bseddon / xml-signer Goto Github PK
View Code? Open in Web Editor NEWProvides signing and verification of XML documents including support for XAdES
License: BSD 3-Clause "New" or "Revised" License
Provides signing and verification of XML documents including support for XAdES
License: BSD 3-Clause "New" or "Revised" License
This code keeps throwing the next Exception "Exception: Reference validation failed: this means the data has been changed".
openssl_pkcs12_read(
file_get_contents($pfxFilePath),
$certData,
$password
);
$this->signedXml = XAdES::signDocument(
new InputResourceInfo(
$this->dom(), // The source document
ResourceInfo::xmlDocument, // The source is a url
dirname($signedFilePath), // The location to save the signed document
basename($signedFilePath), //$storeFilename, // The name of the file to save the signed document in,
null,
false // Enveloped signature
),
new CertificateResourceInfo($certData['cert'], ResourceInfo::string | ResourceInfo::pem),
new KeyResourceInfo($certData['pkey'], ResourceInfo::string | ResourceInfo::pem),
);
$this->signedXmlPath = $signedFilePath;
XAdES::verifyDocument(
$signedFilePath
);
}
I also tested the resulting document on ETSICC and the DSS Demonstration web app, both return a wrong reference data error.
Am I doing something wrong?
HI!
However it is likely users will not have an encyclopaedic knowledge of XAdES. So the other aspect is to allow less expert users provide a minimum amount of information and ...
I'm a user of this type ;) . We are learning about certifications but is a new world for us! It's hard! Thanks for your package, makes life easier for users like us.
I've found a great validator for ades signatures from EU
https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation
If I upload your test xml http://www.xbrlquery.com/xades/hashes%20for%20nba%20with%20signature.xml the validator says that the signature format is: XADES-BASELINE-B
But if I upload my xml signed (with deferred option= false) with my certificates, it says that the signature hasn't a xades format (XML-NOT-ETSI) Reason: The structure of the signature is not valid!
What is happening? Can you help me?
In our process to certificates evidences, we create a pdf as a proof of the process. In this PDF, we included when the file was signed by the TA.
I've tried to get it from the xml:
// extract the timestamp time to save later
$xml = simplexml_load_string(file_get_contents($path_xml));
$xml->registerXPathNamespace( 'ds', XMLSecurityDSig::XMLDSIGNS );
$xml->registerXPathNamespace( 'xa', XADES::NamespaceUrl2016 );
$entries = $xml->xpath("//xa:SigningTime");
return date("Y-m-d H:i:s", strtotime((string) $entries[0]));
But it deffears from the information obtained from the webapp validation (+1sec). I think that is the sign date, not the timestamp TA date.
Is there a way to obtain de timestamp TA date? We need it!
p.d. we have methods to extract from the .tsr, but isn't available using your package.
When try to test the new methods to get LTA format #7 I get the following error:
Class '.\Transform' not found
[2021-10-19 12:12:16] develop.ERROR: Class '.\Transform' not found {"exception":"[object] (Error(code: 0): Class '.\\Transform' not found at /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Transforms.php:131)
[stacktrace]
#0 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Reference.php(167): lyquidity\\xmldsig\\xml\\Transforms->loadInnerXml()
#1 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/SignedInfo.php(138): lyquidity\\xmldsig\\xml\\Reference->loadInnerXml()
#2 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Signature.php(139): lyquidity\\xmldsig\\xml\\SignedInfo->loadInnerXml()
#3 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/xml/Generic.php(67): lyquidity\\xmldsig\\xml\\Signature->loadInnerXml()
#4 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(1551): lyquidity\\xmldsig\\xml\\Generic::fromNode()
#5 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(336): lyquidity\\xmldsig\\XAdES->addArchiveTimestamp()
#6 /home/vagrant/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(252): lyquidity\\xmldsig\\XAdES::internalTimestamp()
I think is something #1 and #3
Thank you!
