EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to sign XML doc as per the attached xsd

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#15393
Posted: 12/28/2010 11:24:37
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Hello,
How to sign XML doc as per the attached xsd file?
Currently the file is signed but the signature tags do not have 'ds:' prefix.
For example I'm geting:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
but the system expects:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
and returns:
‘cvc-complex-type.2.4.a: Invalid content was found starting with element 'Signature'.’
Thanks in advance.

Kiril


[ Download ]
#15394
Posted: 12/28/2010 11:48:22
by Eugene Mayevski (EldoS Corp.)

Did you try using Search? Try that way please.


Sincerely yours
Eugene Mayevski
#15398
Posted: 12/29/2010 03:03:28
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Thanks, I've found it, it works.

Now can you tell me how to add this:
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />

Currently it's generated like this:
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>

I need to be:
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
</ds:Transforms>
This time I've searched first.
Thanks.

Kiril
#15400
Posted: 12/29/2010 03:32:12
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Try to turn canonicalization on while saving the document to stream.

ElXMLDOMDocument.SaveToStream(Stream, xcmExclCanonComment);
#15401
Posted: 12/29/2010 04:01:27
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

It didn't help.
Can I have the empty tags to be generated like this:
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
not generated:
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />

Kiril
#15404
Posted: 12/29/2010 05:33:32
by Vsevolod Ievgiienko (EldoS Corp.)

Quote

not generated:...


To generate it you should add next code:

Code
var
  C14NTransform: TElXMLC14NTransform;
begin
  ...
  Refs := TElXMLReferenceList.Create;
  ...
  C14NTransform := TElXMLC14NTransform.Create;
  C14NTransform.CanonicalizationMethod := xcmCanonComment;
  Ref.TransformChain.Add(C14NTransform);
  ...
end;

Quote

Can I have the empty tags to be generated like this...


To generate such tags save the document with xcmCanon:

FXMLDocument.SaveToStream(F, xcmCanon);
#15405
Posted: 12/29/2010 08:17:46
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Thanks, it works.

Kiril
#15406
Posted: 12/29/2010 09:54:53
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

I have another question.
How to generate the X509Data tag befote the KeyValue tag, like this?
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>c8K9s..=</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
...
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>

Currently I'm getting tham in reverce order.
Thanks.

Kiril
#15407
Posted: 12/29/2010 10:26:26
by Eugene Mayevski (EldoS Corp.)

Your requirement is not compliant to XMLDSig standard and as such is not supported by XMLBlackbox. The only idea that comes to my mind is to load the XML after generation, move the nodes and save it back. Since it's a signature and not signed contents, moving the node won't break the signature.


Sincerely yours
Eugene Mayevski
#15408
Posted: 12/29/2010 10:40:40
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Ok thanks, I'll try that.

Kiril
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1462 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!