bseddon / xml-signer Goto Github PK
View Code? Open in Web Editor NEWProvides signing and verification of XML documents including support for XAdES
License: BSD 3-Clause "New" or "Revised" License
xml-signer's People
Contributors
Stargazers
Watchers
xml-signer's Issues
Wrong enveloped signatures generation
This code keeps throwing the next Exception "Exception: Reference validation failed: this means the data has been changed".
openssl_pkcs12_read(
file_get_contents($pfxFilePath),
$certData,
$password
);
$this->signedXml = XAdES::signDocument(
new InputResourceInfo(
$this->dom(), // The source document
ResourceInfo::xmlDocument, // The source is a url
dirname($signedFilePath), // The location to save the signed document
basename($signedFilePath), //$storeFilename, // The name of the file to save the signed document in,
null,
false // Enveloped signature
),
new CertificateResourceInfo($certData['cert'], ResourceInfo::string | ResourceInfo::pem),
new KeyResourceInfo($certData['pkey'], ResourceInfo::string | ResourceInfo::pem),
);
$this->signedXmlPath = $signedFilePath;
XAdES::verifyDocument(
$signedFilePath
);
}
I also tested the resulting document on ETSICC and the DSS Demonstration web app, both return a wrong reference data error.
Am I doing something wrong?
EU validation tools and invalid xades signature format
HI!
However it is likely users will not have an encyclopaedic knowledge of XAdES. So the other aspect is to allow less expert users provide a minimum amount of information and ...
I'm a user of this type ;) . We are learning about certifications but is a new world for us! It's hard! Thanks for your package, makes life easier for users like us.
I've found a great validator for ades signatures from EU
https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation
If I upload your test xml http://www.xbrlquery.com/xades/hashes%20for%20nba%20with%20signature.xml the validator says that the signature format is: XADES-BASELINE-B
But if I upload my xml signed (with deferred option= false) with my certificates, it says that the signature hasn't a xades format (XML-NOT-ETSI) Reason: The structure of the signature is not valid!
What is happening? Can you help me?
Get the TSA timestamp value
In our process to certificates evidences, we create a pdf as a proof of the process. In this PDF, we included when the file was signed by the TA.
I've tried to get it from the xml:
// extract the timestamp time to save later
$xml = simplexml_load_string(file_get_contents($path_xml));
$xml->registerXPathNamespace( 'ds', XMLSecurityDSig::XMLDSIGNS );
$xml->registerXPathNamespace( 'xa', XADES::NamespaceUrl2016 );
$entries = $xml->xpath("//xa:SigningTime");
return date("Y-m-d H:i:s", strtotime((string) $entries[0]));
But it deffears from the information obtained from the webapp validation (+1sec). I think that is the sign date, not the timestamp TA date.
Is there a way to obtain de timestamp TA date? We need it!
p.d. we have methods to extract from the .tsr, but isn't available using your package.
Class '.\Transform' not found
When try to test the new methods to get LTA format #7 I get the following error:
Class '.\Transform' not found
[2021-10-19 12:12:16] develop.ERROR: Class '.\Transform' not found {"exception":"[object] (Error(code: 0): Class '.\\Transform' not found at /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Transforms.php:131)
[stacktrace]
#0 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Reference.php(167): lyquidity\\xmldsig\\xml\\Transforms->loadInnerXml()
#1 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/SignedInfo.php(138): lyquidity\\xmldsig\\xml\\Reference->loadInnerXml()
#2 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Signature.php(139): lyquidity\\xmldsig\\xml\\SignedInfo->loadInnerXml()
#3 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Generic.php(67): lyquidity\\xmldsig\\xml\\Signature->loadInnerXml()
#4 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(1551): lyquidity\\xmldsig\\xml\\Generic::fromNode()
#5 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(336): lyquidity\\xmldsig\\XAdES->addArchiveTimestamp()
#6 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(252): lyquidity\\xmldsig\\XAdES::internalTimestamp()
I think is something #1 and #3
Thank you!
Timestamping questions
Hi again :)
I've some questions about timestamping:
1- There is a way to pass a custom tsa_url to the signDocument method ?
