xml-crypto
xml-crypto copied to clipboard
Published
20 hours ago •
yaronn
yaronn
c14n - xlmns
Hi @yaronn @bjrmatos, I need some help to resolve this problem. I have to validate a signed xml form Uruguay's goberment (this is important tip, because I can't change the format of the data that they send if it is wrong). I simplify here the example, but the problem is well represented. The digest value that I'm getting is different to the one they provide and sign.
The xml data they send is this:
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0">
<ns0:eResg>
<ns0:TmstFirma>2016-09-01T11:08:39-03:00</ns0:TmstFirma>
<ns0:Referencia>
<ns0:Referencia xmlns="http://cfe.dgi.gub.uy">
<ns0:NroLinRef>1</ns0:NroLinRef>
<ns0:TpoDocRef>111</ns0:TpoDocRef>
<ns0:Serie>A</ns0:Serie>
<ns0:NroCFERef>25</ns0:NroCFERef>
<ns0:FechaCFEref>2016-09-01</ns0:FechaCFEref>
</ns0:Referencia>
</ns0:Referencia>
</ns0:eResg>
</ns0:CFE>
As you see there are to xmlns, one associated with the prefix ns0 and the other in the tag Referencia. I'm not sure that the xml they are send is well formatted but as I said before that is something I can't change.
The exclusive canonicalization changes this to (which is correct cause it's somehow duplicated data) : It removes the xmlns attribute from Referencia.
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0">
<ns0:eResg>
<ns0:TmstFirma>2016-09-01T11:08:39-03:00</ns0:TmstFirma>
<ns0:Referencia>
<ns0:Referencia>
<ns0:NroLinRef>1</ns0:NroLinRef>
<ns0:TpoDocRef>111</ns0:TpoDocRef>
<ns0:Serie>A</ns0:Serie>
<ns0:NroCFERef>25</ns0:NroCFERef>
<ns0:FechaCFEref>2016-09-01</ns0:FechaCFEref>
</ns0:Referencia>
</ns0:Referencia>
</ns0:eResg>
</ns0:CFE>
After several attempts I realize that the digest that they send corresponds with processing the xml without removing the xmlns in Referencia tag.
Obviously I'll have to add or edit some code to achieve this. What would be the best and simpler way of getting this to work!
thanks !
[Online docs of Uruguay especification for electronic invoice] The problems comes because they have a Tag name Referencia as Parent and child (Is a horrible definition). To avoid collition they have to use in the child an addition xmlns..
<ns0:Referencia>
<ns0:Referencia xmlns="foo"> .... </ns0:Referencia>
</ns0:Referencias>
(https://www.efactura.dgi.gub.uy/principal/ampliacion_de_contenido/DocumentosDeInteres1?es)
The code I add to get this to work
on getCannon function I add the an attr to the option indicating where incaming xml is c14n
SignedXml.prototype.getCanonXml = function(transforms, node, options) {
options = options || {};
options.defaultNsForPrefix = options.defaultNsForPrefix || SignedXml.defaultNsForPrefix;
var canonXml = node
for (var t in transforms) {
if (!transforms.hasOwnProperty(t)) continue;
options.isC14n = (transforms[t] === 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315')
var transform = this.findCanonicalizationAlgorithm(transforms[t])
canonXml = transform.process(canonXml, options);
//TODO: currently transform.process may return either Node or String value (enveloped transformation returns Node, exclusive-canonicalization returns String).
//This eitehr needs to be more explicit in the API, or all should return the same.
//exclusive-canonicalization returns String since it builds the Xml by hand. If it had used xmldom it would inccorectly minimize empty tags
//to <x/> instead of <x></x> and also incorrectly handle some delicate line break issues.
//enveloped transformation returns Node since if it would return String consider this case:
//<x xmlns:p='ns'><p:y/></x>
//if only y is the node to sign then a string would be <p:y/> without the definition of the p namespace. probably xmldom toString() should have added it.
