[xmlsec] Replacing Bouncy Castle with XMLSec Library
Mike Peat
mpeat at unicorninterglobal.com
Thu Oct 16 15:50:49 PDT 2014
Aleksey & Luiz
A couple of years ago I got xmlsec to build and work on MS DOS (well,
from the Windows command prompt, which is what I assume you mean).
I needed to make a very small change to xmlsec (to handle a reference to
"cid:/filename/" by just looking for "/filename/", because you can't
have colons in MS DOS filenames).
I found fundamentally insurmountable problems using MS tools to do this
(I'd explain why, but life is too short <g>), so eventually attacked the
problem using mingw <http://www.mingw.org/> to build all of the required
libraries and the executable as DOS/Win DLLs and an EXE.
It was a total nightmare, but I got there in the end and the solution is
now deployed and working.
I /did/ mean to write up the process of going from source to working
executables, but have frankly been too lazy, however I still have my
(indecipherable and meaningless to anybody else) notes on what I did.
If I can help, I will, to the extent that time permits.
Mike
On 16/10/2014 21:54, Aleksey Sanin wrote:
> Short answer: there is nothing impossible, it's only software.
>
> Long answer: I am not aware of anyone using xmlsec library on MSDOS
> but assuming the C compiler is reasonable it should not be an issue.
> Re "results are different" --- the real question is not if the
> output of two programs look different but whether each of the
> programs can verify signatures created by the other program.
>
>
> Aleksey
>
> On 10/16/14, 1:43 PM, Luiz Antonio Emerenciano Alcoforado wrote:
>> *Dear Alexey,*
>>
>> I was given the assignment to rewrite a java program that uses Bouncy
>> Castle to a C program that could do the same function, sign an xml file
>> and extract the digest.
>>
>> I choose XMLSec Library to do that and was toying with code and with
>> xmlsec1 for more than four weeks now.
>>
>> I am doing all simulations (a concept proof) under Centos 5.4 32-bit.
>>
>> First, I would like to see the process work with command-line (xmlsec1)
>> to be sure and than proced to write the C program.
>>
>> But I am stuck with xmlsec1 and the results, for they are different from
>> the results obtained by the other team, the java people.
>>
>> The code that I need to port from java to C is shown below.
>>
>> On top of that, the C program must be compiled by OpenWatcom and run
>> under Causeway, under MS-DOS.
>>
>> Can you say something to help me go forward, even a little ?
>> Is this scenario feasible?
>>
>> I thank you very much for any light you could shed on this.
>>
>> Best regards,
>>
>> Luiz Antonio Emerenciano Alcoforado
>> Recife, Brasil
>>
>>
>>
>>
>>
>>
>>
>> public String getDigestValue(String xml) throws Exception {
>> DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
>>
>> dbf.setNamespaceAware(true); // Necessário para que o
>> DigestValue seja igual ao código C# da SEFAZ
>>
>> try {
>>
>> if (_cert == null) throw new Exception("objeto
>> X509Certificate nao inicializado");
>> else if (_pvtKey == null) throw new Exception("objeto
>> PrivateKey nao inicializado");
>>
>> String thisLine = "";
>> String xmlString = "";
>> BufferedReader br = new BufferedReader(new StringReader(xml));
>>
>> // Necessário para que o DigestValue seja igual ao código C#
>> da SEFAZ
>> while ((thisLine = br.readLine()) != null) {
>> xmlString = xmlString + thisLine.trim();
>> }
>> br.close();
>>
>> ByteArrayInputStream xmlStream = new
>> ByteArrayInputStream(xmlString.getBytes());
>> Document doc = dbf.newDocumentBuilder().parse(xmlStream);
>> DOMSignContext dsc = new DOMSignContext(_pvtKey,
>> doc.getDocumentElement());
>> XMLSignatureFactory fac =
>> XMLSignatureFactory.getInstance("DOM");
>> List transformers = new ArrayList();
>>
>>
>> transformers.add(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",
>> (TransformParameterSpec) null));
>>
>> transformers.add(fac.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
>> (TransformParameterSpec) null));
>>
>> NodeList nodelist = doc.getDocumentElement().getChildNodes();
>> Node nodeInfNfe = null;
>> for (int ct = 0; ct < nodelist.getLength(); ct++) {
>>
>> if
>> (nodelist.item(ct).getNodeName().equalsIgnoreCase("infNFe")) {
>> nodeInfNfe = nodelist.item(ct);
>> break;
>> }
>> }
>>
>> if (nodeInfNfe == null) throw new Exception("falha ao
>> localizar tag <infNFe>");
>>
>> NamedNodeMap nnm = nodeInfNfe.getAttributes();
>> NodeList nl = doc.getElementsByTagName("infNFe"); //
>> Node node = nl.item(0); // Obs.:
>> três linhas obrigatórias a partir de JDK 1.7 Update 25
>> ((Element) node).setIdAttribute("Id", true); //
>> String nfeId = nnm.getNamedItem("Id").getNodeValue();
>> Reference ref = fac.newReference("#" + nfeId,
>> fac.newDigestMethod(DigestMethod.SHA1, null), transformers, null, null);
>> SignedInfo si = fac.newSignedInfo(
>>
>> fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
>> (C14NMethodParameterSpec) null),
>> fac.newSignatureMethod(SignatureMethod.RSA_SHA1,
>> null), Collections.singletonList(ref));
>>
>> KeyInfoFactory kif = fac.getKeyInfoFactory();
>> List x509Content = new ArrayList();
>> x509Content.add(_cert);
>> X509Data xd = kif.newX509Data(x509Content);
>> KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
>> XMLSignature signature = fac.newXMLSignature(si, ki);
>> signature.sign(dsc);
>> return new String(Base64.encode(ref.getDigestValue()));
>>
>> } catch (Exception e) {
>> e.printStackTrace();
>> throw new Exception("Impossivel calcular DigestValue (msg='"
>> + e.getMessage() + "')");
>> }
>> }
>> }
>>
>>
>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20141016/5640ac4b/attachment.html>
More information about the xmlsec
mailing list