在 System.Security.Cryptography.Xml.SignedXml 上使用 .Net 的 CheckSignature 在测试服务器上失败,但在开发机器上失败
Using .Net's CheckSignature on a System.Security.Cryptography.Xml.SignedXml fails on test servers, but not development machine
我正在尝试通过检查其签名来验证某个 xml 文档未被篡改。
在我的开发机器上这工作正常,但在我们的测试服务器上它总是失败。开发机器是Windows10,测试服务器是WindowsServer 2008 R2和WindowsServer 2012.
我已经成功创建了一个 SignedXML 调试日志,它是这样的:
发展:
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#03d410d5, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedXml#03d410d5, NamespacePropagation] Propagating namespace xmlns="<namespace here>".
以此类推
在测试服务器上,它的开始几乎是一样的:
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#00e65efe, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".
但到此为止。无信息:曾记录 7,函数 returns false。
测试服务器至少安装了 .Net 4.5.2,所以我假设他们不会遇到 SHA-256 签名问题。
我在这里错过了什么?
周末我弄明白了。
显然 XML 我得到的(来自 Azure AD 的联合数据)是使用加密方法签名的,该方法在 .Net 4.5.2 中不起作用,但在 4.6.2 中有效。
今天早上将其中一台测试服务器更新到 .Net 4.6.2 后,CheckSignature 确实返回了 true。
我正在尝试通过检查其签名来验证某个 xml 文档未被篡改。
在我的开发机器上这工作正常,但在我们的测试服务器上它总是失败。开发机器是Windows10,测试服务器是WindowsServer 2008 R2和WindowsServer 2012.
我已经成功创建了一个 SignedXML 调试日志,它是这样的:
发展:
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#03d410d5, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedXml#03d410d5, NamespacePropagation] Propagating namespace xmlns="<namespace here>".
以此类推
在测试服务器上,它的开始几乎是一样的:
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#00e65efe, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".
但到此为止。无信息:曾记录 7,函数 returns false。
测试服务器至少安装了 .Net 4.5.2,所以我假设他们不会遇到 SHA-256 签名问题。
我在这里错过了什么?
周末我弄明白了。
显然 XML 我得到的(来自 Azure AD 的联合数据)是使用加密方法签名的,该方法在 .Net 4.5.2 中不起作用,但在 4.6.2 中有效。
今天早上将其中一台测试服务器更新到 .Net 4.6.2 后,CheckSignature 确实返回了 true。