}
return canonXml.toString()
}
on renderNs function :
if (options.isC14n && attr.localName === 'xmlns'){
res.push(' xmlns="', attr.value, '"')
}
XML COMPLETE
<?xml version="1.0" encoding="UTF-8"?>
<DGICFE:EnvioCFE_entreEmpresas version="1.0" xsi:schemaLocation="http://cfe.dgi.gub.uy EnvioCFE_entreEmpresasv1.18.xsd" xmlns:DGICFE="http://cfe.dgi.gub.uy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DGICFE:Caratula version="1.0">
<DGICFE:RutReceptor>180067050012</DGICFE:RutReceptor>
<DGICFE:RUCEmisor>219999830019</DGICFE:RUCEmisor>
<DGICFE:Idemisor>2</DGICFE:Idemisor>
<DGICFE:CantCFE>8</DGICFE:CantCFE>
<DGICFE:Fecha>2016-08-31T09:01:06Z</DGICFE:Fecha>
<DGICFE:X509Certificate>MIIGCjCCA/KgAwIBAgIQdS6kc64U24dWp8vj5jmtuTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVWTErMCkGA1UECgwiQURNSU5JU1RSQUNJT04gTkFDSU9OQUwgREUgQ09SUkVPUzEfMB0GA1UECwwWU0VSVklDSU9TIEVMRUNUUk9OSUNPUzEdMBsGA1UEAwwUQ29ycmVvIFVydWd1YXlvIC0gQ0EwHhcNMTYwMTI2MTk0MTIzWhcNMTcwMTI2MTk0MTIzWjCB9DEiMCAGCSqGSIb3DQEJARYTZ2Rvcm5lbGxAZGdpLmd1Yi51eTEeMBwGA1UECwwVU0VHVVJJREFEIElORk9STUFUSUNBMRgwFgYDVQQLDA9TT1BPUlRFIFRFQ05JQ08xHDAaBgNVBAsME1NPUE9SVEUgREUgU0lTVEVNQVMxHDAaBgNVBAoME0RHSS1SVUMgUFJVRUJBIENFREUxEzARBgNVBAgMCk1vbnRldmlkZW8xCzAJBgNVBAYTAlVZMRgwFgYDVQQFEw9SVUMyMTk5OTk4MzAwMTkxHDAaBgNVBAMME0RHSS1SVUMgUFJVRUJBIENFREUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANGGeNF/8Z+KIudfpyHq/Do+WHzXbD87xxbDv+fEfZvRfi3J78+9lNq9vzb8hAJ3OEkmbhD+JkGCr32VdwGN6becgnP+ChBDYAGf+qmVWZcOiVzOrMorCHl1vMsnLt6DFGTQjNGAVIua1X3phYokwFSJzXWP0KIvPUw/L+/nYykLAgMBAAGjggGTMIIBjzBPBgNVHREESDBGoC8GCisGAQQBgjcUAgOgIQwfSURFMjg3OTM3MDYvR1VJTExFUk1PIERPUk5FTExFU4ETZ2Rvcm5lbGxAZGdpLmd1Yi51eTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwID+DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBT8VTSlHeNtrZAd2kFvJf+605N9xjAfBgNVHSMEGDAWgBQlj99DL45qugu+RlxXUJO3Ub782TBUBgNVHSAETTBLMEkGDCsGAQQBgfVPAQEBBDA5MDcGCCsGAQUFBwIBFitodHRwOi8vd3d3LmNvcnJlby5jb20udXkvY29ycmVvY2VydC9jcHMucGRmMBgGDSsGAQQBgfVPAQEBBAEEBwwFRGlzY28wPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL3d3dy5jb3JyZW8uY29tLnV5L0NvcnJlb0NlcnQvYW5jLmNybDANBgkqhkiG9w0BAQUFAAOCAgEAp6+ZPWAZbF+uj6H6EtDUjHk95Cp5Eu1xNT+n+NG3g/AEZCbC7R9n9pu6os0H9Xc/JDl5tVpAcP41bWnj3W/g6f70ImHglj01osWrQclyf/rzjgs3c9m3TDuWw1hFP3td2r3pts22YdCDnm6Q8UctZ6Tgbm1r3ndtmAOAFd/JdI4kX5Qu3T6P0cEGd24rzWXOMWCAZLTilV2lpl4PpPTW1Yqw1xoiWYYVHZKYDq5kerX1fCY3L/nlXGfca7VkGkOdXrNtX6m+ST5v35EQ1C+DP2LnAotBQpCFsuDFMv6E29CwXJoyuNWaQ7siWoa/vEaMtSvtvUYt6/kOfSlgp2dqePTJvGU+cGFje2vaxKB7h7RqA3tZkcAIYTeO4MEwaf88T39gj7H4199fDxdc+m3TGB9hLVAz2z3Qk4TmBcNhs4JmwEYFX+3JeGnrEC9n4L4WVMHquPvrvxleEBBi4bc4bUDoSwdfqPfXaUaQkGs/TAouQpi3Ew7REn28kivdzQSdW1BRE3cVnPOo3CKdEvOzPrShsxjaGoKgZpJu0IPMPzxtlv5wmUJHNViJEKFOH06w734rFNnE46r3dKWg51kHL16j2rZz0vCo6iJAmzkwhfw6EeoRKXIUfZs+zat6gWivizXpBL1H0f3pV+MP6rt+y7xnT2bSB3gVROs1teRe08c=</DGICFE:X509Certificate>
</DGICFE:Caratula>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eFact><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>111</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>1</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis><ns0:FmaPago>1</ns0:FmaPago></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1534</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050012</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:TpoMoneda>UYU</ns0:TpoMoneda><ns0:MntNoGrv>0.00</ns0:MntNoGrv><ns0:MntNetoIvaTasaMin>0.00</ns0:MntNetoIvaTasaMin><ns0:MntNetoIVATasaBasica>85000.00</ns0:MntNetoIVATasaBasica><ns0:IVATasaMin>10</ns0:IVATasaMin><ns0:IVATasaBasica>22</ns0:IVATasaBasica><ns0:MntIVATasaMin>0.00</ns0:MntIVATasaMin><ns0:MntIVATasaBasica>18700.00</ns0:MntIVATasaBasica><ns0:MntTotal>103700.00</ns0:MntTotal><ns0:CantLinDet>3</ns0:CantLinDet><ns0:MontoNF>1320</ns0:MontoNF><ns0:MntPagar>105020.00</ns0:MntPagar></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:IndFact>3</ns0:IndFact><ns0:NomItem>aaa</ns0:NomItem><ns0:Cantidad>10</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed><ns0:PrecioUnitario>1000</ns0:PrecioUnitario><ns0:MontoItem>10000.00</ns0:MontoItem></ns0:Item><ns0:Item><ns0:NroLinDet>2</ns0:NroLinDet><ns0:IndFact>3</ns0:IndFact><ns0:NomItem>bbb</ns0:NomItem><ns0:Cantidad>5</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed><ns0:PrecioUnitario>15000</ns0:PrecioUnitario><ns0:MontoItem>75000.00</ns0:MontoItem></ns0:Item><ns0:Item><ns0:NroLinDet>3</ns0:NroLinDet><ns0:IndFact>6</ns0:IndFact><ns0:NomItem>ccc</ns0:NomItem><ns0:Cantidad>1</ns0:Cantidad><ns0:UniMed>N/A</ns0:UniMed><ns0:PrecioUnitario>1320</ns0:PrecioUnitario><ns0:MontoItem>1320.00</ns0:MontoItem></ns0:Item></ns0:Detalle><ns0:CAEData><ns0:CAE_ID>90110002895</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData></ns0:eFact><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>1ubxJt6rTw4l5qJiVfaGpMcdzy4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>QhmrJIL6NVRqFAejjUlI8FMEkQhoTcQqtovXXXVZC56pZBzxrAsiqwXQKKkV4zc8qB9l2mVzFfgn7vjuPTwSW5UskmTAlp1l7Xj+ynCknm9BpgRxVHKSclaSIblG4LmOspYbvGmioNVf7uscj8NUCkUm3dGSMROXf5g8HoQS3As=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eFact><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>111</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>2</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis><ns0:FmaPago>2</ns0:FmaPago></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1535</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050012</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:TpoMoneda>UYU</ns0:TpoMoneda><ns0:MntNoGrv>0.00</ns0:MntNoGrv><ns0:MntNetoIvaTasaMin>0.00</ns0:MntNetoIvaTasaMin><ns0:MntNetoIVATasaBasica>0.00</ns0:MntNetoIVATasaBasica><ns0:IVATasaMin>10</ns0:IVATasaMin><ns0:IVATasaBasica>22</ns0:IVATasaBasica><ns0:MntIVATasaMin>0.00</ns0:MntIVATasaMin><ns0:MntIVATasaBasica>0.00</ns0:MntIVATasaBasica><ns0:MntTotal>80000.00</ns0:MntTotal><ns0:CantLinDet>1</ns0:CantLinDet><ns0:MontoNF>0</ns0:MontoNF><ns0:MntPagar>82500.00</ns0:MntPagar></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:IndFact>1</ns0:IndFact><ns0:NomItem>ddd</ns0:NomItem><ns0:Cantidad>100</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed><ns0:PrecioUnitario>800</ns0:PrecioUnitario><ns0:MontoItem>80000.00</ns0:MontoItem></ns0:Item></ns0:Detalle><ns0:CAEData><ns0:CAE_ID>90110002895</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData></ns0:eFact><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>6Fsvyfpugj/tGqVhESEd+IKf38w=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>OaDkApcxYEH/cMAdNI2znxGbluFJv0sP1KbVdr/GdMLNvcux3N1XBh8aQasehZ/xM6X2tG/5hqhSkPYhRD87tIdTBZyY42o2L1Fjx9bVwn5ak2VZJR1wS9Dmek7qPgrTpuGmmEcT0a5kW5NIRsp4Vvh5OxM36pu3TwGW8QQiMuE=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eRem><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>181</