Invalid Certificate Error

yuvraj.j....@gmail.com

unread,

Aug 19, 2015, 12:51:30 PM8/19/15

to xmlseclibs

Hi Guys I am writing the c# code for signing the xml document .

what i am trying to do here is that we have php code which is doing the siging of XML document and we are sending xml documet to the one of external service to get the data from there .

but now we decided to write the c# code for that .I wrote the code but problem is when i am sending the Signed XML document to the service it says invalid certficate .

1)my question is that where the c#.net SignedXml class is providing the same functionality like xmlseclibs.php in php

2)Signing Algoritms are the same or Diffrent.

Both the Xml File having the same xml structure but only the SignatureValue, X509Certificate, Modulus, DigestValue, Exponent values are different that i dont know why .

Can you guys please Check my code and tell me out what is problem and give me guide line how to fixed this problem .

Thanks In advanced .

This is my c# code :

//path of the PFX file

string pfxFilePath = @"c:\a.p12";

X509Certificate2 cert = new X509Certificate2(File.ReadAllBytes(privatekeypath), "PrivateKey");

doc.PreserveWhitespace = false;

SignedXml signedXml = new SignedXml(doc);

signedXml.SigningKey = cert.PrivateKey;

Reference reference = new Reference();

reference.Uri = "";

XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();

reference.AddTransform(env);

reference.AddTransform(new XmlDsigExcC14NTransform());

signedXml.AddReference(reference);

KeyInfo keyInfo = new KeyInfo();

keyInfo.AddClause(new KeyInfoX509Data(cert));

keyInfo.AddClause(new RSAKeyValue((RSA)cert.PrivateKey));

signedXml.KeyInfo = keyInfo;

signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

signedXml.ComputeSignature();

XmlElement xmlDigitalSignature = signedXml.GetXml();

var securityNode = doc.GetElementsByTagName("Security").Item(0);

securityNode.AppendChild(doc.ImportNode(xmlDigitalSignature, true));

And Following is my Signed XML file by C# Code :

<?xml version="1.0" encoding="utf-8"?>

</Transforms>

<DigestValue>DigestValue</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>SignatureValue</SignatureValue>

<X509Certificate>X509Certificate</X509Certificate>

</X509Data>

<Modulus>Modulus</Modulus>

<Exponent>Exponent</Exponent>

</RSAKeyValue>

</KeyValue>

</KeyInfo>

</Signature>

</Security>

</Online>

</Service>

some data

</Data>

</ABCService>

This is PHP code for siging the XML file :

/* Load the private key. */

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));

/* Passphrase */

if ($passphrase)

{

$objKey->setPassphrase($passphrase);

}

$objKey->loadKey($privKey, TRUE);

/* Sign the metadata with our private key. */

$objXMLSecDSig = new XMLSecurityDSig();

$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

$objXMLSecDSig->addReference(

$rootNode,

XMLSecurityDSig::SHA1,

array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N)

);

$objXMLSecDSig->sign($objKey);

/* Add the certificate to the signature. */

$objXMLSecDSig->add509Cert($pubKey, TRUE, TRUE, TRUE);

/* Add the signature. */

$objXMLSecDSig->insertSignature($xml->getElementsByTagName("Security")->item(0));

/* Return the DOM tree as a string. */

file_put_contents("c3.xml", $xml->saveXML());

return $xml->saveXML();

this is signed file by using the xmlseclibs.php Using the php code :

<?xml version="1.0" encoding="utf-8"?>

<DigestValue>DigestValue</DigestValue></Reference></SignedInfo>

<SignatureValue>SignatureValue</SignatureValue>

<X509Certificate>X509Certificate</X509Certificate></X509Data><KeyValue><RSAKeyValue>

<Modulus>Modulus</Modulus><Exponent>Exponent</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></Security>

</Online>

</Service>

Data

</Data>

</ABCService >

:

Pablo Ramírez

unread,

Aug 22, 2015, 8:18:20 AM8/22/15

to xmlseclibs

i have almost the same problem, just hope someone know how to fix it

Yuvraj Pawar

unread,

Aug 22, 2015, 6:33:49 PM8/22/15

to xmlse...@googlegroups.com

Hi Pablo,

I solve the problem if you provide me more information about your problem may be i can help you ,feel free to ask .

On Sat, Aug 22, 2015 at 2:18 PM, Pablo Ramírez <pabl...@gmail.com> wrote:

i have almost the same problem, just hope someone know how to fix it

--
You received this message because you are subscribed to a topic in the Google Groups "xmlseclibs" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/xmlseclibs/pK2enWLJf7w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to xmlseclibs+...@googlegroups.com.
To post to this group, send email to xmlse...@googlegroups.com.
Visit this group at http://groups.google.com/group/xmlseclibs.
For more options, visit https://groups.google.com/d/optout.

