How do do XML digital signing-SOAP/XML canonicalizatiion

This forum is for general support of Xbase++
Post Reply
Message
Author
Cliff Wiernik
Posts: 605
Joined: Thu Jan 28, 2010 9:11 pm
Location: Steven Point, Wisconsin USA
Contact:

How do do XML digital signing-SOAP/XML canonicalizatiion

#1 Post by Cliff Wiernik »

For a SOAP service I need to connection to, it requires XML-disg (digital signing) of the SOAP body. A portion of that requires the xml canonicalization of the original xml prior to computing the digital digest and signature. Tools like dotnet have it build in as one of the namespaces. I intend to use the CryptoSysPKI library to do the signing but need to do that on the canonicalized version of the xlm body in the SOAP package.

Does anyone have any experience/recommendations on how to do this. One possibility is to use the MSDN and other examples of vb.net/c# to create the short dotnet program that takes the input xml and outputs the canonicalized version. I think I can build the wrapper dotnet program so I can publish the COM connection and register (regasm) the assembly.

Is there a better way to do this?

Also, does anyone have experience on how to structure the vb.net/c# wrapper code to get an inputstring (xml file) from Xbase++ and receive back the converted string. I have some foxpro and Alaska samples that I think I understand, but any additional insight is available. There is the xmlsec c++ library available, but my C++ experience is non-existent. Terry Wolfe has provided the wrapper examples he uses with the Alaska C++ interface and his Print Library, but that is likely beyond my current knowledge level. Maybe a project for the future.

patito
Posts: 121
Joined: Tue Aug 31, 2010 9:01 pm

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#2 Post by patito »

Hi Cliff

CryptoSys, it is good, but it is not easy to understand
A better alternative is to use activex com with c sharp net
and otherwise with .bat command file type you are using xmlsec
https://www.aleksey.com/xmlsec/


Best Regard
Héctor Pezoa

Cliff Wiernik
Posts: 605
Joined: Thu Jan 28, 2010 9:11 pm
Location: Steven Point, Wisconsin USA
Contact:

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#3 Post by Cliff Wiernik »

How do you use csharp with activex from Xbase++. Do you create a wrapper functions in c#, create as com interop and then access normally. Do you have any examples. How do you use xmlsec with a batch file. Does xmlsec binaries come with an executable file to process from a batch file. This needs to be integrated within an automatically processing application.

How to you setup the csharp netassembly (I assume using the built in Microsoft namespaces) to allow the passing in of the xml and the sending out of the xml or actual signed document

I have used successfully CryptosysAPI for the AES encryption for CC information.

patito
Posts: 121
Joined: Tue Aug 31, 2010 9:01 pm

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#4 Post by patito »

Hi Cliff

Build the ActiveX with microsoft visual studio 2010
Then you have to sign the activex and connects with alaska xbase

Part of an example to sign x509 xmldsign


public static string firmarDocumentoSemilla(string documento, X509Certificate2 certificado)
{

////
//// Cree un nuevo documento xml y defina sus caracteristicas
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = false;
doc.LoadXml(documento);

////
//// Cree el objeto XMLSignature.
SignedXml signedXml = new SignedXml(doc);

////
//// Agregue la clave privada al objeto xmlSignature.
signedXml.SigningKey = certificado.PrivateKey;

////
//// Obtenga el objeto signature desde el objeto SignedXml.
Signature XMLSignature = signedXml.Signature;

////
//// Cree una referencia al documento que va a firmarse
//// si la referencia es "" se firmara todo el documento
Reference reference = new Reference("");

////
//// Representa la transformación de firma con doble cifrado para una firma XML digital que define W3C.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);

////
//// Agregue el objeto referenciado al obeto firma.
XMLSignature.SignedInfo.AddReference(reference);

////
//// Agregue RSAKeyValue KeyInfo ( requerido para el SII ).
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue((RSA)certificado.PrivateKey));

////
//// Agregar información del certificado x509
keyInfo.AddClause(new KeyInfoX509Data(certificado));

////
//// Agregar KeyInfo al objeto Signature
XMLSignature.KeyInfo = keyInfo;

