Issue with eSocial digital signature - Invalid signature

0

I'm having problem validating eSocial xml signature. We have already made a number of attempts, but in all cases the return of the event processing is the same: "Signature of the invalid event Suggested actions: Verify that the event after the signature has been changed Verify the validity of the signature."

I wonder if anyone had the same problem and how they solved it. And if anyone knows of any problems regarding this in the restricted production environment of eSocial.

Signed below xml.

<loteEventos>
	<eSocial xmlns="http://www.esocial.gov.br/schema/lote/eventos/envio/v1_1_1">
		<envioLoteEventos grupo="2">
			<ideEmpregador>
				<tpInsc>1</tpInsc>
				<nrInsc>99999999999999</nrInsc>
			</ideEmpregador>
			<ideTransmissor>
				<tpInsc>1</tpInsc>
				<nrInsc>99999999999999</nrInsc>
			</ideTransmissor>
			<eventos>
				<evento Id="ID1999999999999992018011103585700001">
					<eSocial xmlns="http://www.esocial.gov.br/schema/evt/evtTabRubrica/v02_04_01">
						<evtTabRubrica Id="ID1999999999999992018011103585700001">
							<ideEvento>
								<tpAmb>3</tpAmb>
								<procEmi>1</procEmi>
								<verProc>V2.04.01</verProc>
							</ideEvento>
							<ideEmpregador>
								<tpInsc>1</tpInsc>
								<nrInsc>99999999999999</nrInsc>
							</ideEmpregador>
							<infoRubrica>
								<inclusao>
									<ideRubrica>
										<codRubr>SGU-5</codRubr>
										<ideTabRubr>1</ideTabRubr>
										<iniValid>2018-01</iniValid>
										<fimValid>2018-12</fimValid>
									</ideRubrica>
									<dadosRubrica>
										<dscRubr>RUBRICA DESTINADA AO EVENTO 5-PRODUCAO PARA OS COOPERADOS.</dscRubr>
										<natRubr>3520</natRubr>
										<tpRubr>1</tpRubr>
										<codIncCP>15</codIncCP>
										<codIncIRRF>31</codIncIRRF>
										<codIncFGTS>00</codIncFGTS>
										<codIncSIND>00</codIncSIND>
										<observacao>RUBRICA DESTINADA AO EVENTO 5-PRODUCAO PARA OS COOPERADOS.</observacao>
										<ideProcessoIRRF>
											<nrProc>123</nrProc>
											<codSusp>0</codSusp>
										</ideProcessoIRRF>
									</dadosRubrica>
								</inclusao>
							</infoRubrica>
						</evtTabRubrica>
						<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
							<SignedInfo>
								<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
								<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
								<Reference URI="">
									<Transforms>
										<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
										<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
									</Transforms>
									<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
									<DigestValue>LH5RFX3/ftKopeifmwZCQPMx1yOSt7wR0yhxI6KAdgI=</DigestValue>
								</Reference>
							</SignedInfo>
							<SignatureValue>M5VHtMjVpUWQprqvvVa+FcTUBhGjwunAElleqpIm72PmYnodnXegN7nBrPcTEGVcAdblQr0dJa+CMFssNjDGeWJy0A4VgJzsM/J5Cq3j80KPjLxJX7dK2oiVAeM4l+B/x507kSB7smaP/orPymB4a4NAAsBMPnweqyZYE02ZSJqN87PoBiu+OjFFjIuSE6zxApsceuP72Xpy+LtYKGvpZxRu1H810RzQxGdKA+VZ+22cw2H52W8bvRcXzhLpEoQN5IwNRiFK/R0jRMOQ81Jq/LZKhEqTRzvkdy76u1WoADxtfWcU2fN0iUo3i+H9Rw31ZEBWfb902D1dN07EBBlO5Q==</SignatureValue>
							<KeyInfo>
								<X509Data>
