Thanks, it works. Jonatas Fischer
-----Mensagem original----- De: Aleksey Sanin [mailto:[email protected]] Enviada em: terça-feira, 27 de julho de 2010 11:55 Para: Jonatas Fischer Cc: [email protected] Assunto: Re: [xmlsec] Validating XML with Key Please read section 3.2 from the FAQ http://www.aleksey.com/xmlsec/faq.html Aleksey On 7/27/2010 7:26 AM, Jonatas Fischer wrote: > Im trying validate a digital signature with the certificate located at > KEYINFO node. > > I had tried a lot of different ways to do it, but I have no success. > > I used the code of lasso project (http://*lasso*.entrouvert.org > <http://lasso.entrouvert.org>) > > And of a mail (http://www.mail-archive.com/[email protected]/msg03925.html) > > This is my code (pascal code): > > function verify_file(const xml_file : string) : integer; > > var > > doc : xmlDocPtr; > > Signature, NFe, KeyInfo : xmlNodePtr; > > dsigCtx : xmlSecDSigCtxPtr; > > sl : TStringList; > > sText : Ansistring; > > rc : integer; > > cert_data, cert_key : xmlSecKeyDataPtr; > > cert : Pointer; > > key : xmlSecKeyPtr; > > ffile : TextFile; > > begin > > //inicialização das variáveis > > doc := nil; > > Signature := nil; > > dsigCtx := nil; > > sl := TStringList.Create; > > //inicializa leitura do arquivo > > sl.LoadFromFile(xml_file); > > sText :=sl.Text; > > doc := xmlParseDoc(PAnsiChar(UTF8Encode(sText))); > > if (doc = nil) or (xmlDocGetRootElement(doc) = nil) then > > raise Exception.Create('erro ao ler xml'); > > NFe := > xmlSecFindNode(xmlDocGetRootElement(doc),'NFe','http://www.portalfiscal.inf. br/nfe'); > > Signature := xmlSecFindNode(NFe,xmlSecNodeSignature, xmlSecDSigNs); > > KeyInfo := xmlSecFindNode(Signature, xmlSecNodeKeyInfo, xmlSecDSigNs); > > if NFe = nil then > > raise Exception.Create('Error: start node not found in ' + xml_file); > > dsigCtx := xmlSecDSigCtxCreate(nil); > > try > > if (dsigCtx = nil) then > > raise Exception.Create('Failed to create Signature Context'); > > Key := xmlSecKeyCreate(); > > //if I dont use this, will not work > > dsigCtx.keyInfoReadCtx.flags := > XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND or > XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; > > dsigCtx.keyInfoReadCtx.mode := xmlSecKeyInfoModeRead; > > dsigCtx.keyInfoReadCtx.keyReq.keyId := > xmlSecOpenSSLKeyDataX509GetKlass; > > dsigCtx.keyInfoReadCtx.keyReq.keyType := xmlSecKeyDataTypePublic; > > dsigCtx.keyInfoReadCtx.keyReq.keyUsage := xmlSecKeyDataUsageAny; > > //if (xmlSecKeyInfoNodeRead(KeyInfo, dsigCtx.signKey, > @dsigCtx.keyInfoReadCtx) < 0) then > > if (xmlSecKeyInfoNodeRead(KeyInfo, key, @dsigCtx.keyInfoReadCtx) < > 0) then > > begin > > xmlSecKeyDestroy(dsigCtx.signKey); > > xmlSecDSigCtxDestroy(dsigCtx); > > raise Exception.Create('Could not read KeyInfo'); > > end; > > cert_data := xmlSecKeyGetData(Key, xmlSecOpenSSLKeyDataX509GetKlass); > > if (cert_data <> nil) then > > begin > > cert := xmlSecOpenSSLKeyDataX509GetCert(cert_data, 0); > > if (cert <> nil) then > > begin > > cert_key > := xmlSecOpenSSLX509CertGetKey(cert); > > rc := > xmlSecKeySetValue(Key, cert_key); > > if (rc < > 0) then > > showmessage('num deu'); > > end; > > end; > > dsigCtx.signKey := Key; > > //dsigCtx.keyInfoReadCtx.enabledKeyData. > > if(xmlSecDSigCtxVerify(dsigCtx, Signature) < 0) then > > begin > > xmlSecDSigCtxDebugDump(dsigCtx,nil); > > dsigCtx.signKey := nil; > > xmlSecKeyDestroy(Key); > > xmlSecDSigCtxDestroy(dsigCtx); > > raise Exception.Create('Failed to verify signature'); > > end; > > finally > > if(doc <> nil) then > > xmlFreeDoc(doc); > > end; > > end; > > this is the debug info > > func=xmlSecXPathDataExecute:file=..