签署 xml 账单文件的格式错误的参考元素
Malformed reference element signing a xml file of bills
我正在开发一个在 xml 中对发票进行数字签名的程序。我遵循了本指南 https://www.profissionaisti.com.br/2010/07/assinando-digitalmente-um-xml-usando-c/#comment-197297。但是,我收到错误 Malformed reference element。
代码是:
static void Main(string[] args)
{
//open certificates of current user
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
//Open screen to choose certificate
var selectedCertificate = X509Certificate2UI.SelectFromCollection(
store.Certificates,
"Title",
"MSG",
X509SelectionFlag.SingleSelection);
//Gets the x509 object of the selected certificate
foreach (X509Certificate2 x509 in selectedCertificate)
{
try
{
//==============================
// Start reading xml files
//==============================
var txtFiles = Directory.EnumerateFiles("./", "*.xml");
foreach (string currentFile in txtFiles)
{
Console.WriteLine("Reading file " + currentFile + ":");
var originalDoc = XDocument.Load(currentFile);
XmlDocument doc = DocumentExtensions.ToXmlDocument(originalDoc);
//==============================
// Start reading bills
//==============================
获取xml节点InfRps,它是xml中账单的表示:
XmlNodeList ListInfRps = doc.GetElementsByTagName("InfRps");
int NodeCounter = 1;
foreach (XmlElement InfRps in ListInfRps)
{
.NET 框架的命名空间 System.Security.Cryptography.Xml 上有一个 class 称为 SignedXml,它实现了文档签名和签名文档验证的 W3C 标准。下面的代码启动这个 class.
string id = InfRps.Attributes.GetNamedItem("Id").Value;
SignedXml signedXml = new SignedXml(InfRps);
signedXml.SigningKey = x509.PrivateKey;
根据美国国税局的规定,XML 必须在处理前以规范形式放置。 class 参考负责这部分过程,包括节点 infNFE 的识别和所需的转换:
// Transformation for DigestValue
Reference reference = new Reference("#" + id);
//Reference reference = new Reference("#" + "lote");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigC14NTransform());
signedXml.AddReference(reference);
在计算签名之前,我们必须配置对所使用的数字证书信息的处理。基于此数据,美国国税局能够验证签名并确保在账单发送者签名后没有修改任何信息。我们必须在证书数据中包含一个子句。
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(x509));
signedXml.KeyInfo = keyInfo;
现在,我们应该计算签名:这是错误。
signedXml.ComputeSignature();
如果计算签名有效,那么我们可以在 xml:
上创建元素签名
XmlElement xmlSignature = doc.CreateElement("Signature", "http://www.w3.org/2000/09/xmldsig#");
XmlAttribute attr = doc.CreateAttribute("Id");
attr.Value = "Ass_" + id;
//Add the attribute to the node
xmlSignature.Attributes.SetNamedItem(attr);
XmlElement xmlSignedInfo = signedXml.SignedInfo.GetXml();
XmlElement xmlKeyInfo = signedXml.KeyInfo.GetXml();
XmlElement xmlSignatureValue = doc.CreateElement("SignatureValue", xmlSignature.NamespaceURI);
string signBase64 = Convert.ToBase64String(signedXml.Signature.SignatureValue);
XmlText text = doc.CreateTextNode(signBase64);
xmlSignatureValue.AppendChild(text);
xmlSignature.AppendChild(doc.ImportNode(xmlSignedInfo, true));
xmlSignature.AppendChild(xmlSignatureValue);
xmlSignature.AppendChild(doc.ImportNode(xmlKeyInfo, true));
XmlNodeList ListRps = doc.GetElementsByTagName("Rps");
int RpsCounter = 1;
foreach (XmlElement Rps in ListRps)
{
if (RpsCounter == NodeCounter)
{
Rps.AppendChild(xmlSignature);
}
RpsCounter++;
}
Console.WriteLine("Ok");
NodeCounter++;
}
(...)
