Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I am getting the error : signature failed validation - installation details may have been altered #258

Open
akashitidol opened this issue Oct 30, 2023 · 0 comments
Open

I am getting the error : signature failed validation - installation details may have been altered #258

akashitidol opened this issue Oct 30, 2023 · 0 comments

Comments

@akashitidol
Copy link

Hi everyone,
Getting this issue when I am uploading the BUF and SDP files on Test REC:

"
Error: Please check and correct the following issues before continuing:
Signature failed validation - installation details may have been altered
"

I have created Self signed certificate and serial number on our server using below commands,

openssl x509 -in 1808techformcert.pem -pubkey -noout > 1808public_key.pem
openssl rsa -in 1808techformcert.pem -noout -modulus

  • After generating certificate and serial number, I have added that on git (https://github.com/CleanEnergyRegulator/TEST-SPV/blob/cer-endpoint-fix/TEST-referencedata.json)

    {
    "id": "4003",
    "subject": "C=AU, ST=QUEENSLAND, L=BRISBANE, O=Techno FORMS PTY LTD, OU=TECHNO FOMRS, CN=TECHNO FORMS, emailAddress=[email protected]",
    "serialnumber": "645223990651225002623976771590666527628488174495",
    "validto": "2024-08-17",
    "publickey": "-----BEGIN CERTIFICATE-----MIIGNzCCBB+gAwIBAgIUcQTYKhBWal/1NTbLB3hizu1da58wDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRVUVFTlNMQU5EMREwDwYDVQQHDAhCUklTQkFORTEdMBsGA1UECgwUVGVjaG5vIEZPUk1TIFBUWSBMVEQxFTATBgNVBAsMDFRFQ0hOTyBGT01SUzEVMBMGA1UEAwwMVEVDSE5PIEZPUk1TMSYwJAYJKoZIhvcNAQkBFhdpbmZvQHRlY2hub2Zvcm1zLmNvbS5hdTAeFw0yMzA4MTgwODA1MTlaFw0yNDA4MTcwODA1MTlaMIGqMQswCQYDVQQGEwJBVTETMBEGA1UECAwKUVVFRU5TTEFORDERMA8GA1UEBwwIQlJJU0JBTkUxHTAbBgNVBAoMFFRlY2hubyBGT1JNUyBQVFkgTFREMRUwEwYDVQQLDAxURUNITk8gRk9NUlMxFTATBgNVBAMMDFRFQ0hOTyBGT1JNUzEmMCQGCSqGSIb3DQEJARYXaW5mb0B0ZWNobm9mb3Jtcy5jb20uYXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxGWJt3ZtgKW3IZlG6a9fkdrYpMFGMhKn4g2oBNJceiBtogwbxc7epqnsClrrY6Bf1sjHJQ6q/L7mrtiDV3oaS6gSaD71yX+4B30VrgjQJvpppNEnkw4mBTO1I70s92Mq/7clK+XciThT059wJGronNC3T4TQcrgQ00CsapHA+hYJc2qQWi5P0fYiUCVMPdNTz+wTbd9JkZeo4NSywTubiSvegU8xThdQ50GCMHCP9eCHRCSIHgz78bsRJAKSRZIwKLIlaqLdS5yWPMhOOHWXZlJL5lTd8TsN64Dn/CW+wN64FPViTonDngUA7++LWkMSM7K0/2GaqBlpqDliYKjItsgzTl59NaOG+iXy3R2gyfXQ2fkeMlO+FlBTuKeDvwfSY+R7WG2wsbKhx4cQyeG5YtkF8dWlvDEJFexApIatYeQr8rF3O3zE9gzWj0tb0+Whi6VHqpd6z3JpQKFTF3e1lo/pBtxQdwFjwedIV6xfNgaosOlTLUvyPrsiHRu5DaVUc2AuBDtcDEXNRWPJvrylsaBfMA5mvQa3XU5/G68QDX5KLZe3vP2EZbhRUoY0ryI00WnDVCklmB4NavBHT25+7+xqEDd6lnef5498Jgy7Q+s1JSpMPnI1N50MkWPKnUlP62QwRoklb142TtbueOPClGCWav0hWLfiuSbzpARNpzQIDAQABo1MwUTAdBgNVHQ4EFgQUfwWcEh3y+EkmcOYPTf4GrkEj7U0wHwYDVR0jBBgwFoAUfwWcEh3y+EkmcOYPTf4GrkEj7U0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFv/o+QeRgVXcnxj9eBlG0ECtPaoLzHXnfOknQb0f/lrJKqT+9tKRuIoTstGFoA4TscwLA1i/+PeUqpjxBLR03Cb+dzexhEcMLwiG+M0r5Do7dRtXYjxn+ook2MfIAYtFo2dw1PFFaSOLQMvWSx2CoyxFZvC3DXkkU7QbjKMD0mUiIp4R3//0/41rlpTUoX1yE5Ahkt2mDfgfSlSyCJOCVmQSuuCwFP5YP05t5efSfEwdq40Ut6OKtvQJeiItkeO6D2vae87RRa7eG6wJEEdlXwCeOJLtajGYcHezbI/AdRfMAS5KNfJLvqSe38r0iqKz48VoA5v+NQ5xeYWusoSM+EEYXdgscG2wAIPZRtZr7TJVb27Y1mPeddBJChB55WXVOCff574LTMk8yFLHHY1NJOGJTU+4k8xHe5eAwJSNj4h9Ba3p8kvLgEGZuODR331wShkpy+RbGTXzZUoymww73GOUrfAo3ZFXdPG/yBY//6B/AHIo8D2PsssNMBBoXRv72AX3fA/fX9AXa0/c+6K2U30XNbiPHmbBi5zZUeo4Wp4OKjej5VyUSsIBRdIPS1t/rGjGy7sHhmoKAv0R4FIf7qjhke1MKVOk45mTWbKzhhn0WlX4B3s9lhrSqWpULCI96SZqVNtO9q2ITPhNaKKADvTnqCte74Ef7+iPt7iO4Cg=-----END CERTIFICATE-----"
    },