\src\xpath.c:line=273:obj=unknown:subj=xm lXPt > > rEval:error=5:libxml2 library function > failed:expr=xpointer(id('NFe4210070950036 > > 0000127550020000000560000000593')) > > func=xmlSecXPathDataListExecute:file=..\src\xpath.c:line=356:obj=unknown:sub j=xm > > lSecXPathDataExecute:error=1:xmlsec library function failed: > > func=xmlSecTransformXPathExecute:file=..\src\xpath.c:line=466:obj=xpointer:s ubj= > > xmlSecXPathDataExecute:error=1:xmlsec library function failed: > > func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2395:obj=xp oint > > er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: > > func=xmlSecTransformCtxXmlExecute:file=..\src\transforms.c:line=1226:obj=unk nown > > :subj=xmlSecTransformPushXml:error=1:xmlsec library function > failed:transform=xp > > ointer > > func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1286:obj=unknow n:su > > bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: > > func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1571:obj=u nkno > > wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: > > func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=u nkno > > wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library > function failed > > :node=Reference > > func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=un know > > n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library > function failed > > : > > func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xml SecD > > SigCtxSigantureProcessNode:error=1:xmlsec library function failed: > > func=xmlSecDSigCtxDebugDump:file=..\src\xmldsig.c:line=1068:obj=unknown:subj =out > > put != NULL:error=100:assertion: > > and this is the xml: > > <?xml version="1.0" encoding="utf-8"?> > > <nfeProc xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.10"> > > <NFe xmlns="http://www.portalfiscal.inf.br/nfe";> > > <infNFe versao="1.10" > Id="NFe42100710295305000121550010000000040000000144"><ide><cUF>42</cUF><cNF> 000000014</cNF><natOp>RETORNO > DE > INDUSTRIZALIZACAO</natOp><indPag>0</indPag><mod>55</mod><serie>1</serie><nNF >4</nNF><dEmi>2010-07-12</dEmi><dSaiEnt>2010-07-12</dSaiEnt><tpNF>1</tpNF><c MunFG>4209102</cMunFG><tpImp>2</tpImp><tpEmis>1</tpEmis><cDV>4</cDV><tpAmb>1 </tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc>1.0</verProc></ide><e mit><CNPJ>10295305000121</CNPJ><xNome>TECHCONTROL > COM. DE DISP. DE CONTROLE LTDA</xNome><xFant>TECHCONTROL > INDUSTRIAL</xFant><enderEmit><xLgr>RUA ANITA > GARIBALDI</xLgr><nro>1190</nro><xBairro>ANITA > GARIBALDI</xBairro><cMun>4209102</cMun><xMun>JOINVILLE</xMun><UF>SC</UF><CEP >89203300</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>4734337709</fon e></enderEmit><IE>255679238</IE><IM>94475</IM><CNAE>4669999</CNAE></emit><de st><CNPJ>50935576000119</CNPJ><xNome>PLASCAR > IND. COMPONENTES PLASTICOS LTDA</xNome><enderDest><xLgr>AVENIDA WILHELM > WINTER</xLgr><nro>300</nro><xBairro>DISTRITO > INDUSTRIAL</xBairro><cMun>3525904</cMun><xMun>JUNDIAI</xMun><UF>SP</UF><CEP> 13213000</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>0800729800</fone ></enderDest><IE>407081560119</IE></dest><det > nItem="1"><prod><cProd>99</cProd><cEAN/><xProd>DISP. CONT. CUBING