EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Check XML signature

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#23081
Posted: 01/08/2013 12:45:57
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 102

If I have a XML signed how can I check if it is correct ? In other words, how can I check if DigestValue is correct ?
#23082
Posted: 01/08/2013 12:51:59
by Eugene Mayevski (EldoS Corp.)

In brief - using ValidateSignature and ValidateReference methods.

Please refer to the samples in \Samples\language\XMLBlackbox folder - they show how to validate the signature (digest value) and certificates/keys used for signing.


Sincerely yours
Eugene Mayevski
#23104
Posted: 01/09/2013 12:34:08
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Eugene,

My understanding is that the ValidateSignature method does not validate the integrity of the document, but that ValidateReference does. Is this correct? I ask because I had a very simple validation mechanism where I didn't call ValidateReference, and it kept telling me the signature was correct even if I changed values in other parts of the document.

Is this always so, or just in some cases (enveloping, etc.)?
#23105
Posted: 01/09/2013 13:13:59
by Dmytro Bogatskyy (EldoS Corp.)

ValidateSignature method checks integrity of SignedInfo element that contains references. If ValidateSignature method returns true (everything okay), then you need to check a signing certificate and then references using ValidateReference or ValidateReferences methods.
#23106
Posted: 01/09/2013 13:30:12
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 102

I have been using the following function to check if Signature is OK:

function ValidarXML(cXml: String): Boolean;
var FXmlVerifier: TElXMLVerifier;
FXmlDocument: TElXMLDOMDocument;
FXmlReference: TElXMLReference;
FNode: TElXMLDOMNode;
S: TStringStream;
begin
FXmlDocument := TElXMLDOMDocument.Create;
try
S := TStringStream.Create('');
try
if UpperCase(Copy(cXml,Length(cXml)-3,4)) = '.XML' then begin
S.LoadFromFile(cXml);
end else begin
S.WriteString(cXml);
end;
S.Position := 0;
FXMLDocument.LoadFromStream(S);
finally
S.Free;
end;

FXmlVerifier := TElXMLVerifier.Create(nil);
try
FNode := TElXMLDOMNode(FXMLDocument);
FXmlVerifier.Load(TElXMLDOMElement(FNode));
Result := FXmlVerifier.ValidateSignature;
finally
FXmlVerifier.Free;
end;
finally
FXmlDocument.Free;
end;
end;

How can I prepare References (DigestMethod, DigestValue, etc) to check if ALL data in XML is correct and the DigestValue represents exactly what is inside the XML file ?

To Leandro Herrera: Are you from Brazil ?
#23107
Posted: 01/09/2013 15:39:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
How can I prepare References (DigestMethod, DigestValue, etc) to check if ALL data in XML is correct and the DigestValue represents exactly what is inside the XML file ?

References are inside a signature.
You need to traverse FXmlVerifier.References and depending on TElXMLReference.URI property you would need to set TElXMLReference.URINode/URIData/URIStream property (based on the referenced data). Then to call VerifyReferences method that would calculate digest value from a referenced data using stored digest method and then check it. Please see samples.

If TElXMLReference.URI has a standard format (like: #element_id) and the referenced data in the same document, then you don't need to do anything, just to call:
Code
Result := Result and FXmlVerifier.VerifyReferences;


For more info about XML signatures, see: http://en.wikipedia.org/wiki/XML_Signature

P.S. Please don't use TStringStream as a source. If you are loading a document from a file use TMemoryStream. TStringStream could change whitespace characters.
#23121
Posted: 01/10/2013 09:23:55
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Quote
Eduardo Helminsky wrote:
To Leandro Herrera: Are you from Brazil ?

Nope, I'm from Chile.
Quote
Dmytro Bogatskyy wrote:
If TElXMLReference.URI has a standard format (like: #element_id) and the referenced data in the same document, then you don't need to do anything, just to call:
Code
Result := Result and FXmlVerifier.VerifyReferences;


Nice!
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 859 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!