Yuvraj Pawar

unread,

Aug 22, 2015, 6:40:24 PM8/22/15

to xmlse...@googlegroups.com

On Saturday, August 22, 2015, Pablo Ramírez <pabl...@gmail.com> wrote:

i have almost the same problem, just hope someone know how to fix it

--

You received this message because you are subscribed to a topic in the Google Groups "xmlseclibs" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/xmlseclibs/pK2enWLJf7w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to xmlseclibs+...@googlegroups.com.
To post to this group, send email to xmlse...@googlegroups.com.
Visit this group at http://groups.google.com/group/xmlseclibs.
For more options, visit https://groups.google.com/d/optout.

--

Dear Recruiting Manager,

I am Yuvraj Pawar, I have 3 Years of Experience as a Software Developer and am interested in a positions where I can explore the new emerging technologies and apply my skills and experience for the advancement of my career growth as well as the company's growth.

I found the Job ad posted by your company very interesting and would like to apply for the same. I would like to pursue my career in your esteemed company.

Please find the attached Cover letter and CV with this E-mail. Please kindly review and consider my application for this full time Job position.

Looking forward to hear from you.

Thanking You,

Yours Sincerely,

Yuvraj Pawar.

+017634167197

Pablo Ramírez

unread,

Aug 22, 2015, 9:05:29 PM8/22/15

to xmlseclibs

Thank you.

I having trouble from the service i upload the signed document, they validate the next structure, i was able to add the modulus and exert to the signature and remove the trasformation node.

            </DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>
    </SignatureValue>
    <KeyInfo>
        <KeyValue>
            <RSAKeyValue>
                <Modulus>
                </Modulus>
                <Exponent>
                </Exponent>
            </RSAKeyValue>
        </KeyValue>
        <X509Data>
            <X509Certificate>

            </X509Certificate>
        </X509Data>
    </KeyInfo>
</Signature>

They send me a response saying my signature is wrong, if i add the trasformation node and remove the modulus and exponent i get and schema error.

i sign the document in PHP only (using Yii2 framework) using this code

public function actionSignXML()
    {

        $doc =new DOMDocument();
        $doc->preserveWhiteSpace = TRUE;
        $doc->formatOutput = FALSE;
        $doc->load(Doc_nosign.xml');

        $tag= $doc->getElementsByTagName("refNode")->item(0);

        $objDSig = new \XMLSecurityDSig('');
        $objDSig->setCanonicalMethod(\XMLSecurityDSig::C14N);

        $options['prefix'] = '';
        $options['prefix_ns'] = '';
        $options['id_name'] = 'ID';
        $options['overwrite'] = FALSE;
        $options['force_uri'] = FALSE;
        $objDSig->addReference($tag, \XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), $options);

        $objKey = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
        $objKey->loadKey('docs/Certificado/privatekey.pem',TRUE);
        $objKey->passphrase = 'xxxxxxxxxx';

        $objDSig->sign($objKey);
        $objDSig->add509Cert(file_get_contents('docs/Certificado/certificado.pem'),TRUE);
        $tagNODE= $doc->getElementsByTagName("NODE")->item(0);
        $objDSig->appendSignature($tagNODE);


        $doc->save(XML_signed.xml');

    }

i don't see any problem in that, maybe you can help me

:)

Pablo Ramírez

unread,

Aug 22, 2015, 9:10:03 PM8/22/15

to xmlseclibs

i forget, the document must have at least 2 signatures, one or more for referenced internal nodes, and the final signature for the entire document whish is referenced as well. maybe the problem is because of that, the final signature must be sign whit the internal signatures already append in the document, but i doing it that way, still problems T_T

Rob Richards

unread,

Aug 23, 2015, 9:06:59 AM8/23/15

to xmlseclibs

The library currently only supports decrypting documents with an RSAKey but not being able to use one to encrypt. Does the service accept the document if you convert the RSA Key into a pem and then use the library as is?

Pablo Ramírez

unread,

Aug 24, 2015, 4:39:15 AM8/24/15

to xmlseclibs

i'm using the key in pem format, it was on pfx but i convert it using openssl, i try it on pfx format but still the same result

Pablo Ramírez

unread,

Aug 24, 2015, 4:46:00 AM8/24/15

to xmlseclibs

this is the structure the service requiere, is in spanish but i think you can get it. "Signature" is where the signatures must be

yuvraj.j....@gmail.com

unread,

Aug 24, 2015, 10:25:36 AM8/24/15

to xmlse...@googlegroups.com

are u using the C# or PHP , c# i can help u more ,because i am working in c# not in PHP.

Sent from Windows Mail

Pablo Ramírez

unread,

Aug 24, 2015, 12:06:32 PM8/24/15

to xmlseclibs

Just PHP

Reply all

Reply to author

Forward