EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature Problem

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#15661
Posted: 02/01/2011 07:08:41
by Victory Fernandes (Standard support level)
Joined: 02/01/2011
Posts: 2

I have signed many kinds of XML until now with success! But I having a problem now...

I have to sign a XML file that contains another signed XML file. The problem is that the procedures seams to be signing the XML and disconsidering the Signature tags contained inside the file. To make the tes I generated two identical XML files, one of them is signed and the other is not. Then I added some needed tags (same for both) and tried to sign then. The files have different containt as one is signed and the other is not, but the result of the second signature is the same!!!! How can it be!? I already checked my code to make sure I signing the right tags and I really need some help in this because my deadline is close!

Attached I send the resulting files.

Above is the Delphi code that I'm using

function TfrmMain.prcAssinaXML: Boolean;
var
Signer: TElXMLSigner;
HMACKeyData: TElXMLKeyInfoHMACData;
RSAKeyData: TElXMLKeyInfoRSAData;
X509KeyData: TElXMLKeyInfoX509Data;
PGPKeyData: TElXMLKeyInfoPGPData;
Cert: TElX509Certificate;
SigNode: TElXMLDOMNode;
Ref: TElXMLReference;
Refs: TElXMLReferenceList;

iNode, x, j : Integer;
N: TElXMLDOMNode;
s, MyNode : String;
sSelect: TStrings;
begin
HMACKeyData := nil;
RSAKeyData := nil;
X509KeyData := nil;
PGPKeyData := nil;
N := nil;

Refs := TElXMLReferenceList.Create;
result := false;

try
Ref := TElXMLReference.Create;
Ref.DigestMethod := xdmSHA1;

//Aqui deve ser testado qual tipo de arquivo esta sendo assinado indicando a tag base
iNode := 0;
x := 0;
while (x <= 3) and (iNode <= 0) do
begin
if isLote_NFSe then
begin
case x of
0: MyNode := 'LoteRps'; //Assinatura virá após a tag </LoteRps>
end;
end
else
begin
case x of
0: MyNode := 'InfRps'; //Assinatura virá após a tag </InfRps>
end;
end;

iNode := fncgetNode(MyNode);
if iNode > 0 then
Ref.URINode := TElXMLDOMNode(tvXML.Items[iNode].Data);

x := x + 1;
end;
if iNode = 0 then
Ref.URINode := TElXMLDOMNode(tvXML.Selected.Data);

iNode := fncgetNode('Id');
if iNode > 0 then
N := TElXMLDOMNode(tvXML.Items[iNode].Data);

if N is TElXMLDOMAttr then
s := TElXMLDOMAttr(N).NodeValue
else
s := N.OuterXML;

Ref.URI := '#' + s;
if not isLote_NFSe then
Ref.HasURI := true;
Ref.UpdateDigestValue;

Ref.TransformChain.Add(TElXMLEnvelopedSignatureTransform.Create);
if isLote_NFSe then
Ref.TransformChain.Add(TElXMLC14NTransform.Create); //Nao consta esta tag para a assinatura de RPS, somente assinatura de Lote leva esta tag (conforme exemplo da sefaz BH)
Refs.Add(Ref);

Signer := TElXMLSigner.Create(Self);
try
Signer.SignatureType := xstEnveloped;

if isLote_NFSe then
Signer.CanonicalizationMethod := xcmCanon //LOTE não é assinado com marcação '#WithComments' (conforme exemplo da sefaz BH)
else
Signer.CanonicalizationMethod := xcmCanonComment; //RPS é assinado com marcação '#WithComments' nesta tag (conforme exemplo da sefaz BH)

Signer.SignatureMethodType := xmtSig;
Signer.SignatureMethod := xsmRSA_SHA1;

Signer.IncludeKey := True;
Signer.References := Refs;
frmSelWinCert := TfrmSelWinCert.Create(nil);

