It's not on the website but it is in the examples folder. Aleksey
On 6/6/12 4:42 AM, Renato Tegon Forti wrote: >>> This means that xmlsec (or to be precise, openssl) needs to verify the > certificate and it can't find the next certificate in the chain. > > Thanks for answer. > > One more question: what is the example > (http://www.aleksey.com/xmlsec/api/xmlsec-examples.html) that implement > "Online XML Digital Signature Verifer"? > I want study code implementation of it! > > Thanks > > -----Mensagem original----- > De: Aleksey Sanin [mailto:[email protected]] > Enviada em: terça-feira, 5 de junho de 2012 23:51 > Para: Renato Tegon Forti > Cc: [email protected] > Assunto: Re: [xmlsec] Trying to check sign > > This means that xmlsec (or to be precise, openssl) needs to verify the > certificate and it can't find the next certificate in the chain. > > Aleksey > > On 6/5/12 1:58 PM, Renato Tegon Forti wrote: >> Hi, >> >> >> >> I have one file that I want check sig (using KEYINFO node), I know >> that the signature is valid, but tool returns me: >> >> >> >> I use DTD, see xml below, please! >> >> >> >> ---------------------------------------------------------------------- >> -------------------------- >> >> >> >> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-sto >> re:subj=X509_verify_cert:error=4:crypto >> library function failed:subj=/C=BR/O=ICP-Brasil/OU=ID - >> 1083312/OU=Autenticado por Certisign Certificadora >> Digital/OU=Assinatura Tipo A1/OU=(EM BRANCO)/OU=(EM >> BRANCO)/CN=MEDIATECH INFORMATICA >> LTDA/[email protected];err=20;msg=unable >> <mailto:LTDA/[email protected];err=20;msg=unable> >> to get local issuer certificate >> >> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-sto >> re:subj=unknown:error=71:certificate >> verification failed:err=20;msg=unable to get local issuer certificate >> >> func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rs >> a-sha1:subj=EVP_VerifyFinal:error=18:data >> do not match:signature do not match >> >> RESULT: Signature is INVALID >> >> --------------------------------------------------- >> >> = VERIFICATION CONTEXT >> >> == Status: invalid >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == Key Info Read Ctx: >> >> = KEY INFO READ CONTEXT >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == enabled key data: all >> >> == RetrievalMethod level (cur/max): 0/1 >> >> == TRANSFORMS CTX (status=0) >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == enabled transforms: all >> >> === uri: NULL >> >> === uri xpointer expr: NULL >> >> == EncryptedKey level (cur/max): 0/1 >> >> === KeyReq: >> >> ==== keyId: rsa >> >> ==== keyType: 0x00000001 >> >> ==== keyUsage: 0x00000002 >> >> ==== keyBitsSize: 0 >> >> === list size: 0 >> >> == Key Info Write Ctx: >> >> = KEY INFO WRITE CONTEXT >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == enabled key data: all >> >> == RetrievalMethod level (cur/max): 0/1 >> >> == TRANSFORMS CTX (status=0) >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == enabled transforms: all >> >> === uri: NULL >> >> === uri xpointer expr: NULL >> >> == EncryptedKey level (cur/max): 0/1 >> >> === KeyReq: >> >> ==== keyId: NULL >> >> ==== keyType: 0x00000001 >> >> ==== keyUsage: 