EldoS | Feel safer!

Software components for data protection, secure storage and transfer

sign an xml file with the library in php

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#33913
Posted: 07/07/2015 06:44:52
by Sergio  (Basic support level)
Joined: 06/30/2015
Posts: 11

I'm trying to test the library with the version in php

but, even after a week, I have not found solution

I saw examples but they are only for version C #, and C ++ for the version that you can use with the php.

could you give me a tip? I need to sign an XML file.

Thanks in advance
#33915
Posted: 07/07/2015 07:20:37
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Here it is the short sample for signing xml document (it signs the whole xml document using enveloped signature and certificate).
https://www.dropbox.com/s/yk4h2tmuhbqb...signer.php
#34111
Posted: 07/27/2015 06:31:55
by Sergio  (Basic support level)
Joined: 06/30/2015
Posts: 11

Quote
Dmytro Bogatskyy wrote:
Thank you for contacting us.

Here it is the short sample for signing xml document (it signs the whole xml document using enveloped signature and certificate).
https://www.dropbox.com/s/yk4h2tmuhbqb...signer.php


thank you

I did some testing, it works.
I can not sign the document xml with CAdES-BES.

How should I set the method signature, so to use CAdES-BES
thank you in advance
#34112
Posted: 07/27/2015 08:08:58
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Next article will help you to create XAdES-BES signature: https://www.eldos.com/documentation/sb...ssign.html

TElXAdESSigner should be called with XAdES_BES parameter.
#34135
Posted: 07/28/2015 18:22:10
by Sergio  (Basic support level)
Joined: 06/30/2015
Posts: 11

I did some testing, I think I've done correctly, but I receive the following message.

Error happened:
XML signing failed with message: XAdES form not supported by this XAdES version.

and so I can not figure out whether it actually works or not.

I need to figure out if it works or not, in order to license, and go into production

I would understand if signing it also is generated directly p7m the file, the format file pkcs7.
#34136
Posted: 07/29/2015 01:26:46
by Eugene Mayevski (EldoS Corp.)

Well, the message suggests that you have not. If you post your code here, maybe we'll be able to understand what is wrong.


Sincerely yours
Eugene Mayevski
#34137
Posted: 07/29/2015 05:07:53
by Sergio  (Basic support level)
Joined: 06/30/2015
Posts: 11

Code
<?php
    error_reporting(E_ALL);
    date_default_timezone_set("UTC");
    
    if (isset($_POST["sign"])) {
        if (!extension_loaded("sbb") && !function_exists('SBUtils\SetLicenseKey')) {
            print "SecureBlackbox extension NOT available";
            die;
        }
        
        try {
            if (!SBUtils\GetLicense()) {
                SBUtils\SetLicenseKey("6D52E...");
            }
        } catch (SBException $e) {
            print "<p style='color:red'>Setting SBB License Key failed with message: <br/>" . $e->getErrorMessage() . "</p>";
            die;
        }
        
        $pass = $_POST["pass"];
        $filename = "";
        $certfile = "";
        if ($_FILES["filename"]["error"] == 0) {
            $filename = $_FILES["filename"]["tmp_name"];
        }
        if ($_FILES["certfile"]["error"] == 0) {
            $certfile = $_FILES["certfile"]["tmp_name"];
        }
        
        if ((strlen($filename) > 0) and (strlen($certfile) > 0)) {
            $error_happened = false;
            $error_details = "";
            
            $cert = new TElX509Certificate(null);
            try {
                $res = $cert->LoadFromFileAuto($certfile, $pass);
                if ($res != 0) {
                    $error_happened = true;
                    $cert = null;
                    $error_details = "Loading signing certificate failed with error: " . $res;
                }
            } catch(SBException $e) {
                $error_happened = true;
                $cert = null;
                $error_details = "Loading signing certificate failed with message: " . $e->getErrorMessage();
            }
            
            if (!$error_happened and (!is_null($cert))) {
            try
                {
               $xmlDocument = new TElXMLDOMDocument();
                    $xmlDocument->LoadFromFile($filename);
                    
