EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XAdES-C

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#9945
Posted: 05/07/2009 15:45:54
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Is it true that I have to set a X509KeyData like the following:

Verifier = new TElXMLVerifier();
X509KeyData = new TElXMLKeyInfoX509Data(false);
X509KeyData.Certificate = Cert;
Verifier.KeyData = X509KeyData;

and then call
Verifier.ValidateSignature()

Yes. But, if the signature contains KeyInfo element (for example it has X509Data with certificate data) then you can omit assigning Verifier.KeyData property and use default KeyData (from KeyInfo element) for verification.
Quote
If the document has multiple signatures signed by multiple certificate, how is the validation going on?

Do you mean that the document structure is:
<doc>
<data>...</data>
...
...
</doc>

Then pass the corresponding Signature element to Verifier.Load method
http://www.eldos.com/documentation/sb..._load.html
Quote
Is it realistic to validate signatures in a document using multiple given certificates, not embedded certificate in the signatures.

See XML Signature Syntax and Processing, 2.3 Extended Example
Quote
consider an application where many signatures (using different keys) are applied to a large number of documents. An inefficient solution is to have a separate signature (per key) repeatedly applied to a large SignedInfo element (with many References); this is wasteful and redundant. A more efficient solution is to include many references in a single Manifest that is then referenced from multiple Signature elements.

There is a TElXMLManifest and TElXMLObject classes that you can use.
#9965
Posted: 05/09/2009 14:57:15
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi

Does TEMMemoryCertStorage.LoadFromBufferPFX() remove existing certificates in the storage and replace these existing certificates with new ones?

Thanks
Thanh
#9966
Posted: 05/09/2009 15:07:09
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Does TEMMemoryCertStorage.LoadFromBufferPFX() remove existing certificates in the storage and replace these existing certificates with new ones?

No, it just adds a certificate to the storage.
#9967
Posted: 05/09/2009 15:51:29
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

I would like to validate signatures in a pdf document. I see nowhere in the PDFBlackBox\Processor example to load the certificates to validate. How to load a mem cert storage into the PDFVerifier to verify the signatures.

Thanks
Thanh
#9969
Posted: 05/10/2009 01:35:03
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

Could you show me the way to verify the detached xades signature. I see no way to load the original document for the validation. The TElXMLVerifier always raise an exception with message "Invalid XML Element" while loading a give original document (without signature information). I know that the load function is to load the signature, but I found no way to load the original document.

Could you please show me the way to calculate the digest of the xml document

Thanks
Thanh
#9970
Posted: 05/10/2009 15:38:31
by Dmytro Bogatskyy (EldoS Corp.)

Quote
The TElXMLVerifier always raise an exception with message "Invalid XML Element" while loading a give original document (without signature information).

What do you expect to receive from the TElXMLVerifier? If the "Signature" element is absent.
You need to load with TElXMLVerifier not an original document, but a document with detached signature. Then load an original document to a separate TElXMLDOMDocument instance, and path element from it to the Reference.URINode property.
#9971
Posted: 05/10/2009 20:37:59
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

I am sorry that i don't understand your answer clearly. Could you please give me a bit more clear explanation.

We will upgrade our license to sbb7 in next several days, please give me an instruction to get the standard support level.

Thanks
Thanh
#9972
Posted: 05/11/2009 01:39:09
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

Thanks, I can do it myself!

Best
Thanh
#10144
Posted: 05/25/2009 06:56:55
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

I need your help:
1. Could please help me to check if the following code if correct to generate a XADES-A signatue?
2. I don't know why the unsigned properties I set in the following code do not appear in the output signature, only the timestamp values are generated.

