search

bseddon / xml-signer

Provides signing and verification of XML documents including support for XAdES
BSD 3-Clause "New" or "Revised" License
18 stars 7 forks source link

ArchiveTimestamp error after upgrade to v1.0.9 #12

Open sangar82 opened 2 years ago

sangar82 commented 2 years ago

Hi @bseddon !!!

I hope your are fine!!

Thanks for this package again!

Today, I updated from v1.0.0 to v1.0.9 and I get the following error:

[2022-03-29 09:42:51] develop.ERROR: Call to undefined method lyquidity\xmldsig\SignedDocumentResourceInfo::generateDomDocument() {"userId":4,"exception":"[object] (Error(code: 0): Call to undefined method lyquidity\\xmldsig\\SignedDocumentResourceInfo::generateDomDocument() at /var/www/test/laravel/vendor/lyquidity/xml-signer/src/XAdES.php:310)
[stacktrace]
#0 /var/www/test/laravel/vendor/lyquidity/xml-signer/src/XAdES.php(253): lyquidity\\xmldsig\\XAdES::internalTimestamp(Object(lyquidity\\xmldsig\\SignedDocumentResourceInfo), 'addArchiveTimes...', 'http://M...', NULL)
#1 /var/www/test/laravel/app/M/Certifications/XMLUtils.php(110): lyquidity\\xmldsig\\XAdES::archiveTimestamp(Object(lyquidity\\xmldsig\\SignedDocumentResourceInfo), 'http://M...')
#2 /var/www/test/laravel/app/M/Certifications/CertificationService.php(69): App\\M\\Certifications\\XMLUtils->signAndTimpestampWithXADES('/var/www/test...', 'sin')
#3 /var/www/test/laravel/app/Http/Routes/web.php(78): M\\Certifications\\CertificationService->certificateEvidence(Object(Customer), 'sin', Array, 'Email')

Did you changed the way to sign with LTA on XAdES::archiveTimestamp() method??

My code is the following:


        XAdES::signDocument(
            new InputResourceInfo(
                $path_xml, // The source document
                ResourceInfo::file, // The source is a file
                $partes_ruta['dirname'], // The location to save the signed document
                $partes_ruta['filename'], // The name of the file to save the signed document in,
                null,
                false
            ),
            new CertificateResourceInfo( $certData['cert'], ResourceInfo::string | ResourceInfo::pem ),
            new KeyResourceInfo( $certData['pkey'], ResourceInfo::string ),
            new SignatureProductionPlaceV2(
                'City',
                null, // This is V2 only
                'City',
                '28800',
                'ES'
            ),
            new SignerRoleV2(
                'CEO'
            ),
            array(
                'canonicalizationMethod' => XMLSecurityDSig::C14N,
                'addTimestamp' => $tsaURL // Include a timestamp? Can specify an alternative TSA url eg 'http://mytsa.com/'
            )
        );

        XAdES::archiveTimestamp(
            new SignedDocumentResourceInfo(
                $path_xml,
                ResourceInfo::file,
                XAdES::SignatureRootId, // optional id
                $partes_ruta['dirname'],
                $partes_ruta['filename'].".xml",
                XMLSecurityDSig::generateGUID('archive-timestamp-')
            ),
            $tsaURL
        );

Thanks Bill!

bseddon commented 2 years ago

Thanks for the alert. The cause of your issue is that since version 1.0 a function called generateDomDocument has been created from code to open an XML resource so the code can be re-used. This function has been put into InputResourceInfo.php. I can see now this is an error because SignedDocumentResourceInfo does not inherit from InputResourceInfo. Instead it inherits from BaseInputResourceInfo and this is where the new function generateDomDocument should be placed.

I'll look at this issue later and verify that moving the function is the best change to make.

bseddon commented 2 years ago

The code has been updated to move the function generateDomDocument into BaseInputResourceInfo so all input classes are able to call it. My testing shows this change allows an Archive Timestamp to be created. However, this is not a function I use so it is possible it may not work for you. If so, let me know.

At the moment there is no new release package. If you need one, let me know.

sangar82 commented 2 years ago

Thanks @bseddon , I will try soon!

sangar82 commented 2 years ago

Hi @bseddon !!!

Sorry for the delay in answering.

Can you release a new package for add this changes to production?

Thanks!

bseddon commented 2 years ago

Hi, new releases have been created. The dependent repository requester has also been updated and a release created. Composer should handle this update automatically.

Please note that since the modification to address the issue you reported, other changes have been made. I don't think any changes will affect you adversely. The changes are because ETSI has been running a 'plug test' event over the last 10 or so weeks in which XAdES tools can create signatures then validate others to see if validations are consistent. As a result, it became clear the signer would not work with certificates created using an elliptic curve algorithm.

If you find further problems let me know and I'll get on as soon as possible.