Please read section 3.2 from the FAQ http://www.aleksey.com/xmlsec/faq.html
Aleksey On 7/27/2010 7:26 AM, Jonatas Fischer wrote:
I’m trying validate a digital signature with the certificate located at KEYINFO node. I had tried a lot of different ways to do it, but I have no success. I used the code of lasso project (http://*lasso*.entrouvert.org <http://lasso.entrouvert.org>) And of a mail (http://www.mail-archive.com/[email protected]/msg03925.html) This is my code (pascal code): function verify_file(const xml_file : string) : integer; var doc : xmlDocPtr; Signature, NFe, KeyInfo : xmlNodePtr; dsigCtx : xmlSecDSigCtxPtr; sl : TStringList; sText : Ansistring; rc : integer; cert_data, cert_key : xmlSecKeyDataPtr; cert : Pointer; key : xmlSecKeyPtr; ffile : TextFile; begin //inicialização das variáveis doc := nil; Signature := nil; dsigCtx := nil; sl := TStringList.Create; //inicializa leitura do arquivo sl.LoadFromFile(xml_file); sText :=sl.Text; doc := xmlParseDoc(PAnsiChar(UTF8Encode(sText))); if (doc = nil) or (xmlDocGetRootElement(doc) = nil) then raise Exception.Create('erro ao ler xml'); NFe := xmlSecFindNode(xmlDocGetRootElement(doc),'NFe','http://www.portalfiscal.inf.br/nfe'); Signature := xmlSecFindNode(NFe,xmlSecNodeSignature, xmlSecDSigNs); KeyInfo := xmlSecFindNode(Signature, xmlSecNodeKeyInfo, xmlSecDSigNs); if NFe = nil then raise Exception.Create('Error: start node not found in ' + xml_file); dsigCtx := xmlSecDSigCtxCreate(nil); try if (dsigCtx = nil) then raise Exception.Create('Failed to create Signature Context'); Key := xmlSecKeyCreate(); //if I don’t use this, will not work dsigCtx.keyInfoReadCtx.flags := XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND or XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; dsigCtx.keyInfoReadCtx.mode := xmlSecKeyInfoModeRead; dsigCtx.keyInfoReadCtx.keyReq.keyId := xmlSecOpenSSLKeyDataX509GetKlass; dsigCtx.keyInfoReadCtx.keyReq.keyType := xmlSecKeyDataTypePublic; dsigCtx.keyInfoReadCtx.keyReq.keyUsage := xmlSecKeyDataUsageAny; //if (xmlSecKeyInfoNodeRead(KeyInfo, dsigCtx.signKey, @dsigCtx.keyInfoReadCtx) < 0) then if (xmlSecKeyInfoNodeRead(KeyInfo, key, @dsigCtx.keyInfoReadCtx) < 0) then begin xmlSecKeyDestroy(dsigCtx.signKey); xmlSecDSigCtxDestroy(dsigCtx); raise Exception.Create('Could not read KeyInfo'); end; cert_data := xmlSecKeyGetData(Key, xmlSecOpenSSLKeyDataX509GetKlass); if (cert_data <> nil) then begin cert := xmlSecOpenSSLKeyDataX509GetCert(cert_data, 0); if (cert <> nil) then begin cert_key := xmlSecOpenSSLX509CertGetKey(cert); rc := xmlSecKeySetValue(Key, cert_key); if (rc < 0) then showmessage('num deu'); end; end; dsigCtx.signKey := Key; //dsigCtx.keyInfoReadCtx.enabledKeyData. if(xmlSecDSigCtxVerify(dsigCtx, Signature) < 0) then begin xmlSecDSigCtxDebugDump(dsigCtx,nil); dsigCtx.signKey := nil; xmlSecKeyDestroy(Key); xmlSecDSigCtxDestroy(dsigCtx); raise Exception.Create('Failed to verify signature'); end; finally if(doc <> nil) then xmlFreeDoc(doc); end; end; this is the debug info func=xmlSecXPathDataExecute:file=..\src\xpath.c:line=273:obj=unknown:subj=xmlXPt rEval:error=5:libxml2 library function failed:expr=xpointer(id('NFe4210070950036 0000127550020000000560000000593')) func=xmlSecXPathDataListExecute:file=..\src\xpath.c:line=356:obj=unknown:subj=xm lSecXPathDataExecute:error=1:xmlsec library function failed: func=xmlSecTransformXPathExecute:file=..\src\xpath.c:line=466:obj=xpointer:subj= xmlSecXPathDataExecute:error=1:xmlsec library function failed: func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2395:obj=xpoint er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: func=xmlSecTransformCtxXmlExecute:file=..