EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signing XML Delphi XE2

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#22717
Posted: 12/05/2012 04:03:28
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

Hi!

I need to sign an XML like the upload. Always the server return error. I have no idea how to do it.

Thanks.

<?xml version="1.0" encoding="utf-8"?>
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SecurityToken-60498088-e311-4f16-8a91-6c95447cd3e7" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIE4DCCBEmgAwIBAgIES5k7ujANBgkqhkiG9w0BAQUFADAkMQ8wDQYDVQQKEwZk
Z3QuZXMxETAPBgNVBAsTCGRndGRlc0NBMB4XDTEyMDQyMzEyNTcxOVoXDTEzMDQy
MzEzMjcxOVowcTEPMA0GA1UEChMGZGd0LmVzMREwDwYDVQQLEwhleHRlcm5vczEM
MAoGA1UEChMDSVRWMRowGAYDVQQIFBFWYWxlbmNpYS9WYWzobmNpYTEhMB8GA1UE
AxMYVXN1YXJpbyBkZSBwcnVlYmEgKDQ2MDEpMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCvCUFSu0OCyw+5996/OUT9Wr2YuM4Le9+XrE/G7+u4vlLtyi66ilt8
zhrHUyMmzv4VdmVl6vWSA/N927d/Dkzatl6msalI+OPib++9yF0rjjIHGi3Yl05Z
1utvO4LkDEn8G77Ys3r+Cj54cmvKtfWlEvxAromusMVnqhuFYuIW+QIDAQABo4IC
0DCCAswwCwYDVR0PBAQDAgWgMCsGA1UdEAQkMCKADzIwMTIwNDIzMTI1NzE5WoEP
MjAxMzAxMDQwMTI3MTlaMBEGCWCGSAGG+EIBAQQEAwIFoDApBglghkgBhvhCAQIE
HBYaaHR0cHM6Ly9TSVRFX05BTUUvY2RhLWNnaS8wSAYJYIZIAYb4QgEDBDsWOWNs
aWVudGNnaS5leGU/YWN0aW9uPWNoZWNrUmV2b2NhdGlvbiYmQ1JMPWNuPUNSTDEm
c2VyaWFsPTAXBgNVHSAEEDAOMAwGCisGAQQBgfYRAQEwgd8GA1UdEQSB1zCB1IEV
WDAwMDAwMDAwNDYwMUBkZ3QuZGVzpIG6MIG3MR0wGwYKKwYBBAGB9hECBhMNWDAw
MDAwMDAwNDYwMTEhMB8GCisGAQQBgfYRAgUTEU9wZXJhZG9yIElUViA0NjAxMRkw
FwYKKwYBBAGB9hECBBMJMDAwMDAwMDBTMR0wGwYKKwYBBAGB9hECAxMNYXBlbGxp
ZG8yNDYwMTEdMBsGCisGAQQBgfYRAgITDWFwZWxsaWRvMTQ2MDExGjAYBgorBgEE
AYH2EQIBEwpub21icmU0NjAxMIGmBgNVHR8EgZ4wgZswO6A5oDekNTAzMQ8wDQYD
VQQKEwZkZ3QuZXMxETAPBgNVBAsTCGRndGRlc0NBMQ0wCwYDVQQDEwRDUkwxMFyg
WqBYhlZsZGFwOi8vbGRhcC1wcmVwLnRyYWZpY28uZXMvb3U9ZGd0ZGVzQ0Esbz1k
Z3QuZXM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZTAfBgNV
HSMEGDAWgBRAyvQBgK9fMVcW9EQpyRfEPMIR6jAdBgNVHQ4EFgQUs/3B1u16id/i
EDnDqDMybf0IWu8wCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwID
qDANBgkqhkiG9w0BAQUFAAOBgQB7OgcZNiect7n0h1b+r2nSL3jRKWTBJryZ1G0K
8FafZhCiG8oYb61ww0U+NY3ZUyW8JlLRK2Vxt9Ttvw10vttQAmxMdIJeGTEo32ON
h+Nhv/BjOxb+Gq8i37QHZXEJK19kQ1RmqtkGVG0BTCCXdmehiUlwOpMDvTSiDi6L
pJup0A==
</wsse:BinarySecurityToken></wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#Body"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NejBPKzygz0zJ1gcfD3lo3gdkok=</DigestValue></Reference>
H/OwFzFjd2ujiiEpV8Jxe9fgu4HzOKDXAXkSUxcW0mqo3S8x6BUauO/ZaD9...EBt1+lZFw/j7yAzVysn0hZY2j+sfCd/0KrrFwfkw=<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509IssuerSerial><X509IssuerName>OU=dgtdesCA, O=dgt.es</X509IssuerName><X509SerialNumber>1268333498</X509SerialNumber></X509IssuerSerial><X509Certificate>MIIE...OCyw+5996/OUT9Wr2YuM4Le9+XrE/G7+u4vlLtyi66ilt8zhrHUyMmzv4VdmVl6vWSA/N927d/Dkzatl6msalI+OPib++9yF0rjjIHGi3Yl05Z1utvO4LkDEn8G77Ys3r+Cj54cmvKtfWlEvxAromusMVnqhuFYuIW+QIDA...SAGG+EIBA...leGU/YWN0...uZXM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFz...gQUs/3B1u16id/iEDn...0h1b+r2nSL3jRKWTBJryZ1G0K8FafZhCiG8oYb61ww0U+NY3ZUyW8JlLRK2Vxt9Ttvw10vttQAmxMdIJeGTEo32ONh+Nhv/BjOxb+Gq8i37QHZXEJK19kQ1RmqtkGVG0BTCCXdmehiUlwOpMDvTSiDi6LpJup0A==</X509Certificate></X509Data></KeyInfo></ds:Signature></soapenv:Header><anot:consultarVehiculo><matricula>L 0556AH</matricula>WAUZZZ8DZYA022058</anot:consultarVehiculo></soapenv:Envelope>
#22721
Posted: 12/05/2012 04:34:02
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Please, don't post xml files content as is, attach a file instead.

