Я пытаюсь проверить подпись в зашифрованном XML.Я проводил тесты с 3 различными инструментами:
- Онлайн-инструмент (https://www.samltool.com/validate_response.php)
- Использование библиотеки ComponentPro (коммерческая библиотека)
- Использование собственного .NETметод (с использованием SignedXml.CheckSignature ())
В онлайн-инструменте появляется сообщение об ошибке: «Закрытый ключ недоступен, проверьте настройки». Используя библиотеку ComponentPro, я получаю исключение:«Подпись ответа SAML недействительна». И используя мой собственный метод .NET, я получаю ЛОЖЬ (означает, что проверка не прошла).
Я не знаю, что не так, но 100% должно пройти проверкуПроверка подписи с тех пор, как я создал файл и подписал его.
Вот зашифрованный XML-файл:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Version="2.0"
ID="lzmixH9GVTlmhl.bh9SE2Tbh4pd"
IssueInstant="2019-09-27T04:32:25.462Z"
Destination="https://test.com/test.aspx"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">saml.test.com</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#lzmixH9GVTlmhl.bh9SE2Tbh4pd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>L+bZKOA140pqnrM9sdsdaluyEUJ/ysdasgi/J35I9w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Ak/tpWmr/CQ0+9TNzACXl1e7GSgLKeqZGUKZo/X2XMcevAycQxbamu7uxnAu8Co42KaOjyDjrgoL
4Q7b/xxj52XorPBLeJWQ0N47Wj0u4bjLOsk14Ms5RpYRFWne4LptAZmmaATOdJ7Ow81QJo6Wslc8
NZcgYKbL/Ehtf7L0EqCSJv9vHGUtkOSCujYfxZoXcpkOXdSV6xniFyaM6w5iSiwQrlT2MFub3kr7
jHFOvFtNCOVt0ytArlDJBhGPWwc/c7hnGAbwocDfcsZoT6Mp4rWFW244n7Vt52GRGDu/20FcZkDq
LGaPiJ+5Os6ClBjjVo3muMwAs4UZM/d5m50cxg==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGozCCBYugAwIBAgIQCUgVxSRU1R1zZphfEYcK6TANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0Eg
RzIwHhcNMTkwNzA5MDAwMDAwWhcNMjEwNzA5MTIwMDAwWjB0MQswCQYDVQQGEwJVUzERMA8GA1UE
CBMISWxsaW5vaXMxFTATBgNVBAcTDExpbmNvbG5zaGlyZTEdMBsGA1UEChMUQWxpZ2h0IFNvbHV0
aW9ucyBMTEMxHDAaBgNVBAMTE3Nzby1iLnFjLmFsaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCAUWfbp9WRqxBbv89TqqtxoQ0651p8N6znIWlRSgnThYLZVTRAT3Ynz1Kg
aqywiDxEMm7ZD9smueiGQtz/qDL4WxKVXTuwMEDravneur8Kq2ixJvko6/055Ov7Gy/phVpAozKY
+i5wKv2faYUWLJgIugc68xSiHd8ytlNC3pHorcCpQbMg4hkxnqwYx22BQ8NkeBTmxtVD2vuQGnMw
cFXmaJl09zoIleAMUFYNkg345Lfh86N2jWyPQbBY1n0/x3ZE91HIWDefRQy49gvzNdhqR7mZttBd
qfde6AGdRcpV4iw5uGLxq9g/T5S55vstFLwm29E26MyiwrQg23PsgRcVAgMBAAGjggNfMIIDWzAf
BgNVHSMEGDAWgBQkbist0GqSUVElaQGqmkemiedAIDAdBgNVHQ4EFgQUrWiNv08hgdA4N1VN+6VU
TCYYgnUwHgYDVR0RBBcwFYITc3NvLWIucWMuYWxpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHcGA1UdHwRwMG4wNaAzoDGGL2h0dHA6Ly9jcmwz
LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3JsMDWgM6Axhi9odHRwOi8vY3JsNC5k
aWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwB
ATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB0
BggrBgEFBQcBAQRoMGYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA+Bggr
BgEFBQcwAoYyaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5j
cnQwCQYDVR0TBAIwADCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFr1GyZvwAABAMARzBFAiEA+qXbGRszOLquhwYoLwLlBLzB/+GL
duRDCMZNZaxLfn8CIDgvflKTmGf2kJaF/lGZ20xY5l2eaH5UXpWNipDha9VUAHcAh3W/51l8+IxD
mV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFr1GyaDAAABAMASDBGAiEAwt6IzERMF9JRFqtIumTU
8vioEfsuHwxnRkv+I22dzuQCIQC+Pgt3GLZrS5mC+BAKBKYSi8fLEyOpGJnWlgF9sY7GXwB3AESU
ZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABa9RsmRQAAAQDAEgwRgIhAOWU47qQPFaw
SWRxYld1mqxHMzm5Qa8mL6unCgWOnWqyAiEAmXnxcBDxYpy5BiFGwrm9+WGD2VJA9UoOtYK7RmbU
zdIwDQYJKoZIhvcNAQELBQADggEBABKtQCxqFe1Up9HUWxageZmo1SDMrstI+bXPLwLGEwe2MrQn
NRX3bbg0J24v4dSlUNtbLqr3JELUKVsU05V+Ih29Ohgb/gtBRiQqI0JdEEMmy88cZmYOLe7eNZW2
3gv90d5sk6rOUtKCViK4hiYmVo44TDCn2q2XyZN6CyGVwKebqpZGFaXwsOO4gvKWTbEfSvHw+ZOL
+4ognkcC/9mDft4l0lz7REwK9BdBE/glpGrhMta+wJPQXQGgZKMZ9pJTi7aoMrHYsuzBlx5/SFYw
XbbqreLf1isW9UVhHFL92SVz4sv5i4KAH2YqT9wCCrbTk5II4x53iOEgzB0gIQU7EPQ=
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
gFFn26fVkasQW7/PU6qrcaENOudafDes5yFpUUoJ04WC2VU0QE92J89SoGqssIg8RDJu2Q/bJrno
hkLc/6gy+FsSlV07sDBA62r53rq/CqtosSb5KOv9OeTr+xsv6YVaQKMymPoucCr9n2mFFiyYCLoH
OvMUoh3fMrZTQt6R6K3AqUGzIOIZMZ6sGMdtgUPDZHgU5sbVQ9r7kBpzMHBV5miZdPc6CJXgDFBW
DZIN+OS34fOjdo1sj0GwWNZ9P8d2RPdRyFg3n0UMuPYL8zXYake5mbbQXan3XugBnUXKVeIsObhi
8avYP0+Uueb7LRS8JtvRNujMosK0INtz7IEXFQ==
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<xenc:CipherData>
<xenc:CipherValue>SUFqblQImc6ulrhGwTfEDBWrXtwBATx/cLL+hIJNedoufMAxUYq6KAaUkZzJw9TzO+bK5BsZpyus
BnRzjoZt01x4rQTegp+3FpucZTaqpkXdrhj2mIs/rKk7lvYccECcu/FzEdd0IX+nYkvPSO/+hGKq
AwdBBN/b0u8itObreSo=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>S0d/LkP6FxvxLkrWes1tNbK6nys0tRVunqK7Xg+/o24RfI7JDxCOXB7dq0KzTNZHdIJ6dFZTE4tz
Y4OWbJ1GJrKeEcpHFJLV4LxyKmc09bxQFe0AOR6QLT2AHd0NAJPlX8X6ty49Tki6OkB5rYSwf+6C
8+1GotX2Z9zIUA7+IcjAwbmmLw35Ty9xV1xNgywR4XlX7mTp+sKKpoRy51gX6OtOSeZotJGO6tVV
x/RIj+nw4gObuMHL7yR+63PLG5MgPPtLPZOPUQD3IN14z0AAL81BbTOv4G46xU6lLXEfKYpjQlw7
y/yFUGMrJX2NZ3qTjPDzZle97WSxFWp7f2M4Zxn3buCaV441Feei/XpDyyBLzgu+p6peypFSWP3w
JA1T+68OfMnAdqn9Mf+C1OIebHavLNUQdGBPb+Glfwu+ueY9tLMPCZpTyWgWL+CWZAPdi87tmPpL
LQ/ISIShLhTIxme8NVj4yVrcCg92NGoJnlwKuAG29NsLkXgl+5/kOOilIFSZloNLQRSsGoxfsbiH
0PsQ6CcMyRABWAlNP6ePHJ7UeOqICDlTHccnsTeckxND2nDhLRsLtbkqgRR05A6jaYgFUqPzPhHm
mrrl3mJqFTNuzKHkoOQHMoI+QYXVvEkGVAdod4dVSYF3CNz50msHg664WX/KcdXCMihzR2YP06+s
G3Yt/aO3og92p5kCMrnkZdthvt5kyT2lxBRyKkdLdGvGp6p8QzTP7fd1V0ffmol/fqvUqI2cv8ey
c6HbRd8lb6UDA9ISwIUdlbJC3OpKcLsiHtlgGYVHt/KIcNfdfByfxmD6w5IntCeWIhBB0BuPOzxM
DA1VUB97HbRiPAZZCaODN1IQ1ZGTvFqwK7QWLtsye+1cHJz1HCVXMAOuCywKzOtZQq04SyR9kKBS
qVgJGJeEvWdopLSmhhDT/nqeFJM/O0b+gnKoqsLBQfCusOhKvy5FZuWqkvBBiRzAke1JhQlm2ama
XnORpBQisxX/iIUy62KdMZpHqTs+hwJbLIJn4HDyDJY6JHJ5dk+EE9IW8EJCH8omRfRQvECgIoRu
