search

digipost / signature-api-client-dotnet

Apache License 2.0
3 stars 3 forks source link

Got an error "Kunne ikke bygge Xml for signatur." #430

Closed ravibansal1208 closed 8 months ago

ravibansal1208 commented 8 months ago

Hi, I am using virksomhet certificate and has tried to send documents but got following error 

Error occured in Create signature=Kunne ikke bygge Xml for signatur.
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.Xml()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.get_Bytes()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceArchive.<>c.<.ctor>b__3_0(IAsiceAttachable a)
   at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
   at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceArchive..ctor(IEnumerable`1 asiceAttachableProcessors, IAsiceAttachable[] attachables)
   at Digipost.Signature.Api.Client.Portal.Internal.AsicE.PortalAsiceGenerator.CreateAsice(Job job, X509Certificate2 certificate, IAsiceConfiguration asiceConfiguration)
   at Digipost.Signature.Api.Client.Portal.PortalClient.<Create>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
runeflobakk commented 8 months ago

Looking at the stacktrace you sent, the exception was thrown in the SignatureGenerator.Xml() method, here: https://github.com/digipost/signature-api-client-dotnet/blob/64b4aecfde2a896bbec7b8410a9c06951e8e9d10/Digipost.Signature.Api.Client.Core/Internal/Asice/AsiceSignature/SignatureGenerator.cs#L49

The exception wraps another exception (which possibly contains more inner exceptions).

throw new XmlParseException("Kunne ikke bygge Xml for signatur.", e);
                                                                  ⬆️

To be able to see what is going on, we really need the full error, i.e. the full stacktrace where all the inner exceptions which contains the root cause(s) are included.

If you look at the other issue where you initially reported this, the reporter includes two inner exceptions, where one of them contains a detail message about what the problem is.

ravibansal1208 commented 8 months ago

Please find an inner exception below:

1:00:32 PM Inner Exception=System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignedXmlWithAgnosticId.ExtractValidPrivateKeyOrThrow(X509Certificate2 certificate)
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignedXmlWithAgnosticId.SetSigningKey(X509Certificate2 certificate)
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignedXmlWithAgnosticId..ctor(XmlDocument xmlDocument, X509Certificate2 certificate, String inclusiveNamespacesPrefixList)
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.CreateSignatureElement()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.CreateXadesSignature()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.Xml()
1:00:32 PM    at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.Xml()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceSignature.SignatureGenerator.get_Bytes()
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceArchive.<>c.<.ctor>b__3_0(IAsiceAttachable a)
   at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
   at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
   at Digipost.Signature.Api.Client.Core.Internal.Asice.AsiceArchive..ctor(IEnumerable`1 asiceAttachableProcessors, IAsiceAttachable[] attachables)
   at Digipost.Signature.Api.Client.Portal.Internal.AsicE.PortalAsiceGenerator.CreateAsice(Job job, X509Certificate2 certificate, IAsiceConfiguration asiceConfiguration)
   at Digipost.Signature.Api.Client.Portal.PortalClient.<Create>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at Evry.DigitalSignature.Posten.SendForSignature.<CreateAndSendSignaturJob>d__12.MoveNext()
1:00:32 PM ERROR when sending 227. One or more errors occurred. Kunne ikke bygge Xml for signatur.    at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at System.Threading.Tasks.Task.Wait()
runeflobakk commented 8 months ago

So the cause is apparently

CryptographicException: Invalid provider type specified.

It is hard for me to guess exactly what the problem is, but does any of the answers in this thread provide any help? https://stackoverflow.com/questions/22581811/invalid-provider-type-specified-cryptographicexception-when-trying-to-load-pri

I believe this is caused by the cyptography provider you are using in your .NET runtime may not be compatible with the certificate you are trying to use. I get the impression that this is typical if the certificate uses certain features which your .NET runtime does not support in its cryptography implementation, e.g. maybe SHA256.

ravibansal1208 commented 8 months ago

It doesn't help to resolve an issue

runeflobakk commented 8 months ago

What does not help? What have you tried, and what results did you get?

ravibansal1208 commented 8 months ago

I tried to change the .Net version from 4.8 to 4.6.2 and also tried openssl commands given on the link you have provided and got following error:

unable to load Private Key
34359836736:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:610:
34359836736:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:62:
34359836736:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:93:
34359836736:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
runeflobakk commented 8 months ago

Since you get an error from openssl, I think maybe at this point you need to ask the issuer of your enterprise certificate for help (either Buypass or Commfides). I don't have extensive knowledge about openssl, but I see something about "bad decrypt". I am guessing the platform you are running on does not support some cipher or other feature of the certificate.

ravibansal1208 commented 8 months ago

@runeflobakk it works after I have upgraded the version for all dll files from digipost. Thanks for your help.