EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Check XML signature

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#23081
Posted: 01/08/2013 12:45:57
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 102

If I have a XML signed how can I check if it is correct ? In other words, how can I check if DigestValue is correct ?
#23082
Posted: 01/08/2013 12:51:59
by Eugene Mayevski (EldoS Corp.)

In brief - using ValidateSignature and ValidateReference methods.

Please refer to the samples in \Samples\language\XMLBlackbox folder - they show how to validate the signature (digest value) and certificates/keys used for signing.


Sincerely yours
Eugene Mayevski
#23104
Posted: 01/09/2013 12:34:08
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Eugene,

My understanding is that the ValidateSignature method does not validate the integrity of the document, but that ValidateReference does. Is this correct? I ask because I had a very simple validation mechanism where I didn't call ValidateReference, and it kept telling me the signature was correct even if I changed values in other parts of the document.

Is this always so, or just in some cases (enveloping, etc.)?
#23105
Posted: 01/09/2013 13:13:59
by Dmytro Bogatskyy (EldoS Corp.)

ValidateSignature method checks integrity of SignedInfo element that contains references. If ValidateSignature method returns true (everything okay), then you need to check a signing certificate and then references using ValidateReference or ValidateReferences methods.
#23106
Posted: 01/09/2013 13:30:12
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 102

I have been using the following function to check if Signature is OK:

function ValidarXML(cXml: String): Boolean;
var FXmlVerifier: TElXMLVerifier;
FXmlDocument: TElXMLDOMDocument;
FXmlReference: TElXMLReference;
FNode: TElXMLDOMNode;
S: TStringStream;
begin
FXmlDocument := TElXMLDOMDocument.Create;
try
S := TStringStream.Create('');
try
if UpperCase(Copy(cXml,Length(cXml)-3,4)) = '.XML' then begin
S.LoadFromFile(cXml);
end else begin
S.WriteString(cXml);
end;
S.Position := 0;
FXMLDocument.LoadFromStream(S);
finally
S.Free;
end;

FXmlVerifier := TElXMLVerifier.Create(nil);
try
FNode := TElXMLDOMNode(FXMLDocument);
FXmlVerifier.Load(TElXMLDOMElement(FNode));
Result := FXmlVerifier.ValidateSignature;
finally
FXmlVerifier.Free;
end;
finally
FXmlDocument.Free;
end;
end;

How can I prepare References (DigestMethod, DigestValue, etc) to check if ALL data in XML is correct and the DigestValue represents exactly what is inside the XML file ?

To Leandro Herrera: Are you from Brazil ?
#23107
Posted: 01/09/2013 15:39:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
How can I prepare References (DigestMethod, DigestValue, etc) to check if ALL data in XML is correct and the DigestValue represents exactly what is inside the XML file ?

References are inside a signature.
You need to traverse FXmlVerifier.References and depending on TElXMLReference.URI property you would need to set TElXMLReference.URINode/URIData/URIStream property (based on the referenced data). Then to call VerifyReferences method that would calculate digest value from a referenced data using stored digest method and then check it. Please see samples.

If TElXMLReference.URI has a standard format (like: #element_id) and the referenced data in the same document, then you don't need to do anything, just to call:
Code
Result := Result and FXmlVerifier.VerifyReferences;


For more info about XML signatures, see: http://en.wikipedia.org/wiki/XML_Signature

P.S. Please don't use TStringStream as a source. If you are loading a document from a file use TMemoryStream. TStringStream could change whitespace characters.
#23121
Posted: 01/10/2013 09:23:55
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Quote
Eduardo Helminsky wrote:
To Leandro Herrera: Are you from Brazil ?

Nope, I'm from Chile.
Quote
Dmytro Bogatskyy wrote:
If TElXMLReference.URI has a standard format (like: #element_id) and the referenced data in the same document, then you don't need to do anything, just to call:
Code
Result := Result and FXmlVerifier.VerifyReferences;


Nice!
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 853 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!