EDN Admin
Well-known member
I have not been able to find anyone elses post that is either on point or gets answered so Im sincerely hoping you fine folks have some input.
I have a bit of XML that gets POSTed to my application which looks like:
<?xml version="1.0" encoding="UTF-8"?><br/>
<someWrapperElement xmlns = "someNamespace
<Packet Id = "PACKET
a bunch of XML
</Packet><br/>
<Signature xmlns = "http://www.w3.org/2000/09/xmldsig# <br/>
<SignedInfo><br/>
<CanonicalizationMethod Algorithm = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><br/>
<SignatureMethod Algorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><br/>
<Reference URI = "#PACKET <br/>
<DigestMethod Algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"/><br/>
<DigestValue>...</DigestValue><br/>
</Reference><br/>
</SignedInfo><br/>
<SignatureValue>...</SignatureValue><br/>
<KeyInfo><br/>
<X509Data><br/>
<X509SubjectName>CN=checkerspot.atlanta.hp.com,OU=Servers,O=Hewlett-Packard Company</X509SubjectName><br/>
<X509Certificate>...</X509Certificate><br/>
<X509SubjectName>CN=Hewlett-Packard Primary Class 2 Certification Authority,O=Hewlett-Packard Company,C=US,OU=IT Infrastructure,O=hp.com</X509SubjectName><br/>
<X509Certificate>...</X509Certificate><br/>
</X509Data><br/>
</KeyInfo><br/>
</Signature><br/>
</someWrapperElement >
Replace ... with base64 encoded values.
Here is the code Im using to validate the signature:
VerifyDigitalSignature(XmlDocument xmlReqDoc) // xmlReqDoc is whitespace preserved<br/>
{<br/>
SignedXml sigXml = new SignedXml(xmlReqDoc);<br/>
XmlElement sigElem = xmlReqDoc.GetElementsByTagName("Signature")[0] as XmlElement;<br/>
sigXml.LoadXml(sigElem);<br/>
<br/>
return sigXml.CheckSignature();<br/>
}
This ALWAYS returns false. Ive tried whitespace preserved as well as not preserved. According to http://msdn.microsoft.com/en-us/magazine/cc185723.aspx Im doing everything right. The cert is embedded in the doc and supposedly CheckSignature
with no parameters will do the trick.
Can anyone please help me with what I might be doing wrong? This is running on framework 3.5.
Things Im wondering about... 1) is it possible that the namespace on the root element could be confusing SignedXML? According to the MSDN article, it calls GetElementById() to find the referenced URI. 2) Does the box this code runs on need to
have some sort of explicit trust established to the CA for the embedded cert?
Very much appreciate anyones insight. Thank you.
Jason
View the full article
I have a bit of XML that gets POSTed to my application which looks like:
<?xml version="1.0" encoding="UTF-8"?><br/>
<someWrapperElement xmlns = "someNamespace
<Packet Id = "PACKET
a bunch of XML
</Packet><br/>
<Signature xmlns = "http://www.w3.org/2000/09/xmldsig# <br/>
<SignedInfo><br/>
<CanonicalizationMethod Algorithm = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><br/>
<SignatureMethod Algorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><br/>
<Reference URI = "#PACKET <br/>
<DigestMethod Algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"/><br/>
<DigestValue>...</DigestValue><br/>
</Reference><br/>
</SignedInfo><br/>
<SignatureValue>...</SignatureValue><br/>
<KeyInfo><br/>
<X509Data><br/>
<X509SubjectName>CN=checkerspot.atlanta.hp.com,OU=Servers,O=Hewlett-Packard Company</X509SubjectName><br/>
<X509Certificate>...</X509Certificate><br/>
<X509SubjectName>CN=Hewlett-Packard Primary Class 2 Certification Authority,O=Hewlett-Packard Company,C=US,OU=IT Infrastructure,O=hp.com</X509SubjectName><br/>
<X509Certificate>...</X509Certificate><br/>
</X509Data><br/>
</KeyInfo><br/>
</Signature><br/>
</someWrapperElement >
Replace ... with base64 encoded values.
Here is the code Im using to validate the signature:
VerifyDigitalSignature(XmlDocument xmlReqDoc) // xmlReqDoc is whitespace preserved<br/>
{<br/>
SignedXml sigXml = new SignedXml(xmlReqDoc);<br/>
XmlElement sigElem = xmlReqDoc.GetElementsByTagName("Signature")[0] as XmlElement;<br/>
sigXml.LoadXml(sigElem);<br/>
<br/>
return sigXml.CheckSignature();<br/>
}
This ALWAYS returns false. Ive tried whitespace preserved as well as not preserved. According to http://msdn.microsoft.com/en-us/magazine/cc185723.aspx Im doing everything right. The cert is embedded in the doc and supposedly CheckSignature
with no parameters will do the trick.
Can anyone please help me with what I might be doing wrong? This is running on framework 3.5.
Things Im wondering about... 1) is it possible that the namespace on the root element could be confusing SignedXML? According to the MSDN article, it calls GetElementById() to find the referenced URI. 2) Does the box this code runs on need to
have some sort of explicit trust established to the CA for the embedded cert?
Very much appreciate anyones insight. Thank you.
Jason
View the full article