////
//// Cree la firma
signedXml.ComputeSignature();

////
//// Recupere la representacion xml de la firma
XmlElement xmlDigitalSignature = signedXml.GetXml();

////
//// Agregue la representacion xml de la firma al documento xml
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));

////
//// Limpie el documento xml de la declaracion xml ( Opcional, pera para nuestro proceso es valido )
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}

////
//// Regrese el valor de retorno
return doc.InnerXml;


Best regard
Héctor

patito
Posts: 121
Joined: Tue Aug 31, 2010 9:01 pm

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#5 Post by patito »

Hi Cliff

See example CryptoSys to sign a x509

http://www.di-mgt.com.au/xmldsig2.html

See in contributions tema of xmlsec

Sign XML with xmlsec :
xmlsec1 –sign –id-attr:ID <Id a firmar> –output ArchivoFirmado.xml –pkcs12 <firma digital> –pwd <password de firma digital> ArchivoAFirmar.xml


Best Regard
Héctor

Cliff Wiernik
Posts: 605
Joined: Thu Jan 28, 2010 9:11 pm
Location: Steven Point, Wisconsin USA
Contact:

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#6 Post by Cliff Wiernik »

After you have created and signed the activeX, say MYXMLSign and registered as a COM via regasm, then in Xbase++ to you call it something like this:

oSignXML := CreateObject('MYXMLSign')
cSignedXML := oSignXML:SeedDocumentSigning(document, certificate)

Is that the correct way to use this code.

patito
Posts: 121
Joined: Tue Aug 31, 2010 9:01 pm

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#7 Post by patito »

Hi Cliff

If that's right
Best Regard
Héctor

1.Start VS2010 as administrator.
2.Open a class library project (exmaple - MyProject).
3.Add a new interface to the project (see example below).
4.Add a using System.Runtime.InteropServices; to the file
5.Add the attributes InterfaceType, Guid to the interface.
6.You can generate a Guid using Tools->Generate GUID (option 4).
7.Add a class that implement the interface.
8.Add the attributes ClassInterface, Guid, ProgId to the interface.
ProgId convention is {namespace}.{class}
9.Under the Properties folder in the project in the AssemblyInfo file set ComVisible to true.
10.In the project properties menu, in the build tab mark "Register for COM interop"
11.Build the project
now you can use your COM object by using it's ProgID.

example: the C# code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using System.Runtime.InteropServices;

namespace Launcher
{

[InterfaceType(ComInterfaceType.InterfaceIsDual), Guid("XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX")]
public interface ILauncher
{
void launch();
}

[ClassInterface(ClassInterfaceType.None), Guid("YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYY"), ProgId("Launcher.Launcher")]
public class Launcher : ILauncher
{
private string path = null;

public void launch()
{
Console.WriteLine("I launch scripts for a living.");

}

and VB script using the COM:

set obj = createObject("PSLauncher.PSLauncher")
obj.launch()

and the output will be:

I launch scripts for a living

Cliff Wiernik
Posts: 605
Joined: Thu Jan 28, 2010 9:11 pm
Location: Steven Point, Wisconsin USA
Contact:

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#8 Post by Cliff Wiernik »

Thanks.

How do you set it up in order to pass a string into the C# routine and return a string back to the Xbase++ application.

I am looking at a dotnet example from "CombiFinanz Informationssysteme" and it looks like the method to use would be to define instance variables that are exported in the C# code and then in Xbase++ assign the incoming string to the instance variable and then either return the result in the same modified instance variable or a different instance variable.

The original xbpocx goodies example does show an approach where they pass parameters to a methods and get a return value. That could be another way to do it.

Cliff

patito
Posts: 121
Joined: Tue Aug 31, 2010 9:01 pm

Re: How do do XML digital signing-SOAP/XML canonicalizatiion

#9 Post by patito »

Cliff

If you can ask on the functions
SYS (3096, lnDispHandle) and SYS (3097, this.oDotNetBridge)
These functions are visual fox

which is equivalent xBase ++, you can run DotNetBridge.
That is the only obstacle to convert Xbase ++ Alaska

Best Regard
Héctor

Post Reply