I'm trying to parse the xml file to get the Certificate info from ClickOnce Manifest. What I need is the X509Certificate information. Example file looks like this:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<asmv1:assemblyIdentity name="someName.Xbap.exe" version="2.5.18.1" publicKeyToken="3i3cc7f44s0b9526" language="neutral" processorArchitecture="msil" type="win32" />
<application />
<entryPoint>
<assemblyIdentity name="someName.AFW.Xbap" version="2.5.18.1" language="neutral" processorArchitecture="msil" />
<commandLine file="someName.AFW.Xbap.exe" parameters="" />
<hostInBrowser xmlns="urn:schemas-microsoft-com:asm.v3" />
</entryPoint>
<publisherIdentity name="CN=HOSTNAME" issuerKeyHash="4534734c4984227c4fa0asdd4eb114524aaed397" />
<Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>MVvHBmUFm2j7PwKjbzig0y7jdBo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue</SignatureValue>
<KeyInfo Id="StrongNameKeyInfo">
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomModulusValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<msrel:RelData xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/reldata">
<r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode">
<r:grant>
<as:ManifestInformation Hash="manifesthash" Description="" Url="">
<as:assemblyIdentity name="Somename.Xbap.exe" version="1.0.18.51" publicKeyToken="3b3bc7b44b4b8810" language="neutral" processorArchitecture="msil" type="win32" />
</as:ManifestInformation>
<as:SignedBy />
<as:AuthenticodePublisher>
<as:X509SubjectName>CN=HostName</as:X509SubjectName>
</as:AuthenticodePublisher>
</r:grant>
<r:issuer>
<Signature Id="AuthenticodeSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>asdasda+asdaasdasdad=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>someRandomSignatureValue==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>someRandomSignatureValue</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>!!!this is the required certificate information!!!</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</r:issuer>
</r:license>
</msrel:RelData>
</KeyInfo>
</Signature>
</asmv1:assembly>
I try to parse it like:
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(filePath);
XmlNode securityNode = xmlDoc.SelectSingleNode("/Signature/KeyInfo/msrel:RelData/r:license/r:issuer/Signature/KeyInfo/X509Data/X509Certificate");
When I execute it, I get XPathException
I've also tried one namespace variant.
These are some steps you missed. First, you need to use XmlNamespaceManager to register prefix-to-namespaceUri mapping :
var nsMapping = new XmlNamespaceManager(xmlDoc.NameTable);
nsMapping.AddNamespace("msrel", "http://schemas.microsoft.com/windows/rel/2005/reldata");
nsMapping.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
Second, besides above 2 namespaces, you also need to register the default namespace (the namespace which declared without prefix) for use in the XPath :
nsMapping.AddNamespace("d", "http://www.w3.org/2000/09/xmldsig#");
Third, pass the namespace manager as second parameter of SelectSingleNode() in addition to using registered prefixes properly in the XPath :
var xpath = "//d:Signature/d:KeyInfo/msrel:RelData/r:license/r:issuer/d:Signature/d:KeyInfo/d:X509Data/d:X509Certificate";
XmlNode securityNode = xmlDoc.SelectSingleNode(xpath, nsMapping);
Missing above particularly step will trigger XPathException as you mentioned in the question. And btw, the following much simpler XPath should also works for this case:
var xpath = "//d:X509Certificate";