我收到 CryptographicException:格式错误的参考元素:
System.Security.Cryptography.CryptographicException: Malformed reference element.
at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument
document, CanonicalXmlNodeList refList)
at System.Security.Cryptography.Xml.SignedXml.BuildDigestedReferences()
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at escolhercertificadosimples.Program.Main(String[] args) in
C:\Users\user\Do
cuments\Visual Studio
2015\Projects\assinaturalote\assinaturalote\Program.cs:line 143
Pressione qualquer tecla para continuar. . .
xml签名示例如下:
<?xml version="1.0" encoding="UTF-8"?>
<EnviarLoteRpsEnvio xmlns="http://www.abrasf.org.br/nfse.xsd">
<LoteRps Id="lote" versao="1.00">
<NumeroLote>8</NumeroLote>
<Cnpj>09419261123115</Cnpj>
<InscricaoMunicipal>51624621</InscricaoMunicipal>
<QuantidadeRps>1</QuantidadeRps>
<ListaRps>
<Rps xmlns="http://www.abrasf.org.br/nfse.xsd">
<InfRps Id="rps:8201603150148">
<IdentificacaoRps>
<Numero>8201613150148</Numero>
<Serie>248</Serie>
<Tipo>2</Tipo>
</IdentificacaoRps>
<DataEmissao>2016-03-15T18:18:39</DataEmissao>
<NaturezaOperacao>1</NaturezaOperacao>
<OptanteSimplesNacional>2</OptanteSimplesNacional>
<IncentivadorCultural>2</IncentivadorCultural>
<Status>1</Status>
<Servico>
<Valores>
<ValorServicos>20.00</ValorServicos>
<ValorDeducoes>0.00</ValorDeducoes>
<ValorPis>1.60</ValorPis>
<ValorCofins>2.00</ValorCofins>
<ValorInss>0.00</ValorInss>
<ValorIr>3.00</ValorIr>
<ValorCsll>2.00</ValorCsll>
<IssRetido>1</IssRetido>
<OutrasRetencoes>0.00</OutrasRetencoes>
<DescontoIncondicionado>0.00</DescontoIncondicionado>
<DescontoCondicionado>0.00</DescontoCondicionado>
</Valores>
<ItemListaServico>1.07</ItemListaServico>
<CodigoTributacaoMunicipio>10700100</CodigoTributacaoMunicipio>
<Discriminacao>test.</Discriminacao>
<CodigoMunicipio>4314902</CodigoMunicipio>
</Servico>
<Prestador>
<Cnpj>09419261000115</Cnpj>
<InscricaoMunicipal>51624621</InscricaoMunicipal>
</Prestador>
<Tomador>
<IdentificacaoTomador>
<CpfCnpj>
<Cnpj>14525684000150</Cnpj>
</CpfCnpj>
</IdentificacaoTomador>
<RazaoSocial>test S.A.</RazaoSocial>
<Endereco>
<Endereco>Rua test</Endereco>
<Numero>83</Numero>
<Complemento>Sala test</Complemento>
<Bairro>Centro</Bairro>
<CodigoMunicipio>3304557</CodigoMunicipio>
<Uf>RJ</Uf>
<Cep>20091007</Cep>
</Endereco>
<Contato>
<Telefone>2136261100</Telefone>
<Email>test@test.com.br</Email>
</Contato>
</Tomador>
</InfRps>
</Rps>
</ListaRps>
</LoteRps>
</EnviarLoteRpsEnvio>
有人知道吗?任何想法都会受到赞赏
您的 Id 值 (rps:8201603150148) 中有一个冒号,这对于标识符属性来说是非法的。 (根据 https://www.w3.org/TR/xml-id/#processing、The normalized value of the attribute is an NCName...,其中 "NCName" 的 "NC" 部分是 "no-colon")
由于 Id 值中有一个冒号,SignedXml 无法解析它,所以它说您的参考指向无处。
如果您正在编写新代码并且对您的(技术上格式错误的)标识符属性值没有要求,最好的答案是去掉冒号(下划线通常很适合这个角色)。
由于符合 xml:id 约束条件可获得最具互操作性的文档,因此这绝对是最佳答案。
下一个最佳答案是扩展 SignedXml class 并覆盖 GetIdElement。您应该使您的匹配逻辑尽可能严格。请注意,此逻辑必须对签名者和接收者都执行...并且仅在双方都有能力接受松散的一致性文档时才有效。
internal class RpsSignedXml : SignedXml
{
// ctors and other members as appropriate
public override XmlElement GetIdElement(XmlDocument document, string idValue)
{
if (document == null)
return null;
if (string.IsNullOrEmpty(idValue))
return null;
if (!idValue.StartsWith("rps:"))
return base.GetIdElement(document, idValue);
string xPath = $"//InfRps[@Id=\"{idValue}\"]";
XmlNodeList nodeList = document.SelectNodes(xPath);
if (nodeList == null || nodeList.Count != 1)
return null;
return nodeList[0] as XmlElement;
}
}
我也有类似的问题。我得到这个例外:
Unable to resolve Uri cid:Part-0986dfc9-2748-41a4-8624-e505e98b29be.
