EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add XADES XL OCSPValues after Save method

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#12435
Posted: 02/15/2010 10:06:01
by irsantonio (Basic support level)
Joined: 02/15/2010
Posts: 8

I've sucessfully used SBB to sign XADES XML but a customer requirement checks that the OCSP response validating signing certificate is performed after the signature and timestamp of the document.

We populate all the CompleteCertificateRefs, CertificateValues, CompleteRevocationRefs and RevocationValues after TElXAdESSigner.Generate and before TElXMLSigner.Save methods. So, the OCSP response always will be processed before the signature.

Is there any way to implement this requirement?. Something like extend an existing signature.

Thanks!
#12436
Posted: 02/15/2010 12:16:17
by Dmytro Bogatskyy (EldoS Corp.)

Quote
We populate all the CompleteCertificateRefs, CertificateValues, CompleteRevocationRefs and RevocationValues after TElXAdESSigner.Generate and before TElXMLSigner.Save methods. So, the OCSP response always will be processed before the signature.

Is there any way to implement this requirement?. Something like extend an existing signature.

Those elements are in UnsignedSignatureProperties element, so they could be added after the signing. But ElXAdESProcessor doesn't support this at the moment.
However you can do this in the following way (after ElXMLSigner.Save/ElXAdESVerifier.Load methods):
Code
Props := ElXAdESSigner/ElXAdESVerifier.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties;

// fill Props.CompleteRevocationRefs
var T: TElXMLDOMElement := Props.CompleteRevocationRefs.SaveToXML(Document);
if Assigned(Props.CompleteRevocationRefs.XMLElement) then
  // replace CompleteRevocationRefs if exists
  Props.XMLElement.ReplaceChild(T, Props.CompleteRevocationRefs.XMLElement)
else
  Props.XMLElement.AppendChild(T);
#12445
Posted: 02/16/2010 09:07:49
by irsantonio (Basic support level)
Joined: 02/15/2010
Posts: 8

Ok, i've tried that but get an "Node.InsertBefore" exception in ReplaceChild. Any ideas?. Already checked that Props.CompleteRevocationRefs.XMLElement is not null (assigned).

Another problem with this workaround is how to generate the "AddSigAndRefsTimestamp" needed to comply with XADES-XL. It should be done after populating OCSP refs and values.

Thanks!
#12449
Posted: 02/16/2010 10:07:59
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Ok, i've tried that but get an "Node.InsertBefore" exception in ReplaceChild. Any ideas?. Already checked that Props.CompleteRevocationRefs.XMLElement is not null (assigned).

Please check if Props.XMLElement is not null.
Also a Document passed as parameter to SaveToXML method should be equal to Props.XMLElement.OwnerDocument
Quote
Another problem with this workaround is how to generate the "AddSigAndRefsTimestamp" needed to comply with XADES-XL. It should be done after populating OCSP refs and values.

Use ElXAdESSigner/ElXAdESVerifier.AddSigAndRefsTimestamp method, if signature exists it will timestamp immediately and add it to the xml document.
#12454
Posted: 02/17/2010 04:47:20
by irsantonio (Basic support level)
Joined: 02/15/2010
Posts: 8

Quote
Please check if Props.XMLElement is not null.
Also a Document passed as parameter to SaveToXML method should be equal to Props.XMLElement.OwnerDocument


Everything checked but exception still occurs, changed to the following works fine

Code
TElXMLDOMElement UnsignedSigPropsElement = xadesSigner.QualifyingProperties.UnsignedProperties.SaveToXML(xadesSigner.QualifyingProperties.UnsignedProperties.XMLElement.OwnerDocument);
TElXMLDOMNode oldUnsignedSigPropsElement = xadesSigner.QualifyingProperties.UnsignedProperties.XMLElement.ChildNodes[0];

xadesSigner.QualifyingProperties.UnsignedProperties.XMLElement.RemoveChild(oldUnsignedSigPropsElement);
xadesSigner.QualifyingProperties.UnsignedProperties.XMLElement.AppendChild(newUnsignedSigPropsElement);


Maybe there is anything different internally in the saved XMLElement than ChildNodes[0]?
#12455
Posted: 02/17/2010 05:20:48
by Dmytro Bogatskyy (EldoS Corp.)

Ah, SaveToXML method set XMLElement property with a new value.
So, the correct code (if UnsignedSignatureProperties.XMLElement is not null):
Code
Props := ElXAdESSigner/ElXAdESVerifier.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties;

// fill Props.CompleteRevocationRefs
var OldNode : TElXMLDOMElement := Props.CompleteRevocationRefs.XMLElement;
var T: TElXMLDOMElement := Props.CompleteRevocationRefs.SaveToXML(Document);
if Assigned(OldNode) then
  // replace CompleteRevocationRefs if exists
  Props.XMLElement.ReplaceChild(T, OldNode)
else
  Props.XMLElement.AppendChild(T);
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 1439 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!