0xffffffff >> >> ==== keyBitsSize: 0 >> >> === list size: 0 >> >> == Signature Transform Ctx: >> >> == TRANSFORMS CTX (status=2) >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == enabled transforms: all >> >> === uri: NULL >> >> === uri xpointer expr: NULL >> >> === Transform: c14n >> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) >> >> === Transform: rsa-sha1 >> (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) >> >> === Transform: membuf-transform (href=NULL) >> >> == Signature Method: >> >> === Transform: rsa-sha1 >> (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) >> >> == Signature Key: >> >> == KEY >> >> === method: RSAKeyValue >> >> === key type: Private >> >> === key name: test-rsa >> >> === key usage: -1 >> >> === rsa key: size = 1024 >> >> == SignedInfo References List: >> >> === list size: 1 >> >> = REFERENCE VERIFICATION CONTEXT >> >> == Status: succeeded >> >> == URI: "#NFe35101003593968000167550030000101640000000003" >> >> == Reference Transform Ctx: >> >> == TRANSFORMS CTX (status=2) >> >> == flags: 0x00000000 >> >> == flags2: 0x00000000 >> >> == enabled transforms: all >> >> === uri: >> >> === uri xpointer expr: >> #NFe35101003593968000167550030000101640000000003 >> >> === Transform: xpointer >> (href=http://www.w3.org/2001/04/xmldsig-more/xptr) >> >> === Transform: enveloped-signature >> (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature) >> >> === Transform: c14n >> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) >> >> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) >> >> === Transform: membuf-transform (href=NULL) >> >> == Digest Method: >> >> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) >> >> == Manifest References List: >> >> === list size: 0 >> >> >> >> ---------------------------------------------------------------------- >> -------------------------- >> >> >> >> Anyone can help-me to understand what I make wrong! >> >> What this exactly can mean: “unable to get local issuer certificate” >> >> >> >> This is my xml file ( the DTD is correct?): >> >> >> >> ---------------------------------------------------------------------- >> -------------------------- >> >> >> >> <?xml version="1.0" encoding="UTF-8"?> >> >> <!DOCTYPE test [ >> >> <!ATTLIST infNFe Id ID #IMPLIED> >> >> ]> >> >> <nfeProc xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.10"> >> >> <NFe xmlns="http://www.portalfiscal.inf.br/nfe";><infNFe >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> Id="NFe35101003593968000167550030000101640000000003" >> versao="1.10"><ide><cUF>35</cUF><cNF>000000000</cNF><natOp>VENDA MERC >> C/ PGTO ST C/ >> SUBSTITUIDO</natOp><indPag>1</indPag><mod>55</mod><serie>3</serie><nNF >>> 10164</nNF><dEmi>2010-10-20</dEmi><dSaiEnt>2010-10-20</dSaiEnt><tpNF> >> 1</tpNF><cMunFG>3550308</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV >>> 3</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc >>> 1.4.0</verProc></ide><emit><CNPJ>03593968000167</CNPJ><xNome>Mediatec >> h Informatica LTDA</xNome><xFant>Mediatech Informatica >> LTDA</xFant><enderEmit><xLgr>CORREIA DE >> MELO</xLgr><nro>085</nro><xBairro>BOM >> RETIRO</xBairro><cMun>3550308</cMun><xMun>SAO >> PAULO</xMun><UF>SP</UF><CEP>01123020</CEP><cPais>1058</cPais><xPais>BR >> ASIL</xPais><fone>1133521199</fone></enderEmit><IE>115633812110</IE></ >> emit><dest><CNPJ>11253910000100</CNPJ><xNome>AYSSO >> SYSTEMS LTDA EPP</xNome><enderDest><xLgr>RUA DOZE DE >> NOVEMBRO</xLgr><nro>180</nro><xCpl>APT >> 183</xCpl><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICANA >> </xMun><UF>SP</UF><CEP>13465490</CEP><cPais>1058</cPais><xPais>BRASIL< >> /xPais><fone>1936459994</fone></enderDest><IE/></dest><det >> nItem="1"><prod><cProd>1160900000000001720000</cProd><cEAN/><xProd>MID >> IA >> DIGITAL >> CD/DVD</xProd><NCM>85234011</NCM><CFOP>5405</CFOP><uCom>PC.</uCom><qCo >> m>100.0000</qCom><vUnCom>2.1500</vUnCom><vProd>215.00</vProd><cEANTrib >> /><uTrib>PC.</uTrib><qTrib>100.0000</qTrib><vUnTrib>2.1500</vUnTrib><v >> Frete>20.00</vFrete></prod><imposto><ICMS><ICMS60><orig>0</orig><CST>6 >> 0</CST><vBCST>215.00</vBCST><vICMSST>0.00</vICMSST></ICMS60></ICMS><IP >> I><cEnq>999</cEnq><IPINT><CST>53</CST></IPINT></IPI><PIS><PISAliq><CST >>> 01</CST><vBC>215.00</vBC><pPIS>0.65</pPIS><vPIS>1.40</vPIS></PISAliq> >> </PIS><COFINS><COFINSAliq><CST>01</CST><vBC>215.00</vBC><pCOFINS>3.00< >> /pCOFINS><vCOFINS>6.45</vCOFINS></COFINSAliq></COFINS></imposto></det> >> <total><ICMSTot><vBC>20.00</vBC><vICMS>0.00</vICMS><vBCST>0.00</vBCST> >> <vST>0.00</vST><vProd>215.00</vProd><vFrete>20.00</vFrete><vSeg>0.00</ >> vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vPIS>1.40</vP >> IS><vCOFINS>6.45</vCOFINS><vOutro>0.00</vOutro><vNF>235.00</vNF></ICMS >> Tot></total><transp><modFrete>0</modFrete><transporta><CNPJ>0728188600 >> 0138</CNPJ><xNom > e >> Correio >> - Sedex</xNome><IE>ISENTO</IE><xEnder>Rua Correia de Melo, >> 111</xEnder><xMun>Sao >> > Paulo</xMun><UF>SP</UF></transporta><vol><qVol>1</qVol><esp>CX.</esp><pesoL> > 1.000</pesoL><pesoB>1.000</pesoB></vol></transp><cobr><fat><nFat>10164</nFat >> <vOrig>235.00</vOrig><vLiq>235.00</vLiq></fat><dup><nDup>001</nDup><dVenc>2 > 010-10-20</dVenc><vDup>235.00</vDup></dup></cobr><infAdic><infCpl>Pedidos: >> 48033</infCpl></infAdic></infNFe><Signature >> >> xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><Canonicalizatio >> nMethod >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><Signature >> Method >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >> >> URI="#NFe35101003593968000167550030000101640000000003"><Transforms><Tra >> nsform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Tra >> nsform >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transfor >> ms><DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vj4p6F >> tqkZen6fsHlcyag8R2hF0=</DigestValue></Reference></SignedInfo><Signature >> Value>Jymbikn/5F8aUYQA6CaZmLYY9plO4KNfyu/M4TZP5l+3fy/pjwpkIsaeV1LXXyo7n >> WLdpvruhCXy >> >> ID2ptAjzIWOJ/vp1YW94e0Yy7yfBijQNkew+FI1G7GKKt7T/UUIPRrXqWwo7EA8ZpCYSoW >> ktWqHZ >> >> iU7j7iJone1nLdNJNjY=</SignatureValue><KeyInfo><X509Data><X509Certifica >> te>MIIGuzCCBaOgAwIBAgIQCbCeZ64fHJPeNqAkc06I8TANBgkqhkiG9w0BAQUFADB0MQs >> wCQYDVQQG >> >> EwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEtMCsGA1UECxMkQ2VydGlzaWduIENlcnRpZm >> ljYWRv >> >> cmEgRGlnaXRhbCBTLkEuMSEwHwYDVQQDExhBQyBDZXJ0aXNpZ24gTXVsdGlwbGEgRzMwHh >> cNMTAw >> >> NzI5MDAwMDAwWhcNMTEwNzI4MjM1OTU5WjCCAQsxCzAJBgNVBAYTAkJSMRMwEQYDVQQKFA >> pJQ1At >> >> QnJhc2lsMRUwEwYDVQQLFAxJRCAtIDEwODMzMTIxODA2BgNVBAsUL0F1dGVudGljYWRvIH >> BvciBD >> >> ZXJ0aXNpZ24gQ2VydGlmaWNhZG9yYSBEaWdpdGFsMRswGQYDVQQLFBJBc3NpbmF0dXJhIF >> RpcG8g >> >> QTExFDASBgNVBAsUCyhFTSBCUkFOQ08pMRQwEgYDVQQLFAsoRU0gQlJBTkNPKTEjMCEGA1 >> UEAxMa >> >> TUVESUFURUNIIElORk9STUFUSUNBIExUREExKDAmBgkqhkiG9w0BCQEWGWNvbnRhdG9AdG >> Vjbm9t >> >> aWRpYS5jb20uYnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8txkPNL6gjEjSW4T >> umyO0w >> >> zBGmxNtCqU9DFNWQD1TWIbXaYduxoxnYEwNXrehla2YDslXUiM45SWvlmjlWoVV9T7F07a >> OGGysP >> >> aNLJW/y3CMq7Qrvsh+h30INqV8WWYXKHlmfLz4eNf8Di4xQvgm+7yxvkGHXXjxkWn6utBW >> tJAgMB >> >> AAGjggMyMIIDLjCBrQYDVR0RBIGlMIGioDgGBWBMAQMEoC8ELTE5MDExOTY3MTEyMDk3Mz >> g4MDUw >> >> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+gGQ >> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+YFY >> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+EwB >> >> AwOgEAQOMDM1OTM5NjgwMDAxNjegFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwgRljb250YX >> RvQHRl >> >> > Y25vbWlkaWEuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUhLBCMzSjQiWlKJc+g+t38OhP >> >> wlQwDgYDVR0PAQH/BAQDAgXgMFUGA1UdIAROMEwwSgYGYEwBAgELMEAwPgYIKwYBBQUHAg >> EWMmh0 >> >> dHA6Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3NpdG9yaW8vZHBjMIIBJQ >> YDVR0f >> >> BIIBHDCCARgwXKBaoFiGVmh0dHA6Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcm >> Vwb3Np >> >> dG9yaW8vbGNyL0FDQ2VydGlzaWduTXVsdGlwbGFHMy9MYXRlc3RDUkwuY3JsMFugWaBXhl >> VodHRw >> >> Oi8vaWNwLWJyYXNpbC5vdXRyYWxjci5jb20uYnIvcmVwb3NpdG9yaW8vbGNyL0FDQ2VydG >> lzaWdu >> >> TXVsdGlwbGFHMy9MYXRlc3RDUkwuY3JsMFugWaBXhlVodHRwOi8vcmVwb3NpdG9yaW8uaW >> NwYnJh >> >> c2lsLmdvdi5ici9sY3IvQ2VydGlzaWduL0FDQ2VydGlzaWduTXVsdGlwbGFHMy9MYXRlc3 >> RDUkwu >> >> Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjCBoAYIKwYBBQUHAQEEgZMwgZ >> AwKAYI >> >> KwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmNlcnRpc2lnbi5jb20uYnIwZAYIKwYBBQUHMAKGWG >> h0dHA6 >> >> Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3NpdG9yaW8vY2VydGlmaWNhZG >> 9zL0FD >> >> X0NlcnRpc2lnbl9NdWx0aXBsYV9HMy5wN2MwDQYJKoZIhvcNAQEFBQADggEBAGI9MCc6WV >> mz919C >> >> QLDB8E0R8HxfGyiz2uB14lPBDsueTJmJmlykQdnboMiyMGTocprEGsQxeI7a57BEUDVc0f >> SzNCCb >> >> SOnQOp9Uswri8pTw8fQG9OAkh1LCC9haTsNNMKbTHCciO7MUh34XkHuj4A0NIWG1aCynws >> tRFWb8 >> >> 97OZJJCc0IRvDs7yDJhgOwPmv3trFmwlfMU7n20pXtM9hKiI8o6h/0GwR6SyA1Yj4fZXfX >> xVENH4 >> >> EjhIHR8Yrmre2JE2I+hFjyQaNPnAEztQEa0Cae2l3O0Q0tkM1x8EkiKFrnDggpc7gSwtLC >> EjhIHR8Yrmre2JE2I+wrkQBu >> >> jhie131VyDTuXLx9k082PLs=</X509Certificate></X509Data></KeyInfo></Signa >> ture></NFe> >> >> >> >> <protNFe >> versao="1.10"><infProt><tpAmb>1</tpAmb><verAplic>SP_NFE_PL_005e</verAp >> lic><chNFe>35101003593968000167550030000101640000000003</chNFe><dhRecb >> to>2010-10-20T17:48:15</dhRecbto><nProt>135100546996360</nProt><digVal >>> vj4p6FtqkZen6fsHlcyag8R2hF0=</digVal><cStat>100</cStat><xMotivo>Autor >> izado o uso da NF-e</xMotivo></infProt></protNFe> >> >> </nfeProc> >> >> >> >> ---------------------------------------------------------------------- >> -------------------------- >> >> >> >> Thanks a lot >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
