我想根据机器存储中的证书验证 SignedXml 中的签名。此代码用于验证签名:
internal bool VerifySignature(XmlDocument xml)
{
var signedXml = new SignedXml(xml);
var nsMgr = new XmlNamespaceManager(xml.NameTable);
nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
signedXml.LoadXml((XmlElement)xml.SelectSingleNode("//ds:Signature", nsMgr));
return signedXml.CheckSignature();
}
签名验证良好,但仅针对自身而不是针对机器上安装的证书。有没有一种方法可以根据本地证书存储中的根证书进行检查?
最佳答案
如果有人感兴趣,我使用了 CheckSignature(X509Certificate2, Boolean) 方法。我从 Signature 对象获得了证书并像这样检查它:
var x509data = signedXml.Signature.KeyInfo.OfType<KeyInfoX509Data>().First();
var verified = false;
if(x509data != null)
{
var cert = x509data.Certificates[0] as X509Certificate2;
verified = cert != null && signedXml.CheckSignature(cert, false);
}
return verified;
关于c# - 如何针对机器存储验证 SignedXml 中的证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6663733/