System.Security
at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
at System.Security.Cryptography.Xml.SignedXml.BuildDigestedReferences()
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at EmpTestWeb.BL.ebXMLSigner.ComputeSig(X509Certificate2 cert, XmlDocument doc, String externalReferenceUri) in C:\Websites\TestWeb\BL\ebXMLSigner.cs:line 67
at ASP.ebxml_aspx.GenerateHeaderXML() in c:\Websites\TestWeb\ebXML.aspx:line 227
at ASP.ebxml_aspx.btnSubmit_Click(Object sender, EventArgs e) in c:\Websites\TestWeb\ebXML.aspx:line 89
如果我尝试使用它也没有用 class:
class ebXMLSignedXml : SignedXml
{
// ctors and other members as appropriate
public ebXMLSignedXml(XmlDocument doc) : base(doc) { }
public override XmlElement GetIdElement(XmlDocument document, string idValue)
{
if (document == null)
return null;
if (string.IsNullOrEmpty(idValue))
return null;
if (!idValue.StartsWith("cid:"))
return base.GetIdElement(document, idValue);
string xPath = $"//InfRps[@Id=\"{idValue}\"]";
XmlNodeList nodeList = document.SelectNodes(xPath);
if (nodeList == null || nodeList.Count != 1)
return null;
return nodeList[0] as XmlElement;
}
}
它从未到达它应该 select 具有 Id="cid:...."
的元素
解决方案
我最终传递了内容流而不是 URI,并手动将 URI="cpa:13131312" 属性添加到生成的 XML.
就我而言,在被困几天之后。这是 Reference.uri。我将它保存为“#1”并且它不能以数字开头,我将它留在“#test”以及 XML 的 ID 中进行签名。我有它“1”,我把它留在“测试”。
我正在开发一个在 xml 中对发票进行数字签名的程序。我遵循了本指南 https://www.profissionaisti.com.br/2010/07/assinando-digitalmente-um-xml-usando-c/#comment-197297。但是,我收到错误 Malformed reference element。 代码是:
static void Main(string[] args)
{
//open certificates of current user
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
//Open screen to choose certificate
var selectedCertificate = X509Certificate2UI.SelectFromCollection(
store.Certificates,
"Title",
"MSG",
X509SelectionFlag.SingleSelection);
//Gets the x509 object of the selected certificate
foreach (X509Certificate2 x509 in selectedCertificate)
{
try
{
//==============================
// Start reading xml files
//==============================
var txtFiles = Directory.EnumerateFiles("./", "*.xml");
foreach (string currentFile in txtFiles)
{
Console.WriteLine("Reading file " + currentFile + ":");
var originalDoc = XDocument.Load(currentFile);
XmlDocument doc = DocumentExtensions.ToXmlDocument(originalDoc);
//==============================
// Start reading bills
//==============================
获取xml节点InfRps,它是xml中账单的表示:
XmlNodeList ListInfRps = doc.GetElementsByTagName("InfRps");
int NodeCounter = 1;
foreach (XmlElement InfRps in ListInfRps)
{
.NET 框架的命名空间 System.Security.Cryptography.Xml 上有一个 class 称为 SignedXml,它实现了文档签名和签名文档验证的 W3C 标准。下面的代码启动这个 class.