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>1</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis><ns0:TipoTraslado>1</ns0:TipoTraslado></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1534</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050012</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:CantLinDet>3</ns0:CantLinDet></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:IndFact>3</ns0:IndFact><ns0:NomItem>aaa</ns0:NomItem><ns0:Cantidad>10</ns0:Cantidad><ns0:UniMed>kgs</ns0:UniMed></ns0:Item><ns0:Item><ns0:NroLinDet>2</ns0:NroLinDet><ns0:IndFact>3</ns0:IndFact><ns0:NomItem>bbb</ns0:NomItem><ns0:Cantidad>5</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed></ns0:Item><ns0:Item><ns0:NroLinDet>3</ns0:NroLinDet><ns0:IndFact>3</ns0:IndFact><ns0:NomItem>ccc</ns0:NomItem><ns0:Cantidad>1</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed></ns0:Item></ns0:Detalle><ns0:CAEData><ns0:CAE_ID>90110002909</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData></ns0:eRem><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>BtAc9YAY/jvZnihJAjhO4T3NaL8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>emtlEUkN0tiaSGtt/kKWtASZMiyKPg2K60zV2WiQMGyxpaN7veIvo5ZO2uwYesjo42Gs7xlBp+8kgUKD8009Z+98Fayr1K5nidr+bjhweu9tndtQKdshPGVxmzoCgz9TwyYINAOgs2YMJ236pjo3xko2gFDQs5BctCW9Wv8wtxA=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eRem><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>181</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>2</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis><ns0:TipoTraslado>1</ns0:TipoTraslado></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1534</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050021</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:CantLinDet>1</ns0:CantLinDet></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:IndFact>1</ns0:IndFact><ns0:NomItem>ddd</ns0:NomItem><ns0:Cantidad>100</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed></ns0:Item></ns0:Detalle><ns0:CAEData><ns0:CAE_ID>90110002909</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData></ns0:eRem><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>pUmc1XuL9XEgdycwEFDAhBvT2QM=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>DFaG/wOtrbj3vNiE05h4eXg00AdPx3ALwU+vZtSD9+RUNUVOJ+t8pcuB3U6AeeHJrxjb5xm7Rn0Y5h+Kr8/8WD9ynMzs9RREd8RM7ZQ54oNF51CvHeLfnrobLlTKDCDLHbfE4fO12E6ZXD5puMKl6WdZU48qVPR107JYcYAQlig=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eResg><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>182</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>1</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1534</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050012</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:TpoMoneda>UYU</ns0:TpoMoneda><ns0:MntTotRetenido>55000</ns0:MntTotRetenido><ns0:CantLinDet>2</ns0:CantLinDet><ns0:RetencPercep><ns0:CodRet>2183165</ns0:CodRet><ns0:ValRetPerc>55000</ns0:ValRetPerc></ns0:RetencPercep></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:RetencPercep><ns0:CodRet>2183165</ns0:CodRet><ns0:Tasa>50</ns0:Tasa><ns0:MntSujetoaRet>22000</ns0:MntSujetoaRet><ns0:ValRetPerc>11000</ns0:ValRetPerc></ns0:RetencPercep></ns0:Item><ns0:Item><ns0:NroLinDet>2</ns0:NroLinDet><ns0:RetencPercep><ns0:CodRet>2183165</ns0:CodRet><ns0:Tasa>50</ns0:Tasa><ns0:MntSujetoaRet>88000</ns0:MntSujetoaRet><ns0:ValRetPerc>44000</ns0:ValRetPerc></ns0:RetencPercep></ns0:Item></ns0:Detalle><ns0:Referencia><ns0:Referencia