[xmlsec] dsigCtx->c14nMethod
Aleksey Sanin
aleksey at aleksey.com
Wed May 23 06:14:41 PDT 2012
Check if you find the node correctly with xmlSecFindNode
Aleksey
On 5/23/12 3:08 AM, Ranier VF wrote:
> Hi, can you help me?
> The xml file:
> <?xml version="1.0"?>
> <!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>
> <NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="2.00"
> Id="NFe52120503241828000120550020000067501112798840">
> ..........
> </infNFe>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#NFe52120503241828000120550020000067501112798840">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue/>
> </Reference>
> </SignedInfo>
> <SignatureValue/>
> <KeyInfo>
> <X509Data>
> <X509Certificate/>
> </X509Data>
> </KeyInfo>
> </Signature></NFe>
>
> With command line tool:
> xmlsec --sign --print-debug --output nfe_sign.xml --pkcs12 sos.p12 --pwd
> XXXXXXXX nfe3.xml
> All Works.
>
> = SIGNATURE CONTEXT
> == Status: succeeded
> == flags: 0x00000000
> == flags2: 0x00000000
> == Key Info Read Ctx:
> = KEY INFO READ CONTEXT
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled key data: all
> == RetrievalMethod level (cur/max): 0/1
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> == EncryptedKey level (cur/max): 0/1
> === KeyReq:
> ==== keyId: rsa
> ==== keyType: 0x00000002
> ==== keyUsage: 0x00000001
> ==== keyBitsSize: 0
> === list size: 0
> == Key Info Write Ctx:
> = KEY INFO WRITE CONTEXT
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled key data: all
> == RetrievalMethod level (cur/max): 0/1
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> == EncryptedKey level (cur/max): 0/1
> === KeyReq:
> ==== keyId: NULL
> ==== keyType: 0x00000001
> ==== keyUsage: 0xffffffff
> ==== keyBitsSize: 0
> === list size: 0
> == Signature Transform Ctx:
> == TRANSFORMS CTX (status=2)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
> === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
> === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
> === Transform: membuf-transform (href=NULL)
> == Signature Method:
> === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
> == Signature Key:
> == KEY
> === method: RSAKeyValue
> === key type: Private
> === key usage: -1
> === rsa key: size = 2048
> === list size: 1
> === X509 Data:
> ==== Key Certificate:
> ==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal
> do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ
> A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
> ==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do
> Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
> ==== Issuer Serial: 32303131303931323139303131363337
> ==== Certificate:
> ==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal
> do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ
> A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
> ==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do
> Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
> ==== Issuer Serial: 32303131303931323139303131363337
> == SignedInfo References List:
> === list size: 1
> = REFERENCE CALCULATION CONTEXT
> == Status: succeeded
> == URI: "#NFe52120503241828000120550020000067501112798840"
> == Reference Transform Ctx:
> == TRANSFORMS CTX (status=2)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri:
> === uri xpointer expr: #NFe52120503241828000120550020000067501112798840
> === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
> === Transform: enveloped-signature
> (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
> === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
> === Transform: membuf-transform (href=NULL)
> == Digest Method:
> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> == Result - start buffer:
> hn6gfGRWNBeR+CE6QQEU01E8e6A=
> == Result - end buffer
> == Manifest References List:
> === list size: 0
> == Result - start buffer:
> c3hAUplnTN5WuP4nSW327q20JEiKjWj/p9tLY9thHw9RoUJcj/TDkG2zEZUn219i
> vax5RMDmfk7T3HuBqg2xtEe6TxBRBlcECeQJz6BGj2xfbwLRqBAfR9gDEha+qpXu
> 7aJvvxCBps8szV2je1ThWPXSZx274NYz5uDdnGv+h6bVBbb30aMqK+/mUlwe4/Bp
> y58RKdoQC7RVQ4S3qiZ1cKGrfoPdhN73qsDjJhVub2a152n8qDwzEbM+ajUhX7Aa
> BC99E3On9goJ7T0uz+RuHgLptRhrdaSQTZOl5pRgvFPKOfKeyX6svVHU3Kly+Q6t
> Zx/edQpvMu8lp63lqa/u5g==
> == Result - end buffer
>
> But the same file: nfe3.xml with:
> xml_sign(const char *tmpl_file, const char *key_file, const char *password1)
> {
> xmlDocPtr doc = NULL;
> xmlNodePtr node = NULL;
> xmlSecDSigCtxPtr dsigCtx = NULL;
>
> /* load template */
> doc = xmlParseFile(tmpl_file);
> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
> {
> fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
> goto done;
> }
>
> /* find start node */
> node = xmlSecFindNode(xmlDocGetRootElement(doc),
> xmlSecNodeSignature, xmlSecDSigNs);
> if (node == NULL)
> {
> fprintf(stderr, "Error: start node not found in \"%s\"\n",
> tmpl_file);
> goto done;
> }
>
> /* create signature context, we don't need keys manager in this
> example */
> dsigCtx = xmlSecDSigCtxCreate(NULL);
> if (dsigCtx == NULL)
> {
> fprintf(stderr,"Error: failed to create signature context\n");
> goto done;
> }
>
> /* load private key with password */
> dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
> xmlSecKeyDataFormatPkcs12, password1, NULL, NULL);
> if (dsigCtx->signKey == NULL)
> {
> fprintf(stderr,"Error: failed to load private pem key from
> \"%s\"\n", key_file);
> goto done;
> }
>
> /* set key name to the file name, this is just an example! */
> if (xmlSecKeySetName(dsigCtx->signKey, (xmlChar *) key_file) < 0)
> {
> fprintf(stderr,"Error: failed to set key name for key from
> \"%s\"\n", key_file);
> goto done;
> }
>
> /* sign the template */
> if (xmlSecDSigCtxSign(dsigCtx, node) < 0) <---- FAILL
> {
> fprintf(stderr, xmlSecErrorsGetMsg(xmlSecErrorsGetCode(0)));
> goto done;
> }
> }
>
> Not work! Result:
>
> func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=465:ob
> j=unknown:subj=dsigCtx->c14nMethod == NULL:error=100:assertion:
> func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=x
> mlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
>
> Latest dlls from http://www.zlatkovic.com/libxml.en.html
> xmlsec-1.2.18
> libxml2-2.7.8
> openssl-0.8a
>
> Is necessary a key manager?
>
> Thanks for your patience.
> Any help will much appreciate.
>
> Best regards,
>
> Ranier Vilela
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list