\src\transforms.c:line=1226:obj=unknown :subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xp ointer func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1286:obj=unknown:su bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1571:obj=unkno wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=unkno wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed :node=Reference func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=unknow n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed : func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xmlSecD SigCtxSigantureProcessNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxDebugDump:file=..\src\xmldsig.c:line=1068:obj=unknown:subj=out put != NULL:error=100:assertion: and this is the xml: <?xml version="1.0" encoding="utf-8"?> <nfeProc xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.10"> <NFe xmlns="http://www.portalfiscal.inf.br/nfe";> <infNFe versao="1.10" Id="NFe42100710295305000121550010000000040000000144"><ide><cUF>42</cUF><cNF>000000014</cNF><natOp>RETORNO DE INDUSTRIZALIZACAO</natOp><indPag>0</indPag><mod>55</mod><serie>1</serie><nNF>4</nNF><dEmi>2010-07-12</dEmi><dSaiEnt>2010-07-12</dSaiEnt><tpNF>1</tpNF><cMunFG>4209102</cMunFG><tpImp>2</tpImp><tpEmis>1</tpEmis><cDV>4</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc>1.0</verProc></ide><emit><CNPJ>10295305000121</CNPJ><xNome>TECHCONTROL COM. DE DISP. DE CONTROLE LTDA</xNome><xFant>TECHCONTROL INDUSTRIAL</xFant><enderEmit><xLgr>RUA ANITA GARIBALDI</xLgr><nro>1190</nro><xBairro>ANITA GARIBALDI</xBairro><cMun>4209102</cMun><xMun>JOINVILLE</xMun><UF>SC</UF><CEP>89203300</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>4734337709</fone></enderEmit><IE>255679238</IE><IM>94475</IM><CNAE>4669999</CNAE></emit><dest><CNPJ>50935576000119</CNPJ><xNome>PLASCAR IND. COMPONENTES PLASTICOS LTDA</xNome><enderDest><xLgr>AVENIDA WILHELM WINTER</xLgr><nro>300</nro><xBairro>DISTRITO INDUSTRIAL</xBairro><cMun>3525904</cMun><xMun>JUNDIAI</xMun><UF>SP</UF><CEP>13213000</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>0800729800</fone></enderDest><IE>407081560119</IE></dest><det nItem="1"><prod><cProd>99</cProd><cEAN/><xProd>DISP. CONT. CUBING FAROL FOX GP (1)</xProd><NCM>84663000</NCM><CFOP>6902</CFOP><uCom>PC</uCom><qCom>1.0000</qCom><vUnCom>25000.0000</vUnCom><vProd>25000.00</vProd><cEANTrib/><uTrib>PC</uTrib><qTrib>1.0000</qTrib><vUnTrib>25000.0000</vUnTrib></prod><imposto><ICMS><ICMS90><orig>0</orig><CST>90</CST><modBC>3</modBC><vBC>0.00</vBC><pICMS>0.00</pICMS><vICMS>0.00</vICMS><modBCST>0</modBCST><vBCST>0.00</vBCST><pICMSST>0.00</pICMSST><vICMSST>0.00</vICMSST></ICMS90></ICMS><IPI><cEnq>999</cEnq><IPITrib><CST>99</CST><vBC>25000.00</vBC><pIPI>0.00</pIPI><vIPI>0.00</vIPI></IPITrib></IPI><PIS><PISNT><CST>07</CST></PISNT></PIS><COFINS><COFINSNT><CST>07</CST></COFINSNT></COFINS></imposto></det><total><ICMSTot><vBC>0.00</vBC><vICMS>0.00</vICMS><vBCST>0.00</vBCST><vST>0.00</vST><vProd>25000.00</vProd><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vPIS>0.00</vPIS><vCOFINS>0.00</vCOFINS><vOutro>0.00</vOutro><vNF>25000.00</vNF></ICMSTot></total><transp><modFrete>0</modFrete><transpor
ta><CNPJ>01824869000113</CNPJ><xNome>JOINVILENSE
