[xmlsec] dsigCtx->c14nMethod

Ranier VF ranier_gyn at hotmail.com
Wed May 23 03:08:46 PDT 2012


Hi, can you help me?
The xml file:
<?xml version="1.0"?>
<!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>
<NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="2.00" Id="NFe52120503241828000120550020000067501112798840">
..........
</infNFe>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference URI="#NFe52120503241828000120550020000067501112798840">
      <Transforms>
        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue/>
    </Reference>
  </SignedInfo>
  <SignatureValue/>
  <KeyInfo>
    <X509Data>
      <X509Certificate/>
    </X509Data>
  </KeyInfo>
</Signature></NFe>

With command line tool:
xmlsec --sign --print-debug --output nfe_sign.xml --pkcs12 sos.p12 --pwd XXXXXXXX nfe3.xml
All Works.

= SIGNATURE CONTEXT
== Status: succeeded
== flags: 0x00000000
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000002
==== keyUsage: 0x00000001
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
=== Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
=== Transform: membuf-transform (href=NULL)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Key:
== KEY
=== method: RSAKeyValue
=== key type: Private
=== key usage: -1
=== rsa key: size = 2048
=== list size: 1
=== X509 Data:
==== Key Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
==== Issuer Serial: 32303131303931323139303131363337
==== Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/OU=CORREIOS/OU=ARCORREIOS/OU=RFB e-CNPJ A1/L=GOIANIA/ST=GO/CN=S O S COMERCIO DE MAQUINAS LTDA ME:01800246000100
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal do Brasil - RFB/CN=Autoridade Certificadora do SERPRORFB
==== Issuer Serial: 32303131303931323139303131363337
== SignedInfo References List:
=== list size: 1
= REFERENCE CALCULATION CONTEXT
== Status: succeeded
== URI: "#NFe52120503241828000120550020000067501112798840"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #NFe52120503241828000120550020000067501112798840
=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
=== Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Result - start buffer:
hn6gfGRWNBeR+CE6QQEU01E8e6A=
== Result - end buffer
== Manifest References List:
=== list size: 0
== Result - start buffer:
c3hAUplnTN5WuP4nSW327q20JEiKjWj/p9tLY9thHw9RoUJcj/TDkG2zEZUn219i
vax5RMDmfk7T3HuBqg2xtEe6TxBRBlcECeQJz6BGj2xfbwLRqBAfR9gDEha+qpXu
7aJvvxCBps8szV2je1ThWPXSZx274NYz5uDdnGv+h6bVBbb30aMqK+/mUlwe4/Bp
y58RKdoQC7RVQ4S3qiZ1cKGrfoPdhN73qsDjJhVub2a152n8qDwzEbM+ajUhX7Aa
BC99E3On9goJ7T0uz+RuHgLptRhrdaSQTZOl5pRgvFPKOfKeyX6svVHU3Kly+Q6t
Zx/edQpvMu8lp63lqa/u5g==
== Result - end buffer

But the same file: nfe3.xml with:
xml_sign(const char *tmpl_file, const char *key_file, const char *password1)
{
    xmlDocPtr doc = NULL;
    xmlNodePtr node = NULL;
    xmlSecDSigCtxPtr dsigCtx = NULL;

    /* load template */
    doc = xmlParseFile(tmpl_file);
    if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
    {
       fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
       goto done;     
    }
   
    /* find start node */
    node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
    if (node == NULL)
    {
          fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
          goto done;
    }

    /* create signature context, we don't need keys manager in this example */
    dsigCtx = xmlSecDSigCtxCreate(NULL);
    if (dsigCtx == NULL)
    {
       fprintf(stderr,"Error: failed to create signature context\n");
       goto done;
    }

    /* load private key with password */
    dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPkcs12, password1, NULL, NULL);
    if (dsigCtx->signKey == NULL)
    {
       fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
       goto done;
    }

    /* set key name to the file name, this is just an example! */
    if (xmlSecKeySetName(dsigCtx->signKey, (xmlChar *) key_file) < 0)
    {
       fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
       goto done;
    }

    /* sign the template */
    if (xmlSecDSigCtxSign(dsigCtx, node) < 0)   <---- FAILL
    {
       fprintf(stderr, xmlSecErrorsGetMsg(xmlSecErrorsGetCode(0)));
       goto done;
    }
}

Not work! Result:
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=465:ob
j=unknown:subj=dsigCtx->c14nMethod == NULL:error=100:assertion:
func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=x
mlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:Latest dlls from http://www.zlatkovic.com/libxml.en.html
xmlsec-1.2.18
libxml2-2.7.8
openssl-0.8a

Is necessary a key manager?

Thanks for your patience.
Any help will much appreciate.

Best regards,

Ranier Vilela
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120523/32ae2ba9/attachment.html>


More information about the xmlsec mailing list