[xmlsec] RES: Validating XML with Key
Jonatas Fischer
jonatas_fischer at developer.inf.br
Tue Jul 27 13:59:48 PDT 2010
Thanks, it works.
Jonatas Fischer
-----Mensagem original-----
De: Aleksey Sanin [mailto:aleksey at aleksey.com]
Enviada em: terça-feira, 27 de julho de 2010 11:55
Para: Jonatas Fischer
Cc: xmlsec at aleksey.com
Assunto: Re: [xmlsec] Validating XML with Key
Please read section 3.2 from the FAQ
http://www.aleksey.com/xmlsec/faq.html
Aleksey
On 7/27/2010 7:26 AM, Jonatas Fischer wrote:
> Im trying validate a digital signature with the certificate located at
> KEYINFO node.
>
> I had tried a lot of different ways to do it, but I have no success.
>
> I used the code of lasso project (http://*lasso*.entrouvert.org
> <http://lasso.entrouvert.org>)
>
> And of a mail
(http://www.mail-archive.com/xmlsec@aleksey.com/msg03925.html)
>
> This is my code (pascal code):
>
> function verify_file(const xml_file : string) : integer;
>
> var
>
> doc : xmlDocPtr;
>
> Signature, NFe, KeyInfo : xmlNodePtr;
>
> dsigCtx : xmlSecDSigCtxPtr;
>
> sl : TStringList;
>
> sText : Ansistring;
>
> rc : integer;
>
> cert_data, cert_key : xmlSecKeyDataPtr;
>
> cert : Pointer;
>
> key : xmlSecKeyPtr;
>
> ffile : TextFile;
>
> begin
>
> //inicialização das variáveis
>
> doc := nil;
>
> Signature := nil;
>
> dsigCtx := nil;
>
> sl := TStringList.Create;
>
> //inicializa leitura do arquivo
>
> sl.LoadFromFile(xml_file);
>
> sText :=sl.Text;
>
> doc := xmlParseDoc(PAnsiChar(UTF8Encode(sText)));
>
> if (doc = nil) or (xmlDocGetRootElement(doc) = nil) then
>
> raise Exception.Create('erro ao ler xml');
>
> NFe :=
>
xmlSecFindNode(xmlDocGetRootElement(doc),'NFe','http://www.portalfiscal.inf.
br/nfe');
>
> Signature := xmlSecFindNode(NFe,xmlSecNodeSignature, xmlSecDSigNs);
>
> KeyInfo := xmlSecFindNode(Signature, xmlSecNodeKeyInfo,
xmlSecDSigNs);
>
> if NFe = nil then
>
> raise Exception.Create('Error: start node not found in ' + xml_file);
>
> dsigCtx := xmlSecDSigCtxCreate(nil);
>
> try
>
> if (dsigCtx = nil) then
>
> raise Exception.Create('Failed to create Signature Context');
>
> Key := xmlSecKeyCreate();
>
> //if I dont use this, will not work
>
> dsigCtx.keyInfoReadCtx.flags :=
> XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND or
> XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
>
> dsigCtx.keyInfoReadCtx.mode := xmlSecKeyInfoModeRead;
>
> dsigCtx.keyInfoReadCtx.keyReq.keyId :=
> xmlSecOpenSSLKeyDataX509GetKlass;
>
> dsigCtx.keyInfoReadCtx.keyReq.keyType := xmlSecKeyDataTypePublic;
>
> dsigCtx.keyInfoReadCtx.keyReq.keyUsage := xmlSecKeyDataUsageAny;
>
> //if (xmlSecKeyInfoNodeRead(KeyInfo, dsigCtx.signKey,
> @dsigCtx.keyInfoReadCtx) < 0) then
>
> if (xmlSecKeyInfoNodeRead(KeyInfo, key, @dsigCtx.keyInfoReadCtx) <
> 0) then
>
> begin
>
> xmlSecKeyDestroy(dsigCtx.signKey);
>
> xmlSecDSigCtxDestroy(dsigCtx);
>
> raise Exception.Create('Could not read KeyInfo');
>
> end;
>
> cert_data := xmlSecKeyGetData(Key, xmlSecOpenSSLKeyDataX509GetKlass);
>
> if (cert_data <> nil) then
>
> begin
>
> cert := xmlSecOpenSSLKeyDataX509GetCert(cert_data, 0);
>
> if (cert <> nil) then
>
> begin
>
> cert_key
> := xmlSecOpenSSLX509CertGetKey(cert);
>
> rc :=
> xmlSecKeySetValue(Key, cert_key);
>
> if (rc <
> 0) then
>
>
showmessage('num deu');
>
> end;
>
> end;
>
> dsigCtx.signKey := Key;
>
> //dsigCtx.keyInfoReadCtx.enabledKeyData.
