我的XML数字签名有以下摘录:
<Signature Id="idPackageSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#idOfficeObject" Type="http://www.w3.org/2000/09/xmldsig#Object">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>ofqf9+Tj0qTkkExCEOwFz0V4aNo=</DigestValue>
</Reference>
</SignedInfo>
<Object Id="idOfficeObject"><SignatureProperties><SignatureProperty Id="idOfficeV1Details" Target="#idPackageSignature"><SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig"><SetupID/><SignatureText/><SignatureImage/><SignatureComments>test</SignatureComments><WindowsVersion>6.1</WindowsVersion><OfficeVersion>14.0</OfficeVersion><ApplicationVersion>14.0</ApplicationVersion><Monitors>1</Monitors><HorizontalResolution>1920</HorizontalResolution><VerticalResolution>1200</VerticalResolution><ColorDepth>32</ColorDepth><SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId><SignatureProviderUrl/><SignatureProviderDetails>9</SignatureProviderDetails><ManifestHashAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</ManifestHashAlgorithm><SignatureType>1</SignatureType></SignatureInfoV1></SignatureProperty></SignatureProperties></Object>
引用的Object元素应该具有摘要值 ofqf9 + Tj0qTkkExCEOwFz0V4aNo = 。我规范化了Object元素,得到了以下输出,这对我来说是正确的:
<Object Id="idOfficeObject"><SignatureProperties><SignatureProperty Id="idOfficeV1Details" Target="#idPackageSignature"><SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig"><SetupID></SetupID><SignatureText></SignatureText><SignatureImage></SignatureImage><SignatureComments>test</SignatureComments><WindowsVersion>6.1</WindowsVersion><OfficeVersion>14.0</OfficeVersion><ApplicationVersion>14.0</ApplicationVersion><Monitors>1</Monitors><HorizontalResolution>1920</HorizontalResolution><VerticalResolution>1200</VerticalResolution><ColorDepth>32</ColorDepth><SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId><SignatureProviderUrl></SignatureProviderUrl><SignatureProviderDetails>9</SignatureProviderDetails><ManifestHashAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</ManifestHashAlgorithm><SignatureType>1</SignatureType></SignatureInfoV1></SignatureProperty></SignatureProperties></Object>
我将其存储在文件&#39; inputxml&#39;中,并尝试使用以下命令获取sha1摘要的base64编码版本:
% shasum inputxml | cut -f 1 -d ' ' | xxd -r -p | base64
/zTi8HGHX9X+csjULYLt6FLrm3g=
计算的摘要值与XML签名中的值不匹配。我究竟做错了什么?我尝试了多种方法和调整,但无法获得正确的摘要值。
注意:XML签名验证正确。所以价值是正确的,但我错过了一些步骤或细节。谢谢你的帮助。如果不是很清楚,请告诉我如何进一步阐述或澄清我的问题。
答案 0 :(得分:0)
最后我开始工作了。我的规范化标记存在两个问题:
a]命名空间字符串放置错误。它必须是<Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="idOfficeObject">
b]文件末尾有一个错误的换行符,因为我在文本编辑器中修改了这些文件。
修复这些问题,并在其上运行shasum给了我正确的输出。感谢您的帮助,伙计们。