FAROL > FOX GP > (1)</xProd><NCM>84663000</NCM><CFOP>6902</CFOP><uCom>PC</uCom><qCom>1.0000</ qCom><vUnCom>25000.0000</vUnCom><vProd>25000.00</vProd><cEANTrib/><uTrib>PC< /uTrib><qTrib>1.0000</qTrib><vUnTrib>25000.0000</vUnTrib></prod><imposto><IC MS><ICMS90><orig>0</orig><CST>90</CST><modBC>3</modBC><vBC>0.00</vBC><pICMS> 0.00</pICMS><vICMS>0.00</vICMS><modBCST>0</modBCST><vBCST>0.00</vBCST><pICMS ST>0.00</pICMSST><vICMSST>0.00</vICMSST></ICMS90></ICMS><IPI><cEnq>999</cEnq ><IPITrib><CST>99</CST><vBC>25000.00</vBC><pIPI>0.00</pIPI><vIPI>0.00</vIPI> </IPITrib></IPI><PIS><PISNT><CST>07</CST></PISNT></PIS><COFINS><COFINSNT><CS T>07</CST></COFINSNT></COFINS></imposto></det><total><ICMSTot><vBC>0.00</vBC ><vICMS>0.00</vICMS><vBCST>0.00</vBCST><vST>0.00</vST><vProd>25000.00</vProd ><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vI PI>0.00</vIPI><vPIS>0.00</vPIS><vCOFINS>0.00</vCOFINS><vOutro>0.00</vOutro>< vNF>25000.00</vNF></ICMSTot></total><transp><modFrete>0</modFrete><transpor ta><CNPJ>01824869000113</CNPJ><xNome>JOINVILENSE > CARGAS EXPRESS LTDA</xNome><IE>254494684</IE><xEnder>ROD BR 101 - KM 43 > 43 GALP 4/5 NOVA BRASILIA > 89213125</xEnder><xMun>JOINVILLE</xMun><UF>SC</UF></transporta><vol><qVol>1< /qVol></vol></transp><infAdic><infCpl>DOCUMENTO > EMITIDO POR ME OU EPP OPTANTE PELO SIMPLES NACIONAL LC 123/2006.|RETORNO > TOTAL DE SUA NF 127519|</infCpl></infAdic></infNFe> > > <Signature > xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMeth od > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMetho d > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference > URI="#NFe42100709500360000127550020000000560000000593"><Transforms><Transfor m > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transfor m > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><D igestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>N+66WC/Fl+c rTqXw0kSD846MIH4=</DigestValue></Reference></SignedInfo><SignatureValue> > > > HHim9Z0p881/LPRrGgKmqjREdG8WTSlyY7lVZs9SyEIJcMo8OZ5/MMwd9TkQPNe8ZUEh+i22 > > > /Du2wfjH0fgaB5/sM8Wi2YTT1BqKbQ1YJIQw+r5YQFpsTzzIvH5sKEkhQpwYdCt6gkJPdJPH > > 7nP+NVcKfHcdHH6eqSmJu2p1JMM= > > </SignatureValue><KeyInfo> > > <X509Data> > > <X509Certificate> > > > MIIGMjCCBRqgAwIBAgIIaVC6ceRbadswDQYJKoZIhvcNAQEFBQAwTDELMAkGA1UEBhMCQlIx > > > EzARBgNVBAoTCklDUC1CcmFzaWwxKDAmBgNVBAMTH1NFUkFTQSBDZXJ0aWZpY2Fkb3JhIERp > > > Z2l0YWwgdjEwHhcNMTAwNTI0MTcyMjAwWhcNMTMwNTIzMTcyMjAwWjCB7TELMAkGA1UEBhMC > > > QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRgwFgYDVQQL > > > Ew8wMDAwMDEwMDEwNzQxNjgxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0g > > > QlJBTkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQw > > > EgYDVQQLEwsoRU0gQlJBTkNPKTErMCkGA1UEAxMiSUNQIElORFVTVFJJQSBERSBQTEFTVElD > > > T1MgTFREQSBNRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz43Y4jSPQK3wiobHFSjn > > > 1cMkh2PLsSk9VRjCjJPG7oELq+Oyu44eW4Ee+lTKq3E0KoAMBrNodPChAXATIAOhRLMqFUcA > > > GNJvzYa5AY3IqZNvsyoxL5olZe5OknL5Pw0Y+qUJ7bN3V7EWi8SX6V8kKqESDOf1VgQpgteE > > > +IlAF50CAwEAAaOCAvgwggL0MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD > > > AgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUt2CoW/mypq4A7XTr1UrJlmhm9VwwgbsGA1UdEQSB > > > szCBsIEaU1RBTlBMQVNUQFNUQU5QTEFTVC5DT00uQlKgPQYFYEwBAwSgNBMyMTIwNTE5ODkw > > > Njk2ODQyMDkyOTAwMDAwMDAwMDAwMDAwMDAwMDA0MjI5NDQ5U1NQU0OgHwYFYEwBAwKgFhMU > > > VElBR08gRklSTU8gRlJBQ0NBUk+gGQYFYEwBAwOgEBMOMDk1MDAzNjAwMDAxMjegFwYFYEwB > > > AwegDhMMMDAwMDAwMDAwMDAwMFcGA1UdIARQME4wTAYGYEwBAgMDMEIwQAYIKwYBBQUHAgEW > > > NGh0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9kcGMw > > > gfAGA1UdHwSB6DCB5TBJoEegRYZDaHR0cDovL3d3dy5jZXJ0aWZpY2Fkb2RpZ2l0YWwuY29t > > > LmJyL3JlcG9zaXRvcmlvL2xjci9zZXJhc2FjZHYxLmNybDBDoEGgP4Y9aHR0cDovL2xjci5j > > > ZXJ0aWZpY2Fkb3MuY29tLmJyL3JlcG9zaXRvcmlvL2xjci9zZXJhc2FjZHYxLmNybDBToFGg > > > T4ZNaHR0cDovL3JlcG9zaXRvcmlvLmljcGJyYXNpbC5nb3YuYnIvbGNyL1NlcmFzYS9yZXBv > > > c2l0b3Jpby9sY3Ivc2VyYXNhY2R2MS5jcmwwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUF > > > BzABhjBodHRwOi8vb2NzcC5jZXJ0aWZpY2Fkb2RpZ2l0YWwuY29tLmJyL3NlcmFzYWNkdjEw > > > RwYIKwYBBQUHMAKGO2h0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9jYWRl > > > aWFzL3NlcmFzYWNkdjEucDdiMA0GCSqGSIb3DQEBBQUAA4IBAQAdZZc3HomaTE5zOc+4+G2V > > > OP7YZJ9PmavlCR+D9WppuQ0DEWAM/FPgAOIDH+koDHdQrMaXa+9M96zS2fFcxBv/wiOUkyBv > > > daRINCWjjveziNy5C1BSLeQg1QoBsHmrq6MJj6g67Yhm7sWwXIQADPDOEvF7ErnIfC1xZn/7 > > > Ngku6sBNp5zssrzz/q39OdsskucUce0+xrVGt+R1X1UZFCcNQLh7aUCkcni2SZT+nrNjagu2 > > > S6pPRznescQPuZVJHjGmqIaQIi04nin4yOFzKHujJxWwIlrKmFG7l2NXwkz4u/aYnKsCXm4o > > c9/8EJyXFmPmUr4QvEjQ409RuO33oQkW > > </X509Certificate> > > </X509Data> > > </KeyInfo> > > </Signature></NFe> > > <protNFe versao="1.10"><infProt > Id="ID342100031729699"><tpAmb>1</tpAmb><verAplic>SVRS20100615093536</verApli c><chNFe>42100709500360000127550020000000560000000593</chNFe><dhRecbto>2010- 07-09T15:40:54</dhRecbto><nProt>342100031729699</nProt><digVal>N+66WC/Fl+crT qXw0kSD846MIH4=</digVal><cStat>100</cStat><xMotivo>Autorizado > o uso da NF-e</xMotivo></infProt></protNFe></nfeProc> > > When I try to validate the same xml at > http://www.aleksey.com/xmlsec/xmldsig-verifier.html I have the error: > > func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEv al:error=5:libxml2 > library function > failed:expr=xpointer(id('NFe42100709500360000127550020000000560000000593')) > > func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSe cXPathDataExecute:error=1:xmlsec > library function failed: > > func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xml SecXPathDataExecute:error=1:xmlsec > library function failed: > > func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer: subj=xmlSecTransformExecute:error=1:xmlsec > library function failed: > > func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:su bj=xmlSecTransformPushXml:error=1:xmlsec > library function failed:transform=xpointer > > func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj= xmlSecTransformCtxXmlExecute:error=1:xmlsec > library function failed: > > func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown: subj=xmlSecTransformCtxExecute:error=1:xmlsec > library function failed: > > func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown: subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec > library function failed:node=Reference > > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:s ubj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec > library function failed: > > func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSig CtxSigantureProcessNode:error=1:xmlsec > library function failed: > > Error: signature verification failed > > Somebody can help me? > > *Jonatas Fischer* > > *Sys Developer Software* > > (55) 47 3423-2710 > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