xmlns="http://cfe.dgi.gub.uy"><ns0:NroLinRef>1</ns0:NroLinRef><ns0:TpoDocRef>111</ns0:TpoDocRef><ns0:Serie>A</ns0:Serie><ns0:NroCFERef>25</ns0:NroCFERef><ns0:FechaCFEref>2016-08-31</ns0:FechaCFEref></ns0:Referencia><ns0:Referencia xmlns="http://cfe.dgi.gub.uy"><ns0:NroLinRef>2</ns0:NroLinRef><ns0:TpoDocRef>111</ns0:TpoDocRef><ns0:Serie>A</ns0:Serie><ns0:NroCFERef>30</ns0:NroCFERef><ns0:FechaCFEref>2016-08-31</ns0:FechaCFEref></ns0:Referencia></ns0:Referencia><ns0:CAEData><ns0:CAE_ID>90110002917</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData></ns0:eResg><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>ww62SU5ePc/CaKkQJrXHNSaqAhU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>NTP5S88apmgWIR+qNLmEHrVrMUUi4RCoyse1rdDZyjc0v7C7IOWWwgT/slROqApRcZCHdYpZxb6pAzSdEzmdzSfnft1sOjqKWtFA1DBEfcYVYK8a3wUJUOFQU+r17Df7iTp0TWb8Ns1fKaa0Y1sLS1FZRNFW/44PsobkU8EkriY=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eResg><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>182</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>2</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1534</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050021</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:TpoMoneda>UYU</ns0:TpoMoneda><ns0:MntTotRetenido>19800</ns0:MntTotRetenido><ns0:CantLinDet>1</ns0:CantLinDet><ns0:RetencPercep><ns0:CodRet>2183114</ns0:CodRet><ns0:ValRetPerc>19800</ns0:ValRetPerc></ns0:RetencPercep></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:RetencPercep><ns0:CodRet>2183114</ns0:CodRet><ns0:Tasa>22</ns0:Tasa><ns0:MntSujetoaRet>90000</ns0:MntSujetoaRet><ns0:ValRetPerc>19800</ns0:ValRetPerc></ns0:RetencPercep></ns0:Item></ns0:Detalle><ns0:Referencia><ns0:Referencia xmlns="http://cfe.dgi.gub.uy"><ns0:NroLinRef>1</ns0:NroLinRef><ns0:TpoDocRef>111</ns0:TpoDocRef><ns0:Serie>A</ns0:Serie><ns0:NroCFERef>40</ns0:NroCFERef><ns0:FechaCFEref>2016-08-31</ns0:FechaCFEref></ns0:Referencia></ns0:Referencia><ns0:CAEData><ns0:CAE_ID>90110002917</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData></ns0:eResg><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>D/1rqcGr8oMS2nx0NkGNB+hSeNQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>wiVaIKZl2IjC9rTap1lUuYcdl+6q+IZjigY3dcF+lgsdgRFI7BQ39WmS4xhL9EmzT19/NZ6eMfk8wMvEkuocWDJ65ucuigK4naG30jKTQdEToJNxg1AwDlUvx2JUgh9C2Fo6TfGnKpRn4aj2/h0Of58ydDx8WIzzTQCjGaREBxQ=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eFact><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>141</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>1</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis><ns0:FmaPago>1</ns0:FmaPago></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1534</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050012</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:TpoMoneda>UYU</ns0:TpoMoneda><ns0:MntNoGrv>0.00</ns0:MntNoGrv><ns0:MntNetoIvaTasaMin>20000.00</ns0:MntNetoIvaTasaMin><ns0:MntNetoIVATasaBasica>75000.00</ns0:MntNetoIVATasaBasica><ns0:IVATasaMin>10</ns0:IVATasaMin><ns0:IVATasaBasica>22</ns0:IVATasaBasica><ns0:MntIVATasaMin>2000.00</ns0:MntIVATasaMin><ns0:MntIVATasaBasica>16500.00</ns0:MntIVATasaBasica><ns0:MntTotal>113500.00</ns0:MntTotal><ns0:CantLinDet>2</ns0:CantLinDet><ns0:MontoNF>0</ns0:MontoNF><ns0:MntPagar>