Как использовать XPATH для разбора следующего, имеющего пространство имен? - PullRequest
Новая
       55

Как использовать XPATH для разбора следующего, имеющего пространство имен?

3 голосов
/ 09 ноября 2011

Мне нужно извлечь заявку из токена SAML.Интересующее меня требование - http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider, и в этом случае я хотел бы получить значение "Google".

Что я делаю не так в следующем коде?Я немного отредактировал свой ответ токена и просто пока не понял, правильно

Код: 

    string strExpression = "//t:RequestSecurityTokenResponse/" +
            "t:RequestedSecurityToken/"+
            ""+"Assertion/AttributeStatement/Attribute";

        XmlDocument xmlDocument = new XmlDocument();
        xmlDocument.Load(@"claim.xml"); 
        XmlNode rootNode = xmlDocument.DocumentElement; 

        string ssNamespacePrefix = "t";
        string ssNamespaceURI = rootNode.GetNamespaceOfPrefix(ssNamespacePrefix);

        XPathNavigator xpathNav = xmlDocument.CreateNavigator();  

        XmlNamespaceManager namespaceManager = new XmlNamespaceManager(xmlDocument.NameTable);
        namespaceManager.AddNamespace(ssNamespacePrefix, ssNamespaceURI);

        XPathNodeIterator itr = xpathNav.Select(strExpression, namespaceManager);

DATA : 

<t:RequestSecurityTokenResponse Context="http://localhost:2600/" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
    <t:Lifetime>
        <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-11-09T01:56:10.759Z</wsu:Created>
        <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-11-09T02:06:10.759Z</wsu:Expires>
    </t:Lifetime>
    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>urn:federatasdf600</Address>
        </EndpointReference>
    </wsp:AppliesTo>
    <t:RequestedSecurityToken>
        <Assertion ID="_d70a5dasdfb868" IssueInstant="2011-11-09T01:56:10.775Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
            <Issuer>https://tlsadmin.accesscontrol.windows.net/</Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                    <ds:Reference URI="#_d70aasdf868">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                        <ds:DigestValue>4WLBasdfouzBQ=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>TiDaasfg5iA==</ds:SignatureValue>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Data>
                        <X509Certificate>MIIDEasdfasdfasdfasdfasdfasdfzg==</X509Certificate>
                    </X509Data>
                </KeyInfo>
            </ds:Signature>
            <Subject>
                <NameID>https://www.google.com/accounts/o8/id?id=AItasdffMAm4</NameID>
                <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
            </Subject>
            <Conditions NotBefore="2011-11-09T01:56:10.759Z" NotOnOrAfter="2011-11-09T02:06:10.759Z">
                <AudienceRestriction>
                    <Audience>urn:federation:dev:rootwebDEV2600</Audience>
                </AudienceRestriction>
            </Conditions>
            <AttributeStatement>
                <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
                    <AttributeValue>User@gmail.com</AttributeValue>
                </Attribute>
                <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
                    <AttributeValue>Chris</AttributeValue>
                </Attribute>
                <Attribute Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider">
                    <AttributeValue>Google</AttributeValue>
                </Attribute>
            </AttributeStatement>
        </Assertion>
    </t:RequestedSecurityToken>
    <t:RequestedAttachedReference>
        <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_d70asdf1b868</KeyIdentifier>
        </SecurityTokenReference>
    </t:RequestedAttachedReference>
    <t:RequestedUnattachedReference>
        <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_d70aasdfb868</KeyIdentifier>
        </SecurityTokenReference>
    </t:RequestedUnattachedReference>
    <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
    <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
    <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
</t:RequestSecurityTokenResponse>

1 Ответ

6 голосов
/ 09 ноября 2011

Причина проста :

Элемент Assertion находится в пространстве имен по умолчанию ("urn:oasis:names:tc:SAML:2.0:assertion").

Xpath считает, что имена без префиксов находятся в "no namespace "и при оценке предоставленного выражения XPath: 

//t:RequestSecurityTokenResponse
       /t:RequestedSecurityToken
          /Assertion
            /AttributeStatement/Attribute

no Assertion элемент, который находится в" no namespace ", не может быть найден.

Таким образом, элементы вообще не выбираются.

Решение :

  1. Добавьте к XmlNamespaceManager дополнительный префикс (скажем, "x") с URL: "urn:oasis:names:tc:SAML:2.0:assertion"

  2. Используйте следующее выражение XPath:

: 

//t:RequestSecurityTokenResponse
       /t:RequestedSecurityToken
          /x:Assertion
            /x:AttributeStatement/x:Attribute

Проверка на основе XSLT : 

<xsl:stylesheet version="1.0"
 xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"
 xmlns:x="urn:oasis:names:tc:SAML:2.0:assertion">
 <xsl:output omit-xml-declaration="yes" indent="yes"/>

 <xsl:template match="/">
  <xsl:copy-of select=
  "//t:RequestSecurityTokenResponse
          /t:RequestedSecurityToken
               /x:Assertion
                   /x:AttributeStatement/x:Attribute "/>
 </xsl:template>
</xsl:stylesheet>

когда это преобразование применяется к предоставленному документу XML : 

<t:RequestSecurityTokenResponse Context="http://localhost:2600/" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
    <t:Lifetime>
        <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-11-09T01:56:10.759Z</wsu:Created>
        <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-11-09T02:06:10.759Z</wsu:Expires>
    </t:Lifetime>
    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>urn:federatasdf600</Address>
        </EndpointReference>
    </wsp:AppliesTo>
    <t:RequestedSecurityToken>
        <Assertion ID="_d70a5dasdfb868" IssueInstant="2011-11-09T01:56:10.775Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
            <Issuer>https://tlsadmin.accesscontrol.windows.net/</Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                    <ds:Reference URI="#_d70aasdf868">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                        <ds:DigestValue>4WLBasdfouzBQ=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>TiDaasfg5iA==</ds:SignatureValue>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Data>
                        <X509Certificate>MIIDEasdfasdfasdfasdfasdfasdfzg==</X509Certificate>
                    </X509Data>
                </KeyInfo>
            </ds:Signature>
            <Subject>
                <NameID>https://www.google.com/accounts/o8/id?id=AItasdffMAm4</NameID>
                <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
            </Subject>
            <Conditions NotBefore="2011-11-09T01:56:10.759Z" NotOnOrAfter="2011-11-09T02:06:10.759Z">
                <AudienceRestriction>
                    <Audience>urn:federation:dev:rootwebDEV2600</Audience>
                </AudienceRestriction>
            </Conditions>
            <AttributeStatement>
                <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
                    <AttributeValue>User@gmail.com</AttributeValue>
                </Attribute>
                <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
                    <AttributeValue>Chris</AttributeValue>
                </Attribute>
                <Attribute Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider">
                    <AttributeValue>Google</AttributeValue>
                </Attribute>
            </AttributeStatement>
        </Assertion>
    </t:RequestedSecurityToken>
    <t:RequestedAttachedReference>
        <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_d70asdf1b868</KeyIdentifier>
        </SecurityTokenReference>
    </t:RequestedAttachedReference>
    <t:RequestedUnattachedReference>
        <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_d70aasdfb868</KeyIdentifier>
        </SecurityTokenReference>
    </t:RequestedUnattachedReference>
    <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
    <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
    <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
</t:RequestSecurityTokenResponse>

требуемые узлы выбираются и копируются в выходной файл : 

<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">

   <AttributeValue>User@gmail.com</AttributeValue>

</Attribute>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">

   <AttributeValue>Chris</AttributeValue>

</Attribute>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider">

   <AttributeValue>Google</AttributeValue>

</Attribute>
...