//Passagem de informações para tela Sobre
for j := 0 to high(MyRegistro) do
begin
frmSelWinCert.ListView1.Items.Add;
frmSelWinCert.ListView1.Items.Item[j].Caption := MyRegistro[j].Nome;
frmSelWinCert.ListView1.Items.Item[j].SubItems.add(MyDecrypt(MyRegistro[j].CNPJ, mykey));
frmSelWinCert.ListView1.Items.Item[j].SubItems.add(MyRegistro[j].UF);
end;

frmSelWinCert.Label3.caption := 'versão ' + versao_dll; //Versao
frmSelWinCert.Label18.caption := MyDecrypt(data_limite, mykey); //Data Limite

if FileExists(ExtractFilePath(ParamStr(0))+'\DefCertificado.res') then
begin
sSelect := TStringList.create;
sSelect.LoadFromFile(ExtractFilePath(ParamStr(0))+'\DefCertificado.res');

frmSelWinCert.lvCerificates.ItemIndex := strtoint(sSelect.Strings[0]);

frmSelWinCert.ModalResult := mrOK;
end
else
frmSelWinCert.ShowModal;

if frmSelWinCert.ModalResult = mrOK then
begin
Cert := frmSelWinCert.Certificate;

if Assigned(Cert) and Cert.PrivateKeyExists then
begin
result := true;

X509KeyData := TElXMLKeyInfoX509Data.Create(False);
X509KeyData.Certificate := Cert;

Signer.KeyData := X509KeyData;
end;

Signer.UpdateReferencesDigest;
if True then
begin
Signer.Sign;

Signer.Signature.SignaturePrefix := '#default'; //Adicionado para remover o parâmetro DS da tag de Signature! Com DS não aceitava NFe na Bahia!
if not isLote_NFSe then
Signer.Signature.ID := 'Ass_' + s; //Arquivos de RPS são assinados com parâmetro Id=Ass_ adicionado na tag signature (conforme exemplo da sefaz BH)

//iNode := fncgetNode('NFe'); //Nem todos os arquivos tem NFe, pode ser tb cancNFe etc!
iNode := 1;
if iNode > 0 then
SigNode := TElXMLDOMNode(tvXML.Items[iNode].Data)
else
SigNode := TElXMLDOMNode(tvXML.Selected.Data);

if SigNode is TElXMLDOMDocument then
SigNode := TElXMLDOMDocument(SigNode).DocumentElement;

try
Signer.Save(SigNode);
except
on E: Exception do
raise EElXMLError.CreateFmt('Signed data saving failed. (%s)', [E.Message]);
end;
end;

UpdateXML;
prcremoveNode('KeyValue');
prcremoveNode('X509IssuerSerial');
prcremoveNode('X509SubjectName');
end;
finally
if Assigned(frmSelWinCert) then
freeandnil(frmSelWinCert);
FreeAndNil(Signer);

FreeAndNil(HMACKeyData);
FreeAndNil(RSAKeyData);
FreeAndNil(X509KeyData);
FreeAndNil(PGPKeyData);
end;
finally
FreeAndNil(Refs);
end;
end;


[ Download ]
#15662
Posted: 02/01/2011 07:11:46
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please do not dublicate your questions on Forum and Helpdesk.
#15663
Posted: 02/01/2011 08:21:29
by Victory Fernandes (Standard support level)
Joined: 02/01/2011
Posts: 2

Sorry.
#27213
Posted: 11/12/2013 13:50:27
by Rodrigo Godinho Palhano (Standard support level)
Joined: 04/26/2012
Posts: 12

Hello, I'm having a very similar problem (even the XML is very similar), I'd like to know how the problem was solved. If needed I can send more details, like my code and XML. Thank you.
#27214
Posted: 11/12/2013 14:13:42
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

The problem in the original post was related to the enveloped signature transform.

The enveloped signature transform has two modes (in SecureBlackbox):
1. It ignores all signatures in the processed nodes (by default, for backward compatibility)
2. It skip only a current signature (by standard)
To switch between those modes use TElXMLEnvelopedSignatureTransform.GetDefaultStrictMode/SetDefaultStrictMode static methods or GetStrictMode/SetStrictMode methods for the transform instance.

So, please try to put in the initialization section a following line: TElXMLEnvelopedSignatureTransform.SetDefaultStrictMode(true)
#27215
Posted: 11/12/2013 14:21:47
by Rodrigo Godinho Palhano (Standard support level)
Joined: 04/26/2012
Posts: 12

Worked perfectly, thank you!
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 1681 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!