string id = InfRps.Attributes.GetNamedItem("Id").Value;
SignedXml signedXml = new SignedXml(InfRps);
signedXml.SigningKey = x509.PrivateKey;
根据美国国税局的规定,XML 必须在处理前以规范形式放置。 class 参考负责这部分过程,包括节点 infNFE 的识别和所需的转换:
// Transformation for DigestValue
Reference reference = new Reference("#" + id);
//Reference reference = new Reference("#" + "lote");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigC14NTransform());
signedXml.AddReference(reference);
在计算签名之前,我们必须配置对所使用的数字证书信息的处理。基于此数据,美国国税局能够验证签名并确保在账单发送者签名后没有修改任何信息。我们必须在证书数据中包含一个子句。
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(x509));
signedXml.KeyInfo = keyInfo;
现在,我们应该计算签名:这是错误。
signedXml.ComputeSignature();
如果计算签名有效,那么我们可以在 xml:
上创建元素签名 XmlElement xmlSignature = doc.CreateElement("Signature", "http://www.w3.org/2000/09/xmldsig#");
XmlAttribute attr = doc.CreateAttribute("Id");
attr.Value = "Ass_" + id;
//Add the attribute to the node
xmlSignature.Attributes.SetNamedItem(attr);
XmlElement xmlSignedInfo = signedXml.SignedInfo.GetXml();
XmlElement xmlKeyInfo = signedXml.KeyInfo.GetXml();
XmlElement xmlSignatureValue = doc.CreateElement("SignatureValue", xmlSignature.NamespaceURI);
string signBase64 = Convert.ToBase64String(signedXml.Signature.SignatureValue);
XmlText text = doc.CreateTextNode(signBase64);
xmlSignatureValue.AppendChild(text);
xmlSignature.AppendChild(doc.ImportNode(xmlSignedInfo, true));
xmlSignature.AppendChild(xmlSignatureValue);
xmlSignature.AppendChild(doc.ImportNode(xmlKeyInfo, true));
XmlNodeList ListRps = doc.GetElementsByTagName("Rps");
int RpsCounter = 1;
foreach (XmlElement Rps in ListRps)
{
if (RpsCounter == NodeCounter)
{
Rps.AppendChild(xmlSignature);
}
RpsCounter++;
}
Console.WriteLine("Ok");
NodeCounter++;
}
(...)
我收到 CryptographicException:格式错误的参考元素:
System.Security.Cryptography.CryptographicException: Malformed reference element.
at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument
document, CanonicalXmlNodeList refList)
at System.Security.Cryptography.Xml.SignedXml.BuildDigestedReferences()
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at escolhercertificadosimples.Program.Main(String[] args) in
C:\Users\user\Do
cuments\Visual Studio
2015\Projects\assinaturalote\assinaturalote\Program.cs:line 143
Pressione qualquer tecla para continuar. . .
xml签名示例如下:
<?xml version="1.0" encoding="UTF-8"?>
<EnviarLoteRpsEnvio xmlns="http://www.abrasf.org.br/nfse.xsd">
<LoteRps Id="lote" versao="1.00">
<NumeroLote>8</NumeroLote>
<Cnpj>09419261123115</Cnpj>
<InscricaoMunicipal>51624621</InscricaoMunicipal>
<QuantidadeRps>1</QuantidadeRps>
<ListaRps>
<Rps xmlns="http://www.abrasf.org.br/nfse.xsd">
<InfRps Id="rps:8201603150148">
<IdentificacaoRps>
<Numero>8201613150148</Numero>
<Serie>248</Serie>
<Tipo>2</Tipo>
</IdentificacaoRps>
<DataEmissao>2016-03-15T18:18:39</DataEmissao>
<NaturezaOperacao>1</NaturezaOperacao>
<OptanteSimplesNacional>2</OptanteSimplesNacional>
<IncentivadorCultural>2</IncentivadorCultural>
<Status>1</Status>
<Servico>
<Valores>
<ValorServicos>20.00</ValorServicos>
<ValorDeducoes>0.00</ValorDeducoes>
<ValorPis>1.60</ValorPis>
<ValorCofins>2.00</ValorCofins>
<ValorInss>0.00</ValorInss>
<ValorIr>3.00</ValorIr>
<ValorCsll>2.00</ValorCsll>
<IssRetido>1</IssRetido>
<OutrasRetencoes>0.00</OutrasRetencoes>
