml.AddReference(reference);

 

 

An empty string should calculate the signature for the entire XML, but how do I specify a reference given by an Id? I tried a few options like:

 

        reference.Uri ="XWSSGID705";

and

        reference.Uri ="#XWSSGID705";

 

I either get “Unable to resolve Uri…” or “Malformed reference element”. 


Viewing all articles
Browse latest Browse all 935

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>