>
> if(xmlSecDSigCtxVerify(dsigCtx, Signature) < 0) then
>
> begin
>
> xmlSecDSigCtxDebugDump(dsigCtx,nil);
>
> dsigCtx.signKey := nil;
>
> xmlSecKeyDestroy(Key);
>
> xmlSecDSigCtxDestroy(dsigCtx);
>
> raise Exception.Create('Failed to verify signature');
>
> end;
>
> finally
>
> if(doc <> nil) then
>
> xmlFreeDoc(doc);
>
> end;
>
> end;
>
> this is the debug info
>
>
func=xmlSecXPathDataExecute:file=..\src\xpath.c:line=273:obj=unknown:subj=xm
lXPt
>
> rEval:error=5:libxml2 library function
> failed:expr=xpointer(id('NFe4210070950036
>
> 0000127550020000000560000000593'))
>
>
func=xmlSecXPathDataListExecute:file=..\src\xpath.c:line=356:obj=unknown:sub
j=xm
>
> lSecXPathDataExecute:error=1:xmlsec library function failed:
>
>
func=xmlSecTransformXPathExecute:file=..\src\xpath.c:line=466:obj=xpointer:s
ubj=
>
> xmlSecXPathDataExecute:error=1:xmlsec library function failed:
>
>
func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2395:obj=xp
oint
>
> er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
>
>
func=xmlSecTransformCtxXmlExecute:file=..\src\transforms.c:line=1226:obj=unk
nown
>
> :subj=xmlSecTransformPushXml:error=1:xmlsec library function
> failed:transform=xp
>
> ointer
>
>
func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1286:obj=unknow
n:su
>
> bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
>
>
func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1571:obj=u
nkno
>
> wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
>
>
func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=u
nkno
>
> wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library
> function failed
>
> :node=Reference
>
>
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=un
know
>
> n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library
> function failed
>
> :
>
>
func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xml
SecD
>
> SigCtxSigantureProcessNode:error=1:xmlsec library function failed:
>
>
func=xmlSecDSigCtxDebugDump:file=..\src\xmldsig.c:line=1068:obj=unknown:subj
=out
>
> put != NULL:error=100:assertion:
>
> and this is the xml:
>
> <?xml version="1.0" encoding="utf-8"?>
>
> <nfeProc xmlns="http://www.portalfiscal.inf.br/nfe" versao="1.10">
>
> <NFe xmlns="http://www.portalfiscal.inf.br/nfe">
>
> <infNFe versao="1.10"
>
Id="NFe42100710295305000121550010000000040000000144"><ide><cUF>42</cUF><cNF>
000000014</cNF><natOp>RETORNO
> DE
>
INDUSTRIZALIZACAO</natOp><indPag>0</indPag><mod>55</mod><serie>1</serie><nNF
>4</nNF><dEmi>2010-07-12</dEmi><dSaiEnt>2010-07-12</dSaiEnt><tpNF>1</tpNF><c
MunFG>4209102</cMunFG><tpImp>2</tpImp><tpEmis>1</tpEmis><cDV>4</cDV><tpAmb>1
</tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc>1.0</verProc></ide><e
mit><CNPJ>10295305000121</CNPJ><xNome>TECHCONTROL
> COM. DE DISP. DE CONTROLE LTDA</xNome><xFant>TECHCONTROL
> INDUSTRIAL</xFant><enderEmit><xLgr>RUA ANITA
> GARIBALDI</xLgr><nro>1190</nro><xBairro>ANITA
>
GARIBALDI</xBairro><cMun>4209102</cMun><xMun>JOINVILLE</xMun><UF>SC</UF><CEP
>89203300</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>4734337709</fon
e></enderEmit><IE>255679238</IE><IM>94475</IM><CNAE>4669999</CNAE></emit><de
st><CNPJ>50935576000119</CNPJ><xNome>PLASCAR
> IND. COMPONENTES PLASTICOS LTDA</xNome><enderDest><xLgr>AVENIDA WILHELM
> WINTER</xLgr><nro>300</nro><xBairro>DISTRITO
>
INDUSTRIAL</xBairro><cMun>3525904</cMun><xMun>JUNDIAI</xMun><UF>SP</UF><CEP>
13213000</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>0800729800</fone
