1. 首頁
  2. 問答
  3. 驗證C#中的java SAML簽名

驗證C#中的java SAML簽名

2009-09-17 71 views
6

如何在.Net中驗證C#在Java中創建的SAML簽名? 這裏是SAML簽名,我從Java得到:驗證C#中的java SAML簽名

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
    <ds:SignedInfo> 
     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
     </ds:CanonicalizationMethod> 
     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"> 
     </ds:SignatureMethod> 
     <ds:Reference URI="#_e8bcba9d1c76d128938bddd5ae8c68e1"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"> 
       </ds:Transform> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"> 
        </ec:InclusiveNamespaces> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"> 
      </ds:DigestMethod> 
      <ds:DigestValue>zEL7mB0Wkl+LtjMViO1imbucXiE=</ds:DigestValue> 
     </ds:Reference> 
    </ds:SignedInfo> 
    <ds:SignatureValue> 
jpIX3WbX9SCFnqrpDyLj4TeJN5DGIvlEH+o/mb9M01VGdgFRLtfHqIm16BloApUPg2dDafmc9DwL 
Pyvs3TJ/hi0Q8f0ucaKdIuw+gBGxWFMcj/U68ZuLiv7U+Qe7i4ZA33rWPorkE82yfMacGf6ropPt 
v73mC0bpBP1ubo5qbM4= 
    </ds:SignatureValue> 
    <ds:KeyInfo> 
     <ds:X509Data> 
      <ds:X509Certificate> 
MIIDBDCCAeygAwIBAgIIC/ktBs1lgYcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D 
QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMDkwMjIzMTAwMzEzWhcN 
MTgxMDE1MDkyNTQyWjBaMRQwEgYDVQQDDAsxMC41NS40MC42MTEbMBkGA1UECwwST24gRGVtYW5k 
IFBsYXRmb3JtMRIwEAYDVQQLDAlPbiBEZW1hbmQxETAPBgNVBAsMCFNvZnR3YXJlMIGfMA0GCSqG 
SIb3DQEBAQUAA4GNADCBiQKBgQCk5EqiedxA6WEE9N2vegSCqleFpXMfGplkrcPOdXTRLLOuRgQJ 
LEsOaqspDFoqk7yJgr7kaQROjB9OicSH7Hhsu7HbdD6N3ntwQYoeNZ8nvLSSx4jz21zvswxAqw1p 
DoGl3J6hks5owL4eYs2yRHvqgqXyZoxCccYwc4fYzMi42wIDAQABo3UwczAdBgNVHQ4EFgQUkrpk 
yryZToKXOXuiU2hNsKXLbyIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSiviFUK7DUsjvByMfK 
g+pm4b2s7DAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEF 
BQADggEBAKb94tnK2obEyvw8ZJ87u7gvkMxIezpBi/SqXTEBK1by0NHs8VJmdDN9+aOvC5np4fOL 
fFcRH++n6fvemEGgIkK3pOmNL5WiPpbWxrx55Yqwnr6eLsbdATALE4cgyZWHl/E0uVO2Ixlqeygw 
XTfg450cCWj4yfPTVZ73raKaDTWZK/Tnt7+ulm8xN+YWUIIbtW3KBQbGomqOzpftALyIKLVtBq7L 
J0hgsKGHNUnssWj5dt3bYrHgzaWLlpW3ikdRd67Nf0c1zOEgKHNEozrtRKiLLy+3bIiFk0CHImac 
1zeqLlhjrG3OmIsIjxc1Vbc0+E+z6Unco474oSGf+D1DO+Y= 

      </ds:X509Certificate> 
     </ds:X509Data> 
    </ds:KeyInfo> 
</ds:Signature>

我知道解析SAML,我需要驗證簽名。 我嘗試這樣做:

public bool VerifySignature() 
{ 
    X509Certificate2 certificate = null; 

    XmlDocument doc = new XmlDocument(); 
    XmlElement xmlAssertionElement = this.GetXml(doc); 
    doc.AppendChild(xmlAssertionElement); 

    // Create a new SignedXml object and pass it 
    // the XML document class. 
    SamlSignedXml signedXml = new SamlSignedXml(xmlAssertionElement); 

    // Get signature 
    XmlElement xmlSignature = this.Signature; 
    if (xmlSignature == null) 
    { 
     return false; 
    } 

    // Load the signature node. 
    signedXml.LoadXml(xmlSignature); 

    // Get the certificate used to sign the assertion if information about this 
    // certificate is available in the signature of the assertion. 
    foreach (KeyInfoClause clause in signedXml.KeyInfo) 
    { 
     if (clause is KeyInfoX509Data) 
     { 
      if (((KeyInfoX509Data)clause).Certificates.Count > 0) 
      { 
       certificate = (X509Certificate2)((KeyInfoX509Data)clause).Certificates[0]; 
      } 
     } 
    } 

    if (certificate == null) 
    { 
     return false; 
    } 

    return signedXml.CheckSignature(certificate, true); 
    }

它驗證一個SAML的簽名在.net簽署但這個Java之一。

來源

2009-09-17 Adrya

回答

5

問題解決了,在這個線程的答案: http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/faf0b66c-294b-4d84-a19b-504dd8e81922 我的代碼是從MSDN那裏所示的例子非常相似,唯一缺少的事情是:在驗證 doc.PreserveWhitespace =真。

來源

2009-09-24 04:58:29 Adrya

+0

謝謝,Adrya,這個「PreserveWhitespace」修復也解決了我的問題。我使用的文章是從您的鏈接鏈接的:http://msdn.microsoft.com/en-us/library/ms229950.aspx – 2010-07-21 15:48:25

0

只要您的證書存儲區中有公鑰,就可以使用System.Security.Cryptography.Xml名稱空間中的類驗證使用數字簽名簽名的XML數據。我已經用AD Federation Services做了一些工作,它們也使用SAML,我記得在找到我需要的命名空間之後,其餘部分非常簡單 - 但在很久以前,細節才讓我逃脫。

來源

2009-09-17 07:12:02

相關問題

 相關問題