  • I have replaced the above mentioned informations in application signature(Signature 2) from our code,

    1. X509IssuerName (Certificate Subject)
    2. X509SerialNumber (Certificate Serial Number)
    3. X509Certificate (Public Key)
    4. KeyName (Certificate Subject)

    Can anyone guide me for how to resolve the issue?

Below is my code .

-----------------------------------------------------------Code to sign XML---START-----------------------------------------------------------
$xml = new \DOMDocument();
$xml->load($content);
if (!$xml->loadXML($content)) {
echo "Failed to load XML document.";
// You can check $xml->load() if you are loading from a file.
// Handle the error as needed.
exit;
}
// Create a new XMLSec signature
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference(
$xml,
XMLSecurityDSig::SHA256,
['#Installation'],
['force_uri' => true]
);

// Load the private key
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'private']);
$key->loadKey(public_path('17102023private_key_no_passphrase.pem'), true); // Path to your private key
$objDSig->add509Cert(file_get_contents(public_path('17102023certificate.pem'))); // Path to your public certificate
$objDSig->sign($key); // Pass the key as an argument to the sign method

// Append the signature to the XML
$objDSig->appendSignature($xml->documentElement);
// Get the newly added signature element

$signatureElement = $xml->getElementsByTagName('Signature')->item(1);

// Create the X509IssuerSerial element
$x509Data = $signatureElement->getElementsByTagName('X509Data')->item(0);

