[xmlsec] Replacing Bouncy Castle with XMLSec Library

Thu Oct 16 13:54:00 PDT 2014

Short answer: there is nothing impossible, it's only software.

Long answer: I am not aware of anyone using xmlsec library on MSDOS
but assuming the C compiler is reasonable it should not be an issue.
Re "results are different" --- the real question is not if the
output of two programs look different but whether each of the
programs can verify signatures created by the other program.

Aleksey

On 10/16/14, 1:43 PM, Luiz Antonio Emerenciano Alcoforado wrote:
> *Dear Alexey,*
> 
> I was given the assignment to rewrite a java program that uses Bouncy
> Castle to a C program that could do the same function, sign an xml file
> and extract the digest.
> 
> I choose XMLSec Library to do that and was toying with code and with
> xmlsec1 for more than four weeks now.
> 
> I am doing all simulations (a concept proof) under Centos 5.4 32-bit.
> 
> First, I would like to see the process work with command-line (xmlsec1)
> to be sure and than proced to write the C program.
> 
> But I am stuck with xmlsec1 and the results, for they are different from
> the results obtained by the other team, the java people.
> 
> The code that I need to port from java to C is shown below.
> 
> On top of that, the C program must be compiled by OpenWatcom and run
> under Causeway, under MS-DOS.
> 
> Can you say something to help me go forward, even a little ?
> Is this scenario feasible?
> 
> I thank you very much for any light you could shed on this.
> 
> Best regards,
> 
> Luiz Antonio Emerenciano Alcoforado
> Recife, Brasil
> 
> 
> 
> 
> 
> 
> 
>  public String getDigestValue(String xml) throws Exception {
>         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
> 
>         dbf.setNamespaceAware(true); // Necessário para que o
> DigestValue seja igual ao código C# da SEFAZ
> 
>         try {
> 
>             if (_cert == null) throw new Exception("objeto
> X509Certificate nao inicializado");
>             else if (_pvtKey == null) throw new Exception("objeto
> PrivateKey nao inicializado");
> 
>             String thisLine = "";
>             String xmlString = "";
>             BufferedReader br = new BufferedReader(new StringReader(xml));
> 
>             // Necessário para que o DigestValue seja igual ao código C#
> da SEFAZ
>             while ((thisLine = br.readLine()) != null) {
>                 xmlString = xmlString + thisLine.trim();
>             }
>             br.close();
> 
>             ByteArrayInputStream xmlStream = new
> ByteArrayInputStream(xmlString.getBytes());
>             Document doc = dbf.newDocumentBuilder().parse(xmlStream);
>             DOMSignContext dsc = new DOMSignContext(_pvtKey,
> doc.getDocumentElement());
>             XMLSignatureFactory fac =
> XMLSignatureFactory.getInstance("DOM");
>             List transformers = new ArrayList();
> 
>            
> transformers.add(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",
>                     (TransformParameterSpec) null));
>            
> transformers.add(fac.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
> (TransformParameterSpec) null));
> 
>             NodeList nodelist = doc.getDocumentElement().getChildNodes();
>             Node nodeInfNfe = null;
>             for (int ct = 0; ct < nodelist.getLength(); ct++) {
> 
>                 if
> (nodelist.item(ct).getNodeName().equalsIgnoreCase("infNFe")) {
>                     nodeInfNfe = nodelist.item(ct);
>                     break;
>                 }
>             }
> 
>             if (nodeInfNfe == null) throw new Exception("falha ao
> localizar tag <infNFe>");
> 
>             NamedNodeMap nnm = nodeInfNfe.getAttributes();
>             NodeList nl = doc.getElementsByTagName("infNFe"); //
>             Node node = nl.item(0);                           // Obs.:
> três linhas obrigatórias a partir de JDK 1.7 Update 25
>             ((Element) node).setIdAttribute("Id", true);      //
>             String nfeId = nnm.getNamedItem("Id").getNodeValue();
>             Reference ref = fac.newReference("#" + nfeId,
> fac.newDigestMethod(DigestMethod.SHA1, null), transformers, null, null);
>             SignedInfo si = fac.newSignedInfo(
>                    
> fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
> (C14NMethodParameterSpec) null),
>                     fac.newSignatureMethod(SignatureMethod.RSA_SHA1,
> null), Collections.singletonList(ref));
> 
>             KeyInfoFactory kif = fac.getKeyInfoFactory();
>             List x509Content = new ArrayList();
>             x509Content.add(_cert);
>             X509Data xd = kif.newX509Data(x509Content);
>             KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
>             XMLSignature signature = fac.newXMLSignature(si, ki);
>             signature.sign(dsc);
>             return new String(Base64.encode(ref.getDigestValue()));
> 
>         } catch (Exception e) {
>             e.printStackTrace();
>             throw new Exception("Impossivel calcular DigestValue (msg='"
> + e.getMessage() + "')");
>         }
>     }
> }
> 
> 
> 