Ciao Giuseppe,
Gentilissimo !
Grazie a te ora so qualcosa in piú.
Purtroppo non ci sono ancora riuscito…
Sto scrivendo un client in C# e pensavo di usare Chilkat per la “compilazione” della risposta, in modo da poter generare firme per le richieste successive. Prima peró mi servirebbe un modello in grado di generare una richiesta accettabile e tra i vari esempi non ho capito quale potrebbe esserci utile.
Ho provato con Dike, File Protector e anche a generare con il tool l’xml firmato con la stessa struttura che aveva postato Matteo utilizzando il certificato.p12 che mi aveva girato il cliente, ma ho ottenuto sempre lo stesso errore.
Con File Protector 6 abbiamo verificato la presenza di due certificati sulla chiavetta:
- Il certificato CNS, il quale genera un XML non valido,
- il certificato DS3 che ha passato la “Verifica” di File Protector.
Ho utilizzato le seguenti impostazioni per firmare gli XML
E questo é il risultato
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://xsd.taraturastrumenti.domest.dogane.finanze.it">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<xsd:dispatcherRequest>
<messaggio>
<serviceID>TEST</serviceID>
</messaggio>
</xsd:dispatcherRequest>
</soapenv:Body><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signer-T-1603265264451">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties-Signer-T-1603265264451">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>l5JtHH9hGz/XSJfJemJAdnaXAmJ8Kt1FJtd6GhNp3JM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
<dsig-xpath:XPath xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract">/descendant::ds:Signature</dsig-xpath:XPath>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>qVfk+x7dWqVMP7CPdag8GsfujSCe95HmHhUElGWXqCc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#KeyInfo-Signer-T-1603265264451">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>f66dBvzQR1PbqyS4C878HIF7pUATSIvU9NUfBXlm5NQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
vVhT6Uj7RkqDqB+hSL6uSe98Z4gEm/8+4OtIi0y7CzG0ImjZC9BKs8kS//XDe3xOe4BqK1JRqtnq
Plgk1HNOgrINE6OlG5cW5yo5YeGdYYKCiprw4oLsUGgRIs7dBEkJHrWu+s4JimxtCZIvyzi/lmAs
81tyBB8b2LJodnEBIIGwvPHuuxNzTfxnEwZZEqzLHu5Is+XuFyptwrARdHimSbxUYWAJDO5u8HVU
5ItcjRu2kOjh/nNfQ6aOst+4P7nqS0DSsJrDZ9Jv2k44HrTAVcsuPNYFAl0KHmpumazJzi5cCk5t
If3W+NCWWOujuDaVKQZuvJSpOAHPDDwPNzF09g==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyInfo-Signer-T-1603265264451">
<ds:X509Data>
<ds:X509Certificate>
MIIHtzCCBp+gAwIBAgIEAOuqKjANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCSVQxFTATBgNV
BAoMDElORk9DRVJUIFNQQTEiMCAGA1UECwwZQ2VydGlmaWNhdG9yZSBBY2NyZWRpdGF0bzEUMBIG
A1UEBRMLMDc5NDUyMTEwMDYxJTAjBgNVBAMMHEluZm9DZXJ0IEZpcm1hIFF1YWxpZmljYXRhIDIw
HhcNMTkxMDI0MDc1OTU0WhcNMjIxMDI0MDAwMDAwWjB7MQswCQYDVQQGEwJJVDENMAsGA1UEBAwE
Tk9WQTEfMB0GA1UEBRMWVElOSVQtTlZPREdJNzlBMDlEMjA1UjETMBEGA1UEAwwKTk9WQSBESUVH
TzEXMBUGA1UELhMOMjAxOTcxMTMyMDM1NjExDjAMBgNVBCoMBURJRUdPMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxVJGtNIS6YJWyYHtbaLLArRbFoMmrNLP7jA2J/Mt8xOG8BKBCOQe
LyZzF0DfwO8vn19AWWXbqak7p/rr5GjECMrqoHlB9ML+7giXjNV8Fx5a510mB6WFrXR5YDhoCEby