$x509IssuerSerial = $xml->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'X509IssuerSerial');
$x509SerialNumber = $xml->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'X509SerialNumber');
$x509SerialNumber->nodeValue = '515235088231050242768900489065250446133869353060'; // Replace with your serial number
$x509IssuerName = $xml->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'X509IssuerName');
$x509IssuerName->nodeValue = 'C = AU, ST = QUEENSLAND, L = HEATHWOOD, O = Techno FORMS PTY LTD, OU = Verification, CN = login.technoforms.com.au, emailAddress = [email protected]'; // Replace with your issuer name

$x509IssuerSerial->appendChild($x509IssuerName);
$x509IssuerSerial->appendChild($x509SerialNumber);
$x509Data->appendChild($x509IssuerSerial);

$x509Certificate = $signatureElement->getElementsByTagName('X509Certificate')->item(0);

$x509Data->insertBefore($x509IssuerSerial, $x509Certificate);

// Create the KeyName element
$keyName = $xml->createElement('KeyName', 'C = AU, ST = QUEENSLAND, L = HEATHWOOD, O = Techno FORMS PTY LTD, OU = Verification, CN = login.technoforms.com.au, emailAddress = [email protected]');

// Create the KeyValue element with RSAKeyValue
$keyValue = $xml->createElement('KeyValue');
$rsaKeyValue = $xml->createElement('RSAKeyValue');

// Create Modulus and Exponent elements within RSAKeyValue
$modulus = $xml->createElement('Modulus', 'vmPf+o0sdbVoQ4tfFG8hg1Gu1wahmSvibPlvg3PTDKpkNNiWLHk3FC4571xJhvAlJUeeHJ8PmKonlIjpOTMyeruZCv03K9f6CsEam6rmfzbtKRXqC4EmwAJhKPX2tfbtwXSrZfWfpUX8oc4xuhgotDVSBZ/MWmVV6agq0zGiz4uEdiqJmiz3wVLbzGSWKkKMe4KdrCuT/T6gWMkXMe1c7IuqVXQJ8dJTneWtJc4VDb9oyXFsnm52YjQA9cpoBP4bUCOwS3sS9t+T/0HC1vpCdt+T/0HC1vpCdt');

$exponent = $xml->createElement('Exponent', 'AQAB');

// Append Modulus and Exponent to RSAKeyValue
$rsaKeyValue->appendChild($modulus);
$rsaKeyValue->appendChild($exponent);

// Append RSAKeyValue to KeyValue
$keyValue->appendChild($rsaKeyValue);

// Append KeyName and KeyValue after X509Data

$x509Data->parentNode->insertBefore($keyValue, $x509Data->nextSibling);
$x509Data->parentNode->insertBefore($keyName, $x509Data->nextSibling);

// Traverse the XML document and replace "ds:" with your preferred namespace prefix (e.g., "custom:")
// After signing the XML, remove the "ds:" namespace prefixes from the signature elements
$signedXml = $xml->saveXML();

// Remove the "ds:" prefixes
$signedXml = str_replace(['ds:', ':ds'], ['', ''], $signedXml);
$signedXml = str_replace(['Transform Algorithm="#Installation"'], ['Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"'], $signedXml);
$signedXml = str_replace(['Reference URI=""'], ['Reference URI="#Installation"'], $signedXml);
$signedXml = str_replace(['CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"'],['CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"'], $signedXml);

-----------------------------------------------------------Code to sign XML---END-------------------------------------------------------------

Also , I want signature in below format and tags . I am removing ds from sign after XML was signed, may be due to that i am getting
this error "Signature failed validation - installation details may have been altered".

