EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validating a signed XML parameter passed to a webservice

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 12/13/2012 09:44:50
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I'm developing a webservice that will receive as parameter an XML signed with enveloping signature type (XAdES) and should be validated XML signature and the original content was not changed. Seeing the examples provided in all realized is asked to point to the certificate used for signing. I'm already signing XML and the signed certificate that is already present in it. How should I proceed?
Posted: 12/13/2012 09:51:56
by Vsevolod Ievgiienko (EldoS Corp.)


Not sure I understand your question. Could you please describe the task in more details.
Posted: 12/13/2012 10:04:16
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I'm building a WebService where their methods will receive as parameter XML files signed with the following characteristics:

SignatureType = enveloping
SignatureMethodType = SBXMLSec.Unit.xmtSig
SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1
IncludeKey = true

Each method should validate the signature is valid if, and if the content of the original XML has not changed.

We found examples where only codes for the validation of the certificate signing request is used. In my case I have the certificate is included in the subscription.

In my code I can retrieve the certificate and used the same step for the class but keeps returning TElXMLVerifier that the signature is invalid.

var X509KeyData = new TElXMLKeyInfoX509Data(false);
X509KeyData.Certificate = _info.Certificate;
Verifier.KeyData = X509KeyData;
_info.isValid = Verifier.ValidateSignature();
Posted: 12/13/2012 10:13:15
by Vsevolod Ievgiienko (EldoS Corp.)

Try to validate the signature using our sample. Does it return the same result?
Posted: 12/13/2012 10:20:18
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I'm using your example and how he asks to inform the certificate used in the signature. I need to validate an XML client signed on, and the validation process occurs on the server. The certificate is included in the signature, not seen any example that you extract the signature certificate to perform signature validation. I may be wrong, I have not seen any specific example as well.
Posted: 12/13/2012 11:02:25
by Vsevolod Ievgiienko (EldoS Corp.)

Are you sure that the certificate is included into the signature? IncludeKey property specifies whether the key itself (its public part) must be included to the signature, but not the whole certificate. Could you post here a sample of a signature that you try to validate.
Posted: 12/13/2012 11:21:06
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

Follow the method for signing:

private static void SignXML(ref TElXMLDOMDocument _XMLDocument, TElX509Certificate certificate)
                TElXMLSigner Signer;
                TElXAdESSigner XAdESSigner;
                TElXMLKeyInfoX509Data X509KeyData;
                TElXMLDOMNode SigNode;
                TElXMLReference Ref;
                TElXMLReferenceList Refs = new TElXMLReferenceList();

                if (string.IsNullOrEmpty(_XMLDocument.DocumentElement.GetAttribute("id")))
                    _XMLDocument.DocumentElement.SetAttribute("id", "SignedData");

                var hash = SignerUtils.GetHashFromString(_XMLDocument.DocumentElement.OuterXML);
                _XMLDocument.DocumentElement.SetAttribute("ds", hash);
                Ref = new TElXMLReference();
                Ref.URI = "#" + _XMLDocument.DocumentElement.GetAttribute("id");
                Ref.URINode = _XMLDocument.DocumentElement;
                Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());

                Signer = new TElXMLSigner();
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloping;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_SHA1;
                Signer.References = Refs;
                Signer.IncludeKey = true;
                Signer.OnFormatElement += new TSBXMLFormatElementEvent(FormatElement);
                Signer.OnFormatText += new TSBXMLFormatTextEvent(FormatText);

                X509KeyData = new TElXMLKeyInfoX509Data(false);
                X509KeyData.Certificate = certificate;
                Signer.KeyData = X509KeyData;
                XAdESSigner = new TElXAdESSigner();
                Signer.XAdESProcessor = XAdESSigner;
                XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2;
                XAdESSigner.XAdESForm = SBXMLAdES.Unit.XAdES_X_L;
                XAdESSigner.SigningTime = DateTime.Now;
                XAdESSigner.SigningCertificates = new TElMemoryCertStorage();
                XAdESSigner.SigningCertificates.Add(certificate, false);
                XAdESSigner.IgnoreChainValidationErrors = true;
                XAdESSigner.PolicyId.SigPolicyId.IdentifierQualifier = SBXMLAdES.Unit.xqtNone;

                XAdESSigner.QualifyingProperties.XAdESPrefix = "xades";


                SigNode = _XMLDocument.DocumentElement;
                Signer.Save(ref SigNode);

            catch (Exception)

And a resulting xml is attached

[ Download ]
Posted: 12/13/2012 11:53:21
by Dmytro Bogatskyy (EldoS Corp.)


Follow the method for signing:
And a resulting xml is attached

Thank you for the sample.

Did you attach a sample xml document that was saved using SaveToStream method or you perform other manipulation with this xml document?

For example, your xml document has CR+LF new-line characters. If later you will load this document with "normalize new-line characters" option on (it removes/replaces CR characters), then validation of the document may fail.
Posted: 12/13/2012 12:40:03
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I saved de XML using XMLDocument from .NET Framework e don't SaveToStream Method from TElXMLDOMDocument class. I changed my code and works.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 2072 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!