m8aistHUAgz5LsgXPe4w9WmZeD/JW6YsewVKOlQmbKVn6BfMDeN2mVnZ/UJW2XI+BclQcEn0Q6dk
q4oKgqs5g9rtysMPK/w21295rp0s/LL5LSX9svO1XsO4mQ+0i8PPjZB3GuQPy6MxUVFK9/cuSvJo
7jVAA9Rj6Z36DSBnBWcBBAM4XPI1GiVvwozZaEP2f+skG1ACUD30xRc2IL0D0wIDAQABo4IENjCC
BDIwCQYDVR0TBAIwADAlBgNVHRIEHjAcgRpmaXJtYS5kaWdpdGFsZUBpbmZvY2VydC5pdDCB5wYD
VR0fBIHfMIHcMDKgMKAuhixodHRwOi8vY3JsLmluZm9jZXJ0Lml0L2NybHMvZmlybWEyL0NSTDM0
LmNybDCBpaCBoqCBn4aBnGxkYXA6Ly9sZGFwLmluZm9jZXJ0Lml0L2NuJTNESW5mb0NlcnQlMjBG
aXJtYSUyMFF1YWxpZmljYXRhJTIwMiUyMENSTDM0LG91JTNEQ2VydGlmaWNhdG9yZSUyMEFjY3Jl
ZGl0YXRvLG8lM0RJTkZPQ0VSVCUyMFNQQSxjJTNESVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
dDBuBggrBgEFBQcBAQRiMGAwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnNjLmluZm9jZXJ0Lml0
LzA1BggrBgEFBQcwAoYpaHR0cDovL2NlcnQuaW5mb2NlcnQuaXQvY2EyL2Zpcm1hMi9DQS5jcnQw
gegGA1UdIASB4DCB3TBPBgYrTCQBASAwRTBDBggrBgEFBQcCARY3aHR0cDovL3d3dy5maXJtYS5p
bmZvY2VydC5pdC9kb2N1bWVudGF6aW9uZS9tYW51YWxpLnBocDAIBgYrTBgBAQIwCQYHBACL7EAB
AjB1BgQrTBAGMG0wawYIKwYBBQUHAgIwXwxdUXVlc3RvIGNlcnRpZmljYXRvIHJpc3BldHRhIGxl
IHJhY2NvbWFuZGF6aW9uaSBwcmV2aXN0ZSBkYWxsYSBEZXRlcm1pbmF6aW9uZSBBZ2lkIE4uIDEy
MS8yMDE5MIGEBggrBgEFBQcBAwR4MHYwCAYGBACORgEBMAgGBgQAjkYBBDALBgYEAI5GAQMCARQw
EwYGBACORgEGMAkGBwQAjkYBBgEwPgYGBACORgEFMDQwMhYsaHR0cHM6Ly93d3cuZmlybWEuaW5m
b2NlcnQuaXQvcGRmL1BLSS1EUy5wZGYTAmVuMA4GA1UdDwEB/wQEAwIGQDAkBgNVHREEHTAbgRlk
aWVnby5ub3ZhQG5vdmF0cm9uaWNhLml0MCgGA1UdCQQhMB8wHQYIKwYBBQUHCQExERgPMTk3OTAx
MDkwMDAwMDBaMIGyBgNVHSMEgaowgaeAFJPdIfwD0BUKcq2jzNWaCZ04i53poYGLpIGIMIGFMQsw
CQYDVQQGEwJJVDEVMBMGA1UECgwMSU5GT0NFUlQgU1BBMSIwIAYDVQQLDBlDZXJ0aWZpY2F0b3Jl
IEFjY3JlZGl0YXRvMRQwEgYDVQQFEwswNzk0NTIxMTAwNjElMCMGA1UEAwwcSW5mb0NlcnQgRmly
bWEgUXVhbGlmaWNhdGEgMoIBATAdBgNVHQ4EFgQUSNxkGZjfJFTc+W83d1XBQTZm/qYwDQYJKoZI
hvcNAQELBQADggEBAKfohLbxKkFJyTy3Psl2iCAvkp898EEbLk55SzHytEUF3JgKILcVpmW2hlbx
KPN0e/bzHNAmRbf0Cm923UNNkY5uVyCrBrhgcIMtUUN+KCLRKEE9n3WMfnNbGHu6XmTF0PV4GXPE
4MC+l+5Y1aPnuKT0izSXLQV3BF6szoClYfEeiIZcg86PI2Oi8sw+n5+ffA773PSqkXQBk00ch6yk
K/ll/0aoufvI6isMjr5ByvuUcKLfiFdmrPkALPsrRcu2VcPQenhJkjcJL7czZhkmaYXbASUHqBOV
wr3gpJ1Qf9kPiqwHmQ+a6380z9LOE2LKwlZWnPH+i9+ow6ZsQGCZkUA=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#Signer-T-1603265264451">
<xades:SignedProperties Id="SignedProperties-Signer-T-1603265264451">
<xades:SignedSignatureProperties>
<xades:SigningTime>2020-10-21T09:27:44+02:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>+BwBkHn1MjMEC36xsTmM9OHuvujU2t6G6WhSP09ATrg=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>C=IT,O=INFOCERT SPA,OU=Certificatore Accreditato,SERIALNUMBER=07945211006,CN=InfoCert Firma Qualificata 2</ds:X509IssuerName>
<ds:X509SerialNumber>15444522</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</soapenv:Envelope>
Purtroppo con SOAPUI ho ricevuto lo stesso errore di sempre (internal server error);
Non vorrei che il problema fosse legato al fatto che, se provo a validare con SoapUI l’XML precedente, lui si lamenta dando il seguente errore:
line10: Element not allowed: Signature@http://www.w3.org/2000/09/xmldsig# in element Envelope@http://schemas.xmlsoap.org/soap/envelope/
Dici che potrebbe influire sull’esito dell’operazione ?