XML关系转换算法 [英] XML Relationship Transform Algorithm

问题描述

我正在尝试验证具有数字签名的MS Word * .docx文件.为了进行验证，我必须计算引用节点的摘要，并检查它是否与签名(sig1.xml)中给出的摘要相同.我找不到有关ti如何执行关系转换以计算摘要的信息.

I'm trying to validate a MS Word *.docx file with digital signature. In order to do validation, i have to calculate digest of referenced nodes and to check if it is same as one given in the signature (sig1.xml). I can't find info about how ti implement relationship transformation in order to calculate that digest.

签名XML(sig1.xml)的部分如下:

the part of signature XML (sig1.xml) is as follows:

<Object Id="idPackageObject" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature">
<Manifest><Reference URI="/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
<Transforms><Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">    
<mdssi:RelationshipReference SourceId="rId1"/></Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>1vWU/YTF/7t6ZjnE44gAFTbZvvA=</DigestValue>....(next ref node ....)..
<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>s2yQEJrQSfC0YoRe1hvm+IGBpJQ=</DigestValue></Reference>.....More Reference Nodes.....

/_ rels/.rels文件本身:

/_rels/.rels file himself:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/>
<Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/>
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/>
<Relationship Id="rId4" Type="http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin" Target="_xmlsignatures/origin.sigs"/>
</Relationships>

所以我需要计算/_rels/.rels的SHA1，但是在计算之前，我必须应用关系变换和C14N.

So i need to calculate SHA1 of /_rels/.rels, but before calculation i must apply relationship transform and C14N.

当我正在计算不带关系变换的节点的摘要时(例如:此节点)

When i'm calculating digest of node with no relationship transform(of this node, for example:)

<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>s2yQEJrQSfC0YoRe1hvm+IGBpJQ=</DigestValue>
</Reference> 

一切都很好，只要对引用的URI(在这种情况下为/word/document.xml)进行SHA1处理，就可以得到与给定int签名节点相同的哈希值.但是，当涉及到具有关系转换的节点时，计算永远不会给出与签名中所述相同的值.

everything is fine, just doing SHA1 of referred URI(/word/document.xml in this case) gives me same hash as one given int the signature node. But when it comes to node with relationship transform - calculations never gives same value as stated in the signature.

一般来说，我的问题是在哪里可以找到有关此关系转换的信息以及如何实现它?

My Question in general is where to find info about this relationship transform and how to implement it ?

谢谢

乔治

推荐答案

有关转换以及这种情况下的关系转换的主要信息源可以在ECMA的" Office Open XML文件格式—开放包装约定"中找到. "文件.链接

The main source of information on transforms, and relationship transforms in this case, can be found in ECMA's "Office Open XML File Formats — Open Packaging Conventions" paper. Link here.

重要部分是13.2.4.24.

The section of importance is 13.2.4.24.

Relationship Transform应该创建.rels文件的副本，在这种情况下为"/_rels/.rels"，并删除所有与 SourceId Relationship 节点. >.该文件是最终经过哈希处理并创建摘要的文件.

Relationship Transform should create a copy of the .rels file, in this case "/_rels/.rels" and remove all Relationship nodes that don't match with SourceId. This file is what is eventually hashed and creates the digest.

包实现者应删除所有没有 Id值的Relationship元素 匹配任何SourceId值或匹配任何SourceType值的Type值， 在转换定义中指定的SourceId和SourceType值.

The package implementer shall remove all Relationship elements that do not have either an Id value that matches any SourceId value or a Type value that matches any SourceType value, among the SourceId and SourceType values specified in the transform definition.

在第3步准备规范化"中也指出:

Under step 3, "Prepare for canonicalization" it also states:

包实施者应添加一个 TargetMode 属性及其默认值(如果此可选) 关系元素中缺少属性

The package implementer shall add a TargetMode attribute with its default value, if this optional attribute is missing from the Relationship element

因为我们要在同一包中的文件之间创建关系，所以我们将其值为"内部".您需要先添加此属性，然后再对其进行哈希处理.

Because we are creating a relationship between files in the same package, we have the value of "Internal". You need to add this attribute before you hash it.

因此在转换和c14n之后，您应该具有:

So after the transform and c14n, you should have:

<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Target="word/document.xml" TargetMode="Internal" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument"></Relationship></Relationships>

注意::如果您使用的是Unix系统，请注意换行符，OPC使用CRLF而不是LF.

NOTE: If you are using a unix system, be aware of linebreaks, the OPC uses CRLF not LF.

这篇关于XML关系转换算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！