></enderDest><IE>407081560119</IE></dest><det
> nItem="1"><prod><cProd>99</cProd><cEAN/><xProd>DISP. CONT. CUBING FAROL
> FOX GP
>
(1)</xProd><NCM>84663000</NCM><CFOP>6902</CFOP><uCom>PC</uCom><qCom>1.0000</
qCom><vUnCom>25000.0000</vUnCom><vProd>25000.00</vProd><cEANTrib/><uTrib>PC<
/uTrib><qTrib>1.0000</qTrib><vUnTrib>25000.0000</vUnTrib></prod><imposto><IC
MS><ICMS90><orig>0</orig><CST>90</CST><modBC>3</modBC><vBC>0.00</vBC><pICMS>
0.00</pICMS><vICMS>0.00</vICMS><modBCST>0</modBCST><vBCST>0.00</vBCST><pICMS
ST>0.00</pICMSST><vICMSST>0.00</vICMSST></ICMS90></ICMS><IPI><cEnq>999</cEnq
><IPITrib><CST>99</CST><vBC>25000.00</vBC><pIPI>0.00</pIPI><vIPI>0.00</vIPI>
</IPITrib></IPI><PIS><PISNT><CST>07</CST></PISNT></PIS><COFINS><COFINSNT><CS
T>07</CST></COFINSNT></COFINS></imposto></det><total><ICMSTot><vBC>0.00</vBC
><vICMS>0.00</vICMS><vBCST>0.00</vBCST><vST>0.00</vST><vProd>25000.00</vProd
><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vI
PI>0.00</vIPI><vPIS>0.00</vPIS><vCOFINS>0.00</vCOFINS><vOutro>0.00</vOutro><
vNF>25000.00</vNF></ICMSTot></total><transp><modFrete>0</modFrete><transpor
ta><CNPJ>01824869000113</CNPJ><xNome>JOINVILENSE
> CARGAS EXPRESS LTDA</xNome><IE>254494684</IE><xEnder>ROD BR 101 - KM 43
> 43 GALP 4/5 NOVA BRASILIA
>
89213125</xEnder><xMun>JOINVILLE</xMun><UF>SC</UF></transporta><vol><qVol>1<
/qVol></vol></transp><infAdic><infCpl>DOCUMENTO
> EMITIDO POR ME OU EPP OPTANTE PELO SIMPLES NACIONAL LC 123/2006.|RETORNO
> TOTAL DE SUA NF 127519|</infCpl></infAdic></infNFe>
>
> <Signature
>
xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMeth
od
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMetho
d
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference
>
URI="#NFe42100709500360000127550020000000560000000593"><Transforms><Transfor
m
>
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transfor
m
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><D
igestMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>N+66WC/Fl+c
rTqXw0kSD846MIH4=</DigestValue></Reference></SignedInfo><SignatureValue>
>
>
> HHim9Z0p881/LPRrGgKmqjREdG8WTSlyY7lVZs9SyEIJcMo8OZ5/MMwd9TkQPNe8ZUEh+i22
>
>
> /Du2wfjH0fgaB5/sM8Wi2YTT1BqKbQ1YJIQw+r5YQFpsTzzIvH5sKEkhQpwYdCt6gkJPdJPH
>
> 7nP+NVcKfHcdHH6eqSmJu2p1JMM=
>
> </SignatureValue><KeyInfo>
>
> <X509Data>
>
> <X509Certificate>
>
>
> MIIGMjCCBRqgAwIBAgIIaVC6ceRbadswDQYJKoZIhvcNAQEFBQAwTDELMAkGA1UEBhMCQlIx
>
>
> EzARBgNVBAoTCklDUC1CcmFzaWwxKDAmBgNVBAMTH1NFUkFTQSBDZXJ0aWZpY2Fkb3JhIERp
>
>
> Z2l0YWwgdjEwHhcNMTAwNTI0MTcyMjAwWhcNMTMwNTIzMTcyMjAwWjCB7TELMAkGA1UEBhMC
>
>
> QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRgwFgYDVQQL
>
>
> Ew8wMDAwMDEwMDEwNzQxNjgxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0g
>
>
> QlJBTkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQw
>
>
> EgYDVQQLEwsoRU0gQlJBTkNPKTErMCkGA1UEAxMiSUNQIElORFVTVFJJQSBERSBQTEFTVElD
>
>
>
T1MgTFREQSBNRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz43Y4jSPQK3wiobHFSjn
>
>
> 1cMkh2PLsSk9VRjCjJPG7oELq+Oyu44eW4Ee+lTKq3E0KoAMBrNodPChAXATIAOhRLMqFUcA
>
>
> GNJvzYa5AY3IqZNvsyoxL5olZe5OknL5Pw0Y+qUJ7bN3V7EWi8SX6V8kKqESDOf1VgQpgteE
>
>
> +IlAF50CAwEAAaOCAvgwggL0MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
>
>
> AgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUt2CoW/mypq4A7XTr1UrJlmhm9VwwgbsGA1UdEQSB
>
>
> szCBsIEaU1RBTlBMQVNUQFNUQU5QTEFTVC5DT00uQlKgPQYFYEwBAwSgNBMyMTIwNTE5ODkw
>
>
