EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Ref.URINodes signing multiple nodes

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#27955
Posted: 01/14/2014 04:10:10
by marco hagen (Standard support level)
Joined: 11/09/2013
Posts: 33

Hi,

Having looked at this thread about assigning multiple nodes to URINode:
Code
https://www.eldos.com/forum/read.php?FID=7&TID=2061&MID=11504&sphrase_id=451922#message11504


I'm wondering if the URINodes is already functional and if so how to use it.

Code
        Dim nodeset As TElXMLNodeSet = FXMLDocument.SelectNodes("//*[@authenticate='true']")
        Ref.URINodes = nodeset


Does not produce a digest value:

Code
   <AuthSignature>
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
         <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
         <ds:Reference URI="#xpointer(//*[@authenticate='true'])">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue/>
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue/>
   </AuthSignature>


Thanks,
Marco
#27956
Posted: 01/14/2014 04:23:15
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

After setting URINodes property did you call TElXMLReference.UpdateDigestValue or TElXMLSigner.UpdateReferencesDigest method? Those methods will calculate a DigestValue for a reference based on URINode/URINodes/URIData/URIStream property.
#27959
Posted: 01/14/2014 05:53:44
by marco hagen (Standard support level)
Joined: 11/09/2013
Posts: 33

Ah, with URINode that was not necessary.

It's working now and signature seems to be valid.

Thank you,
Marco
#34521
Posted: 09/22/2015 01:23:17
by Cadis d.o.o.  (Standard support level)
Joined: 04/19/2013
Posts: 13

I have XML documet that has to look like xml in attachment.
Digital signature has to have reference to xml elements (INFO, PRIJAVA, ATTACHMENT). How to do that in Delphi?


#34523
Posted: 09/22/2015 04:59:28
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Quote
Digital signature has to have reference to xml elements (INFO, PRIJAVA, ATTACHMENT). How to do that in Delphi?

If your nodes has an Id attribute as on your picture, then you can use the following code to select those node:
Code
s : string := '//*[@Id=''prijava1'' or @Id=''info1'' or @Id=''att1'']';
Ref.URI := '#xpointer(' + s + ')';
NodeSet : TElXMLNodeSet := FXMLDocument.SelectNodes(s);
Ref.URINodes := NodeSet;
...
FreeAndNil(NodeSet); // free it after signing
#34645
Posted: 10/08/2015 04:34:10
by Cadis d.o.o.  (Standard support level)
Joined: 04/19/2013
Posts: 13

I'm trying to validate signature of my xml file (in attachment) and validation sends me an error: "Cannot find element with iD=prijava1" ???
I have to sign element(node) Info and element Prijava in my xml file. Please help me what is wrong!


#34647
Posted: 10/08/2015 04:37:51
by Cadis d.o.o.  (Standard support level)
Joined: 04/19/2013
Posts: 13

Here is XML file and Delphi 2010 code the way I signed XML!

Code
  Signer := nil;
  XAdESSigner := nil;
  X509KeyData := nil;
  TSPClient := nil;
  HTTPClient := nil;
  TSPFileClient := nil;
  Refs := nil;
  Ref := nil; // dodano - BOŠKO

  try
    Signer := TElXMLSigner.Create(nil); // popravljeno - BOŠKO
    try
      Refs := TElXMLReferenceList.Create;

      if Assigned(FXMLDocument.DocumentElement.FindNode('ehr:Prijava')) then
      begin
        Ref := TElXMLReference.Create;
        Ref.DigestMethod := xdmSHA1;
        Ref.URI := '#prijava1';
        Ref.URINode := FXMLDocument.DocumentElement.FindNode('ehr:Prijava');
        Refs.Add(Ref);
      end;

      if Assigned(FXMLDocument.DocumentElement.FindNode('ehr:Info')) then
      begin
        Ref := TElXMLReference.Create;
        Ref.DigestMethod := xdmSHA1;
        Ref.URI := '#info1';
        Ref.URINode := FXMLDocument.DocumentElement.FindNode('ehr:Info');
        Refs.Add(Ref);
      end;