                    // add reference for the whole document
                    $xmlSigner = new TElXMLSigner(null);
                    $k = $xmlSigner->References->Add();
                    $ref = $xmlSigner->References->get_Reference($k);
                    $ref->DigestMethod = TElXMLDigestMethod::xdmSHA1;
                    $ref->URI = "";
                    $ref->URINode = $xmlDocument->DocumentElement;
                    $ref->TransformChain->AddEnvelopedSignatureTransform();

                    $xmlSigner->SignatureMethodType = TElXMLSigMethodType::xmtSig;
                    $xmlSigner->SignatureMethod = TElXMLSignatureMethod::xsmRSA_SHA1;
                    $xmlSigner->KeyName = "";
                    $xmlSigner->IncludeKey = true;

               $X509Data = new TElXMLKeyInfoX509Data(false);
               $X509Data->Certificate = $cert;
                    $xmlSigner->KeyData = $X509Data;

               $XAdESSigner = new TElXAdESSigner(null);
               // Setup XAdES processor
               $xmlSigner->XAdESProcessor = $XAdESSigner;
               $XAdESSigner->Generate(0);
               
               $xmlSigner->UpdateReferencesDigest();
                    $xmlSigner->GenerateSignature();
                    $xmlSigner->SaveEnveloped($xmlDocument->DocumentElement);
                    $xmlDocument->SaveToFile($filename);
               
               


               //$XAdESSigner->XAdESVersion = SBXMLAdES.Unit.XAdES_v1_4_1;
               //$XAdESSigner->Generate(SBXMLAdES.Unit.XAdES_BES);


                } catch(SBException $e) {
                    $error_happened = true;
                    $error_details = "XML signing failed with message: " . $e->getErrorMessage();
                }
            
            //-------------------------------------------------------------------------------------
            }
            
            if (!$error_happened) {
                $handle = fopen($filename, "r");
                $contents = fread($handle, filesize($filename));
                fclose($handle);
                
                header('Content-Transfer-Encoding: binary');
                header('Content-length: '. strlen($contents));
                header('Content-Type: application/xml');
                header('Content-Disposition: **inline**; filename='. $filename);
                
                print $contents;
            } else {
                print "Error happened: <br/>" . $error_details;
            }
            
            return;
        } else {
            $error_details = "";
            if (strlen($filename) == 0) {
                $error_details = $error_details . "XML file for signing is not specified <br/>";
            }
            if (strlen($certfile) == 0) {
                $error_details = $error_details . "Signing certificate is not specified <br/>";
            }
            print "Error happened: <br/><br/>" . $error_details;
        }
    }    
?>


the header will be:

Content-Type: application/x-pkcs7-mime;smime-type=enveloped-data;name="document.p7m"
Content-Transfer-Encoding: base64
header('Content-Disposition: **inline**; filename='. $filename.'.p7m');
#34138
Posted: 07/29/2015 05:32:14
by Vsevolod Ievgiienko (EldoS Corp.)

The problem is in $XAdESSigner->Generate(0) call. 0 stands for XAdES value an this constant can be used only when TElXAdESSigner.XAdESVersion is set to XAdES_v1_1_1 that is the lowest supported version. Please try to call generate with parameter set to 1 that is equals to XAdES_BES.

Details: https://www.eldos.com/documentation/sb...erate.html
https://www.eldos.com/documentation/sb...rsion.html

BTW, you commented code should do the job if you move it on $XAdESSigner->Generate(0) place:

Code
$XAdESSigner->XAdESVersion = SBXMLAdES.Unit.XAdES_v1_4_1;
$XAdESSigner->Generate(SBXMLAdES.Unit.XAdES_BES);
#34139
Posted: 07/29/2015 06:39:49
by Eugene Mayevski (EldoS Corp.)

Please see Vsevolod's response above, and I would like to clarify, what the header you have specified has to do with XAdES.

.p7m extension (and pkcs7 content type) stand for PKCS7/CMS format (and CAdES extension to CMS). CAdES and XAdES are completely different formats. Did you need to sign the data with CAdES instead of XAdES or the header is incorrect?


Sincerely yours
Eugene Mayevski
#34160
Posted: 07/30/2015 18:25:17
by Sergio  (Basic support level)
Joined: 06/30/2015
Posts: 11

I tried works.

in fact, what I want to do is:
load an XML file, and signing it, through a signature with CAdES-BES, to get a file p7m.

thank you, always around
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 8396 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!