更新时间:2023-11-30 18:43:22
CryptoConfig.createFromName(...)
CryptoConfig.createFromName(...)
doesn't know about http://www.w3.org/2000/09/xmldsig#rsa-sha1
as the digest+signing algorithm. If CryptoConfig.createFromName()
is not returning null, whatever algorithm is registered for http://www.w3.org/2000/09/xmldsig#rsa-sha1
might not be RSA-SHA1. Here's an explicit implementation of SignatureDescription
with RSA and SHA1:
public class RSASHA1SignatureDescription : SignatureDescription {
public RSASHA1SignatureDescription() {
KeyAlgorithm = "System.Security.Cryptography.RSA";
DigestAlgorithm = "System.Security.Cryptography.SHA1Cng";
FormatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
DeformatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
_hashAlgorithm = "SHA1";
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key) {
AsymmetricSignatureDeformatter item = (AsymmetricSignatureDeformatter) CryptoConfig.CreateFromName(DeformatterAlgorithm);
item.setKey(key);
item.SetHashAlgorithm(_hashAlgorithm);
return item;
}
public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key) {
AsymmetricSignatureFormatter item = (AsymmetricSignatureFormatter) CryptoConfig.CreateFromName(FormatterAlgorithm);
item.setKey(key);
item.SetHashAlgorithm(_hashAlgorithm);
return item;
}
private string _hashAlgorithm;
}
另一种可能性是,但是您正在验证签名,而不希望rsa-sha1(许多身份提供程序通过配置禁止rsa-sha1)或验证不正确.尝试向真实的IdP(例如Okta或Salesforce)进行注册,并在那里进行验证.
The other possibility is that however you're validating the signature doesn't want rsa-sha1 (many identity providers prohibit rsa-sha1 via configuration) or the validation is incorrect. Try registering with a real IdP such as Okta or Salesforce and validate there.