Hi again :)
I've some questions about timestamping:
1- There is a way to pass a custom tsa_url to the signDocument
method ?
2- If no there is a way, can you provide an example to timestamp after signDocument method has executed?
I try this with no success (A timestamp cannot be created because there is no existng signaure with @id '')
XAdES::timestamp(
new InputResourceInfo(
$path_xml, // The source signed document with signDocument method
ResourceInfo::file, // The source is a file
$partes_ruta['dirname'], // The location to save the timestamped document
$partes_ruta['filename'].'_timestamped', // The name of the file to save the timestamped document in,
),
$tsaURL );
}
Hello!
Thanks for this great package! I'm looking for weeks for your solution! Let's go to try!!
Your installation guide says:
php composer.phar require "bsseddon/xml-signer"
But it fails.
The name of the package in the composer.json is:
"name": "lyquidity/xml-signer",
You should change the installation guide or the package's name!
Thank you!!
Helllo!
After install the package with composer, I tried to sign an xml with the example provided in the user guide.
I obtain this error:
Class 'lyquidity\xmldsig\xml\SignatureProductionPlaceV2' not found
Perhaps something wrong with the namespace or something similar to #1 ? . I can't know what is happening. The namespace and the filename seem ok.
There are severals classes with the same problem (SignerRoleV2
too) but InputResourceInfo
is loading well.
I'm using the code with the last commit on main branch.
Thanks!
Hi @bseddon !!!
I hope your are fine!!
Thanks for this package again!
Today, I updated from v1.0.0 to v1.0.9 and I get the following error:
[2022-03-29 09:42:51] develop.ERROR: Call to undefined method lyquidity\xmldsig\SignedDocumentResourceInfo::generateDomDocument() {"userId":4,"exception":"[object] (Error(code: 0): Call to undefined method lyquidity\\xmldsig\\SignedDocumentResourceInfo::generateDomDocument() at /var/www/test/laravel/vendor/lyquidity/xml-signer/src/XAdES.php:310)
[stacktrace]
#0 /var/www/test/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(253): lyquidity\\xmldsig\\XAdES::internalTimestamp(Object(lyquidity\\xmldsig\\SignedDocumentResourceInfo), 'addArchiveTimes...', 'http://M...', NULL)
#1 /var/www/test/laravel/app/M/Certifications/XMLUtils.php(110): lyquidity\\xmldsig\\XAdES::archiveTimestamp(Object(lyquidity\\xmldsig\\SignedDocumentResourceInfo), 'http://M...')
#2 /var/www/test/laravel/app/M/Certifications/CertificationService.php(69): App\\M\\Certifications\\XMLUtils->signAndTimpestampWithXADES('/var/www/test...', 'sin')
#3 /var/www/test/laravel/app/Http/Routes/web.php(78): M\\Certifications\\CertificationService->certificateEvidence(Object(Customer), 'sin', Array, 'Email')
Did you changed the way to sign with LTA on XAdES::archiveTimestamp() method??
My code is the following:
XAdES::signDocument(
new InputResourceInfo(
$path_xml, // The source document
ResourceInfo::file, // The source is a file
$partes_ruta['dirname'], // The location to save the signed document
$partes_ruta['filename'], // The name of the file to save the signed document in,
null,
false
),
new CertificateResourceInfo( $certData['cert'], ResourceInfo::string | ResourceInfo::pem ),
new KeyResourceInfo( $certData['pkey'], ResourceInfo::string ),
new SignatureProductionPlaceV2(
'City',
null, // This is V2 only
'City',
'28800',
'ES'
),
new SignerRoleV2(
'CEO'
),
array(
'canonicalizationMethod' => XMLSecurityDSig::C14N,
'addTimestamp' => $tsaURL // Include a timestamp? Can specify an alternative TSA url eg 'http://mytsa.com/'
)
);
XAdES::archiveTimestamp(
new SignedDocumentResourceInfo(
$path_xml,
ResourceInfo::file,
XAdES::SignatureRootId, // optional id
$partes_ruta['dirname'],
$partes_ruta['filename'].".xml",
XMLSecurityDSig::generateGUID('archive-timestamp-')
),
$tsaURL
);
Thanks Bill!