CARGAS EXPRESS LTDA</xNome><IE>254494684</IE><xEnder>ROD BR 101 - KM 43 43 GALP 4/5 NOVA BRASILIA 89213125</xEnder><xMun>JOINVILLE</xMun><UF>SC</UF></transporta><vol><qVol>1</qVol></vol></transp><infAdic><infCpl>DOCUMENTO EMITIDO POR ME OU EPP OPTANTE PELO SIMPLES NACIONAL LC 123/2006.|RETORNO TOTAL DE SUA NF 127519|</infCpl></infAdic></infNFe> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#NFe42100709500360000127550020000000560000000593"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>N+66WC/Fl+crTqXw0kSD846MIH4=</DigestValue></Reference></SignedInfo><SignatureValue> HHim9Z0p881/LPRrGgKmqjREdG8WTSlyY7lVZs9SyEIJcMo8OZ5/MMwd9TkQPNe8ZUEh+i22 /Du2wfjH0fgaB5/sM8Wi2YTT1BqKbQ1YJIQw+r5YQFpsTzzIvH5sKEkhQpwYdCt6gkJPdJPH 7nP+NVcKfHcdHH6eqSmJu2p1JMM= </SignatureValue><KeyInfo> <X509Data> <X509Certificate> MIIGMjCCBRqgAwIBAgIIaVC6ceRbadswDQYJKoZIhvcNAQEFBQAwTDELMAkGA1UEBhMCQlIx EzARBgNVBAoTCklDUC1CcmFzaWwxKDAmBgNVBAMTH1NFUkFTQSBDZXJ0aWZpY2Fkb3JhIERp Z2l0YWwgdjEwHhcNMTAwNTI0MTcyMjAwWhcNMTMwNTIzMTcyMjAwWjCB7TELMAkGA1UEBhMC QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRgwFgYDVQQL Ew8wMDAwMDEwMDEwNzQxNjgxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0g QlJBTkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQw EgYDVQQLEwsoRU0gQlJBTkNPKTErMCkGA1UEAxMiSUNQIElORFVTVFJJQSBERSBQTEFTVElD T1MgTFREQSBNRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz43Y4jSPQK3wiobHFSjn 1cMkh2PLsSk9VRjCjJPG7oELq+Oyu44eW4Ee+lTKq3E0KoAMBrNodPChAXATIAOhRLMqFUcA GNJvzYa5AY3IqZNvsyoxL5olZe5OknL5Pw0Y+qUJ7bN3V7EWi8SX6V8kKqESDOf1VgQpgteE +IlAF50CAwEAAaOCAvgwggL0MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD AgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUt2CoW/mypq4A7XTr1UrJlmhm9VwwgbsGA1UdEQSB szCBsIEaU1RBTlBMQVNUQFNUQU5QTEFTVC5DT00uQlKgPQYFYEwBAwSgNBMyMTIwNTE5ODkw Njk2ODQyMDkyOTAwMDAwMDAwMDAwMDAwMDAwMDA0MjI5NDQ5U1NQU0OgHwYFYEwBAwKgFhMU VElBR08gRklSTU8gRlJBQ0NBUk+gGQYFYEwBAwOgEBMOMDk1MDAzNjAwMDAxMjegFwYFYEwB AwegDhMMMDAwMDAwMDAwMDAwMFcGA1UdIARQME4wTAYGYEwBAgMDMEIwQAYIKwYBBQUHAgEW NGh0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9kcGMw gfAGA1UdHwSB6DCB5TBJoEegRYZDaHR0cDovL3d3dy5jZXJ0aWZpY2Fkb2RpZ2l0YWwuY29t LmJyL3JlcG9zaXRvcmlvL2xjci9zZXJhc2FjZHYxLmNybDBDoEGgP4Y9aHR0cDovL2xjci5j ZXJ0aWZpY2Fkb3MuY29tLmJyL3JlcG9zaXRvcmlvL2xjci9zZXJhc2FjZHYxLmNybDBToFGg T4ZNaHR0cDovL3JlcG9zaXRvcmlvLmljcGJyYXNpbC5nb3YuYnIvbGNyL1NlcmFzYS9yZXBv c2l0b3Jpby9sY3Ivc2VyYXNhY2R2MS5jcmwwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUF BzABhjBodHRwOi8vb2NzcC5jZXJ0aWZpY2Fkb2RpZ2l0YWwuY29tLmJyL3NlcmFzYWNkdjEw RwYIKwYBBQUHMAKGO2h0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9jYWRl aWFzL3NlcmFzYWNkdjEucDdiMA0GCSqGSIb3DQEBBQUAA4IBAQAdZZc3HomaTE5zOc+4+G2V OP7YZJ9PmavlCR+D9WppuQ0DEWAM/FPgAOIDH+koDHdQrMaXa+9M96zS2fFcxBv/wiOUkyBv daRINCWjjveziNy5C1BSLeQg1QoBsHmrq6MJj6g67Yhm7sWwXIQADPDOEvF7ErnIfC1xZn/7 Ngku6sBNp5zssrzz/q39OdsskucUce0+xrVGt+R1X1UZFCcNQLh7aUCkcni2SZT+nrNjagu2 S6pPRznescQPuZVJHjGmqIaQIi04nin4yOFzKHujJxWwIlrKmFG7l2NXwkz4u/aYnKsCXm4o c9/8EJyXFmPmUr4QvEjQ409RuO33oQkW </X509Certificate> </X509Data> </KeyInfo> </Signature></NFe> <protNFe versao="1.10"><infProt Id="ID342100031729699"><tpAmb>1</tpAmb><verAplic>SVRS20100615093536</verAplic><chNFe>42100709500360000127550020000000560000000593</chNFe><dhRecbto>2010-07-09T15:40:54</dhRecbto><nProt>342100031729699</nProt><digVal>N+66WC/Fl+crTqXw0kSD846MIH4=</digVal><cStat>100</cStat><xMotivo>Autorizado o uso da NF-e</xMotivo></infProt></protNFe></nfeProc> When I try to validate the same xml at http://www.aleksey.com/xmlsec/xmldsig-verifier.html I have the error: func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('NFe42100709500360000127550020000000560000000593')) func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature verification failed Somebody can help me? *Jonatas Fischer* *Sys Developer Software* (55) 47 3423-2710 _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
