Aleksey & Luiz
A couple of years ago I got xmlsec to build and work on MS DOS (well,
from the Windows command prompt, which is what I assume you mean).
I needed to make a very small change to xmlsec (to handle a reference to
"cid:/filename/" by just looking for "/filename/", because you can't
have colons in MS DOS filenames).
I found fundamentally insurmountable problems using MS tools to do this
(I'd explain why, but life is too short <g>), so eventually attacked the
problem using mingw <http://www.mingw.org/> to build all of the required
libraries and the executable as DOS/Win DLLs and an EXE.
It was a total nightmare, but I got there in the end and the solution is
now deployed and working.
I /did/ mean to write up the process of going from source to working
executables, but have frankly been too lazy, however I still have my
(indecipherable and meaningless to anybody else) notes on what I did.
If I can help, I will, to the extent that time permits.
Mike
On 16/10/2014 21:54, Aleksey Sanin wrote:
Short answer: there is nothing impossible, it's only software.
Long answer: I am not aware of anyone using xmlsec library on MSDOS
but assuming the C compiler is reasonable it should not be an issue.
Re "results are different" --- the real question is not if the
output of two programs look different but whether each of the
programs can verify signatures created by the other program.
Aleksey
On 10/16/14, 1:43 PM, Luiz Antonio Emerenciano Alcoforado wrote:
*Dear Alexey,*
I was given the assignment to rewrite a java program that uses Bouncy
Castle to a C program that could do the same function, sign an xml file
and extract the digest.
I choose XMLSec Library to do that and was toying with code and with
xmlsec1 for more than four weeks now.
I am doing all simulations (a concept proof) under Centos 5.4 32-bit.
First, I would like to see the process work with command-line (xmlsec1)
to be sure and than proced to write the C program.
But I am stuck with xmlsec1 and the results, for they are different from
the results obtained by the other team, the java people.
The code that I need to port from java to C is shown below.
On top of that, the C program must be compiled by OpenWatcom and run
under Causeway, under MS-DOS.
Can you say something to help me go forward, even a little ?
Is this scenario feasible?
I thank you very much for any light you could shed on this.
Best regards,
Luiz Antonio Emerenciano Alcoforado
Recife, Brasil
public String getDigestValue(String xml) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); // Necessário para que o
DigestValue seja igual ao código C# da SEFAZ
try {
if (_cert == null) throw new Exception("objeto
X509Certificate nao inicializado");
else if (_pvtKey == null) throw new Exception("objeto
PrivateKey nao inicializado");
String thisLine = "";
String xmlString = "";
BufferedReader br = new BufferedReader(new StringReader(xml));
// Necessário para que o DigestValue seja igual ao código C#
da SEFAZ
while ((thisLine = br.readLine()) != null) {
xmlString = xmlString + thisLine.trim();
}
br.close();
ByteArrayInputStream xmlStream = new
ByteArrayInputStream(xmlString.getBytes());
Document doc = dbf.newDocumentBuilder().parse(xmlStream);
DOMSignContext dsc = new DOMSignContext(_pvtKey,
doc.getDocumentElement());
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM");
List transformers = new ArrayList();
transformers.add(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature";,
(TransformParameterSpec) null));
transformers.add(fac.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315";,
(TransformParameterSpec) null));
NodeList nodelist = doc.getDocumentElement().getChildNodes();
Node nodeInfNfe = null;
for (int ct = 0; ct < nodelist.getLength(); ct++) {
if
(nodelist.item(ct).getNodeName().equalsIgnoreCase("infNFe")) {
nodeInfNfe = nodelist.item(ct);
break;
}
}
if (nodeInfNfe == null) throw new Exception("falha ao
localizar tag <infNFe>");
NamedNodeMap nnm = nodeInfNfe.getAttributes();
NodeList nl = doc.getElementsByTagName("infNFe"); //
Node node = nl.item(0); // Obs.:
três linhas obrigatórias a partir de JDK 1.7 Update 25
((Element) node).setIdAttribute("Id", true); //
String nfeId = nnm.getNamedItem("Id").getNodeValue();
Reference ref = fac.newReference("#" + nfeId,
fac.newDigestMethod(DigestMethod.SHA1, null), transformers, null, null);
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1,
null), Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(_cert);
X509Data xd = kif.newX509Data(x509Content);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
return new String(Base64.encode(ref.getDigestValue()));
} catch (Exception e) {
e.printStackTrace();
throw new Exception("Impossivel calcular DigestValue (msg='"
+ e.getMessage() + "')");
}
}
}
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
