13.09.2004 12:53:39JavaScript +XML +проверка XML на .NET Ответов: 14
timda
Есть ли у кого пример такой реализации ?
спасибо за ответы

подписывать XML документ по стандарту, тоесть формировать все поля вручную ? или может просто зашифровать сообщение и потом проверить его по SigneData ....
 
Ответы:
13.09.2004 13:06:59Serge3leo
C КриптоПро CSP 3.0 Можно использовать COM объект MSXML 5.
13.09.2004 15:57:16timda
MSXML 5 поставляется только с Office2003 ....... ;-) так что спасибо, но нельзя
13.09.2004 16:08:39Serge3leo
На компьютерах с ранними версиями Ofiice (97/2000/XP/2002) можно установить бесплатный продукт "Word 2003: XML Viewer" размером 1 Мб, который содержит MSXML5.
Это работоспособное решение, до тех пор, пока MS не выпустит модуль для installer-а redistributible варианта нового MSXML.
13.09.2004 16:16:40timda
спасибо, это буду иметь ввиду
но все равно низя на пятом парсере писать ...
вообщем CAPICOM + javascript + .NET

мне бы примерчиков по уже реализованному ... не могу понять как мне на CAPICOM правильно подписать XML документ, либо - сделать Sign самому документу и возвращаемое значение с самим документом отправить на сервер, но там я опять не могу проверить ... вылетает ошибка ASN1, неправильный Base64 и куча всего ;-)
13.09.2004 16:30:20Serge3leo
С CAPICOM Вам проще всего использовать вариант с bDetached==FALSE, либо самому реализовать аналог нормализации, а потом подписывать c bDetached==TRUE.

> вылетает ошибка ASN1, неправильный Base64

Это похоже на ошибки связанные с тем, что строки в JS/VS в Unicode, а не в байтах. Надо тщательно следить за преобразованиями.

Успехов.
P.S.
Если нужны примеры XML, то запросите их у Ирины <mailto:kalugina@cryptopro.ru>.
13.09.2004 16:52:56timda
подскажите, пожалуйста, как правильно преобразовывать или где про это почитать ?
13.09.2004 17:54:05Serge3leo
Описания соотвествующих языков.

Вобщем, надо тщательно разбираться с тем, что подписываете (последовательность байт или Unicode(UTF16) строку), и с тем, что передаёте на Base64/ASN.1 декодирование.
13.09.2004 18:21:44timda
index.html
сохранен в UTF-8

var XML = new ActiveXObject("Msxml2.DOMDocument.4.0");
XML.async = false;
XML.loadXML(strXML);

var signedData = new ActiveXObject("CAPICOM.SignedData")
var signer = new ActiveXObject("CAPICOM.Signer");
signer.Certificate = Certificate; // здесь выбран сертификат Certificate = new ActiveXObject("CAPICOM.Certificate");

signedData.Content = XML.xml;
var signature = signedData.Sign(signer, true, 0);

формируем strURL
xmlhttp.Open("GET", strURL, true);
отправляем

тама вижу ошибки на дот нет ;-)

strXML береться из textarea
<?xml version="1.0" encoding="UTF-8"?>
<docs>
<doc>
<doc_name>Protocol</doc_name>
<doc_type>Act</doc_type>
<doc_value>1000</doc_value>
<doc_bank>MoscowBank</doc_bank>
</doc>
</docs>

где могут быть ошибки ?

14.09.2004 13:17:32timda
подпись XML парсером 5 версии
вот этот код постоянно вылетает с ошибкой Access is denied.
вылетает на этапе var a = xmldsig.sign(oKey, 1);
Не подскажете как вылечить ? спасибо

if (!xmldsig.signature)
{
alert("Invalid signature template\n");
return false;
}

var _key = cert.PrivateKey.ContainerName;
document.all.a.value = _key;
var oKey = xmldsig.createKeyFromCSP(1, "", _key, 0);

try {
var a = xmldsig.sign(oKey, 1);
}
catch (e)
{
alert(e.description);
}
30.09.2004 12:02:07timda
совсем нихто не знает ? ;-)
не верю

timda
http://timda.ru
30.09.2004 17:24:26xyz
Так предлагает делать MS.
Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

JScript Source: sign.js
var xmldoc, xmldsig, infile;
var szResult = "";

NOKEYINFO = 0;
KEYVALUE = 1;
CERTIFICATES = 2;
PURGE = 4;