The following settings are not found in the output signature:
CompleteCertificateRefs
CompleteRevocationRes
RevoationValues
CertificatesValues

Thanks


else if (xmlType == SignatureType.XADES_A)
{

//m_certStore contains the certificatePath
//certiticate_0: signing certificate
//certiticate_1: intermediate CA cert
//certiticate_2: intermediate CA cert
//...
//certiticate_n: Root CA cert

//m_cert: signing certificate

xadesSigner.XAdESForm = SBXMLAdES.Unit.XAdES_A;

if (m_tspClient != null)
{
xadesSigner.TSPClient = m_tspClient;

//Certificates in the Path except the signing cert will be added
for (int k = 0; k < m_certStorage.Count; k++)
{
//XADES-C
//Prepare CompleteCertificateRefs
xadesSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.AddCertificate(
m_certStorage.get_Certificates(k), SBXMLAdES.Unit.XAdES_v1_3_2);

//Prepare CompleteRevocationRefs
TElXMLCRLRef clrRef = new TElXMLCRLRef(SBXMLAdES.Unit.XAdES_v1_3_2);
clrRef.DigestAlgAndValue.DigestMethod = SBXMLDefs.Unit.xmlDigestMethodSHA1;
clrRef.DigestAlgAndValue.DigestValue =
SBXMLSec.Unit.ToCryptoBinary(SBUtils.Unit.DigestToBinary160(m_certStorage.get_Certificates(k).GetHashSHA1()));
clrRef.CRLIdentifier.Issuer = SBXMLSec.Unit.FormatRDN(m_certStorage.get_Certificates(k).IssuerRDN);

//suppose that HTTP will be used
for(int j = 0; j < m_certStorage.get_Certificates(k).Extensions.CRLDistributionPoints.Count; j++)
{
TElCertificateRevocationList refList = new TElCertificateRevocationList();
string strUri = m_certStorage.get_Certificates(k).Extensions.CRLDistributionPoints.get_DistributionPoints(j).Name.get_Names(0).UniformResourceIdentifier;

if (strUri.IndexOf("http") != 0)
break;

Uri uri = new Uri(strUri);
WebRequest httpRequest = WebRequest.Create(uri);
WebResponse webresponse = httpRequest.GetResponse();

string crlFileName = Environment.TickCount.ToString() + ".crl";
crlFileName = HttpRuntime.AppDomainAppPath + "tmp\\" + crlFileName;

FileStream crlStream = new FileStream(crlFileName, FileMode.Create, FileAccess.ReadWrite);

byte[] buf = new byte[1024];
int bytesRead;

do
{
bytesRead = webresponse.GetResponseStream().Read(buf, 0, 1024);
crlStream.Write(buf, 0, bytesRead);
bytesRead += bytesRead;
}
while (bytesRead > 0);

crlStream.Position = 0;
buf = new byte[crlStream.Length];
crlStream.Read(buf, 0, (int) crlStream.Length);

crlStream.Close();

if (File.Exists(crlFileName))
File.Delete(crlFileName);

refList.LoadFromBuffer(buf);
clrRef.CRLIdentifier.IssueTimeUTC = refList.ThisUpdate;
clrRef.CRLIdentifier.Number = refList.Extensions.CRLNumber.Number;

xadesSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.Add(clrRef);

//RevocationValues
TElXMLEncapsulatedPKIData clrData = new TElXMLEncapsulatedPKIData(SBXMLAdES.Unit.XAdES_v1_3_2);

clrData.Data = buf;
xadesSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.Add(clrData);
}

//XADES-A
//Prepare CertificatesValues
TElXMLEncapsulatedPKIData pkiData = new TElXMLEncapsulatedPKIData(SBXMLAdES.Unit.XAdES_v1_3_2);
pkiData.Data = m_certStorage.get_Certificates(k).CertificateBinary;
xadesSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509Certificates.Add(pkiData);
}


//XADES-X
xadesSigner.AddSigAndRefsTimestamp(m_tspClient);

//XADES-A
xadesSigner.AddArchiveTimestamp(m_tspClient);

xadesSigner.IgnoreTimestampFailure = false;
}
else
{
ErrorCode = Constant.ErrorCode.ERROR_GENERATION_NO_TSP_SERVICE_FOUND;
}

}
}

//Sign and Save
xmlSigner.UpdateReferencesDigest();
xmlSigner.Sign();
#10146
Posted: 05/25/2009 11:52:36
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I don't know why the unsigned properties I set in the following code do not appear in the output signature, only the timestamp values are generated.

Are you adding this code before xadesSigner.Generate call?
Because the Generate method clears a QualifyingProperties object and fill it according to the properties set in xadesSigner.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 16813 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!