search

robrichards / xmlseclibs

A PHP library for XML Security
BSD 3-Clause "New" or "Revised" License
388 stars 181 forks source link

I am getting the error : signature failed validation - installation details may have been altered #258

Open akashitidol opened 11 months ago

akashitidol commented 11 months ago

Hi everyone, Getting this issue when I am uploading the BUF and SDP files on Test REC:

" Error: Please check and correct the following issues before continuing: Signature failed validation - installation details may have been altered "

I have created Self signed certificate and serial number on our server using below commands,

openssl x509 -in 1808techformcert.pem -pubkey -noout > 1808public_key.pem openssl rsa -in 1808techformcert.pem -noout -modulus

Below is my code .

-----------------------------------------------------------Code to sign XML---START----------------------------------------------------------- $xml = new \DOMDocument(); $xml->load($content); if (!$xml->loadXML($content)) { echo "Failed to load XML document."; // You can check $xml->load() if you are loading from a file. // Handle the error as needed. exit; } // Create a new XMLSec signature $objDSig = new XMLSecurityDSig(); $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $objDSig->addReference( $xml, XMLSecurityDSig::SHA256, ['#Installation'], ['force_uri' => true] );

// Load the private key $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'private']); $key->loadKey(public_path('17102023private_key_no_passphrase.pem'), true); // Path to your private key $objDSig->add509Cert(file_get_contents(public_path('17102023certificate.pem'))); // Path to your public certificate $objDSig->sign($key); // Pass the key as an argument to the sign method

// Append the signature to the XML $objDSig->appendSignature($xml->documentElement); // Get the newly added signature element

$signatureElement = $xml->getElementsByTagName('Signature')->item(1);

// Create the X509IssuerSerial element $x509Data = $signatureElement->getElementsByTagName('X509Data')->item(0);

$x509IssuerSerial = $xml->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'X509IssuerSerial'); $x509SerialNumber = $xml->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'X509SerialNumber'); $x509SerialNumber->nodeValue = '515235088231050242768900489065250446133869353060'; // Replace with your serial number $x509IssuerName = $xml->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'X509IssuerName'); $x509IssuerName->nodeValue = 'C = AU, ST = QUEENSLAND, L = HEATHWOOD, O = Techno FORMS PTY LTD, OU = Verification, CN = login.technoforms.com.au, emailAddress = info@technoforms.com.au'; // Replace with your issuer name

$x509IssuerSerial->appendChild($x509IssuerName); $x509IssuerSerial->appendChild($x509SerialNumber); $x509Data->appendChild($x509IssuerSerial);

$x509Certificate = $signatureElement->getElementsByTagName('X509Certificate')->item(0);

$x509Data->insertBefore($x509IssuerSerial, $x509Certificate);

// Create the KeyName element $keyName = $xml->createElement('KeyName', 'C = AU, ST = QUEENSLAND, L = HEATHWOOD, O = Techno FORMS PTY LTD, OU = Verification, CN = login.technoforms.com.au, emailAddress = info@technoforms.com.au');

// Create the KeyValue element with RSAKeyValue $keyValue = $xml->createElement('KeyValue'); $rsaKeyValue = $xml->createElement('RSAKeyValue');

// Create Modulus and Exponent elements within RSAKeyValue $modulus = $xml->createElement('Modulus', 'vmPf+o0sdbVoQ4tfFG8hg1Gu1wahmSvibPlvg3PTDKpkNNiWLHk3FC4571xJhvAlJUeeHJ8PmKonlIjpOTMyeruZCv03K9f6CsEam6rmfzbtKRXqC4EmwAJhKPX2tfbtwXSrZfWfpUX8oc4xuhgotDVSBZ/MWmVV6agq0zGiz4uEdiqJmiz3wVLbzGSWKkKMe4KdrCuT/T6gWMkXMe1c7IuqVXQJ8dJTneWtJc4VDb9oyXFsnm52YjQA9cpoBP4bUCOwS3sS9t+T/0HC1vpCdt+T/0HC1vpCdt');

$exponent = $xml->createElement('Exponent', 'AQAB');

// Append Modulus and Exponent to RSAKeyValue $rsaKeyValue->appendChild($modulus); $rsaKeyValue->appendChild($exponent);

// Append RSAKeyValue to KeyValue $keyValue->appendChild($rsaKeyValue);

// Append KeyName and KeyValue after X509Data

$x509Data->parentNode->insertBefore($keyValue, $x509Data->nextSibling); $x509Data->parentNode->insertBefore($keyName, $x509Data->nextSibling);

