[xmlsec] dsigCtx->c14nMethod

Ranier VF ranier_gyn at hotmail.com
Wed May 23 14:37:20 PDT 2012


Hi, Aleksey.
Sorry for long time, but today are very busy.

Right now I have windbg with view struct after xmlSecFindNode:
    node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
node->name = "Signature"
node->next->name = "SignedInfo"
node->next->next->name = "Text"
node->next->ns->type = XML_NAMESPACE_DECL (0n18)
node->next->ns->href = "http://www.w3.org/2000/09/xmldsig#"
node->next->doc->name = ""
node->nsDef->href = "http://www.w3.org/2000/09/xmldsig#"
node->doc->type = XML_DOCUMENT_NODE (0n9)
node->doc->name = ""

I not kown what node correctly, please you can tell me?
Exist other field in struct node relevant?

Best regards,

Ranier


> Date: Wed, 23 May 2012 06:14:41 -0700
> From: aleksey at aleksey.com
> To: ranier_gyn at hotmail.com
> CC: xmlsec at aleksey.com
> Subject: Re: [xmlsec] dsigCtx->c14nMethod
> 
> Check if you find the node correctly with xmlSecFindNode
> 
> Aleksey
> 
> On 5/23/12 3:08 AM, Ranier VF wrote:
> > Hi, can you help me?
> > The xml file:
> > <?xml version="1.0"?>
> > <!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>
> > <NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="2.00"
> > Id="NFe52120503241828000120550020000067501112798840">
> > ..........
> > </infNFe>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> >   <SignedInfo>
> >     <CanonicalizationMethod
> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> >     <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> >     <Reference URI="#NFe52120503241828000120550020000067501112798840">
> >       <Transforms>
> >         <Transform
> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> >         <Transform
> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> >       </Transforms>
> >       <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >       <DigestValue/>
> >     </Reference>
> >   </SignedInfo>
> >   <SignatureValue/>
> >   <KeyInfo>
> >     <X509Data>
> >       <X509Certificate/>
> >     </X509Data>
> >   </KeyInfo>
> > </Signature></NFe>
> > 
> > With command line tool:
> > xmlsec --sign --print-debug --output nfe_sign.xml --pkcs12 sos.p12 --pwd
> > XXXXXXXX nfe3.xml
> > All Works.
> > 
> > = SIGNATURE CONTEXT
> > == Status: succeeded
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == Key Info Read Ctx:
> > = KEY INFO READ CONTEXT
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == enabled key data: all
> > == RetrievalMethod level (cur/max): 0/1
> > == TRANSFORMS CTX (status=0)
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == enabled transforms: all
> > === uri: NULL
> > === uri xpointer expr: NULL
> > == EncryptedKey level (cur/max): 0/1
> > === KeyReq:
> > ==== keyId: rsa
> > ==== keyType: 0x00000002
> > ==== keyUsage: 0x00000001
> > ==== keyBitsSize: 0
> > === list size: 0
> > == Key Info Write Ctx:
> > = KEY INFO WRITE CONTEXT
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == enabled key data: all
> > == RetrievalMethod level (cur/max): 0/1
> > == TRANSFORMS CTX (status=0)
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == enabled transforms: all
> > === uri: NULL
> > === uri xpointer expr: NULL
> > == EncryptedKey level (cur/max): 0/1
> > === KeyReq:
> > ==== keyId: NULL
> > ==== keyType: 0x00000001
> > ==== keyUsage: 0xffffffff
> > ==== keyBitsSize: 0
> > === list size: 0
> > == Signature Transform Ctx:
> > == TRANSFORMS CTX (status=2)
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == enabled transforms: all
> > === uri: NULL
> > === uri xpointer expr: NULL
> > === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
> > === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
> > === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
> > === Transform: membuf-transform (href=NULL)
> > == Signature Method:
> > === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
> > == Signature Key:
> > == KEY
> > === method: RSAKeyValue
> > === key type: Private
> > === key usage: -1
> > === rsa key: size = 2048
> > === list size: 1
> > === X509 Data:
> > ==== Key Certificate:
> > ==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal
> > do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ
> > A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
> > ==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do
> > Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
> > ==== Issuer Serial: 32303131303931323139303131363337
