Подписание XML-документа для мыла оставляет два узла пустым пространством, что делает его нераспознаваемым веб-службой.
Пример текущего xml:
<ds:Reference URI="#TS">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
<ds:DigestValue>JAwQ2xwwMbKSF5WV5y/F4ZNKvyD3ok5xvqOCZzcBbTiUKHcEAe8CMKQbAS6h0XHx+1An6BTM3eEhSQuINmT5lw==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
THERES A HUGE SPACE HERE (Had to add text as Stackoverflow formats code..) <ds:SignatureValue>JMXA7QC3WJYeYNpk+AH36OBftJAD2zQdvX16Y/wZWNc9gaTemAoqtvNjvkn9FKyu7k8vpSTH+7c4q2x78QYI0iRLC2xRGLnwruoiXE+sNgvptdt5cbhV2eUe7AIsbOcJPMasDJ7ZnB341+oDnTCT/32ZBDm6Qh4ehtCflajdZjYN16m1xsmlDh6lKpf3O6ZYo9Y6SUNC+IGr7K5BwsoIBpD9rt/QaTPdjodod4nRJthJOYJW31RHXKsIWu8CqgXMmTY/oNSFipV09f7eSSqGrbhcKAGPd7aLdC02egFiDKmsA2zQfY9MuacBAnlrWq1GtSzM981cVFocTxcVLF6Cnw==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509Token" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
ожидаемый вывод:
<ds:Reference URI="#TS">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
<ds:DigestValue>JAwQ2xwwMbKSF5WV5y/F4ZNKvyD3ok5xvqOCZzcBbTiUKHcEAe8CMKQbAS6h0XHx+1An6BTM3eEhSQuINmT5lw==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JMXA7QC3WJYeYNpk+AH36OBftJAD2zQdvX16Y/wZWNc9gaTemAoqtvNjvkn9FKyu7k8vpSTH+7c4q2x78QYI0iRLC2xRGLnwruoiXE+sNgvptdt5cbhV2eUe7AIsbOcJPMasDJ7ZnB341+oDnTCT/32ZBDm6Qh4ehtCflajdZjYN16m1xsmlDh6lKpf3O6ZYo9Y6SUNC+IGr7K5BwsoIBpD9rt/QaTPdjodod4nRJthJOYJW31RHXKsIWu8CqgXMmTY/oNSFipV09f7eSSqGrbhcKAGPd7aLdC02egFiDKmsA2zQfY9MuacBAnlrWq1GtSzM981cVFocTxcVLF6Cnw==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509Token" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
Код, который подписывает xmlDocument:
public static void SignEnveloped(XmlDocument xmlDoc, XmlElement wsse, string certPassword, string certLocation)
{
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(certPassword));
string base64Result = Convert.ToBase64String(md5.Hash);
// Format the document to ignore white spaces.
xmlDoc.PreserveWhitespace = false;
SignedXmlWithId signedXml = new SignedXmlWithId(xmlDoc);
X509Certificate2 uidCert2 = new X509Certificate2(certLocation, base64Result, X509KeyStorageFlags.Exportable);
var exportedKeyMaterial = uidCert2.PrivateKey.ToXmlString(true);
var key = new RSACryptoServiceProvider(new CspParameters(24));
key.PersistKeyInCsp = false;
key.FromXmlString(exportedKeyMaterial);
signedXml.SigningKey = key;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
Reference referenceBody = new Reference();
Reference referenceTime = new Reference();
referenceBody.Uri = "#Body";
referenceBody.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha512";
referenceTime.Uri = "#TS";
referenceTime.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha512";
referenceBody.AddTransform(new XmlDsigExcC14NTransform());
referenceTime.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(referenceBody);
signedXml.AddReference(referenceTime);
var keyInfo = new KeyInfo();
XmlElement SecurityTokenReference = xmlDoc.CreateElement("wsse", "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement wsseReference = xmlDoc.CreateElement("wsse", "Reference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
wsseReference.SetAttribute("URI", "#X509Token");
SecurityTokenReference.AppendChild(wsseReference);
var keyInfoData = new KeyInfoNode(SecurityTokenReference);
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
//Here we set the namespace prefix on the signature element and all child elements to "ds", invalidating the signature.
AssignNameSpacePrefixToElementTree(xmlDigitalSignature, "ds");
//So let's recompute the SignatureValue based on our new SignatureInfo...
//For XPath
XmlNamespaceManager namespaceManager = new XmlNamespaceManager(xmlDoc.NameTable);
namespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); //this prefix is arbitrary and used only for XPath
XmlElement xmlSignedInfo = xmlDigitalSignature.SelectSingleNode("ds:SignedInfo", namespaceManager) as XmlElement;
//Canonicalize the SignedInfo element
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
XmlDocument signedInfoDoc = new XmlDocument();
signedInfoDoc.LoadXml(xmlSignedInfo.OuterXml);
transform.LoadInput(signedInfoDoc);
//Compute the new SignatureValue
string signatureValue = Convert.ToBase64String(key.SignData(transform.GetOutput() as MemoryStream, new SHA1CryptoServiceProvider()));
//Set it in the xml
XmlElement xmlSignatureValue = xmlDigitalSignature.SelectSingleNode("ds:SignatureValue", namespaceManager) as XmlElement;
xmlSignatureValue.InnerText = signatureValue;
wsse.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
Мне нужна помощь в том, как удалить нежелательное огромное пространство между узлом SignInfo и SignatureValue, поскольку это делает знак мыла недействительным с помощьюпробел (кажется, что служба не может декодировать с пробелом ...)