EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validating a signed XML parameter passed to a webservice

Posted: 12/13/2012 09:44:50
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I'm developing a webservice that will receive as parameter an XML signed with enveloping signature type (XAdES) and should be validated XML signature and the original content was not changed. Seeing the examples provided in all realized is asked to point to the certificate used for signing. I'm already signing XML and the signed certificate that is already present in it. How should I proceed?
Posted: 12/13/2012 09:51:56
by Vsevolod Ievgiienko (Team)


Not sure I understand your question. Could you please describe the task in more details.
Posted: 12/13/2012 10:04:16
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I'm building a WebService where their methods will receive as parameter XML files signed with the following characteristics:

SignatureType = enveloping
SignatureMethodType = SBXMLSec.Unit.xmtSig
SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1
IncludeKey = true

Each method should validate the signature is valid if, and if the content of the original XML has not changed.

We found examples where only codes for the validation of the certificate signing request is used. In my case I have the certificate is included in the subscription.

In my code I can retrieve the certificate and used the same step for the class but keeps returning TElXMLVerifier that the signature is invalid.

var X509KeyData = new TElXMLKeyInfoX509Data(false);
X509KeyData.Certificate = _info.Certificate;
Verifier.KeyData = X509KeyData;
_info.isValid = Verifier.ValidateSignature();
Posted: 12/13/2012 10:13:15
by Vsevolod Ievgiienko (Team)

Try to validate the signature using our sample. Does it return the same result?
Posted: 12/13/2012 10:20:18
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I'm using your example and how he asks to inform the certificate used in the signature. I need to validate an XML client signed on, and the validation process occurs on the server. The certificate is included in the signature, not seen any example that you extract the signature certificate to perform signature validation. I may be wrong, I have not seen any specific example as well.
Posted: 12/13/2012 11:02:25
by Vsevolod Ievgiienko (Team)

Are you sure that the certificate is included into the signature? IncludeKey property specifies whether the key itself (its public part) must be included to the signature, but not the whole certificate. Could you post here a sample of a signature that you try to validate.
Posted: 12/13/2012 11:21:06
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

Follow the method for signing:

private static void SignXML(ref TElXMLDOMDocument _XMLDocument, TElX509Certificate certificate)
                TElXMLSigner Signer;
                TElXAdESSigner XAdESSigner;
                TElXMLKeyInfoX509Data X509KeyData;
                TElXMLDOMNode SigNode;
                TElXMLReference Ref;
                TElXMLReferenceList Refs = new TElXMLReferenceList();

                if (string.IsNullOrEmpty(_XMLDocument.DocumentElement.GetAttribute("id")))
                    _XMLDocument.DocumentElement.SetAttribute("id", "SignedData");

                var hash = SignerUtils.GetHashFromString(_XMLDocument.DocumentElement.OuterXML);
                _XMLDocument.DocumentElement.SetAttribute("ds", hash);
                Ref = new TElXMLReference();
                Ref.URI = "#" + _XMLDocument.DocumentElement.GetAttribute("id");
                Ref.URINode = _XMLDocument.DocumentElement;
                Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());

                Signer = new TElXMLSigner();
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloping;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_SHA1;
                Signer.References = Refs;
                Signer.IncludeKey = true;
                Signer.OnFormatElement += new TSBXMLFormatElementEvent(FormatElement);
                Signer.OnFormatText += new TSBXMLFormatTextEvent(FormatText);

                X509KeyData = new TElXMLKeyInfoX509Data(false);
                X509KeyData.Certificate = certificate;
                Signer.KeyData = X509KeyData;
                XAdESSigner = new TElXAdESSigner();
                Signer.XAdESProcessor = XAdESSigner;
                XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2;
                XAdESSigner.XAdESForm = SBXMLAdES.Unit.XAdES_X_L;
                XAdESSigner.SigningTime = DateTime.Now;
                XAdESSigner.SigningCertificates = new TElMemoryCertStorage();
                XAdESSigner.SigningCertificates.Add(certificate, false);
                XAdESSigner.IgnoreChainValidationErrors = true;
                XAdESSigner.PolicyId.SigPolicyId.IdentifierQualifier = SBXMLAdES.Unit.xqtNone;

                XAdESSigner.QualifyingProperties.XAdESPrefix = "xades";


                SigNode = _XMLDocument.DocumentElement;
                Signer.Save(ref SigNode);

            catch (Exception)

And a resulting xml is attached

[ Download ]
Posted: 12/13/2012 11:53:21
by Dmytro Bogatskyy (Team)


Follow the method for signing:
And a resulting xml is attached

Thank you for the sample.

Did you attach a sample xml document that was saved using SaveToStream method or you perform other manipulation with this xml document?

For example, your xml document has CR+LF new-line characters. If later you will load this document with "normalize new-line characters" option on (it removes/replaces CR characters), then validation of the document may fail.
Posted: 12/13/2012 12:40:03
by Daniel Oliveira (Basic support level)
Joined: 11/20/2012
Posts: 19

I saved de XML using XMLDocument from .NET Framework e don't SaveToStream Method from TElXMLDOMDocument class. I changed my code and works.



Topic viewed 2162 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!