> > ==== Certificate:
> > ==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal
> > do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ
> > A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
> > ==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do
> > Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
> > ==== Issuer Serial: 32303131303931323139303131363337
> > == SignedInfo References List:
> > === list size: 1
> > = REFERENCE CALCULATION CONTEXT
> > == Status: succeeded
> > == URI: "#NFe52120503241828000120550020000067501112798840"
> > == Reference Transform Ctx:
> > == TRANSFORMS CTX (status=2)
> > == flags: 0x00000000
> > == flags2: 0x00000000
> > == enabled transforms: all
> > === uri:
> > === uri xpointer expr: #NFe52120503241828000120550020000067501112798840
> > === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
> > === Transform: enveloped-signature
> > (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
> > === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
> > === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> > === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
> > === Transform: membuf-transform (href=NULL)
> > == Digest Method:
> > === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> > == Result - start buffer:
> > hn6gfGRWNBeR+CE6QQEU01E8e6A=
> > == Result - end buffer
> > == Manifest References List:
> > === list size: 0
> > == Result - start buffer:
> > c3hAUplnTN5WuP4nSW327q20JEiKjWj/p9tLY9thHw9RoUJcj/TDkG2zEZUn219i
> > vax5RMDmfk7T3HuBqg2xtEe6TxBRBlcECeQJz6BGj2xfbwLRqBAfR9gDEha+qpXu
> > 7aJvvxCBps8szV2je1ThWPXSZx274NYz5uDdnGv+h6bVBbb30aMqK+/mUlwe4/Bp
> > y58RKdoQC7RVQ4S3qiZ1cKGrfoPdhN73qsDjJhVub2a152n8qDwzEbM+ajUhX7Aa
> > BC99E3On9goJ7T0uz+RuHgLptRhrdaSQTZOl5pRgvFPKOfKeyX6svVHU3Kly+Q6t
> > Zx/edQpvMu8lp63lqa/u5g==
> > == Result - end buffer
> > 
> > But the same file: nfe3.xml with:
> > xml_sign(const char *tmpl_file, const char *key_file, const char *password1)
> > {
> >     xmlDocPtr doc = NULL;
> >     xmlNodePtr node = NULL;
> >     xmlSecDSigCtxPtr dsigCtx = NULL;
> > 
> >     /* load template */
> >     doc = xmlParseFile(tmpl_file);
> >     if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
> >     {
> >        fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
> >        goto done;     
> >     }
> >    
> >     /* find start node */
> >     node = xmlSecFindNode(xmlDocGetRootElement(doc),
> > xmlSecNodeSignature, xmlSecDSigNs);
> >     if (node == NULL)
> >     {
> >           fprintf(stderr, "Error: start node not found in \"%s\"\n",
> > tmpl_file);
> >           goto done;
> >     }
> > 
> >     /* create signature context, we don't need keys manager in this
> > example */
> >     dsigCtx = xmlSecDSigCtxCreate(NULL);
> >     if (dsigCtx == NULL)
> >     {
> >        fprintf(stderr,"Error: failed to create signature context\n");
> >        goto done;
> >     }
> > 
> >     /* load private key with password */
> >     dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
> > xmlSecKeyDataFormatPkcs12, password1, NULL, NULL);
> >     if (dsigCtx->signKey == NULL)
> >     {
> >        fprintf(stderr,"Error: failed to load private pem key from
> > \"%s\"\n", key_file);
> >        goto done;
> >     }
> > 
> >     /* set key name to the file name, this is just an example! */
> >     if (xmlSecKeySetName(dsigCtx->signKey, (xmlChar *) key_file) < 0)
> >     {
> >        fprintf(stderr,"Error: failed to set key name for key from
> > \"%s\"\n", key_file);
> >        goto done;
> >     }
> > 
> >     /* sign the template */
> >     if (xmlSecDSigCtxSign(dsigCtx, node) < 0)   <---- FAILL
> >     {
> >        fprintf(stderr, xmlSecErrorsGetMsg(xmlSecErrorsGetCode(0)));
> >        goto done;
> >     }
> > }
> > 
> > Not work! Result:
> > 
> > func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=465:ob
> > j=unknown:subj=dsigCtx->c14nMethod == NULL:error=100:assertion:
> > func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=x
> > mlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
> > 
> > Latest dlls from http://www.zlatkovic.com/libxml.en.html
> > xmlsec-1.2.18
> > libxml2-2.7.8
> > openssl-0.8a
> > 
> > Is necessary a key manager?
> > 
> > Thanks for your patience.
> > Any help will much appreciate.
> > 
> > Best regards,
> > 
> > Ranier Vilela
> > 
> > 
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120523/26fea04d/attachment-0001.html>


More information about the xmlsec mailing list