You are correct, the ruble character is indeed a correct unicode. Sorry I got confused by my terminal that didn't show it correctly.
Let's try something else... Looking at the files, I happen to notice that receipt_ruble.xml is formatted (i.e. there are line breaks and white spaces for indentation) when all other files don't have any formatting. I wonder if this is the reason since whitespaces ARE important for XML and XMLDSig (C14N to be precise). BTW, the error you get means that digest don't match which is caused by differences in C14N output right before the digest is calculated. If you run the command line tool, then you can see the exact C14N output as it is seen by xmlsec library: $ xmlsec1 verify --pubkey-cert-pem key.txt --store-references receipt_ruble.xml If you can get similar output during the signature then you can compare and understand the cause for this issue. Best, Aleksey On 3/24/17 8:20 AM, Грибанов Петр Борисович wrote: > Aleksey, > >> I checked the file; code for RUR symbol is "E2 82 BD" which seems to me as >> correct UTF8 code (I might be wrong!) >> How can we check if "E2 82 BD" is correct UTF8 symbol? > > Looks like Ruble sign is included in Unicode 7.0 as U+20BD (i.e. E2 82 BD): > > https://en.wikipedia.org/wiki/Ruble_sign > > https://ru.wikipedia.org/wiki/%D0%A1%D0%B8%D0%BC%D0%B2%D0%BE%D0%BB_%D1%80%D0%BE%D1%81%D1%81%D0%B8%D0%B9%D1%81%D0%BA%D0%BE%D0%B3%D0%BE_%D1%80%D1%83%D0%B1%D0%BB%D1%8F > > > What Unicode version is supported by XMLSec? > > Regards, > Peter > >> От: Грибанов Петр Борисович <[email protected]> >> Отправлено: 24.03.2017 12:32 >> Кому: [email protected]; [email protected]; [email protected]; >> [email protected]; [email protected]; Aleksey Sanin >> <[email protected]>; [email protected] >> Тема: Re[2]: Fw: SignedXML >> >> Hi Aleksey, >> >>> The ruble sign doesn't look like a UTF8 character but rather like >>> a Windows unicode one. >> >> I checked the file; code for RUR symbol is "E2 82 BD" which seems to me as >> correct UTF8 code (I might be wrong!) >> How can we check if "E2 82 BD" is correct UTF8 symbol? >> >> >> Best regards, >> >> Peter Gribanov >> >> 1C LLC >> >> Tel.: +7 (495) 258-44-08, 688-89-29 >> Mobile: +7 (903) 180-69-86 >> Skype: peter.gribanov >> >>> От: Aleksey Sanin <[email protected]> >>> Отправлено: 21.03.2017 19:18 >>> Кому: Грибанов Петр Борисович <[email protected]>; [email protected]; >>> [email protected]; [email protected]; [email protected]; >>> [email protected]; [email protected] >>> Тема: Re: Fw: SignedXML >>> >>> The ruble sign doesn't look like a UTF8 character but rather like >>> a Windows unicode one. You might want to check this since it's >>> important for C14N and follow up digest. >>> >>> Aleksey >>> >>> On 3/21/17 8:07 AM, Грибанов Петр Борисович wrote: >>>> Dear sirs, >>>> >>>> Looks like we need your help. >>>> >>>> I write you on behalf of 1C company, one of the biggest ERP software >>>> vendors in Eastern Europe. >>>> >>>> We use your library XMLSec (BTW, thank you very much for this great >>>> lib!) to verify Signed XML in our applications. >>>> One of the areas we use XMLSec in is verifying SignedXML produced by >>>> Windows Store (Windows Store produce In-app purchase receipts in this >>>> format). >>>> XMLSec works just fine in all cases except receipts in Russian Roubles. >>>> >>>> It works perfectly for USD, Euros, Saudi riyals etc. >>>> >>>> My guess is that problem is that russina Rouble has kinda strange sign >>>> *₽ *that cannot be processed correctly for some reason by XMLSec library >>>> (but it is only guess!). >>>> >>>> May be there is something wrong in our code (code goes below). >>>> >>>> *receiptStr* is receipt loaded from file (receipt*.xml in attachment). >>>> >>>> *responseStr* is a key we downloaded from MS service (key.txt in >>>> attachment). >>>> >>>> The issue is that for receipt if Russian Rouble*dsigCtx->status* is >>>> always not equal to *xmlSecDSigStatusSucceeded* although receipt is >>>> perfectly fine. >>>> For all other currencies we tested it works fine. >>>> Please see XML receipts in different currencies attached. >>>> >>>> See string PurchasePrice="₽0" in receipt_ruble.xml file; may be Rouble >>>> sign *₽ *is the cause of the issue? >>>> >>>> Would appreciate any idea on what may be wrong. >>>> Please let me know if we can provide more info. >>>> >>>> ---------------------------------------------- >>>> >>>> std::string xmltext = narrow(*receiptStr*, Converter::utf8()); >>>> std::string keytext = narrow(*responseStr*, Converter::utf8()); >>>> >>>> xmlDocPtr doc = NULL; >>>> xmlNodePtr node = NULL; >>>> xmlSecDSigCtxPtr dsigCtx = NULL; >>>> >>>> /* load file */ >>>> doc = xmlParseMemory(xmltext.c_str(), xmltext.size()); >>>> >>>> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ >>>> throw "Error: unable to parse file \"%s\"\n"; >>>> } >>>> >>>> /* find start node */ >>>> node = xmlSecFindNode(xmlDocGetRootElement(doc), >>>> xmlSecNodeSignature, xmlSecDSigNs); >>>> if(node == NULL) { >>>> throw "Error: start node not found in \"%s\"\n"; >>>> } >>>> >>>> /* create signature context, we don't need keys manager in this >>>> example */ >>>> dsigCtx = xmlSecDSigCtxCreate(0); >>>> if(dsigCtx == NULL) { >>>> throw "Error: failed to create signature context\n"; >>>> } >>>> >>>> /* in addition, limit possible key data to valid X509 certificates >>>> only */ >>>> if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), >>>> BAD_CAST xmlSecKeyDataX509Id) < 0) { >>>> throw "Error: failed to limit allowed key data\n"; >>>> } >>>> >>>> /* load public key */ >>>> >>>> dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((const xmlSecByte >>>> *)keytext.c_str(), keytext.size(), xmlSecKeyDataFormatCertPem,0,0,0); >>>> if(dsigCtx->signKey == NULL) { >>>> throw "Error: failed to load public pem key from \"%s\"\n"; >>>> } >>>> >>>> /* Verify signature */ >>>> if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { >>>> throw "Error: signature verify\n"; >>>> } >>>> >>>> bool result = dsigCtx->status == xmlSecDSigStatusSucceeded; >>>> >>>> >>>> ---------------------------------------------- >>>> >>>> Best regards, >>>> >>>> Peter Gribanov >>>> >>>> 1C LLC >>>> >>>> Tel.: +7 (495) 258-44-08, 688-89-29 >>>> Mobile: +7 (903) 180-69-86 >>>> Skype: peter.gribanov >>>> > > > > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
