EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signed data saving failed

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#15547
Posted: 01/19/2011 07:05:30
by Vsevolod Ievgiienko (EldoS Corp.)

Could you please post here the lines of your code that produce this error.
#15549
Posted: 01/19/2011 07:23:14
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Here it is:
try
Signer.Save(SigNode);
except
on E: Exception do
begin
MessageDlg(E.Message, mtError, [mbOk], 0);
Result:=False;
Exit;
end;
end;
#15550
Posted: 01/19/2011 07:56:57
by Ken Ivanov (EldoS Corp.)

Thanks. Could you please post the call stack of the exception here?
#15551
Posted: 01/19/2011 08:18:13
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

I can't reproduce it so easily, it doesn't happen each time.
#15552
Posted: 01/19/2011 08:28:36
by Ken Ivanov (EldoS Corp.)

Do I understand you right that you occasionally succeed with signing?
#15553
Posted: 01/19/2011 08:36:23
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Yes, generally it's working but sometimes I'm getting 'Buffer too small' or 'Failed to acquire key context'.
#15554
Posted: 01/19/2011 08:47:21
by Ken Ivanov (EldoS Corp.)

Do you always dispose of the components (both certificate and storage objects) after doing the signing operation? It is possible that there exists some limitation on a number of simultaneously opened sessions to the hardware token.
#15555
Posted: 01/19/2011 09:02:43
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

Here is the code I'm using for the signing:
function Sign: boolean;
var
Signer: TElXMLSigner;
XAdESSigner: TElXAdESSigner;
HMACKeyData: TElXMLKeyInfoHMACData;
RSAKeyData: TElXMLKeyInfoRSAData;
X509KeyData: TElXMLKeyInfoX509Data;
PGPKeyData: TElXMLKeyInfoPGPData;
Cert: TElX509Certificate;
F: {$IFNDEF DELPHI_NET}TFileStream{$ELSE}FileStream{$ENDIF};
SigNode: TElXMLDOMNode;
El: TElXMLDOMElement;
Buf: ByteArray;
Ref: TElXMLReference;
Refs: TElXMLReferenceList;
HTTPClient: TElHTTPSClient;
TSPClient: TElHttpTSPClient;
C14NTransform: TElXMLC14NTransform;
begin
Result:=True;
XAdESSigner := nil;
TSPClient := nil;
HTTPClient := nil;
HMACKeyData := nil;
RSAKeyData := nil;
X509KeyData := nil;
PGPKeyData := nil;
Ref := nil;
Refs := TElXMLReferenceList.Create;
try
Ref := TElXMLReference.Create;
Ref.DigestMethod := xdmSHA1;
Ref.URINode := FXMLDocument.DocumentElement;
Ref.URI := '';

Ref.TransformChain.Add(TElXMLEnvelopedSignatureTransform.Create);

C14NTransform := TElXMLC14NTransform.Create;
C14NTransform.CanonicalizationMethod := xcmCanonComment;
Ref.TransformChain.Add(C14NTransform);

Refs.Add(Ref);

if (edCertSerial = '') then
if (frmSelWinCert.ShowModal = mrOK) and
Assigned(frmSelWinCert.Certificate) then
edCertSerial := BinaryToString(frmSelWinCert.Certificate.SerialNumber)
else
begin
MessageDlg('There is no certificate selected.'+#13#10+
'The EDI creation process was aborted', mtError, [mbOk], 0);
Result:=False;
Exit;
end;

Signer := TElXMLSigner.Create(Self);
try
Signer.SignatureType := xstEnveloped;
Signer.CanonicalizationMethod := xcmCanon;
Signer.SignatureMethodType := xmtSig;
Signer.SignatureMethod := xsmRSA_SHA1;
Signer.MACMethod := xmmHMAC_SHA1;
Signer.References := Refs;
Signer.KeyName := '';
Signer.IncludeKey := True;

Signer.OnFormatElement := FormatElement;
Signer.OnFormatText := FormatText;

Cert := frmSelWinCert.Certificate;

if Assigned(Cert) and Cert.PrivateKeyExists then
begin
X509KeyData := TElXMLKeyInfoX509Data.Create(False);
X509KeyData.Certificate := Cert;
X509KeyData.IncludeDataParams:=X509KeyData.IncludeDataParams - [xkidX509IssuerSerial] - [xkidX509SubjectName];
Signer.KeyData := X509KeyData;
end;

Signer.UpdateReferencesDigest;

Signer.Sign;
Signer.Signature.SignaturePrefix := 'ds';

SigNode := FXMLDocument.DocumentElement;

try
// If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
// If the signature type is enveloped, the signature is placed as a child of the passed node.
Signer.Save(SigNode);
except
on E: Exception do
begin
MessageDlg(E.Message, mtError, [mbOk], 0);
Result:=False;
Exit;
end;
end;
finally
FreeAndNil(Signer);
FreeAndNil(XAdESSigner);
FreeAndNil(TSPClient);
FreeAndNil(HTTPClient);
FreeAndNil(HMACKeyData);
FreeAndNil(RSAKeyData);
FreeAndNil(X509KeyData);
FreeAndNil(PGPKeyData);
end;
finally
FreeAndNil(Refs);
end;
end;

I'm seeing that the Cert variable is not disposed, but I'm not sure I have to, can you pls. check?
Thanks.
#15556
Posted: 01/19/2011 09:09:24
by Ken Ivanov (EldoS Corp.)

You should not dispose of the certificate object explicitly in this case. Instead, please try to create the *form* (TfrmSelWinCert) object right before each subsequent signing operation and release (not just close!) the created form right after the signing operation. All the dependent objects (TElWinCertStorage in this case) will be released by the destructor of the form automatically in this case.
#15557
Posted: 01/19/2011 09:23:31
by Kiril Drumev (Standard support level)
Joined: 12/28/2010
Posts: 24

I'm not sure I'm following you.
I have around 200 files to sign in a batch and I don't want for each file to select the certificate again and again.
In the above code selection of the certificate is happening only the first time.
Can you pls. show me how to create the TfrmSelWinCert form and then destroy it so this behavior remains?
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 11361 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!