// Traverse the XML document and replace "ds:" with your preferred namespace prefix (e.g., "custom:") // After signing the XML, remove the "ds:" namespace prefixes from the signature elements $signedXml = $xml->saveXML();

// Remove the "ds:" prefixes $signedXml = str_replace(['ds:', ':ds'], ['', ''], $signedXml); $signedXml = str_replace(['Transform Algorithm="#Installation"'], ['Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"'], $signedXml); $signedXml = str_replace(['Reference URI=""'], ['Reference URI="#Installation"'], $signedXml); $signedXml = str_replace(['CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"'],['CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"'], $signedXml);

-----------------------------------------------------------Code to sign XML---END-------------------------------------------------------------

Also , I want signature in below format and tags . I am removing ds from sign after XML was signed, may be due to that i am getting this error "Signature failed validation - installation details may have been altered".

-----------------------------------------------i want signature in below format and tags------------------------------------------------------

j92+srj+sZHZRHc7jcRq+yKaREFa7mKaOQKzhhYd/bA=OIlr87Aq3WSyCSeUjCngzGKSXPOFQMihnuRDHsYoPiIxZr/rfcmxwgP2C/EIbAJfTbwKD31TWh1jcZML+lDUwTXCNI1gY88M9SVksFSiam0t38hM90QI6DKAYTF+FJsr/+Tr1mc+C50QvYhNBXipGZRoxjwq9GQzGUNh1a1PlDGHv3ohOH6MQ2M4gAmu9EuXRI2dqF/ArjaR9hQ2JVcRJNi0rLSFn236vi68VlGuJeuEC5RzVWS9kpCZIezRm5v+QXE52AuuFz6liiszVMpNXJnsY/0vz+r22vuxgDqxJ452ltG6nNUp3FGDWxp+Yd77cxDesOs1kCcDt4Q+COf31i0qX8gkqzezVzyLzQThXSRl+3MTTCdKo16Pgc2pBc3c1hbQkXCkJTq9emXXAkcTMmJ9nyrDD7Ww618xF3kH9OFE4AKAx+/m+IWQpPJTMae4ieSkGrtUck/Rz87JFY9Qbk1qDxWjY1+RL2tLLoqb3fNAFBUblRGvCTSahm4DzjBB1DqxezN36sBNXP2KAFZRQTWlgP+ObEo177hRbuJDiXK0nZqQtqaravqBUruDjT8hROtgCkho/vjUSoVpxI1rmf1rjmmtNHlQYh0UZLVGCyg+pel2JJjmbCWOqa2u+oFt77KtM4G+yNuSYLr+SvU1p1De3xY+SZDZot7lKn7K5x8=CN=Test1.dev.cleanenergyregulator.gov.au, OU=Dev, O=CleanEnergyRegulator, L=Canberra, S=ACT, C=AU589453272959534556312295100069785466205569319628MIIF+TCCA+GgAwIBAgIUZz//uRgXDeiK+evimSIRr5F8gswwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMR0wGwYDVQQKDBRDbGVhbkVuZXJneVJlZ3VsYXRvcjEMMAoGA1UECwwDRGV2MS4wLAYDVQQDDCVUZXN0MS5kZXYuY2xlYW5lbmVyZ3lyZWd1bGF0b3IuZ292LmF1MB4XDTIzMDIwOTAzMzU1OFoXDTI0MDIwOTAzMzU1OFowgYsxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMR0wGwYDVQQKDBRDbGVhbkVuZXJneVJlZ3VsYXRvcjEMMAoGA1UECwwDRGV2MS4wLAYDVQQDDCVUZXN0MS5kZXYuY2xlYW5lbmVyZ3lyZWd1bGF0b3IuZ292LmF1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bNTEjv0vqHB+Ev3dB+Ze/F7zqGEKY0p5buwDa1EVH406mO5IzReSROBLYQPu6LVQuQNMRV6NIf1e84vjGzAun3RaUOU7pNUvURLuEUpxip9uZtxwj2CO7A6U/+wAai0rXeA/dwu9c+C6NyWSfiQxlwc1qfM7pFq1m9+yW0rsvrJDekH2B4yWzLBVLpBghUIq1g5G9LUfDrphgPizVulLkMnSIy8fwrDDoeO+uZdCqmoNFDfKmpxOM0q9D7UL3G5EoGvQwdcPgcQGo1UbJEXoKdHUoNE4AzUjrcdOpKiSL6oyDaKKpJczgwMJ5mB9TU5p5cGzWSyhAfQWog1cDKzJsKhDoXgpR6kt37sGcMTc57yu0UZ5Y6IZMoMZcupHgU3Y0+OicPk0y5xAGOzqCOO2Y8meI5eIxZVIWisGBgDpjM7LRDPxSrv6sSGIZHLKd3qTBX3t/yQ+yJLXarzM+kevZN1fHqgRzRHa4WiMUYBIwLKeHI5CsJ055HMTdEdalqKWdmEBSHykkCqGvUE1gVqFOHxPmCzsk64kaQmD8JHioGpLjohl4kpkq7NtYiQqxWCDLfUVRUcqZjS2e9DvVGEGNGddFD5+C92P9M2qF3QBL1H6X8XmrQv9TD3lG9fxeIhfOeRx1MYyGVI9dUIG7h7fPN3yA+1tJyt1YJQVwhbuNECAwEAAaNTMFEwHQYDVR0OBBYEFFHw94li/13VSf6Zq5iisl+VZI33MB8GA1UdIwQYMBaAFFHw94li/13VSf6Zq5iisl+VZI33MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGkTqa6N4JpwJ81ZTxhUMPmBg4IRmKEpC4gnQLEBzAx7dEEoUsNK/ptARNR/umxq31aXwPEEY7xQ+f88VGUb6t1iz7d9B2oDC1BqlyVlpkmKqvadCLbVm6Nyj2cJtwefZt0UWBmO0q6DGKhhqvkdxqkgTqMVmTkrnq7y6dcTZtDXwPpFd20EfOdYq5cu6RoVqZ8B4CW5m+G1Cx51TmIiID2Cu1bf1If2dDmJk4bdhjBiXLkUtf5DF6gEK0MV1zgKjQxvIFzTfC2eMix5t353oxLd4C181vyuJD6yEskQY24cKVgJLYWWW89dVUmxdkeP6tUJ9hawYGA+/PsVU6PFsEI6G9XOKpP3mEMdhYkSAm//oYodMU4QHzg6jSUbP7fNVeDy36qS+OTotrq1mVua+xP7ZNdb6nIXa6gVGD0QiYOJLrkNtnnMnnv0emZj5tIQX5C+ggna0gLFz/47t3mC+oClLHOgDBMLX6u094E7QGwP7PKCF06q2rZhaxa0coim4xN2F4HPuOBaLFrKmqWjj3PugU65fyzoOQoTDPW2xQP/efM/a9gnCC/Bc7jeyCYJ3IeHgzw9ngw+C5ARgJDWoTe0bg/b7mNUwu+vP9jZAl0op9cCRtgZ1NkUeIhGlxgvNUUwgdPfvfx6wsKAEOx4bq64usTf8wKRcw5fSzOvi1WECN=Test1.dev.cleanenergyregulator.gov.au, OU=Dev, O=CleanEnergyRegulator, L=Canberra, S=ACT, C=AU1bNTEjv0vqHB+Ev3dB+Ze/F7zqGEKY0p5buwDa1EVH406mO5IzReSROBLYQPu6LVQuQNMRV6NIf1e84vjGzAun3RaUOU7pNUvURLuEUpxip9uZtxwj2CO7A6U/+wAai0rXeA/dwu9c+C6NyWSfiQxlwc1qfM7pFq1m9+yW0rsvrJDekH2B4yWzLBVLpBghUIq1g5G9LUfDrphgPizVulLkMnSIy8fwrDDoeO+uZdCqmoNFDfKmpxOM0q9D7UL3G5EoGvQwdcPgcQGo1UbJEXoKdHUoNE4AzUjrcdOpKiSL6oyDaKKpJczgwMJ5mB9TU5p5cGzWSyhAfQWog1cDKzJsKhDoXgpR6kt37sGcMTc57yu0UZ5Y6IZMoMZcupHgU3Y0+OicPk0y5xAGOzqCOO2Y8meI5eIxZVIWisGBgDpjM7LRDPxSrv6sSGIZHLKd3qTBX3t/yQ+yJLXarzM+kevZN1fHqgRzRHa4WiMUYBIwLKeHI5CsJ055HMTdEdalqKWdmEBSHykkCqGvUE1gVqFOHxPmCzsk64kaQmD8JHioGpLjohl4kpkq7NtYiQqxWCDLfUVRUcqZjS2e9DvVGEGNGddFD5+C92P9M2qF3QBL1H6X8XmrQv9TD3lG9fxeIhfOeRx1MYyGVI9dUIG7h7fPN3yA+1tJyt1YJQVwhbuNE=AQAB

Can anyone guide me for how to resolve the issue?