[xmlsec] Fw: SignedXML

Aleksey Sanin aleksey at aleksey.com
Fri Mar 24 09:37:43 PDT 2017 

You are correct, the ruble character is indeed a correct unicode.
Sorry I got confused by my terminal that didn't show it correctly.

Let's try something else... Looking at the files, I happen to
notice that receipt_ruble.xml is formatted (i.e. there are line breaks
and white spaces for indentation) when all other files don't have
any formatting. I wonder if this is the reason since whitespaces
ARE important for XML and XMLDSig (C14N to be precise).

BTW, the error you get means that digest don't match which is
caused by differences in C14N output right before the digest is
calculated. If you run the command line tool, then you can see the
exact C14N output as it is seen by xmlsec library:

$ xmlsec1 verify --pubkey-cert-pem key.txt --store-references
receipt_ruble.xml

If you can get similar output during the signature then you can
compare and understand the cause for this issue.

Best,

Aleksey

On 3/24/17 8:20 AM, Грибанов Петр Борисович wrote:
> Aleksey,
> 
>> I checked the file; code for RUR symbol is "E2 82 BD" which seems to me as correct UTF8 code (I might be wrong!)
>> How can we check if "E2 82 BD" is correct UTF8 symbol?
> 
> Looks like  Ruble sign is included in Unicode 7.0 as U+20BD (i.e. E2 82 BD):
> 
> https://en.wikipedia.org/wiki/Ruble_sign
> 
> https://ru.wikipedia.org/wiki/%D0%A1%D0%B8%D0%BC%D0%B2%D0%BE%D0%BB_%D1%80%D0%BE%D1%81%D1%81%D0%B8%D0%B9%D1%81%D0%BA%D0%BE%D0%B3%D0%BE_%D1%80%D1%83%D0%B1%D0%BB%D1%8F
> 
> 
> What Unicode version is supported by XMLSec?
> 
> Regards,
> Peter
> 
>> От: Грибанов Петр Борисович <grip at 1c.ru>
>> Отправлено: 24.03.2017 12:32
>> Кому: igor at stud.fh-frankfurt.de; john at neggie.net; ej at netscape.com; wsh at xs4all-dot.nl; beldmit at cryptocom.ru; Aleksey Sanin <aleksey at aleksey.com>; xmlsec at aleksey.com
>> Тема: Re[2]: Fw: SignedXML
>>
>> Hi Aleksey,
>>
>>> The ruble sign doesn't look like a UTF8 character but rather like
>>> a Windows unicode one.
>>
>> I checked the file; code for RUR symbol is "E2 82 BD" which seems to me as correct UTF8 code (I might be wrong!)
>> How can we check if "E2 82 BD" is correct UTF8 symbol?
>>
>>
>> Best regards,
>>
>> Peter Gribanov
>>
>> 1C LLC
>>
>> Tel.: +7 (495) 258-44-08, 688-89-29
>> Mobile: +7 (903) 180-69-86
>> Skype: peter.gribanov
>>
>>> От: Aleksey Sanin <aleksey at aleksey.com>
>>> Отправлено: 21.03.2017 19:18
>>> Кому: Грибанов Петр Борисович <grip at 1c.ru>; igor at stud.fh-frankfurt.de; john at neggie.net; ej at netscape.com; wsh at xs4all-dot.nl; beldmit at cryptocom.ru; xmlsec at aleksey.com
>>> Тема: Re: Fw: SignedXML
>>>
>>> The ruble sign doesn't look like a UTF8 character but rather like
>>> a Windows unicode one. You might want to check this since it's
>>> important for C14N and follow up digest.
>>>
>>> Aleksey
>>>
>>> On 3/21/17 8:07 AM, Грибанов Петр Борисович wrote:
>>>> Dear sirs,
>>>>
>>>> Looks like we need your help.
>>>>
>>>> I write you on behalf of 1C company, one of the biggest ERP software
>>>> vendors in Eastern Europe.
>>>>
>>>> We use your library XMLSec (BTW, thank you very much for this great
>>>> lib!) to verify Signed XML in our applications.
>>>> One of the areas we use XMLSec in is verifying SignedXML produced by