2- If no there is a way, can you provide an example to timestamp after signDocument method has executed?
I try this with no success (A timestamp cannot be created because there is no existng signaure with @id '')
XAdES::timestamp(
new InputResourceInfo(
$path_xml, // The source signed document with signDocument method
ResourceInfo::file, // The source is a file
$partes_ruta['dirname'], // The location to save the timestamped document
$partes_ruta['filename'].'_timestamped', // The name of the file to save the timestamped document in,
),
$tsaURL );
}
composer.json package name
Hello!
Thanks for this great package! I'm looking for weeks for your solution! Let's go to try!!
Your installation guide says:
php composer.phar require "bsseddon/xml-signer"
But it fails.
The name of the package in the composer.json is:
"name": "lyquidity/xml-signer",
You should change the installation guide or the package's name!
Thank you!!
XADES-XL
Class 'lyquidity\xmldsig\xml\SignatureProductionPlaceV2' not found
Helllo!
After install the package with composer, I tried to sign an xml with the example provided in the user guide.
I obtain this error:
Class 'lyquidity\xmldsig\xml\SignatureProductionPlaceV2' not found
Perhaps something wrong with the namespace or something similar to #1 ? . I can't know what is happening. The namespace and the filename seem ok.
There are severals classes with the same problem (SignerRoleV2 too) but InputResourceInfo is loading well.
I'm using the code with the last commit on main branch.
Thanks!
ArchiveTimestamp error after upgrade to v1.0.9
Hi @bseddon !!!
I hope your are fine!!
Thanks for this package again!
Today, I updated from v1.0.0 to v1.0.9 and I get the following error:
[2022-03-29 09:42:51] develop.ERROR: Call to undefined method lyquidity\xmldsig\SignedDocumentResourceInfo::generateDomDocument() {"userId":4,"exception":"[object] (Error(code: 0): Call to undefined method lyquidity\\xmldsig\\SignedDocumentResourceInfo::generateDomDocument() at /var/www/test/laravel/vendor/lyquidity/xml-signer/src/XAdES.php:310)
[stacktrace]
#0 /var/www/test/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(253): lyquidity\\xmldsig\\XAdES::internalTimestamp(Object(lyquidity\\xmldsig\\SignedDocumentResourceInfo), 'addArchiveTimes...', 'http://M...', NULL)
#1 /var/www/test/laravel/app/M/Certifications/XMLUtils.php(110): lyquidity\\xmldsig\\XAdES::archiveTimestamp(Object(lyquidity\\xmldsig\\SignedDocumentResourceInfo), 'http://M...')
#2 /var/www/test/laravel/app/M/Certifications/CertificationService.php(69): App\\M\\Certifications\\XMLUtils->signAndTimpestampWithXADES('/var/www/test...', 'sin')
#3 /var/www/test/laravel/app/Http/Routes/web.php(78): M\\Certifications\\CertificationService->certificateEvidence(Object(Customer), 'sin', Array, 'Email')
Did you changed the way to sign with LTA on XAdES::archiveTimestamp() method??
My code is the following:
XAdES::signDocument(
new InputResourceInfo(
$path_xml, // The source document
ResourceInfo::file, // The source is a file
$partes_ruta['dirname'], // The location to save the signed document
$partes_ruta['filename'], // The name of the file to save the signed document in,
null,
false
),
new CertificateResourceInfo( $certData['cert'], ResourceInfo::string | ResourceInfo::pem ),
new KeyResourceInfo( $certData['pkey'], ResourceInfo::string ),
new SignatureProductionPlaceV2(
'City',
null, // This is V2 only
'City',
'28800',
'ES'
),
new SignerRoleV2(
'CEO'
),
array(
'canonicalizationMethod' => XMLSecurityDSig::C14N,
'addTimestamp' => $tsaURL // Include a timestamp? Can specify an alternative TSA url eg 'http://mytsa.com/'
)
);
XAdES::archiveTimestamp(
new SignedDocumentResourceInfo(
$path_xml,
ResourceInfo::file,
XAdES::SignatureRootId, // optional id
$partes_ruta['dirname'],
$partes_ruta['filename'].".xml",
XMLSecurityDSig::generateGUID('archive-timestamp-')
),
$tsaURL
);
Thanks Bill!