113500.00</ns0:MntPagar></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:IndFact>2</ns0:IndFact><ns0:NomItem>aaa</ns0:NomItem><ns0:Cantidad>200</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed><ns0:PrecioUnitario>100</ns0:PrecioUnitario><ns0:MontoItem>20000.00</ns0:MontoItem></ns0:Item><ns0:Item><ns0:NroLinDet>2</ns0:NroLinDet><ns0:IndFact>3</ns0:IndFact><ns0:NomItem>bbb</ns0:NomItem><ns0:Cantidad>5</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed><ns0:PrecioUnitario>15000</ns0:PrecioUnitario><ns0:MontoItem>75000.00</ns0:MontoItem></ns0:Item></ns0:Detalle><ns0:CAEData><ns0:CAE_ID>90110003895</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData><ns0:Compl_Fiscal><ns0:Compl_Fiscal_Data><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:TipoDocMdte>3</ns0:TipoDocMdte><ns0:Pais>UY</ns0:Pais><ns0:DocMdte>13353214</ns0:DocMdte><ns0:NombreMdte>Juan Perez</ns0:NombreMdte></ns0:Compl_Fiscal_Data></ns0:Compl_Fiscal></ns0:eFact><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>mlWDzlP4qSbfHj2CQMYnBCEc674=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>uPlOQnH1xYYjsvrMmvRWsAfg72w/9eqvEUODqwHIZikm+a/M3cOTRQYT6iH03wT+33Ge4R/PdDNaLXnPEvQIDJEpKJeVaKFtmiyeHjCV3FTtYEkiS52yMPj6lZCNAjO9HDMVgyhAs/vthx3wAlazXk9JGg2JXfMHnjCRo65bvI4=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
<DGICFE:CFE_Adenda>
<ns0:CFE xmlns:ns0="http://cfe.dgi.gub.uy" version="1.0"><ns0:eFact><ns0:TmstFirma>2016-08-31T09:01:49-03:00</ns0:TmstFirma><ns0:Encabezado><ns0:IdDoc><ns0:TipoCFE>141</ns0:TipoCFE><ns0:Serie>A</ns0:Serie><ns0:Nro>2</ns0:Nro><ns0:FchEmis>2016-08-31</ns0:FchEmis><ns0:FmaPago>2</ns0:FmaPago></ns0:IdDoc><ns0:Emisor><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:RznSoc>DGI</ns0:RznSoc><ns0:CdgDGISucur>1</ns0:CdgDGISucur><ns0:DomFiscal>FERNANDEZ CRESPO AVDA. DANIEL 1535</ns0:DomFiscal><ns0:Ciudad>MONTEVIDEO</ns0:Ciudad><ns0:Departamento>MONTEVIDEO</ns0:Departamento></ns0:Emisor><ns0:Receptor><ns0:TipoDocRecep>2</ns0:TipoDocRecep><ns0:CodPaisRecep>UY</ns0:CodPaisRecep><ns0:DocRecep>180067050012</ns0:DocRecep><ns0:RznSocRecep>KENT BURGOS GUSTAVO RANDERS</ns0:RznSocRecep><ns0:DirRecep>RODO, JOSE ENRIQUE</ns0:DirRecep><ns0:CiudadRecep>PALMITAS</ns0:CiudadRecep></ns0:Receptor><ns0:Totales><ns0:TpoMoneda>UYU</ns0:TpoMoneda><ns0:MntNoGrv>150000.00</ns0:MntNoGrv><ns0:MntNetoIvaTasaMin>0.00</ns0:MntNetoIvaTasaMin><ns0:MntNetoIVATasaBasica>0.00</ns0:MntNetoIVATasaBasica><ns0:IVATasaMin>10</ns0:IVATasaMin><ns0:IVATasaBasica>22</ns0:IVATasaBasica><ns0:MntIVATasaMin>0.00</ns0:MntIVATasaMin><ns0:MntIVATasaBasica>0.00</ns0:MntIVATasaBasica><ns0:MntTotal>150000.00</ns0:MntTotal><ns0:CantLinDet>1</ns0:CantLinDet><ns0:MontoNF>0</ns0:MontoNF><ns0:MntPagar>82500.00</ns0:MntPagar></ns0:Totales></ns0:Encabezado><ns0:Detalle><ns0:Item><ns0:NroLinDet>1</ns0:NroLinDet><ns0:IndFact>1</ns0:IndFact><ns0:NomItem>ddd</ns0:NomItem><ns0:Cantidad>100</ns0:Cantidad><ns0:UniMed>uds</ns0:UniMed><ns0:PrecioUnitario>800</ns0:PrecioUnitario><ns0:MontoItem>80000.00</ns0:MontoItem></ns0:Item></ns0:Detalle><ns0:CAEData><ns0:CAE_ID>90110003895</ns0:CAE_ID><ns0:DNro>1</ns0:DNro><ns0:HNro>100</ns0:HNro><ns0:FecVenc>2016-12-31</ns0:FecVenc></ns0:CAEData><ns0:Compl_Fiscal><ns0:Compl_Fiscal_Data><ns0:RUCEmisor>219999830019</ns0:RUCEmisor><ns0:TipoDocMdte>3</ns0:TipoDocMdte><ns0:Pais>UY</ns0:Pais><ns0:DocMdte>13353214</ns0:DocMdte><ns0:NombreMdte>Juan Perez</ns0:NombreMdte></ns0:Compl_Fiscal_Data></ns0:Compl_Fiscal></ns0:eFact><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>ZfKTGQzE8p2t11fVt7wRW1JfOtI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>PvbGVkZDFBv0ThKVXshbeUrwqzLrz4Vpivg4t5Oa4ByucyHGAWi52gpbPxW1YRzaf4IKF9oBW5ZymrnosZdpTtM290KsiN/Urmma8snkbxtnlLKce696X/3eV9f/zD86kgbdm0pPBHMkhM3zh/rCAWf3DhDFg9RFYYmxSJ2qVYw=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns0:CFE>
