InfoPath 2010 custom digital signature support not working - InfoPath Dev
in

InfoPath Dev

Use our Google Custom Search for best site search results.

InfoPath 2010 custom digital signature support not working

Last post 08-08-2011 02:46 AM by WarLe. 2 replies.
Page 1 of 1 (3 items)
Sort Posts: Previous Next
  • 08-03-2011 03:49 AM

    • WarLe
    • Not Ranked
    • Joined on 08-03-2011
    • Posts 2

    InfoPath 2010 custom digital signature support not working

    There appears to be a problem with InfoPath 2010 and programmatically created custom digital signatures.

    After I create the signature XML using the 'System.Security.Cryptography.Xml' namespace's classes and insert the signature fragment to the appropriate container element in the document, InfoPath 2010's internal logic does not appear to be able to process the signature correctly.

    There are actually two problems.

    1. In the view the signature shows up with the message "There is a problem with this signature - View details". Clicking the box to view the details does not work, the dialog will not open. However, if I submit the document and then re-open it, the error message is still there, but now I'm able to view the details. It seems to me that whatever logic should run and check the assigned signature for its validity is not being triggered. With debugger I can see that the SignedDataBlock's Signatures collection is not gaining any new Signature items to it, as it should, and I'm also pretty sure this is why the signature details dialog will not open.

    2. The second problem is that the signature is not actually invalid. The same custom signature logic I'm using works perfectly well with InfoPath 2007. The reason why the signature validation fails is because the elements being signed are under the "my" namespace, and InfoPath 2010 is apparently incapable of reading the namespace declaration from the XML document's header. It expects to find the attributes from the signature fragment's XSL section's "template" elements. The signature template fragment, provided by the Singature object, actually does have the XML in a form that has the namespace declarations defined in the XSL, and so does the completed result signature XML created from it. The real problem is that there seems to be no way to insert the signature XML to the container element so that it would retain the namespace declarations in their place; the XPathNavigator class used for accessing the DOM cleans away all namespace declarations which are already defined in the document's header. And adding the namespace xmlns attributes with the navigator seems impossible and what you get for trying is some XML exception. I'm guessing that this namespace issue might relate to the suspiciously similar sounding problem concerning the SignedXml class, which is also not able to validate a signature if the signature fragment is referencing elements under some namespaces other than the empty default. This supposedly was fixed for .NET 1.1 (http://support.microsoft.com/kb/888999/en-us), but 2.0 still seems to be riddled with the faulty implementation.

    I was actually able to workaround the second issue by grabbing the underlying XDocument's DOM with reflection, and using the DOM's methods to inject the xmlns attributes back to their places. But the first mentioned problem I have not managed to resolve; after signing a section the signature displays falsely as invalid, and the signature details are not available until I submit and re-open the file, after which both problems are gone. The signature displays as valid and the details are available.

    Is there something I'm missing here? The same signing code works without any problems with InfoPath 2007.

    (Just as a side note; the OOB InfoPath signature functionality we cannot use due to the business requirements we have with our clients)
    - Leo Wartinen
  • 08-07-2011 10:42 PM In reply to

    Re: InfoPath 2010 custom digital signature support not working

    Hi Leo,

    This is going to require time to dig into and debug. We have used digital signatures before and we used the InfoPath object model to generate. Have you looked at the 2003 SDK? It might have some examples of doing what you want. Otherwise, I suggest calling Microsoft. Your scenario is very rare. Most people just use the OOB support, or some form of pseudo signatures - like e-sig.

    Sorry I don't have a silver bullet.

     

    Patrick Halstead
    Project Manager at Qdabra
  • 08-08-2011 02:46 AM In reply to

    • WarLe
    • Not Ranked
    • Joined on 08-03-2011
    • Posts 2

    Re: InfoPath 2010 custom digital signature support not working

    Hi Patrick,

    I already discussed this on the MS partner support forum with Stephen Ding (http://social.microsoft.com/Forums/en-US/partnerdevvs/thread/9d71d51e-d45f-4fdf-a138-d87902dd6c57). I sent him a simple test template and he verified that the managed .NET signing code is good, so in that respect I doubt that there's some method call that I'm missing. And the same code does work with IP 2007 perfectly.

    The problem of the namespaces vanishing from the signature is not really an issue since that I can work around using reflection, albeit the solution being a little dirty, but I think the signature validation logic not executing after the signature event is definitely a bug. I mean there's nothing wrong with the signature itself; when re-opened after submit the signatures are seen by IP 2010 as valid.

    I have opened a bug report to Microsoft about this: https://connect.microsoft.com/VisualStudio/feedback/details/682935/infopath-2010-custom-digital-signature-support-not-working
    - Leo Wartinen
Page 1 of 1 (3 items)
Copyright © 2003-2019 Qdabra Software. All rights reserved.
View our Terms of Use.