EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML verifying, works half the time

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#12626
Posted: 02/27/2010 11:04:00
by Michael van Heusden (Standard support level)
Joined: 02/23/2010
Posts: 10

Hi,

I'm using the ElXMLVerifier, which isn't that hard to use really.
I got it working with test XML which I sign myself (using ElXMLSigner).
Using the following Delphi code:

Code
  lXMLDoc := TElXMLDOMDocument.Create;
  lXMLDoc.LoadFromStream( TStringStream.Create( lTemp ), '', True );
  XMLVerifier.Load( lXMLDoc.DocumentElement );

  // eerst SignedInfo stuk valideren
  if XMLVerifier.ValidateSignature then
  begin
    // reference validation here


(lTemp is a WideString)

But when I get a reply back from the webservice I'm working with, I know it's signature is valid but it doesn't get validated by my code. The ValidateSignature function returns False. And the KeyDataNeeded isn't on True afterwards (and the XML has key data in it)

I can't figure out what's wrong with it, what the difference is. It is very simple to use, and I use the same code/function on my self-signed xml as well as the incoming. It will likely be something very simple.

Here a piece of example XML i'm trying to validate:
Code
<?xml version="1.0" encoding="UTF-8"?>
<env:EldEnvelope xmlns:env="xxxxx">
  <env:Header>
    <header:EldHeader xmlns:header="xxxxxx">
      <header:BerichtAfz>Postkantoor</header:BerichtAfz>
      <header:BerichtGeadr>XXXXXX</header:BerichtGeadr>
      <header:BerichtRefNr>20100222-000059</header:BerichtRefNr>
      <header:CdBerichtType>A003</header:CdBerichtType>
      <header:VersieMajor>01</header:VersieMajor>
      <header:VersieMinor>01</header:VersieMinor>
      <header:DatAanmaak>20100222</header:DatAanmaak>
      <header:TijdAanmaak>090705</header:TijdAanmaak>
      <header:IndTestbericht>J</header:IndTestbericht>
    </header:EldHeader>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <Reference URI="#Leerdossier">
          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
          <DigestValue>A9HqfBBnE/JIxoAR8GMODLXaNIs=</DigestValue>
        </Reference>
      </SignedInfo>
      <SignatureValue>UD5jNTDl6arlDJyzRwxHNMd9gE7NGzlAlMaKO2h7dG0Zm+rUi6uRTsmmZRpVNykQ6Sel1kTXNx5a/MtYpAeHaOjS6eUf/WZbeZr8GHv0dYm0YzNSJt5fN6SoPkDYd0PHPsxM1n9L+bI4eyw1SrI9Bg+BwPcdgz6TJw1FSa5AHWs=</SignatureValue>
      <KeyInfo>
        <X509Data>
          <X509Certificate>MIID...BDF7+65jm...JYfQ/Axl9/mcvZ...BgQB+KCEvDYaK+3vsC2dazT3WAqYGgO9sPsjI03C5uXCudrRkW+n/zXi6...LYnT+msj3nxza2Q==</X509Certificate>
        </X509Data>
        <KeyValue>
          <RSAKeyValue>            <Modulus>uNhnz5TZc8EO6SfQkl8pCUU4yBDF7+65jm...JYfQ/Axl9/mcvZABIUHZArWLOgBzUX7pNpwfCvXyv5IXVMKPgOc3z4Wc4r4bifjn3s=</Modulus>
            <Exponent>AQAB</Exponent>
          </RSAKeyValue>
        </KeyValue>
      </KeyInfo>
    </Signature>
  </env:Header>


If you need more information please let me know.

Thanks in advance.
#12627
Posted: 02/27/2010 12:41:53
by Dmytro Bogatskyy (EldoS Corp.)

First try to replace TStringStream constructor with: TStringStream.Create(lTemp, TEncoding.GetUTF8, False) or use TMemoryStream.
Second, please attach an xml document as a file with exact whitespace formatting.
What is a namespace for '<env:EldEnvelope xmlns:env="xxxxx">'? It is required in canonicalization of "SignedInfo" element.
#12628
Posted: 02/28/2010 10:19:14
by Michael van Heusden (Standard support level)
Joined: 02/23/2010
Posts: 10

This is an example file:
[URL=http://greensky.nl/xmlmetsig.xml]http://greensky.nl/xmlmetsig.xml[/URL]
(I couldn't upload/attach it)

Thank you.
I could'nt find the TEncoding class, I'm using Delphi 2007 and included SysUtils. Is it something of a newer Delphi version? I will try to get a TMemoryStream working.
#12629
Posted: 02/28/2010 17:13:16
by Dmytro Bogatskyy (EldoS Corp.)

Quote
This is an example file:
http://greensky.nl/xmlmetsig.xml

Both signature and reference are invalid.
Does webservice could verify this signature?

Quote
I could'nt find the TEncoding class, I'm using Delphi 2007 and included SysUtils. Is it something of a newer Delphi version? I will try to get a TMemoryStream working.

Yes, it is from new Delphi version.
Then try to use UTF8Encode and TMemoryStream
#12630
Posted: 03/01/2010 01:12:41
by Michael van Heusden (Standard support level)
Joined: 02/23/2010
Posts: 10

Hmm, can it be that you also have problems validating it because of problems with whitespaces, carriege returns or linefeeds?

The webservice is a stable application, it is not a beta or something like that. Many others are using it too. I will try with the UTF8Encode and MemoryStream later when I have time.

Thank you.
#12632
Posted: 03/01/2010 03:37:17
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Hmm, can it be that you also have problems validating it because of problems with whitespaces, carriege returns or linefeeds?

Yes, of course. It could be that something happen in the data transfer. That why I'm asking if webservice could validate this file.
#12646
Posted: 03/01/2010 16:16:07
by Michael van Heusden (Standard support level)
Joined: 02/23/2010
Posts: 10

Hi,

My Delphi 2007 TStringStream doesn't offer a constructor where I can give encoding information as a parameter.

But disregarding that, I'm now testing without the TStringStream, working with TMemoryStream or TFileStream. Using the file stream to save a copy, and the memory stream to save it directly to an XML node. I attach these streams to the HTTPSClient.OutputStream.

You can view a direct save with a filestream here:
[URL]http://greensky.nl/xmlfilestreamsave.xml[/URL]

Viewing it with a Hex editor or something like that, you can see it uses carriege returns (\r --> 13) and linefeeds (\n --> 10).

Using the memory stream and loading it into an XMLDocument object, and then into the XML Verifier, it returns me False on the ValidateSignature function.

I will try to get the file checked by the organisation who offer the webservice.
But the ElXMLVerifier can handle anything with or without carriege returns? It is using the TElXMLDOMDocument, is it possible that the Eldos XML related objects do something with the carriege returns and/or linefeeds that makes it slightly different?

Thanks so far.
#12647
Posted: 03/01/2010 17:51:46
by Dmytro Bogatskyy (EldoS Corp.)

Strange, both xml documents have the same digest value for a reference! But the referenced elements "<dl_resp:Leerdossier Id="Leerdossier">" have a different content.
Quote
<Reference URI="#Leerdossier">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>A9HqfBBnE/JIxoAR8GMODLXaNIs=</DigestValue>
</Reference>
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2295 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!