</DGICFE:CFE_Adenda>
</DGICFE:EnvioCFE_entreEmpresas>
@ponyesteves how you configure SignedXml? ... this renderNs you chance in exclusive-canonicalization.js ?? if yes ... paste that function
The thing is like this: for the documentation I'm signing I'm using exc-c14n >> using xml-crypto the lib out of the box. and goberment servers validates my signed docs. But some of the signed xml they send back is still using c14n. For validating those incoming xml I must canonicalice with c14n.
To do that I'm using I'm using ExclusiveCanonicalization (with some of the modifications I describe). This code, thought not so nice, is working great and passes Uruguay Servers Test.
The issue to resolve is in this xml ns0:Referencia <ns0:Referencia xmlns="cfi.gob.uy">foobar/ns0:Referencia /ns0:Referencia
c14n keeps xmlns attr while exc14n removes it
the code
SignedXml.CanonicalizationAlgorithms = {
'http://www.w3.org/2001/10/xml-exc-c14n#': ExclusiveCanonicalization,
'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': ExclusiveCanonicalizationWithComments,
'http://www.w3.org/2000/09/xmldsig#enveloped-signature': EnvelopedSignature,
'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': ExclusiveCanonicalization //
}
/*
...
*/
// here i add 'xmlns:ns0="http://cfe.dgi.gub.uy' to SignedInfoTag ass c14n would have done
SignedXml.prototype.validateSignatureValue = function() {
var signedInfo = utils.findChilds(this.signatureNode, "SignedInfo"),
options = {}
if (signedInfo.length===0){ throw new Error("could not find SignedInfo element in the message")}
if(this.canonicalizationAlgorithm == 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'){
options = {defaultNs: 'xmlns:ns0="http://cfe.dgi.gub.uy"'} //TODO: agrego esta atributo para las firmas con c14n inclusiva..esto hay que revisarlo y mejorarlo
}
var signedInfoCanon = this.getCanonXml([this.canonicalizationAlgorithm], signedInfo[0], options)
var signer = this.findSignatureAlgorithm(this.signatureAlgorithm)
var res = signer.verifySignature(signedInfoCanon, this.signingKey, this.signatureValue)
if (!res) this.validationErrors.push("invalid signature: the signature value " +
this.signatureValue + " is incorrect")
return res
}
/*
...
*/
SignedXml.prototype.getCanonXml = function(transforms, node, options) {
options = options || {};
options.defaultNsForPrefix = options.defaultNsForPrefix || SignedXml.defaultNsForPrefix;
var canonXml = node
for (var t in transforms) {
if (!transforms.hasOwnProperty(t)) continue;
// Added by Jose Esteves I pass the option true if xml is c14n
options.isC14n = (transforms[t] === 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315')
var transform = this.findCanonicalizationAlgorithm(transforms[t])
canonXml = transform.process(canonXml, options);
//TODO: currently transform.process may return either Node or String value (enveloped transformation returns Node, exclusive-canonicalization returns String).
