logo标签列表

如何从ClickOnce部署清单XML文件中获取证书信息

c#.netxmlxpathxmldocument
3

我正在尝试解析XML文件,以从ClickOnce Manifiest获取证书信息。 我需要的是X509Certificate信息。 示例文件如下:

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
  <asmv1:assemblyIdentity name="someName.Xbap.exe" version="2.5.18.1" publicKeyToken="3i3cc7f44s0b9526" language="neutral" processorArchitecture="msil" type="win32" />
  <application />
  <entryPoint>
    <assemblyIdentity name="someName.AFW.Xbap" version="2.5.18.1" language="neutral" processorArchitecture="msil" />
    <commandLine file="someName.AFW.Xbap.exe" parameters="" />
    <hostInBrowser xmlns="urn:schemas-microsoft-com:asm.v3" />
  </entryPoint>
  <publisherIdentity name="CN=HOSTNAME" issuerKeyHash="4534734c4984227c4fa0asdd4eb114524aaed397" />
  <Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>MVvHBmUFm2j7PwKjbzig0y7jdBo=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>someRandomSignatureValue</SignatureValue>
    <KeyInfo Id="StrongNameKeyInfo">
      <KeyValue>
        <RSAKeyValue>
          <Modulus>someRandomModulusValue</Modulus>
          <Exponent>AQAB</Exponent>
        </RSAKeyValue>
      </KeyValue>
      <msrel:RelData xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/reldata">
        <r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode">
          <r:grant>
            <as:ManifestInformation Hash="manifesthash" Description="" Url="">
              <as:assemblyIdentity name="Somename.Xbap.exe" version="1.0.18.51" publicKeyToken="3b3bc7b44b4b8810" language="neutral" processorArchitecture="msil" type="win32" />
            </as:ManifestInformation>
            <as:SignedBy />
            <as:AuthenticodePublisher>
              <as:X509SubjectName>CN=HostName</as:X509SubjectName>
            </as:AuthenticodePublisher>
          </r:grant>
          <r:issuer>
            <Signature Id="AuthenticodeSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
              <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="">
                  <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                  <DigestValue>asdasda+asdaasdasdad=</DigestValue>
                </Reference>
              </SignedInfo>
              <SignatureValue>someRandomSignatureValue==</SignatureValue>
              <KeyInfo>
                <KeyValue>
                  <RSAKeyValue>
                    <Modulus>someRandomSignatureValue</Modulus>
                    <Exponent>AQAB</Exponent>
                  </RSAKeyValue>
                </KeyValue>
                <X509Data>
                  <X509Certificate>!!!this is the required certificate information!!!</X509Certificate>
                </X509Data>
              </KeyInfo>
            </Signature>
          </r:issuer>
        </r:license>
      </msrel:RelData>
    </KeyInfo>
  </Signature>
</asmv1:assembly>

我尝试解析它的方式如下:
XmlDocument xmlDoc = new XmlDocument();
    xmlDoc.Load(filePath);
    XmlNode securityNode = xmlDoc.SelectSingleNode("/Signature/KeyInfo/msrel:RelData/r:license/r:issuer/Signature/KeyInfo/X509Data/X509Certificate");

当我执行它时,出现了XPathException的错误。
我也尝试过一种命名空间变体。
2个回答
2

以下是您遗漏的一些步骤。首先,您需要使用XmlNamespaceManager来注册前缀到命名空间URI的映射:

var nsMapping = new XmlNamespaceManager(xmlDoc.NameTable);
nsMapping.AddNamespace("msrel", "http://schemas.microsoft.com/windows/rel/2005/reldata");
nsMapping.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");

其次,在上述两个命名空间之外,您还需要注册默认命名空间(即没有前缀声明的命名空间)以在XPath中使用:

nsMapping.AddNamespace("d", "http://www.w3.org/2000/09/xmldsig#");

第三步,除了正确使用已注册的前缀外,在XPath中将命名空间管理器作为第二个参数传递给SelectSingleNode()
var xpath = "//d:Signature/d:KeyInfo/msrel:RelData/r:license/r:issuer/d:Signature/d:KeyInfo/d:X509Data/d:X509Certificate";
XmlNode securityNode = xmlDoc.SelectSingleNode(xpath, nsMapping);

如果缺少上述特定步骤,将会触发像你在问题中提到的XPathException异常。另外,以下更简单的XPath也适用于这种情况:

var xpath = "//d:X509Certificate";
0

该文档包含不同命名空间定义。当访问使用命名空间的XML结构内部的节点时,也应该同时处理命名空间,否则名称是不完整的,看起来就好像它不存在一样。

使用LINQ2XML的一个可能的解决方案如下:

// load the xml document
var xml = XDocument.Load(@"d:\input.xml");
// find the signature node
var signature = xml.Root.Elements().FirstOrDefault(r => r.Value.Contains("Signature"));
if (signature != null)
{
    // get the namespace of the signature node in order to search for the sub nodes
    var ns = signature.GetDefaultNamespace();
    // find the certificate node
    var certificate = signature.Descendants(ns + "X509Certificate").FirstOrDefault();
    if (certificate != null)
    {
        // take the value
        Console.WriteLine(certificate.Value);
    }
}

输出结果为:

!!!this is the required certificate information!!!
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接