[xmlsec] dsigCtx->c14nMethod
Aleksey Sanin
aleksey at aleksey.com
Wed May 23 14:55:38 PDT 2012
This looks OK to me. Sorry, don't know what's going on.
Didn't program on Windows in years.
Aleksey
On 5/23/12 2:37 PM, Ranier VF wrote:
> Hi, Aleksey.
> Sorry for long time, but today are very busy.
>
> Right now I have windbg with view struct after xmlSecFindNode:
> node = xmlSecFindNode(xmlDocGetRootElement(doc),
> xmlSecNodeSignature, xmlSecDSigNs);
> node->name = "Signature"
> node->next->name = "SignedInfo"
> node->next->next->name = "Text"
> node->next->ns->type = XML_NAMESPACE_DECL (0n18)
> node->next->ns->href = "http://www.w3.org/2000/09/xmldsig#"
> node->next->doc->name = ""
> node->nsDef->href = "http://www.w3.org/2000/09/xmldsig#"
> node->doc->type = XML_DOCUMENT_NODE (0n9)
> node->doc->name = ""
>
> I not kown what node correctly, please you can tell me?
> Exist other field in struct node relevant?
>
> Best regards,
>
> Ranier
>
>> Date: Wed, 23 May 2012 06:14:41 -0700
>> From: aleksey at aleksey.com
>> To: ranier_gyn at hotmail.com
>> CC: xmlsec at aleksey.com
>> Subject: Re: [xmlsec] dsigCtx->c14nMethod
>>
>> Check if you find the node correctly with xmlSecFindNode
>>
>> Aleksey
>>
>> On 5/23/12 3:08 AM, Ranier VF wrote:
>> > Hi, can you help me?
>> > The xml file:
>> > <?xml version="1.0"?>
>> > <!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>
>> > <NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="2.00"
>> > Id="NFe52120503241828000120550020000067501112798840">
>> > ..........
>> > </infNFe>
>> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <SignedInfo>
>> > <CanonicalizationMethod
>> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>> > <SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>> > <Reference URI="#NFe52120503241828000120550020000067501112798840">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> > <Transform
>> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>> > </Transforms>
>> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > <DigestValue/>
>> > </Reference>
>> > </SignedInfo>
>> > <SignatureValue/>
>> > <KeyInfo>
>> > <X509Data>
>> > <X509Certificate/>
>> > </X509Data>
>> > </KeyInfo>
>> > </Signature></NFe>
>> >
>> > With command line tool:
>> > xmlsec --sign --print-debug --output nfe_sign.xml --pkcs12 sos.p12 --pwd
>> > XXXXXXXX nfe3.xml
>> > All Works.
>> >
>> > = SIGNATURE CONTEXT
>> > == Status: succeeded
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == Key Info Read Ctx:
>> > = KEY INFO READ CONTEXT
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == enabled key data: all
>> > == RetrievalMethod level (cur/max): 0/1
>> > == TRANSFORMS CTX (status=0)
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == enabled transforms: all
>> > === uri: NULL
>> > === uri xpointer expr: NULL
>> > == EncryptedKey level (cur/max): 0/1
>> > === KeyReq:
>> > ==== keyId: rsa
>> > ==== keyType: 0x00000002
>> > ==== keyUsage: 0x00000001
>> > ==== keyBitsSize: 0
>> > === list size: 0
>> > == Key Info Write Ctx:
>> > = KEY INFO WRITE CONTEXT
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == enabled key data: all
>> > == RetrievalMethod level (cur/max): 0/1
>> > == TRANSFORMS CTX (status=0)
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == enabled transforms: all
>> > === uri: NULL
>> > === uri xpointer expr: NULL
>> > == EncryptedKey level (cur/max): 0/1
>> > === KeyReq:
>> > ==== keyId: NULL
>> > ==== keyType: 0x00000001
>> > ==== keyUsage: 0xffffffff
>> > ==== keyBitsSize: 0
>> > === list size: 0
>> > == Signature Transform Ctx:
>> > == TRANSFORMS CTX (status=2)
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == enabled transforms: all
>> > === uri: NULL
>> > === uri xpointer expr: NULL
>> > === Transform: c14n
> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>> > === Transform: rsa-sha1
> (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
>> > === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
>> > === Transform: membuf-transform (href=NULL)
>> > == Signature Method:
>> > === Transform: rsa-sha1
> (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
>> > == Signature Key:
>> > == KEY
>> > === method: RSAKeyValue
>> > === key type: Private
>> > === key usage: -1
>> > === rsa key: size = 2048
>> > === list size: 1
>> > === X509 Data:
>> > ==== Key Certificate:
>> > ==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal
>> > do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ
>> > A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
>> > ==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do
>> > Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
>> > ==== Issuer Serial: 32303131303931323139303131363337
>> > ==== Certificate:
>> > ==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal
>> > do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ
>> > A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
>> > ==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do
>> > Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
>> > ==== Issuer Serial: 32303131303931323139303131363337
>> > == SignedInfo References List:
>> > === list size: 1
>> > = REFERENCE CALCULATION CONTEXT
>> > == Status: succeeded
>> > == URI: "#NFe52120503241828000120550020000067501112798840"
>> > == Reference Transform Ctx:
>> > == TRANSFORMS CTX (status=2)
>> > == flags: 0x00000000
>> > == flags2: 0x00000000
>> > == enabled transforms: all
>> > === uri:
>> > === uri xpointer expr: #NFe52120503241828000120550020000067501112798840
>> > === Transform: xpointer
> (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
>> > === Transform: enveloped-signature
>> > (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
>> > === Transform: c14n
> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>> > === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>> > === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
>> > === Transform: membuf-transform (href=NULL)
>> > == Digest Method:
>> > === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>> > == Result - start buffer:
>> > hn6gfGRWNBeR+CE6QQEU01E8e6A=
>> > == Result - end buffer
>> > == Manifest References List:
>> > === list size: 0
>> > == Result - start buffer:
>> > c3hAUplnTN5WuP4nSW327q20JEiKjWj/p9tLY9thHw9RoUJcj/TDkG2zEZUn219i
>> > vax5RMDmfk7T3HuBqg2xtEe6TxBRBlcECeQJz6BGj2xfbwLRqBAfR9gDEha+qpXu
>> > 7aJvvxCBps8szV2je1ThWPXSZx274NYz5uDdnGv+h6bVBbb30aMqK+/mUlwe4/Bp
>> > y58RKdoQC7RVQ4S3qiZ1cKGrfoPdhN73qsDjJhVub2a152n8qDwzEbM+ajUhX7Aa
>> > BC99E3On9goJ7T0uz+RuHgLptRhrdaSQTZOl5pRgvFPKOfKeyX6svVHU3Kly+Q6t
>> > Zx/edQpvMu8lp63lqa/u5g==
>> > == Result - end buffer
>> >
>> > But the same file: nfe3.xml with:
>> > xml_sign(const char *tmpl_file, const char *key_file, const char
> *password1)
>> > {
>> > xmlDocPtr doc = NULL;
>> > xmlNodePtr node = NULL;
>> > xmlSecDSigCtxPtr dsigCtx = NULL;
>> >
>> > /* load template */
>> > doc = xmlParseFile(tmpl_file);
>> > if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
>> > {
>> > fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
>> > goto done;
>> > }
>> >
>> > /* find start node */
>> > node = xmlSecFindNode(xmlDocGetRootElement(doc),
>> > xmlSecNodeSignature, xmlSecDSigNs);
>> > if (node == NULL)
>> > {
>> > fprintf(stderr, "Error: start node not found in \"%s\"\n",
>> > tmpl_file);
>> > goto done;
>> > }
>> >
>> > /* create signature context, we don't need keys manager in this
>> > example */
>> > dsigCtx = xmlSecDSigCtxCreate(NULL);
>> > if (dsigCtx == NULL)
>> > {
>> > fprintf(stderr,"Error: failed to create signature context\n");
>> > goto done;
>> > }
>> >
>> > /* load private key with password */
>> > dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
>> > xmlSecKeyDataFormatPkcs12, password1, NULL, NULL);
>> > if (dsigCtx->signKey == NULL)
>> > {
>> > fprintf(stderr,"Error: failed to load private pem key from
>> > \"%s\"\n", key_file);
>> > goto done;
>> > }
>> >
>> > /* set key name to the file name, this is just an example! */
>> > if (xmlSecKeySetName(dsigCtx->signKey, (xmlChar *) key_file) < 0)
>> > {
>> > fprintf(stderr,"Error: failed to set key name for key from
>> > \"%s\"\n", key_file);
>> > goto done;
>> > }
>> >
>> > /* sign the template */
>> > if (xmlSecDSigCtxSign(dsigCtx, node) < 0) <---- FAILL
>> > {
>> > fprintf(stderr, xmlSecErrorsGetMsg(xmlSecErrorsGetCode(0)));
>> > goto done;
>> > }
>> > }
>> >
>> > Not work! Result:
>> >
>> > func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=465:ob
>> > j=unknown:subj=dsigCtx->c14nMethod == NULL:error=100:assertion:
>> > func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=x
>> > mlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
>> >
>> > Latest dlls from http://www.zlatkovic.com/libxml.en.html
>> > xmlsec-1.2.18
>> > libxml2-2.7.8
>> > openssl-0.8a
>> >
>> > Is necessary a key manager?
>> >
>> > Thanks for your patience.
>> > Any help will much appreciate.
>> >
>> > Best regards,
>> >
>> > Ranier Vilela
>> >
>> >
>> > _______________________________________________
>> > xmlsec mailing list
>> > xmlsec at aleksey.com
>> > http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list