-----------------------------------------------i want signature in below format and tags------------------------------------------------------

j92+srj+sZHZRHc7jcRq+yKaREFa7mKaOQKzhhYd/bA=OIlr87Aq3WSyCSeUjCngzGKSXPOFQMihnuRDHsYoPiIxZr/rfcmxwgP2C/EIbAJfTbwKD31TWh1jcZML+lDUwTXCNI1gY88M9SVksFSiam0t38hM90QI6DKAYTF+FJsr/+Tr1mc+C50QvYhNBXipGZRoxjwq9GQzGUNh1a1PlDGHv3ohOH6MQ2M4gAmu9EuXRI2dqF/ArjaR9hQ2JVcRJNi0rLSFn236vi68VlGuJeuEC5RzVWS9kpCZIezRm5v+QXE52AuuFz6liiszVMpNXJnsY/0vz+r22vuxgDqxJ452ltG6nNUp3FGDWxp+Yd77cxDesOs1kCcDt4Q+COf31i0qX8gkqzezVzyLzQThXSRl+3MTTCdKo16Pgc2pBc3c1hbQkXCkJTq9emXXAkcTMmJ9nyrDD7Ww618xF3kH9OFE4AKAx+/m+IWQpPJTMae4ieSkGrtUck/Rz87JFY9Qbk1qDxWjY1+RL2tLLoqb3fNAFBUblRGvCTSahm4DzjBB1DqxezN36sBNXP2KAFZRQTWlgP+ObEo177hRbuJDiXK0nZqQtqaravqBUruDjT8hROtgCkho/vjUSoVpxI1rmf1rjmmtNHlQYh0UZLVGCyg+pel2JJjmbCWOqa2u+oFt77KtM4G+yNuSYLr+SvU1p1De3xY+SZDZot7lKn7K5x8=CN=Test1.dev.cleanenergyregulator.gov.au, OU=Dev, O=CleanEnergyRegulator, L=Canberra, S=ACT, C=AU589453272959534556312295100069785466205569319628MIIF+TCCA+GgAwIBAgIUZz//uRgXDeiK+evimSIRr5F8gswwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMR0wGwYDVQQKDBRDbGVhbkVuZXJneVJlZ3VsYXRvcjEMMAoGA1UECwwDRGV2MS4wLAYDVQQDDCVUZXN0MS5kZXYuY2xlYW5lbmVyZ3lyZWd1bGF0b3IuZ292LmF1MB4XDTIzMDIwOTAzMzU1OFoXDTI0MDIwOTAzMzU1OFowgYsxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMR0wGwYDVQQKDBRDbGVhbkVuZXJneVJlZ3VsYXRvcjEMMAoGA1UECwwDRGV2MS4wLAYDVQQDDCVUZXN0MS5kZXYuY2xlYW5lbmVyZ3lyZWd1bGF0b3IuZ292LmF1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bNTEjv0vqHB+Ev3dB+Ze/F7zqGEKY0p5buwDa1EVH406mO5IzReSROBLYQPu6LVQuQNMRV6NIf1e84vjGzAun3RaUOU7pNUvURLuEUpxip9uZtxwj2CO7A6U/+wAai0rXeA/dwu9c+C6NyWSfiQxlwc1qfM7pFq1m9+yW0rsvrJDekH2B4yWzLBVLpBghUIq1g5G9LUfDrphgPizVulLkMnSIy8fwrDDoeO+uZdCqmoNFDfKmpxOM0q9D7UL3G5EoGvQwdcPgcQGo1UbJEXoKdHUoNE4AzUjrcdOpKiSL6oyDaKKpJczgwMJ5mB9TU5p5cGzWSyhAfQWog1cDKzJsKhDoXgpR6kt37sGcMTc57yu0UZ5Y6IZMoMZcupHgU3Y0+OicPk0y5xAGOzqCOO2Y8meI5eIxZVIWisGBgDpjM7LRDPxSrv6sSGIZHLKd3qTBX3t/yQ+yJLXarzM+kevZN1fHqgRzRHa4WiMUYBIwLKeHI5CsJ055HMTdEdalqKWdmEBSHykkCqGvUE1gVqFOHxPmCzsk64kaQmD8JHioGpLjohl4kpkq7NtYiQqxWCDLfUVRUcqZjS2e9DvVGEGNGddFD5+C92P9M2qF3QBL1H6X8XmrQv9TD3lG9fxeIhfOeRx1MYyGVI9dUIG7h7fPN3yA+1tJyt1YJQVwhbuNECAwEAAaNTMFEwHQYDVR0OBBYEFFHw94li/13VSf6Zq5iisl+VZI33MB8GA1UdIwQYMBaAFFHw94li/13VSf6Zq5iisl+VZI33MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGkTqa6N4JpwJ81ZTxhUMPmBg4IRmKEpC4gnQLEBzAx7dEEoUsNK/ptARNR/umxq31aXwPEEY7xQ+f88VGUb6t1iz7d9B2oDC1BqlyVlpkmKqvadCLbVm6Nyj2cJtwefZt0UWBmO0q6DGKhhqvkdxqkgTqMVmTkrnq7y6dcTZtDXwPpFd20EfOdYq5cu6RoVqZ8B4CW5m+G1Cx51TmIiID2Cu1bf1If2dDmJk4bdhjBiXLkUtf5DF6gEK0MV1zgKjQxvIFzTfC2eMix5t353oxLd4C181vyuJD6yEskQY24cKVgJLYWWW89dVUmxdkeP6tUJ9hawYGA+/PsVU6PFsEI6G9XOKpP3mEMdhYkSAm//oYodMU4QHzg6jSUbP7fNVeDy36qS+OTotrq1mVua+xP7ZNdb6nIXa6gVGD0QiYOJLrkNtnnMnnv0emZj5tIQX5C+ggna0gLFz/47t3mC+oClLHOgDBMLX6u094E7QGwP7PKCF06q2rZhaxa0coim4xN2F4HPuOBaLFrKmqWjj3PugU65fyzoOQoTDPW2xQP/efM/a9gnCC/Bc7jeyCYJ3IeHgzw9ngw+C5ARgJDWoTe0bg/b7mNUwu+vP9jZAl0op9cCRtgZ1NkUeIhGlxgvNUUwgdPfvfx6wsKAEOx4bq64usTf8wKRcw5fSzOvi1WECN=Test1.dev.cleanenergyregulator.gov.au, OU=Dev, O=CleanEnergyRegulator, L=Canberra, S=ACT, C=AU1bNTEjv0vqHB+Ev3dB+Ze/F7zqGEKY0p5buwDa1EVH406mO5IzReSROBLYQPu6LVQuQNMRV6NIf1e84vjGzAun3RaUOU7pNUvURLuEUpxip9uZtxwj2CO7A6U/+wAai0rXeA/dwu9c+C6NyWSfiQxlwc1qfM7pFq1m9+yW0rsvrJDekH2B4yWzLBVLpBghUIq1g5G9LUfDrphgPizVulLkMnSIy8fwrDDoeO+uZdCqmoNFDfKmpxOM0q9D7UL3G5EoGvQwdcPgcQGo1UbJEXoKdHUoNE4AzUjrcdOpKiSL6oyDaKKpJczgwMJ5mB9TU5p5cGzWSyhAfQWog1cDKzJsKhDoXgpR6kt37sGcMTc57yu0UZ5Y6IZMoMZcupHgU3Y0+OicPk0y5xAGOzqCOO2Y8meI5eIxZVIWisGBgDpjM7LRDPxSrv6sSGIZHLKd3qTBX3t/yQ+yJLXarzM+kevZN1fHqgRzRHa4WiMUYBIwLKeHI5CsJ055HMTdEdalqKWdmEBSHykkCqGvUE1gVqFOHxPmCzsk64kaQmD8JHioGpLjohl4kpkq7NtYiQqxWCDLfUVRUcqZjS2e9DvVGEGNGddFD5+C92P9M2qF3QBL1H6X8XmrQv9TD3lG9fxeIhfOeRx1MYyGVI9dUIG7h7fPN3yA+1tJyt1YJQVwhbuNE=AQAB

Can anyone guide me for how to resolve the issue?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@akashitidol