      Signer.SignatureType := xstEnveloped;
      Signer.CanonicalizationMethod := xcmCanon;
      Signer.SignatureMethodType := xmtSig;
      Signer.SignatureMethod := xsmRSA_SHA1;
      Signer.MACMethod := xmmHMAC_SHA1;
      Signer.IncludeKey := True;
      Signer.SignatureCompliance := xscDSIG;
      Signer.References := Refs; // popravljeno - BOŠKO

      if not Assigned(Cert) or not Cert.PrivateKeyExists then
        raise EElXMLError.Create('The selected certificate doesn''t contain a private key.');

      X509KeyData := TElXMLKeyInfoX509Data.Create(False);
      X509KeyData.Certificate := Cert;
      X509KeyData.IncludeDataParams := [xkidX509Certificate]; // dodano - BOŠKO
      X509KeyData.CertStorage:=FCertStorage; // dodano - BOŠKO
      X509KeyData.IncludeKeyValue := False; // dodano - BOŠKO
      Signer.KeyData := X509KeyData;

      // timestamp
      XAdESSigner := TElXAdESSigner.Create(nil);
      Signer.XAdESProcessor := XAdESSigner;
      XAdESSigner.XAdESVersion := XAdES_v1_1_1; // popravljeno - BOŠKO

      XAdESSigner.PolicyId.SigPolicyId.Description := '';
      XAdESSigner.PolicyId.SigPolicyId.Identifier := '';
      XAdESSigner.PolicyId.SigPolicyId.IdentifierQualifier := xqtNone;

      XAdESSigner.SigningTime := LocalTimeToUTCTime(Now); // popravljeno BOŠKO
      XAdESSigner.IgnoreTimestampFailure := false;

      XAdESSigner.SigningCertificates:=X509KeyData.CertStorage;

      XAdESSigner.XAdESForm :=XAdES;

      XAdESSigner.Generate;

      Signer.UpdateReferencesDigest;

      Signer.GenerateSignature();

      SigNode := FXMLDocument.DocumentElement.FindNode('ehr:Signatures');

      try
        Signer.Save(SigNode);
      except
        on E: Exception do
          raise EElXMLError.CreateFmt('Failed to sign data and to save the signature: (%s)', [E.Message]);
      end;

    finally
      FreeAndNil(Signer);
      FreeAndNil(XAdESSigner);
      FreeAndNil(X509KeyData);
      FreeAndNil(TSPClient);
      FreeAndNil(HTTPClient);
      FreeAndNil(TSPFileClient);

    end;


[ Download ]
#34648
Posted: 10/08/2015 04:38:25
by Eugene Mayevski (EldoS Corp.)

I am wondering where the digit "1" comes from. The code Dmytro posted above 3 weeks ago contains those digits, but did you try without them?


Sincerely yours
Eugene Mayevski
#34649
Posted: 10/08/2015 04:52:19
by Cadis d.o.o.  (Standard support level)
Joined: 04/19/2013
Posts: 13

No because in upper XML I have ID that contain prijava1, ... IDs! (If you click download you'll see)
#34653
Posted: 10/08/2015 05:15:21
by Dmytro Bogatskyy (EldoS Corp.)

Hi,
Quote
I'm trying to validate signature of my xml file (in attachment) and validation sends me an error: "Cannot find element with iD=prijava1" ???

I have checked your signed xml document with XMLBlackbox\AdvancedSigner sample and it validates ok.
Does a third-party application failed to validate your signature? In this case, it is possible that third-party application doesn't understand "id" attribute, it may require either "Id" or "ID" attribute (attribute names are case-sensitive) or id attribute may have different name/prefix (depends on your xml schema).
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 7504 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!