<DescontoIncondicionado>0.00</DescontoIncondicionado>
<DescontoCondicionado>0.00</DescontoCondicionado>
</Valores>
<ItemListaServico>1.07</ItemListaServico>
<CodigoTributacaoMunicipio>10700100</CodigoTributacaoMunicipio>
<Discriminacao>test.</Discriminacao>
<CodigoMunicipio>4314902</CodigoMunicipio>
</Servico>
<Prestador>
<Cnpj>09419261000115</Cnpj>
<InscricaoMunicipal>51624621</InscricaoMunicipal>
</Prestador>
<Tomador>
<IdentificacaoTomador>
<CpfCnpj>
<Cnpj>14525684000150</Cnpj>
</CpfCnpj>
</IdentificacaoTomador>
<RazaoSocial>test S.A.</RazaoSocial>
<Endereco>
<Endereco>Rua test</Endereco>
<Numero>83</Numero>
<Complemento>Sala test</Complemento>
<Bairro>Centro</Bairro>
<CodigoMunicipio>3304557</CodigoMunicipio>
<Uf>RJ</Uf>
<Cep>20091007</Cep>
</Endereco>
<Contato>
<Telefone>2136261100</Telefone>
<Email>test@test.com.br</Email>
</Contato>
</Tomador>
</InfRps>
</Rps>
</ListaRps>
</LoteRps>
</EnviarLoteRpsEnvio>
有人知道吗?任何想法都会受到赞赏
您的 Id 值 (rps:8201603150148) 中有一个冒号,这对于标识符属性来说是非法的。 (根据 https://www.w3.org/TR/xml-id/#processing、The normalized value of the attribute is an NCName...,其中 "NCName" 的 "NC" 部分是 "no-colon")
由于 Id 值中有一个冒号,SignedXml 无法解析它,所以它说您的参考指向无处。
如果您正在编写新代码并且对您的(技术上格式错误的)标识符属性值没有要求,最好的答案是去掉冒号(下划线通常很适合这个角色)。
由于符合 xml:id 约束条件可获得最具互操作性的文档,因此这绝对是最佳答案。
下一个最佳答案是扩展 SignedXml class 并覆盖 GetIdElement。您应该使您的匹配逻辑尽可能严格。请注意,此逻辑必须对签名者和接收者都执行...并且仅在双方都有能力接受松散的一致性文档时才有效。
internal class RpsSignedXml : SignedXml
{
// ctors and other members as appropriate
public override XmlElement GetIdElement(XmlDocument document, string idValue)
{
if (document == null)
return null;
if (string.IsNullOrEmpty(idValue))
return null;
if (!idValue.StartsWith("rps:"))
return base.GetIdElement(document, idValue);
string xPath = $"//InfRps[@Id=\"{idValue}\"]";
XmlNodeList nodeList = document.SelectNodes(xPath);
if (nodeList == null || nodeList.Count != 1)
return null;
return nodeList[0] as XmlElement;
}
}
我也有类似的问题。我得到这个例外:
Unable to resolve Uri cid:Part-0986dfc9-2748-41a4-8624-e505e98b29be.
System.Security
at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
at System.Security.Cryptography.Xml.SignedXml.BuildDigestedReferences()
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at EmpTestWeb.BL.ebXMLSigner.ComputeSig(X509Certificate2 cert, XmlDocument doc, String externalReferenceUri) in C:\Websites\TestWeb\BL\ebXMLSigner.cs:line 67
at ASP.ebxml_aspx.GenerateHeaderXML() in c:\Websites\TestWeb\ebXML.aspx:line 227
at ASP.ebxml_aspx.btnSubmit_Click(Object sender, EventArgs e) in c:\Websites\TestWeb\ebXML.aspx:line 89
如果我尝试使用它也没有用 class:
class ebXMLSignedXml : SignedXml
{
// ctors and other members as appropriate
public ebXMLSignedXml(XmlDocument doc) : base(doc) { }
public override XmlElement GetIdElement(XmlDocument document, string idValue)
{
if (document == null)
return null;
if (string.IsNullOrEmpty(idValue))
return null;
if (!idValue.StartsWith("cid:"))
return base.GetIdElement(document, idValue);
string xPath = $"//InfRps[@Id=\"{idValue}\"]";
XmlNodeList nodeList = document.SelectNodes(xPath);
if (nodeList == null || nodeList.Count != 1)
return null;
return nodeList[0] as XmlElement;
}
}
它从未到达它应该 select 具有 Id="cid:...."
解决方案
我最终传递了内容流而不是 URI,并手动将 URI="cpa:13131312" 属性添加到生成的 XML.
就我而言,在被困几天之后。这是 Reference.uri。我将它保存为“#1”并且它不能以数字开头,我将它留在“#test”以及 XML 的 ID 中进行签名。我有它“1”,我把它留在“测试”。