GostCryptography icon indicating copy to clipboard operation
GostCryptography copied to clipboard

Published 20 hours ago verified publisher icon AlexMAS

Верефикация нескольких сигнатур в файле

Open JumpAttacker opened this issue 4 years ago • 0 comments

День добрый. Имеется примерно следующий файл

<soap:Envelope
	xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
	<soap:Body>
		<ns2:GetResponseResponse
			xmlns="urn://x-artefacts-smev-gov-ru/services/message-exchange/types/basic/1.2"
			xmlns:ns2="urn://x-artefacts-smev-gov-ru/services/message-exchange/types/1.2"
			xmlns:ns3="urn://x-artefacts-smev-gov-ru/services/message-exchange/types/faults/1.2">
			<ns2:ResponseMessage>
				<ns2:Response Id="SIGNED_BY_SMEV">
					...
					<ns2:SenderInformationSystemSignature>
						<Signature:Signature
							xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"
							xmlns="http://www.w3.org/2000/09/xmldsig#" Id="">
							<SignedInfo>
								<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
								<SignatureMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256" />
								<Reference Id="" URI="">
									<Transforms>
										<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
										<Transform Algorithm="urn://smev-gov-ru/xmldsig/transform" />
									</Transforms>
									<DigestMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" />
									<DigestValue>...</DigestValue>
								</Reference>
							</SignedInfo>
							<SignatureValue>...</SignatureValue>
							<KeyInfo Id="">
								<X509Data>
									<X509Certificate>Серт_1</X509Certificate>
								</X509Data>
							</KeyInfo>
						</Signature:Signature>
					</ns2:SenderInformationSystemSignature>
				</ns2:Response>
				<ns2:SMEVSignature>
					<ds:Signature
						xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
						<ds:SignedInfo>
							...
						</ds:SignedInfo>
						<ds:SignatureValue>...</ds:SignatureValue>
						<ds:KeyInfo>
							<ds:X509Data>
								<ds:X509Certificate>Серт_2</ds:X509Certificate>
							</ds:X509Data>
						</ds:KeyInfo>
					</ds:Signature>
				</ns2:SMEVSignature>
			</ns2:ResponseMessage>
		</ns2:GetResponseResponse>
	</soap:Body>
</soap:Envelope>

Который хранит в себе два сертификата.

Вопрос: как проверить эти оба сертефиката на виладность?

Моя попытка: При проверке сигнатуры вторая сигнатура выдает false Код метода verify

XmlDocument signedSmevRequest = CreateSmevRequest(xml);

GostSignedXml signedXml = new GostSignedXml(signedSmevRequest) { GetIdElementHandler = GetSmevIdElement };
bool isValid = signedSmevRequest.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
	.OfType<XmlElement>()
	.ToArray()
	.All(e =>
	{
		//workaround - remove the signature element here.
		e.ParentNode?.RemoveChild(e);
		signedXml.LoadXml(e);
		XmlNodeList references = signedXml.KeyInfo.GetXml().GetElementsByTagName("X509Certificate");
		X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(references[0].InnerText));
		bool valid = signedXml.CheckSignature(certificate.GetPublicKeyAlgorithm());
		return valid;
	});
return isValid;

JumpAttacker avatar Feb 04 '20 14:02 JumpAttacker