//This eitehr needs to be more explicit in the API, or all should return the same.
//exclusive-canonicalization returns String since it builds the Xml by hand. If it had used xmldom it would inccorectly minimize empty tags
//to <x/> instead of <x></x> and also incorrectly handle some delicate line break issues.
//enveloped transformation returns Node since if it would return String consider this case:
//<x xmlns:p='ns'><p:y/></x>
//if only y is the node to sign then a string would be <p:y/> without the definition of the p namespace. probably xmldom toString() should have added it.
}
return canonXml.toString()
}
/*
exlusive-canonicalization.js
The options goes first to process then to innerProcess and finally to renderNs
There it add xmlns attribute to those tags how must conserve the like referencia
*/
ExclusiveCanonicalization.prototype.process = function(node, options) {
options = options || {};
var inclusiveNamespacesPrefixList = options.inclusiveNamespacesPrefixList || [];
var defaultNs = options.defaultNs || "";
var defaultNsForPrefix = options.defaultNsForPrefix || {};
if (!(inclusiveNamespacesPrefixList instanceof Array)) { inclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList.split(' '); }
var res = this.processInner(node, [], defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, options);
return res;
};
ExclusiveCanonicalization.prototype.processInner = function(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, options) {
if (node.nodeType === 8) { return this.renderComment(node); }
if (node.data) { return utils.encodeSpecialCharactersInText(node.data); }
var i, pfxCopy
, ns = this.renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, options)
, res = ["<", node.tagName, ns.rendered, this.renderAttrs(node, ns.newDefaultNs), ">"];
for (i = 0; i < node.childNodes.length; ++i) {
pfxCopy = prefixesInScope.slice(0);
res.push(this.processInner(node.childNodes[i], pfxCopy, ns.newDefaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, options));
}
res.push("</", node.tagName, ">");
return res.join("");
};
ExclusiveCanonicalization.prototype.renderNs = function(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, options) {
var a, i, p, attr
, res = []
, newDefaultNs = defaultNs
, nsListToRender = []
, currNs = node.namespaceURI || "";
//handle the namespaceof the node itself
if (node.prefix) {
if (prefixesInScope.indexOf(node.prefix)==-1) {
nsListToRender.push({"prefix": node.prefix, "namespaceURI": node.namespaceURI || defaultNsForPrefix[node.prefix]});
prefixesInScope.push(node.prefix);
}
}
else if (defaultNs!=currNs) {
//new default ns
newDefaultNs = node.namespaceURI;
res.push(' xmlns="', newDefaultNs, '"');
if(defaultNs) {res.push(' '+defaultNs)}
}
//handle the attributes namespace
if (node.attributes) {
for (i = 0; i < node.attributes.length; ++i) {
attr = node.attributes[i];
// console.log(`${attr.localName} --- ${attr.prefix} --- ${attr.value}`)
//handle all prefixed attributes that are included in the prefix list and where
//the prefix is not defined already
if (attr.prefix && prefixesInScope.indexOf(attr.localName) === -1 && inclusiveNamespacesPrefixList.indexOf(attr.localName) >= 0) {
nsListToRender.push({"prefix": attr.localName, "namespaceURI": attr.value});
prefixesInScope.push(attr.localName);
}
// Agregado por Jose Esteves. Es para el caso del campo Referencia que tenia xmlns definido a pesar de ya tener un prefijo ns0.
if (options.isC14n && attr.localName === 'xmlns'){
res.push(' xmlns="', attr.value, '"')
}
//handle all prefixed attributes that are not xmlns definitions and where
//the prefix is not defined already
if (attr.prefix && prefixesInScope.indexOf(attr.prefix)==-1 && attr.prefix!="xmlns" && attr.prefix!="xml") {
nsListToRender.push({"prefix": attr.prefix, "namespaceURI": attr.namespaceURI});
prefixesInScope.push(attr.prefix);
}
}
}
nsListToRender.sort(this.nsCompare);
//render namespaces
for (a in nsListToRender) {
if (!nsListToRender.hasOwnProperty(a)) { continue; }
p = nsListToRender[a];
res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
}
return {"rendered": res.join(""), "newDefaultNs": newDefaultNs};
};
@ponyesteves , Please consider creating a PR with a test suite to add the code you used to get things working for you to this project so that the community can benefit and you don't have to maintain your own fork.