>>>> Windows Store (Windows Store produce In-app purchase receipts in this
>>>> format).
>>>> XMLSec works just fine in all cases except receipts in Russian Roubles.
>>>>
>>>> It works perfectly for USD, Euros, Saudi riyals etc.
>>>>
>>>> My guess is that problem is that russina Rouble has kinda strange sign
>>>> *₽ *that cannot be processed correctly for some reason by XMLSec library
>>>> (but it is only guess!).
>>>>
>>>> May be there is something wrong in our code (code goes below).
>>>>
>>>> *receiptStr* is receipt loaded from file (receipt*.xml in attachment).
>>>>
>>>> *responseStr* is a key we downloaded from MS service (key.txt in
>>>> attachment).
>>>>
>>>> The issue is that for receipt if Russian Rouble*dsigCtx->status* is
>>>> always not equal to *xmlSecDSigStatusSucceeded* although receipt is
>>>> perfectly fine.
>>>> For all other currencies we tested it works fine.
>>>> Please see  XML receipts in different currencies attached.
>>>>
>>>> See string PurchasePrice="₽0" in receipt_ruble.xml file; may be Rouble
>>>> sign  *₽ *is the cause of the issue?
>>>>
>>>> Would appreciate any idea on what may be wrong.
>>>> Please let me know if we can provide more info.
>>>>
>>>>  ----------------------------------------------
>>>>
>>>>     std::string xmltext = narrow(*receiptStr*, Converter::utf8());
>>>>     std::string keytext = narrow(*responseStr*, Converter::utf8());
>>>>
>>>>     xmlDocPtr doc = NULL;
>>>>     xmlNodePtr node = NULL;
>>>>     xmlSecDSigCtxPtr dsigCtx = NULL;
>>>>
>>>>     /* load file */
>>>>     doc = xmlParseMemory(xmltext.c_str(), xmltext.size());
>>>>
>>>>     if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>>>>         throw "Error: unable to parse file \"%s\"\n";
>>>>     }
>>>>
>>>>     /* find start node */
>>>>     node = xmlSecFindNode(xmlDocGetRootElement(doc),
>>>> xmlSecNodeSignature, xmlSecDSigNs);
>>>>     if(node == NULL) {
>>>>         throw "Error: start node not found in \"%s\"\n";
>>>>     }
>>>>
>>>>     /* create signature context, we don't need keys manager in this
>>>> example */
>>>>     dsigCtx = xmlSecDSigCtxCreate(0);
>>>>     if(dsigCtx == NULL) {
>>>>         throw "Error: failed to create signature context\n";
>>>>     }
>>>>
>>>>     /* in addition, limit possible key data to valid X509 certificates
>>>> only */
>>>>     if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
>>>> BAD_CAST xmlSecKeyDataX509Id) < 0) {
>>>>         throw "Error: failed to limit allowed key data\n";
>>>>     }
>>>>
>>>>     /* load public key */
>>>>
>>>>     dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((const xmlSecByte
>>>> *)keytext.c_str(), keytext.size(), xmlSecKeyDataFormatCertPem,0,0,0);
>>>>     if(dsigCtx->signKey == NULL) {
>>>>         throw "Error: failed to load public pem key from \"%s\"\n";
>>>>     }
>>>>
>>>>     /* Verify signature */
>>>>     if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
>>>>         throw "Error: signature verify\n";
>>>>     }
>>>>
>>>>     bool result = dsigCtx->status == xmlSecDSigStatusSucceeded;
>>>>  
>>>>
>>>> ----------------------------------------------
>>>>
>>>> Best regards,
>>>>
>>>> Peter Gribanov
>>>>
>>>> 1C LLC
>>>>
>>>> Tel.: +7 (495) 258-44-08, 688-89-29
>>>> Mobile: +7 (903) 180-69-86
>>>> Skype: peter.gribanov
>>>>
> 
> 
> 
>

More information about the xmlsec mailing list