EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElXMLVerifier.ValidateReference (v10) - Problem with accent

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#30125
Posted: 07/22/2014 23:39:25
by Sóstenes Alves (Standard support level)
Joined: 12/11/2012
Posts: 6

Hi!

I do not know why, I can't validate the contents of an xml file if it contains a text with an accent. I use UTF-8 files.

I have attached some examples of this problem. In animals_signed.xml file validation works, but in the file animals_accent_signed.xml the function returns false.

Code I used to sign the xml:

Code
        private static void SignXML(ref TElXMLDOMDocument _XMLDocument, TElX509Certificate certificate)
        {
            try
            {
                TElXMLSigner Signer;
                TElXAdESSigner XAdESSigner;
                TElXMLKeyInfoX509Data X509KeyData;
                TElXMLDOMNode SigNode;
                TElXMLReference Ref;
                TElXMLReferenceList Refs = new TElXMLReferenceList();

                if (string.IsNullOrEmpty(_XMLDocument.DocumentElement.GetAttribute("id")))
                {
                    _XMLDocument.DocumentElement.SetAttribute("id", "SignedData");
                }

                var hash = SignerUtils.GetHashFromString(_XMLDocument.DocumentElement.OuterXML);
                _XMLDocument.DocumentElement.SetAttribute("ds", hash);
              
                
                Ref = new TElXMLReference();
                Ref.URI = "#" + _XMLDocument.DocumentElement.GetAttribute("id");
                Ref.URINode = _XMLDocument.DocumentElement;
                Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());
                Refs.Add(Ref);

                Signer = new TElXMLSigner();
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloping;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
                Signer.MACMethod = SBXMLSec.Unit.xmmHMAC_SHA1;
                Signer.References = Refs;
                Signer.IncludeKey = true;
                Signer.OnFormatElement += new TSBXMLFormatElementEvent(FormatElement);
                Signer.OnFormatText += new TSBXMLFormatTextEvent(FormatText);

                X509KeyData = new TElXMLKeyInfoX509Data(false);
                X509KeyData.Certificate = certificate;
                X509KeyData.IncludeDataParams = 8;  //xkidX509Certificate;
                Signer.KeyData = X509KeyData;
                
                XAdESSigner = new TElXAdESSigner();
                Signer.XAdESProcessor = XAdESSigner;
                XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2;
                XAdESSigner.XAdESForm = SBXMLAdES.Unit.XAdES_X_L;
                XAdESSigner.SigningTime = DateTime.Now;
                XAdESSigner.SigningCertificates = new TElMemoryCertStorage();
                XAdESSigner.SigningCertificates.Add(certificate, false);
                XAdESSigner.IgnoreChainValidationErrors = true;
                XAdESSigner.PolicyId.SigPolicyId.IdentifierQualifier = SBXMLAdES.Unit.xqtNone;

                XAdESSigner.Generate();
                XAdESSigner.QualifyingProperties.XAdESPrefix = "xades";

                Signer.UpdateReferencesDigest();
                Signer.GenerateSignature();

                SigNode = _XMLDocument.DocumentElement;
                Signer.Save(ref SigNode);

            }
            catch (Exception)
            {
                throw;
            }
        }


[ Download ]
#30128
Posted: 07/23/2014 01:22:22
by Eugene Mayevski (EldoS Corp.)

There can be no accented characters in UTF8, as I understand - they should be encoded. Hence the problem. I.e. your original data is incorrect.

What software did you use to create a signature?


Looks like I've overlooked the second character, so the encoding seems to be correct.


Sincerely yours
Eugene Mayevski
#30130
Posted: 07/23/2014 02:36:28
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

I have checked your xml file, and it validates ok. However, it is not clear, where is the text with an accent.
#30132
Posted: 07/23/2014 07:49:13
by Sóstenes Alves (Standard support level)
Joined: 12/11/2012
Posts: 6

Hello Dmytro,

I did the following steps:

1 - I generated the animals_accent.txt file (attached to this reply). Note that there is an accent on the word "Tamanduá";

2 - Then I used the algorithm described in the first message;

3 - The result was the attached file in the first message;

4 - When performing the method TElXMLVerifier.ValidateReference, it returned false.


[ Download ]
#30133
Posted: 07/23/2014 09:05:15
by Dmytro Bogatskyy (EldoS Corp.)

Hello,
Quote
1 - I generated the animals_accent.txt file (attached to this reply). Note that there is an accent on the word "Tamanduá";

Thank you for pointing, I missed it.
Quote
4 - When performing the method TElXMLVerifier.ValidateReference, it returned false.

Could you please check with XMLBlackbox\AdvancedSigner/TinySigner sample and with the latest SecureBlackbox version. As your signature validates ok for me.
#30142
Posted: 07/24/2014 08:32:46
by Sóstenes Alves (Standard support level)
Joined: 12/11/2012
Posts: 6

Thanks Dmytro!

I did a test in AdvancedSigner and it works!

Comparing the codes, I realized that my application had a problem loading the xml before validation.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 819 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!