XML 根元素的更改是否应该更改子元素的签名值?

Should a change in XML root element change the signature value for a sub element?

我试图用 camel 生成一个分离的 XML 签名文档。我注意到,如果我篡改名称空间的名称,文档将变得无效。例如。从 "soap" 更改为 "soap1" 命名空间会使文档无效。我得到一个:

org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidValueException: 
           Signature validation failed. The signature value could not be 
           validated by the public key. Either the message has been 
           tampered or the public key is not correct.

应该是这样吗?

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <anotherSample attr="1234"/>
        <sample ID="sampleID"/>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#sampleID">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>....</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>...</ds:SignatureValue>
            <ds:KeyInfo>....</ds:KeyInfo>
        </ds:Signature>
    </soap:Body>
</soap:Envelope>

来自 Canonical XML specBy virtue of the XPath data model, XML canonicalization is namespace-aware. 所以是的,更改命名空间应该会导致签名发生更改。