Hello,
We have been using this module correctly until 2023-07-04 06:51:48 UTC, which was the last time XML sealing worked.
From then, all attempts have been unsuccessful due to the same error.
We were using version 1.0.0, and upon encountering this error, we have upgraded to the latest version, 1.12, but the same error still occurs.
This is our code:
XAdES::signDocument(
new InputResourceInfo(
$path_xml, // The source document
ResourceInfo::file, // The source is a file
$partes_ruta['dirname'], // The location to save the signed document
$partes_ruta['filename'], // The name of the file to save the signed document in,
null,
false
),
new CertificateResourceInfo( $certData['cert'], ResourceInfo::string | ResourceInfo::pem ),
new KeyResourceInfo( $certData['pkey'], ResourceInfo::string ),
new SignatureProductionPlaceV2(
'Girona',
null, // This is V2 only
'Girona',
'17001',
'ES'
),
new SignerRoleV2(
'CEO'
),
array(
'canonicalizationMethod' => XMLSecurityDSig::C14N,
'addTimestamp' => $tsaURL // Include a timestamp? Can specify an alternative TSA url eg 'http://mytsa.com/'
)
);
XAdES::archiveTimestamp(
new SignedDocumentResourceInfo(
$path_xml,
ResourceInfo::file,
XAdES::SignatureRootId, // optional id
$partes_ruta['dirname'],
$partes_ruta['filename'].".xml",
XMLSecurityDSig::generateGUID('archive-timestamp-')
),
$tsaURL
);
When we call the XAdES::archiveTimestamp function it generates the following error:
[2023-07-11 10:13:21] preview.ERROR: App\Jobs\EvidenceCertification@handle: Fails when certificate evidence {"message":"All <EncapsulatedCRLValues> children must be of type EncapsulatedCRLValue","error_trace":"#0 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/xml/RevocationValues.php(146): lyquidity\\xmldsig\\xml\\CRLValues->validateElement()
#1 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/xml/PropertiesCollection.php(202): lyquidity\\xmldsig\\xml\\RevocationValues->validateElement()
#2 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/xml/UnsignedSignatureProperties.php(98): lyquidity\\xmldsig\\xml\\PropertiesCollection->validateElement()
#3 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(1834): lyquidity\\xmldsig\\xml\\UnsignedSignatureProperties->validateElement()
#4 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(319): lyquidity\\xmldsig\\XAdES->addArchiveTimestamp()
#5 /var/www/mensagia/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(257): lyquidity\\xmldsig\\XAdES::internalTimestamp()
#6 /var/www/mensagia/laravel/app/Mensagia/Certifications/XMLUtils.php(113): lyquidity\\xmldsig\\XAdES::archiveTimestamp()
#7 /var/www/mensagia/laravel/app/Mensagia/Certifications/CertificationService.php(69): App\\Mensagia\\Certifications\\XMLUtils->signAndTimpestampWithXADES()
#8 /var/www/mensagia/laravel/app/Jobs/EvidenceCertification.php(57): Mensagia\\Certifications\\CertificationService->certificateEvidence()}
Could you help us with this?
Thanks,
Juanma
Hi @bseddon , I'm trying to use your library to generate XAdES signatures in Ubuntu 20.04 and I'm having some issues with autoload files in composer, Generic::fromNode() function.
I have fixed them replacing "" by "/", but maybe it could be better to use realpath() php function that detect OS system and use paths accordingly (I haven't tested).
Moreover, I couldn't get the timestamp added because of the curl option: CURLOPT_CAINFO which can't be null.
I leave the fixes attached in this issue.
fixes.zip
Thanks for everything :)
I've tried your code and also get some example results. in European commission validated that i'm missing certificate chain.
how can i solve this issue?
Thank you
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.