GostCryptography
GostCryptography copied to clipboard
Верефикация нескольких сигнатур в файле
День добрый. Имеется примерно следующий файл
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:GetResponseResponse
xmlns="urn://x-artefacts-smev-gov-ru/services/message-exchange/types/basic/1.2"
xmlns:ns2="urn://x-artefacts-smev-gov-ru/services/message-exchange/types/1.2"
xmlns:ns3="urn://x-artefacts-smev-gov-ru/services/message-exchange/types/faults/1.2">
<ns2:ResponseMessage>
<ns2:Response Id="SIGNED_BY_SMEV">
...
<ns2:SenderInformationSystemSignature>
<Signature:Signature
xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"
xmlns="http://www.w3.org/2000/09/xmldsig#" Id="">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256" />
<Reference Id="" URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<Transform Algorithm="urn://smev-gov-ru/xmldsig/transform" />
</Transforms>
<DigestMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" />
<DigestValue>...</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo Id="">
<X509Data>
<X509Certificate>Серт_1</X509Certificate>
</X509Data>
</KeyInfo>
</Signature:Signature>
</ns2:SenderInformationSystemSignature>
</ns2:Response>
<ns2:SMEVSignature>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
...
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>Серт_2</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</ns2:SMEVSignature>
</ns2:ResponseMessage>
</ns2:GetResponseResponse>
</soap:Body>
</soap:Envelope>
Который хранит в себе два сертификата.
Вопрос: как проверить эти оба сертефиката на виладность?
Моя попытка: При проверке сигнатуры вторая сигнатура выдает false Код метода verify
XmlDocument signedSmevRequest = CreateSmevRequest(xml);
GostSignedXml signedXml = new GostSignedXml(signedSmevRequest) { GetIdElementHandler = GetSmevIdElement };
bool isValid = signedSmevRequest.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
.OfType<XmlElement>()
.ToArray()
.All(e =>
{
//workaround - remove the signature element here.
e.ParentNode?.RemoveChild(e);
signedXml.LoadXml(e);
XmlNodeList references = signedXml.KeyInfo.GetXml().GetElementsByTagName("X509Certificate");
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(references[0].InnerText));
bool valid = signedXml.CheckSignature(certificate.GetPublicKeyAlgorithm());
return valid;
});
return isValid;