The xml document that you have attached is what you need to get or you have generated such a document and a server rejects it?
#22730
Posted: 12/05/2012 11:30:37
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

Thanks for answer.

This is what i need but canĀ“t create an xml like that. I was able to sign an xml with your tools but rejected by the server.
#22731
Posted: 12/05/2012 11:38:29
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

this is what i get. I think that the diference is the body, and header tags.


[ Download ]
#22732
Posted: 12/05/2012 11:42:46
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

The xml that i need is like that.


[ Download ]
#22733
Posted: 12/05/2012 16:58:50
by Dmytro Bogatskyy (EldoS Corp.)

The difference between those signatures that in your document a signature is placed under a document element and in the sample document it is placed under a Header element.
If you generated a signature for your document using XMLBlackbox\AdvancedSigner sample, then in the first step of signing you should select a Header element as a placement for the signature.

P.S. It is possible to use SOAP components to create such signature. (You need to create a standard XML signature, so it doesn't matter what class TElXMLSigner or TElXMLSOAPBaseSignatureHandler you will use. But it might be easier with SOAP components.)
For example:
Code
uses SBXMLSOAP;
// load XMLDocument
FSOAPMessage := TElXMLSOAPMessage.Create;
FSOAPMessage.LoadFromXML(FXMLDocument);

Handler := TElXMLSOAPBaseSignatureHandler.Create(nil);
FSOAPMessage.AddSignature(Handler, true);
Handler.AddReference(FSOAPMessage.Envelope.Body, true);
Handler.Sign(FSOAPMessage.Envelope.Header.XMLElement, Cert, true);

FreeAndNil(FSOAPMessage);
// save XMLDocument
#22735
Posted: 12/06/2012 01:41:53
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

Thanks for the answer.
I made it with TElXMLSigner but i try with TElXMLSOAPBaseSignatureHandler.
#22738
Posted: 12/06/2012 03:19:35
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

with TElXMLSigner in the urinode i try to change node name but the result is always the same.
#22739
Posted: 12/06/2012 04:16:09
by funatical  (Basic support level)
Joined: 11/28/2012
Posts: 9

Here is my code

Code
Ref := TElXMLReference.Create;
      Ref.DigestMethod := xdmSHA1;
      Ref.URINode := FXMLDocument.DocumentElement.FindNode('soapenv:Body',True);
      Ref.URI := '#Body';
      Memo1.Lines.Add(Ref.URINode.NodeValue);
      Ref.TransformChain.Add(TElXMLEnvelopedSignatureTransform.Create);
      Refs.Add(Ref);
      Signer := TElXMLSigner.Create(Self);
      try
        Signer.SignatureType := xstEnveloped;
        Signer.CanonicalizationMethod := xcmCanon;
        Signer.SignatureMethodType := xmtSig;
        Signer.SignatureMethod := xsmRSA_SHA1;
        Signer.MACMethod := xmmHMAC_SHA1;
        Signer.References := Refs;
        Signer.KeyName := 'Key';
        Signer.IncludeKey := True;
        Signer.OnFormatElement := FormatElement;
        Signer.OnFormatText := FormatText;
        if Assigned(Cert) and Cert.PrivateKeyExists then
        begin
          X509KeyData := TElXMLKeyInfoX509Data.Create(False);
          X509KeyData.Certificate := Cert;
          Signer.KeyData := X509KeyData;
        end
        else
        begin

            raise EElXMLError.Create('Key not loaded.');
        end;
        Signer.UpdateReferencesDigest;
        Signer.GenerateSignature;
        SigNode := FXMLDocument.DocumentElement;
        try
          Signer.Save(SigNode);
        except
          on E: Exception do
            raise EElXMLError.CreateFmt('Signed data saving failed. (%s)', [E.Message]);
        end;
#22743
Posted: 12/06/2012 06:22:10
by Dmytro Bogatskyy (EldoS Corp.)

Quote
with TElXMLSigner in the urinode i try to change node name but the result is always the same.

TElXMLReference.URINode/URIData/URIStream properties controls what data you sign.
Where a signature is placed is controlled by the node that you pass to Save method and depends on a SignatureType.
In your case you need to set:
Code
SigNode := FXMLDocument.DocumentElement.FindNode('soapenv:Header', True);

in this case a signature would be placed under a Header element.
P.S. It is not recommended to use FindNode method, as it is no guarantee that soapenv prefix would be always the same. Most preferred way is to use SelectNodes method with XPath expression. For example:
Code
  NSMap := TElXMLNamespaceMap.Create;
  try
    NSMap.AddNamespace('soapenv', 'http://schemas.xmlsoap.org/soap/envelope/');
    NodeSet := FXMLDocument.SelectNodes('/soapenv:Header', NSMap);
    try
      if NodeSet.Count <> 1 then
        raise ...;
      SigNode := NodeSet[0];
    finally
      FreeAndNil(NodeSet);
    end;
  finally
    FreeAndNil(NSMap);
  end;
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 5312 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!