> Njk2ODQyMDkyOTAwMDAwMDAwMDAwMDAwMDAwMDA0MjI5NDQ5U1NQU0OgHwYFYEwBAwKgFhMU
>
>
> VElBR08gRklSTU8gRlJBQ0NBUk+gGQYFYEwBAwOgEBMOMDk1MDAzNjAwMDAxMjegFwYFYEwB
>
>
> AwegDhMMMDAwMDAwMDAwMDAwMFcGA1UdIARQME4wTAYGYEwBAgMDMEIwQAYIKwYBBQUHAgEW
>
>
> NGh0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9kcGMw
>
>
> gfAGA1UdHwSB6DCB5TBJoEegRYZDaHR0cDovL3d3dy5jZXJ0aWZpY2Fkb2RpZ2l0YWwuY29t
>
>
> LmJyL3JlcG9zaXRvcmlvL2xjci9zZXJhc2FjZHYxLmNybDBDoEGgP4Y9aHR0cDovL2xjci5j
>
>
> ZXJ0aWZpY2Fkb3MuY29tLmJyL3JlcG9zaXRvcmlvL2xjci9zZXJhc2FjZHYxLmNybDBToFGg
>
>
> T4ZNaHR0cDovL3JlcG9zaXRvcmlvLmljcGJyYXNpbC5nb3YuYnIvbGNyL1NlcmFzYS9yZXBv
>
>
> c2l0b3Jpby9sY3Ivc2VyYXNhY2R2MS5jcmwwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUF
>
>
> BzABhjBodHRwOi8vb2NzcC5jZXJ0aWZpY2Fkb2RpZ2l0YWwuY29tLmJyL3NlcmFzYWNkdjEw
>
>
> RwYIKwYBBQUHMAKGO2h0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9jYWRl
>
>
> aWFzL3NlcmFzYWNkdjEucDdiMA0GCSqGSIb3DQEBBQUAA4IBAQAdZZc3HomaTE5zOc+4+G2V
>
>
> OP7YZJ9PmavlCR+D9WppuQ0DEWAM/FPgAOIDH+koDHdQrMaXa+9M96zS2fFcxBv/wiOUkyBv
>
>
> daRINCWjjveziNy5C1BSLeQg1QoBsHmrq6MJj6g67Yhm7sWwXIQADPDOEvF7ErnIfC1xZn/7
>
>
> Ngku6sBNp5zssrzz/q39OdsskucUce0+xrVGt+R1X1UZFCcNQLh7aUCkcni2SZT+nrNjagu2
>
>
> S6pPRznescQPuZVJHjGmqIaQIi04nin4yOFzKHujJxWwIlrKmFG7l2NXwkz4u/aYnKsCXm4o
>
> c9/8EJyXFmPmUr4QvEjQ409RuO33oQkW
>
> </X509Certificate>
>
> </X509Data>
>
> </KeyInfo>
>
> </Signature></NFe>
>
> <protNFe versao="1.10"><infProt
>
Id="ID342100031729699"><tpAmb>1</tpAmb><verAplic>SVRS20100615093536</verApli
c><chNFe>42100709500360000127550020000000560000000593</chNFe><dhRecbto>2010-
07-09T15:40:54</dhRecbto><nProt>342100031729699</nProt><digVal>N+66WC/Fl+crT
qXw0kSD846MIH4=</digVal><cStat>100</cStat><xMotivo>Autorizado
> o uso da NF-e</xMotivo></infProt></protNFe></nfeProc>
>
> When I try to validate the same xml at
> http://www.aleksey.com/xmlsec/xmldsig-verifier.html I have the error:
>
>
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEv
al:error=5:libxml2
> library function
>
failed:expr=xpointer(id('NFe42100709500360000127550020000000560000000593'))
>
>
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSe
cXPathDataExecute:error=1:xmlsec
> library function failed:
>
>
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xml
SecXPathDataExecute:error=1:xmlsec
> library function failed:
>
>
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:
subj=xmlSecTransformExecute:error=1:xmlsec
> library function failed:
>
>
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:su
bj=xmlSecTransformPushXml:error=1:xmlsec
> library function failed:transform=xpointer
>
>
func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=
xmlSecTransformCtxXmlExecute:error=1:xmlsec
> library function failed:
>
>
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown:
subj=xmlSecTransformCtxExecute:error=1:xmlsec
> library function failed:
>
>
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:
subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
> library function failed:node=Reference
>
>
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:s
ubj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
> library function failed:
>
>
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSig
CtxSigantureProcessNode:error=1:xmlsec
> library function failed:
>
> Error: signature verification failed
>
> Somebody can help me?
>
> *Jonatas Fischer*
>
> *Sys Developer Software*
>
> (55) 47 3423-2710
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list