RVDKtjp2q4h3iOqEmTP0E3RnuQze2WB6uZKS9uTxc5th7MiQ+HnMjupHQjE/Smwlekj00PVxDiCJ
vEjY6lBYzymwoXZ6dJfZ1DOP4N0z5je1vhm0e9HLxq8X0MgM0eOj9AGwCM2iVQB5W5TlH4afOAaG
BNHZ2vyaSSRfR2ZUP6gIxxt0h6q277XCzcFU3MpBfEeAwiw8FBliG+vZUQ4s044ciW4ar8DgBzhJ
LR/cJkHeZw58SRhgM18iXCdmCRks62om+WAZom0yiRKBDdggTwuiWk16pPiDDzbcNfbaKcHG3fAm
/zvbKPLjxKHOuyu+mYQOixz9Emx33BTdg7upMPn/RtFi7JPrC9CTLwzyUy83tVqxRF13/L3Gosrp
s8i6HgGHrgexmyEv4k4bf/Ga4X6ii8em2FgSK5bLMxnrYr206A==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedAssertion>
</samlp:Response>
А вот .cer
-----BEGIN CERTIFICATE-----
MIIGozCCBYugAwIBAgIQCUgVxSRU1R1zZphfEYcK6TANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0Eg
RzIwHhcNMTkwNzA5MDAwMDAwWhcNMjEwNzA5MTIwMDAwWjB0MQswCQYDVQQGEwJVUzERMA8GA1UE
CBMISWxsaW5vaXMxFTATBgNVBAcTDExpbmNvbG5zaGlyZTEdMBsGA1UEChMUQWxpZ2h0IFNvbHV0
aW9ucyBMTEMxHDAaBgNVBAMTE3Nzby1iLnFjLmFsaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCAUWfbp9WRqxBbv89TqqtxoQ0651p8N6znIWlRSgnThYLZVTRAT3Ynz1Kg
aqywiDxEMm7ZD9smueiGQtz/qDL4WxKVXTuwMEDravneur8Kq2ixJvko6/055Ov7Gy/phVpAozKY
+i5wKv2faYUWLJgIugc68xSiHd8ytlNC3pHorcCpQbMg4hkxnqwYx22BQ8NkeBTmxtVD2vuQGnMw
cFXmaJl09zoIleAMUFYNkg345Lfh86N2jWyPQbBY1n0/x3ZE91HIWDefRQy49gvzNdhqR7mZttBd
qfde6AGdRcpV4iw5uGLxq9g/T5S55vstFLwm29E26MyiwrQg23PsgRcVAgMBAAGjggNfMIIDWzAf
BgNVHSMEGDAWgBQkbist0GqSUVElaQGqmkemiedAIDAdBgNVHQ4EFgQUrWiNv08hgdA4N1VN+6VU
TCYYgnUwHgYDVR0RBBcwFYITc3NvLWIucWMuYWxpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHcGA1UdHwRwMG4wNaAzoDGGL2h0dHA6Ly9jcmwz
LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3JsMDWgM6Axhi9odHRwOi8vY3JsNC5k
aWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwB
ATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB0
BggrBgEFBQcBAQRoMGYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA+Bggr
BgEFBQcwAoYyaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5j
cnQwCQYDVR0TBAIwADCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFr1GyZvwAABAMARzBFAiEA+qXbGRszOLquhwYoLwLlBLzB/+GL
duRDCMZNZaxLfn8CIDgvflKTmGf2kJaF/lGZ20xY5l2eaH5UXpWNipDha9VUAHcAh3W/51l8+IxD
mV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFr1GyaDAAABAMASDBGAiEAwt6IzERMF9JRFqtIumTU
8vioEfsuHwxnRkv+I22dzuQCIQC+Pgt3GLZrS5mC+BAKBKYSi8fLEyOpGJnWlgF9sY7GXwB3AESU
ZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABa9RsmRQAAAQDAEgwRgIhAOWU47qQPFaw
SWRxYld1mqxHMzm5Qa8mL6unCgWOnWqyAiEAmXnxcBDxYpy5BiFGwrm9+WGD2VJA9UoOtYK7RmbU
zdIwDQYJKoZIhvcNAQELBQADggEBABKtQCxqFe1Up9HUWxageZmo1SDMrstI+bXPLwLGEwe2MrQn
NRX3bbg0J24v4dSlUNtbLqr3JELUKVsU05V+Ih29Ohgb/gtBRiQqI0JdEEMmy88cZmYOLe7eNZW2
3gv90d5sk6rOUtKCViK4hiYmVo44TDCn2q2XyZN6CyGVwKebqpZGFaXwsOO4gvKWTbEfSvHw+ZOL
+4ognkcC/9mDft4l0lz7REwK9BdBE/glpGrhMta+wJPQXQGgZKMZ9pJTi7aoMrHYsuzBlx5/SFYw
XbbqreLf1isW9UVhHFL92SVz4sv5i4KAH2YqT9wCCrbTk5II4x53iOEgzB0gIQU7EPQ=
-----END CERTIFICATE-----