EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Missing sections in XaDES-BES sign

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#37204
Posted: 07/08/2016 03:50:34
by Marek Otulakowski (Basic support level)
Joined: 05/10/2016
Posts: 8

Hi,
Please help.
How to add two missing sections in standard sign XaDes-BES in Delphi using VCL Eldos (XmlBlackBox)?
First missing section (line 7-12)
Second missing section (line 52-57)
Code
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-daa992dd4dde94bbf8ad9c254511f8b8">
   <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <ds:Reference Id="r-id-1" Type="" URI="">

      //1 missing code
      <ds:Transforms>
         <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
         <ds:XPath>not(ancestor-or-self::ds:Signature)</ds:XPath>
      </ds:Transform>
      //end
      
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </ds:Transforms>
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
      <ds:DigestValue>chk9/eqdDOiZr2SmxyB7bGMScyj1Te6uQaWH8dJ1zVM=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xades-id-daa992dd4dde94bbf8ad9c254511f8b8">
         <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
         </ds:Transforms>
         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
         <ds:DigestValue>oUgfYofTfkis8F9XeUNDfsLWCEt3ZdsSB/5MNfdYQrY=</ds:DigestValue>
      </ds:Reference>
   </ds:SignedInfo>
   <ds:SignatureValue Id="value-id-daa992dd4dde94bbf8ad9c254511f8b8">NWKoehm3qs8jb53xb1Zgp4/Y92GAMPV5CMIoTzwiMk7/IN44KjCfrFMHjy9+rpPq...hoXE+go4H...q5jB/qLW67Wp1+EJZRmCEU4zFD/0c2YMiJwIPzarKRfEZSrG783cX0wbmzW0IUOyCNByuy+sn4/cwn+hEXhH85LUTSPOA1HqyWLLeBvnpoDF1scRvC9UN9Rkhm9RTG+sRPB9uzrog==</ds:SignatureValue>
   <ds:KeyInfo>
   <ds:X509Data>
      <ds:X509Certificate>MIID...GGe6/rTGP...5Dd9/EuK+R1o8...l5xO/vupOWF+Dc5lzV9KcPgWpDyYCJU8PLEIzei4J3HoNYsM9fy3tRAxEeds4+6S+CcOE5rq91HJw+CA2x...Y6QE++OpqImT/QA4o...TqqC/ni8keiXJFzhm59AAgaj/a+isfZ9xXCT6hCWxuRpJJVsyWGrmDgUC5qFlJ3dlHsHdAi7ZLvvQ48EoFU/6HH/RbAsSiWzL5UV6VZi5fBq0kWr0edsgUp9yDVPcGaGPctSsvH9/3znY...V3ul/Wj1AKp4YH32</ds:X509Certificate>
   </ds:X509Data>
   </ds:KeyInfo>
   <ds:Object>
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-daa992dd4dde94bbf8ad9c254511f8b8">
         <xades:SignedProperties Id="xades-id-daa992dd4dde94bbf8ad9c254511f8b8"><xades:SignedSignatureProperties>
            <xades:SigningTime>2016-06-30T09:43:20Z</xades:SigningTime>
            <xades:SigningCertificate>
               <xades:Cert>
                  <xades:CertDigest>
                     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                     <ds:DigestValue>kPpw/0EDtMXdBvRnqCrP/fD502I=</ds:DigestValue>
                  </xades:CertDigest>
                  <xades:IssuerSerial>
                     <ds:X509IssuerName>CN=jpk.mf.gov.pl,OU=Departament Informatyki,O=Ministerstwo Finansow,L=Warszawa,ST=mazowieckie,C=PL</ds:X509IssuerName>
                     <ds:X509SerialNumber>1462527176</ds:X509SerialNumber>
                  </xades:IssuerSerial>
               </xades:Cert>
            </xades:SigningCertificate>
            </xades:SignedSignatureProperties>
            <xades:SignedDataObjectProperties>

           //2 missing code
            <xades:DataObjectFormat ObjectReference="#r-id-1">
            <xades:MimeType>text/xml</xades:MimeType>
            </xades:DataObjectFormat>
            </xades:SignedDataObjectProperties>
           //end

         </xades:SignedProperties>
      </xades:QualifyingProperties>
   </ds:Object>
</ds:Signature>


original xml file, with missing sections
http://www.mf.gov.pl/documents/764034/5134536/initupload-enveloped.xades

Best regards,
Marek
#37209
Posted: 07/08/2016 05:05:49
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us,

Quote
First missing section (line 7-12)

You need to use TElXMLXPathTransform class to add XPath transform into reference's transform chain, for example:
Code
TElXMLXPathTransform XPathTransform = new TElXMLXPathTransform();
XPathTransform.NamespaceMap.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XPathTransform.XPath = "count(ancestor-or-self::ds:Signature) = 0";
Ref.TransformChain.Add(XPathTransform);

Quote
Second missing section (line 52-57)

DataObjectFormat element could be added using SignedDataObjectProperties.DataObjectFormats.Add method, for example:
Code
XAdESSigner.Generate(...); // Generate XAdES structure

DataObjectFormat : TElXMLDataObjectFormat := TElXMLDataObjectFormat.Create(XAdESSigner.XAdESVersion);
DataObjectFormat.ObjectReference := ‘#reference_id’;
DataObjectFormat.MimeType := ‘text/xml’;
XAdESSigner.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormats.Add(DataObjectFormat);
#37214
Posted: 07/08/2016 08:50:54
by Marek Otulakowski (Basic support level)
Joined: 05/10/2016
Posts: 8

Thank you,
I implement Your notice in my code and works fine.

Best Regards,
Marek

Reply

Statistics

Topic viewed 618 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!