Xml signature with XPath transform
From: J-P Meunier (fuimens_at_yahoo.fr)
Date: 05/28/03
- Next message: Balu: "windows NTLM authentication"
- Previous message: J-P Meunier: "Re: need help on XmlDsigXsltTransform"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 16:09:44 +0200
Hello,
I am sorry to insist but I really need to perform a XmlXPathTransform in
order to sign only a part of <Object> Xml element.
For instance I want to sign the <SignedPropertie> node which is included in
<Object>.
For that I create a reference like this:
Reference reference = new Reference();
reference.Uri = "#GeneralProperties";
XmlDsigXPathTransform xPathTransform = new XmlDsigXPathTransform();
string strXPath = "<XPath>//SignedProperties/descendant::*</XPath>";
XmlDocument domTransform = new XmlDocument();
domTransform.LoadXml(strXPath);
xPathTransform.LoadInnerXml(domTransform.ChildNodes);
reference.AddTransform(xPathTransform);
Now when I compute the signature I get the following Xml:
<Signature Id="MySignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#GeneralProperties">
<Transforms>
<Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>//SignedProperties/descendant::*</XPath>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>52dHkEkYtxE0Q5vyOd7FNQHu9/o=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>ZL8ikcITRwLQ==</SignatureValue>
<KeyInfo>
<KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
<RSAKeyValue>
<Modulus>x9lJWha9tRVRXq0UnLnkx1EuQ==</Modulus>
<Exponent>AQAB</Exponent></RSAKeyValue>
</KeyValue>
</KeyInfo>
<Object Id="GeneralProperties">
<QualifyingProperties xmlns="">
<SignedProperties>
<SignedSignatureProperties>
<SigningTime>2003-5-28</SigningTime>
</SignedSignatureProperties>
</SignedProperties>
</QualifyingProperties>
</Object>
</Signature>
To validate that not all <Object> node is signed I change
<QualifyingProperties> tag by another tag name but then the signature check
return false. This means that the XPath transformation didn't work as
expected.
Please provide any information that could help because I can't work it out.
Thanks
JP
- Next message: Balu: "windows NTLM authentication"
- Previous message: J-P Meunier: "Re: need help on XmlDsigXsltTransform"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