DSIGNS = "xmlns:ds=&rsquo;http://www.w3.org/2000/09/xmldsig#&rsquo;";
PROV_RSA_FULL = 1;
// Change this key container name to your own if necessary.
RSA_KEY = "MyRSAFullKeys";

csp = PROV_RSA_FULL;
key = RSA_KEY;
infile = "signature_template.sign.rsa.xml";


if (InitXML())
{

if (LoadXML(infile)) {

alert("Sign with fwWriteKeyInfo = NOKEYINFO:");
SignXML(NOKEYINFO);

alert("Sign with fwWriteKeyInfo = KEYVALUE:");
SignXML(KEYVALUE|PURGE);

alert("Sign with fwWriteKeyInfo = CERTIFICATES:");
SignXML(CERTIFICATES);

alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:");
SignXML(CERTIFICATES|PURGE);

alert("Sign with fwWriteKeyInfo = PURGE:");
SignXML(PURGE);
}

}

///////// Helper functions. /////////
function alert(str) { WScript.echo(str); }

///////// Set the signature for signing. ////////
function InitXML()
{
try {
xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0");
xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0");
}
catch (e) {
alert("Installation of mxsml5 is required to run this app.\n");
return false;
}

xmldoc.async = false;
xmldoc.preserveWhiteSpace = true;
xmldoc.validateOnParse = false;
xmldoc.resolveExternals = false;
return true;
}

function LoadXML(file)
{
if (xmldoc == null) {
alert("must instantiate xml dom\n");
return false;
}

if (!xmldoc.load(file)) {
alert("Can&rsquo;t load "+ file + "\n");
return false;
}
xmldoc.setProperty("SelectionNamespaces", DSIGNS);
xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature");
return true;
}

function SignXML(fwWriteKeyInfo)
{
if (!xmldsig.signature)
{
alert("Invalid signature template\n");
return false;
}

var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0);
if (!oKey)
{
alert("Invalid key.\n");
return false;
}

var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo);
if (!oSignedKey)
{
alert("sign failed.\n");
return false;
}

alert("The specified data was signed successfully.\n"+
"Resultant signature:\n"+
xmldoc.xml + "\n");
return true;
}
Try It!

Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures.
Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml.
Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml.
From a command prompt, navigate to this directory, then type "cscript sign.js".
Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed.
Verify that your output is the similar to that listed in the Output topic.
30.09.2004 17:24:39xyz
Так предлагает делать MS.
Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

JScript Source: sign.js
var xmldoc, xmldsig, infile;
var szResult = "";

NOKEYINFO = 0;
KEYVALUE = 1;
CERTIFICATES = 2;
PURGE = 4;

DSIGNS = "xmlns:ds=&rsquo;http://www.w3.org/2000/09/xmldsig#&rsquo;";
PROV_RSA_FULL = 1;
// Change this key container name to your own if necessary.
RSA_KEY = "MyRSAFullKeys";

csp = PROV_RSA_FULL;
key = RSA_KEY;
infile = "signature_template.sign.rsa.xml";


if (InitXML())
{

if (LoadXML(infile)) {

alert("Sign with fwWriteKeyInfo = NOKEYINFO:");
SignXML(NOKEYINFO);

alert("Sign with fwWriteKeyInfo = KEYVALUE:");
SignXML(KEYVALUE|PURGE);

alert("Sign with fwWriteKeyInfo = CERTIFICATES:");
SignXML(CERTIFICATES);

alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:");
SignXML(CERTIFICATES|PURGE);

alert("Sign with fwWriteKeyInfo = PURGE:");
SignXML(PURGE);
}

}

///////// Helper functions. /////////
function alert(str) { WScript.echo(str); }

///////// Set the signature for signing. ////////
function InitXML()
{
try {
xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0");
xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0");
}
catch (e) {
alert("Installation of mxsml5 is required to run this app.\n");
return false;
}

xmldoc.async = false;
xmldoc.preserveWhiteSpace = true;
xmldoc.validateOnParse = false;
xmldoc.resolveExternals = false;
return true;
}

function LoadXML(file)
{
if (xmldoc == null) {
alert("must instantiate xml dom\n");
return false;
}

if (!xmldoc.load(file)) {
alert("Can&rsquo;t load "+ file + "\n");
return false;
}
xmldoc.setProperty("SelectionNamespaces", DSIGNS);
xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature");
return true;
}

function SignXML(fwWriteKeyInfo)
{
if (!xmldsig.signature)
{
alert("Invalid signature template\n");
return false;
}

var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0);
if (!oKey)
{
alert("Invalid key.\n");
return false;
}

var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo);
if (!oSignedKey)
{
alert("sign failed.\n");
return false;
}

alert("The specified data was signed successfully.\n"+
"Resultant signature:\n"+
xmldoc.xml + "\n");
return true;
}
Try It!

Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures.
Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml.
Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml.
From a command prompt, navigate to this directory, then type "cscript sign.js".
Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed.
Verify that your output is the similar to that listed in the Output topic.
30.09.2004 17:24:43xyz
Так предлагает делать MS.
Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

JScript Source: sign.js
var xmldoc, xmldsig, infile;
var szResult = "";

NOKEYINFO = 0;
KEYVALUE = 1;
CERTIFICATES = 2;
PURGE = 4;

DSIGNS = "xmlns:ds=&rsquo;http://www.w3.org/2000/09/xmldsig#&rsquo;";
PROV_RSA_FULL = 1;
// Change this key container name to your own if necessary.
RSA_KEY = "MyRSAFullKeys";

csp = PROV_RSA_FULL;
key = RSA_KEY;
infile = "signature_template.sign.rsa.xml";


if (InitXML())
{

if (LoadXML(infile)) {

alert("Sign with fwWriteKeyInfo = NOKEYINFO:");
SignXML(NOKEYINFO);

alert("Sign with fwWriteKeyInfo = KEYVALUE:");
SignXML(KEYVALUE|PURGE);

alert("Sign with fwWriteKeyInfo = CERTIFICATES:");
SignXML(CERTIFICATES);

alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:");
SignXML(CERTIFICATES|PURGE);

alert("Sign with fwWriteKeyInfo = PURGE:");
SignXML(PURGE);
}

}

///////// Helper functions. /////////
function alert(str) { WScript.echo(str); }

///////// Set the signature for signing. ////////
function InitXML()
{
try {
xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0");
xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0");
}
catch (e) {
alert("Installation of mxsml5 is required to run this app.\n");
return false;
}

xmldoc.async = false;
xmldoc.preserveWhiteSpace = true;
xmldoc.validateOnParse = false;
xmldoc.resolveExternals = false;
return true;
}

function LoadXML(file)
{
if (xmldoc == null) {
alert("must instantiate xml dom\n");
return false;
}

if (!xmldoc.load(file)) {
alert("Can&rsquo;t load "+ file + "\n");
return false;
}
xmldoc.setProperty("SelectionNamespaces", DSIGNS);
xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature");
return true;
}

function SignXML(fwWriteKeyInfo)
{
if (!xmldsig.signature)
{
alert("Invalid signature template\n");
return false;
}

var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0);
if (!oKey)
{
alert("Invalid key.\n");
return false;
}

var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo);
if (!oSignedKey)
{
alert("sign failed.\n");
return false;
}

alert("The specified data was signed successfully.\n"+
"Resultant signature:\n"+
xmldoc.xml + "\n");
return true;
}
Try It!

Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures.
Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml.
Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml.
From a command prompt, navigate to this directory, then type "cscript sign.js".
Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed.
Verify that your output is the similar to that listed in the Output topic.
30.09.2004 17:24:50xyz
Так предлагает делать MS.
Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

JScript Source: sign.js
var xmldoc, xmldsig, infile;
var szResult = "";

NOKEYINFO = 0;
KEYVALUE = 1;
CERTIFICATES = 2;
PURGE = 4;

DSIGNS = "xmlns:ds=&rsquo;http://www.w3.org/2000/09/xmldsig#&rsquo;";
PROV_RSA_FULL = 1;
// Change this key container name to your own if necessary.
RSA_KEY = "MyRSAFullKeys";

csp = PROV_RSA_FULL;
key = RSA_KEY;
infile = "signature_template.sign.rsa.xml";


if (InitXML())
{

if (LoadXML(infile)) {

alert("Sign with fwWriteKeyInfo = NOKEYINFO:");
SignXML(NOKEYINFO);

alert("Sign with fwWriteKeyInfo = KEYVALUE:");
SignXML(KEYVALUE|PURGE);

alert("Sign with fwWriteKeyInfo = CERTIFICATES:");
SignXML(CERTIFICATES);

alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:");
SignXML(CERTIFICATES|PURGE);

alert("Sign with fwWriteKeyInfo = PURGE:");
SignXML(PURGE);
}

}

///////// Helper functions. /////////
function alert(str) { WScript.echo(str); }

///////// Set the signature for signing. ////////
function InitXML()
{
try {
xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0");
xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0");
}
catch (e) {
alert("Installation of mxsml5 is required to run this app.\n");
return false;
}

xmldoc.async = false;
xmldoc.preserveWhiteSpace = true;
xmldoc.validateOnParse = false;
xmldoc.resolveExternals = false;
return true;
}

function LoadXML(file)
{
if (xmldoc == null) {
alert("must instantiate xml dom\n");
return false;
}

if (!xmldoc.load(file)) {
alert("Can&rsquo;t load "+ file + "\n");
return false;
}
xmldoc.setProperty("SelectionNamespaces", DSIGNS);
xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature");
return true;
}

function SignXML(fwWriteKeyInfo)
{
if (!xmldsig.signature)
{
alert("Invalid signature template\n");
return false;
}

var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0);
if (!oKey)
{
alert("Invalid key.\n");
return false;
}

var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo);
if (!oSignedKey)
{
alert("sign failed.\n");
return false;
}

alert("The specified data was signed successfully.\n"+
"Resultant signature:\n"+
xmldoc.xml + "\n");
return true;
}
Try It!

Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures.
Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml.
Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml.
From a command prompt, navigate to this directory, then type "cscript sign.js".
Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed.
Verify that your output is the similar to that listed in the Output topic.