Call XAdES::archiveTimestamp function fails
Hello,
We have been using this module correctly until 2023-07-04 06:51:48 UTC, which was the last time XML sealing worked.
From then, all attempts have been unsuccessful due to the same error.
We were using version 1.0.0, and upon encountering this error, we have upgraded to the latest version, 1.12, but the same error still occurs.
This is our code:
XAdES::signDocument(
new InputResourceInfo(
$path_xml, // The source document
ResourceInfo::file, // The source is a file
$partes_ruta['dirname'], // The location to save the signed document
$partes_ruta['filename'], // The name of the file to save the signed document in,
null,
false
),
new CertificateResourceInfo( $certData['cert'], ResourceInfo::string | ResourceInfo::pem ),
new KeyResourceInfo( $certData['pkey'], ResourceInfo::string ),
new SignatureProductionPlaceV2(
'Girona',
null, // This is V2 only
'Girona',
'17001',
'ES'
),
new SignerRoleV2(
'CEO'
),
array(
'canonicalizationMethod' => XMLSecurityDSig::C14N,
'addTimestamp' => $tsaURL // Include a timestamp? Can specify an alternative TSA url eg 'http://mytsa.com/'
)
);
XAdES::archiveTimestamp(
new SignedDocumentResourceInfo(
$path_xml,
ResourceInfo::file,
XAdES::SignatureRootId, // optional id
$partes_ruta['dirname'],
$partes_ruta['filename'].".xml",
XMLSecurityDSig::generateGUID('archive-timestamp-')
),
$tsaURL
);
When we call the XAdES::archiveTimestamp function it generates the following error:
- All children must be of type EncapsulatedCRLValue
[2023-07-11 10:13:21] preview.ERROR: App\Jobs\EvidenceCertification@handle: Fails when certificate evidence {"message":"All <EncapsulatedCRLValues> children must be of type EncapsulatedCRLValue","error_trace":"#0 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/xml/RevocationValues.php(146): lyquidity\\xmldsig\\xml\\CRLValues->validateElement()
#1 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/xml/PropertiesCollection.php(202): lyquidity\\xmldsig\\xml\\RevocationValues->validateElement()
#2 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/xml/UnsignedSignatureProperties.php(98): lyquidity\\xmldsig\\xml\\PropertiesCollection->validateElement()
#3 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(1834): lyquidity\\xmldsig\\xml\\UnsignedSignatureProperties->validateElement()
#4 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(319): lyquidity\\xmldsig\\XAdES->addArchiveTimestamp()
#5 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(257): lyquidity\\xmldsig\\XAdES::internalTimestamp()
#6 /var/www/mensagia/laravel/app/Mensagia/Certifications/XMLUtils.php(113): lyquidity\\xmldsig\\XAdES::archiveTimestamp()
#7 /var/www/mensagia/laravel/app/Mensagia/Certifications/CertificationService.php(69): App\\Mensagia\\Certifications\\XMLUtils->signAndTimpestampWithXADES()
#8 /var/www/mensagia/laravel/app/Jobs/EvidenceCertification.php(57): Mensagia\\Certifications\\CertificationService->certificateEvidence()}
Could you help us with this?
Thanks,
Juanma
Issues with autoload.php / Generic::fromNode() in UNIX and TSA.php
Hi @bseddon , I'm trying to use your library to generate XAdES signatures in Ubuntu 20.04 and I'm having some issues with autoload files in composer, Generic::fromNode() function.
I have fixed them replacing "" by "/", but maybe it could be better to use realpath() php function that detect OS system and use paths accordingly (I haven't tested).
Moreover, I couldn't get the timestamp added because of the curl option: CURLOPT_CAINFO which can't be null.
I leave the fixes attached in this issue.
fixes.zip
Thanks for everything :)
How to add certificate chain?
I've tried your code and also get some example results. in European commission validated that i'm missing certificate chain.
how can i solve this issue?
Thank you
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.