EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElXMLVerifier.ValidateReference (v10) - Problem with accent

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#30125
Posted: 07/22/2014 23:39:25
by Sóstenes Alves (Standard support level)
Joined: 12/11/2012
Posts: 6

Hi!

I do not know why, I can't validate the contents of an xml file if it contains a text with an accent. I use UTF-8 files.

I have attached some examples of this problem. In animals_signed.xml file validation works, but in the file animals_accent_signed.xml the function returns false.

Code I used to sign the xml:

Code
        private static void SignXML(ref TElXMLDOMDocument _XMLDocument, TElX509Certificate certificate)
        {
            try
            {
                TElXMLSigner Signer;
                TElXAdESSigner XAdESSigner;
                TElXMLKeyInfoX509Data X509KeyData;
                TElXMLDOMNode SigNode;
                TElXMLReference Ref;
                TElXMLReferenceList Refs = new TElXMLReferenceList();

                if (string.IsNullOrEmpty(_XMLDocument.DocumentElement.GetAttribute("id")))
                {
                    _XMLDocument.DocumentElement.SetAttribute("id", "SignedData");
                }

                var hash = SignerUtils.GetHashFromString(_XMLDocument.DocumentElement.OuterXML);
                _XMLDocument.DocumentElement.SetAttribute("ds", hash);
              
                
                Ref = new TElXMLReference();
                Ref.URI = "#" + _XMLDocument.DocumentElement.GetAttribute("id");
                Ref.URINode = _XMLDocument.DocumentElement;
                Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
                Refs.Add(Ref);

                Signer = new TElXMLSigner();
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloping;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_SHA1;
                Signer.References = Refs;
                Signer.IncludeKey = true;
                Signer.OnFormatElement += new TSBXMLFormatElementEvent(FormatElement);
                Signer.OnFormatText += new TSBXMLFormatTextEvent(FormatText);

                X509KeyData = new TElXMLKeyInfoX509Data(false);
                X509KeyData.Certificate = certificate;
                X509KeyData.IncludeDataParams = 8;  //xkidX509Certificate;
                Signer.KeyData = X509KeyData;
                
                XAdESSigner = new TElXAdESSigner();
                Signer.XAdESProcessor = XAdESSigner;
                XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2;
                XAdESSigner.XAdESForm = SBXMLAdES.Unit.XAdES_X_L;
                XAdESSigner.SigningTime = DateTime.Now;
                XAdESSigner.SigningCertificates = new TElMemoryCertStorage();
                XAdESSigner.SigningCertificates.Add(certificate, false);
                XAdESSigner.IgnoreChainValidationErrors = true;
                XAdESSigner.PolicyId.SigPolicyId.IdentifierQualifier = SBXMLAdES.Unit.xqtNone;

                XAdESSigner.Generate();
                XAdESSigner.QualifyingProperties.XAdESPrefix = "xades";

                Signer.UpdateReferencesDigest();
                Signer.GenerateSignature();

                SigNode = _XMLDocument.DocumentElement;
                Signer.Save(ref SigNode);

            }
            catch (Exception)
            {
                throw;
            }
        }


[ Download ]
#30128
Posted: 07/23/2014 01:22:22
by Eugene Mayevski (EldoS Corp.)

There can be no accented characters in UTF8, as I understand - they should be encoded. Hence the problem. I.e. your original data is incorrect.

What software did you use to create a signature?


Looks like I've overlooked the second character, so the encoding seems to be correct.


Sincerely yours
Eugene Mayevski
#30130
Posted: 07/23/2014 02:36:28
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

I have checked your xml file, and it validates ok. However, it is not clear, where is the text with an accent.
#30132
Posted: 07/23/2014 07:49:13
by Sóstenes Alves (Standard support level)
Joined: 12/11/2012
Posts: 6

Hello Dmytro,

I did the following steps:

1 - I generated the animals_accent.txt file (attached to this reply). Note that there is an accent on the word "Tamanduá";

2 - Then I used the algorithm described in the first message;

3 - The result was the attached file in the first message;

4 - When performing the method TElXMLVerifier.ValidateReference, it returned false.


[ Download ]
#30133
Posted: 07/23/2014 09:05:15
by Dmytro Bogatskyy (EldoS Corp.)

Hello,
Quote
1 - I generated the animals_accent.txt file (attached to this reply). Note that there is an accent on the word "Tamanduá";

Thank you for pointing, I missed it.
Quote
4 - When performing the method TElXMLVerifier.ValidateReference, it returned false.

Could you please check with XMLBlackbox\AdvancedSigner/TinySigner sample and with the latest SecureBlackbox version. As your signature validates ok for me.
#30142
Posted: 07/24/2014 08:32:46
by Sóstenes Alves (Standard support level)
Joined: 12/11/2012
Posts: 6

Thanks Dmytro!

I did a test in AdvancedSigner and it works!

Comparing the codes, I realized that my application had a problem loading the xml before validation.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 892 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!