									<X509Certificate>MIIIRTCCBi2gAwIBAgIQDgKKPBcCGhj838PCXYRWgDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEkMCIGA1UEAxMbQUMgSW5zdGl0dXRvIEZlbmFjb24gUkZCIEczMB4XDTE3MDgwNzIwMDcxNFoXDTE4MDgwNzIwMDcxNFowggEFMQswCQYDVQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDELMAkGA1UECAwCU0MxEjAQBgNVBAcMCUpPSU5WSUxMRTE2MDQGA1UECwwtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRYwFAYDVQQLDA1SRkIgZS1DTlBKIEExMSUwIwYDVQQLDBxBdXRlbnRpY2FkbyBwb3IgQVIgU2VzY29uIFNDMUkwRwYDVQQDDEBVTklNRUQgRE8gRVNUQURPIERFIFNBTlRBIENBVEFSSU5BIEZFREVSQUNBTyBFU1RBOjc2NTkwODg0MDAwMTQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR/RPicd5VCh6TvZk06K06wQhAXB2AQh6J6hWjTv5pSr6KtEaR8WuNpbFbPBmt76WeVzN/0E+mE2+QgWbdoS5ei/d0sDVbhR0BlHU5ZV8d/QGhous6mmEI9jzX9fL/jextcfnScH1syTzxvuZJanXCt5xr/fbiYCVCBOqs9DdpT1lMoRf0aw7ToJBKcAEUCgdLFPOjA4WZFS7cYSJhjBUn14DZZq3gygifSRblPahGyQoXyxD0UAjP0TM0SOZc64zO+1f+AVvExushJBTbAY61HiNdOJQnv3N5ojFtlTM/j1n8PfRpcyMb7TS9MS6H6Q0OYRwgzbsVo6hG/KB/JTaQIDAQABo4IDMTCCAy0wgbsGA1UdEQSBszCBsKA9BgVgTAEDBKA0BDIwODA4MTk2Njc3NDAwODQ0OTIwMDAwMDAwMDAwMDAwMDAwMDAwMDEzNjYyMDFTU1BTQ6AgBgVgTAEDAqAXBBVBTEJFUlRPIEdVR0VMTUlOIE5FVE+gGQYFYEwBAwOgEAQONzY1OTA4ODQwMDAxNDOgFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwgRljcGhpbGlwcGVAdW5pbWVkc2MuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUJseUPXqHfn9LeIqHPeDPtc6psNowgYYGA1UdIAR/MH0wewYGYEwBAgEiMHEwbwYIKwYBBQUHAgEWY2h0dHA6Ly9pY3AtYnJhc2lsLmFjZmVuYWNvbi5jb20uYnIvcmVwb3NpdG9yaW8vZHBjL0FDLUluc3RpdHV0by1GZW5hY29uLVJGQi9EUENfQUNfSUZlbmFjb25fUkZCLnBkZjCBygYDVR0fBIHCMIG/MF6gXKBahlhodHRwOi8vaWNwLWJyYXNpbC5hY2ZlbmFjb24uY29tLmJyL3JlcG9zaXRvcmlvL2xjci9BQ0luc3RpdHV0b0ZlbmFjb25SRkJHMy9MYXRlc3RDUkwuY3JsMF2gW6BZhldodHRwOi8vaWNwLWJyYXNpbC5vdXRyYWxjci5jb20uYnIvcmVwb3NpdG9yaW8vbGNyL0FDSW5zdGl0dXRvRmVuYWNvblJGQkczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDCBuwYIKwYBBQUHAQEEga4wgaswZgYIKwYBBQUHMAKGWmh0dHA6Ly9pY3AtYnJhc2lsLmFjZmVuYWNvbi5jb20uYnIvcmVwb3NpdG9yaW8vY2VydGlmaWNhZG9zL0FDX0luc3RpdHV0b19GZW5hY29uX1JGQkczLnA3YzBBBggrBgEFBQcwAYY1aHR0cDovL29jc3AtYWMtaW5zdGl0dXRvLWZlbmFjb24tcmZiLmNlcnRpc2lnbi5jb20uYnIwDQYJKoZIhvcNAQELBQADggIBAFdvnBA5gS3VM9iXHmlVbAd6ZTsnvdWii24PNc9v9j8T9e4YwuTUanGrWO+xBCA6VenhdNf+n3YWlNaJuVw3cLKyHBRY6AT/C+wuB58WNh7TpVsQ2uRUDQPN/6ayZypZhMzi9O75oZBgL/chNIwEDVuHXMoGQqSHE4zZK8lkAXF31TY9Tubt0IxnSwTkUXlAJfd9pBDTUOCbvY4+FB22JXSJvJn7rhoea/UTgaaDYAUdPtMpahEvQch8ttoJoV6Lz9q1vnnyooTZK/7YAuT3mkThYQ/qLjTI7fN459rKbq2UklfpFn4qFxng4HOVpedoYDSrPZEkLGEPrvyrY0nx+nQ72qw6103V7Fv/DP0yt6XO9BOGXyleZK366aQP7gj/byhuCDZ/SnTKWdp3MHiEx0FEgw6uCIhFCtcH6myrR8StQL/dgSdn9sX1ZRMJwEhC1WAc167rbZTBbf9FsP0qMQR1coMXChtCq0nVEfcDsdflDwiU874eidd1yONKmNpLQLrF2KcokhdSYMpvYmezDiJgsfplVfsX/8FShK2DqcVBWNiJqAObVTtT4iKc95Y8XH7qV+ac+nxXwe2a9sVfKLyFi4gpY0wdI0NraVywTCny6+W0YL+SJrWy/3QQVunurYZOB3e5fxh1mRG2fy8m6lkIc3Zmxwsv1DoNrMd/OD1S</X509Certificate>
								</X509Data>
							</KeyInfo>
						</Signature>
					</eSocial>
				</evento>
			</eventos>
		</envioLoteEventos>
	</eSocial>
</loteEventos>
    
asked by anonymous 18.01.2018 / 12:54

2 answers

1
<?
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
require_once dirname(__FILE__).'/../xmlseclibs-master/src/XMLSecurityDSig.php';
require_once dirname(__FILE__).'/../xmlseclibs-master/src/XMLSecurityKey.php';
require_once dirname(__FILE__).'/../xmlseclibs-master/src/XMLSecEnc.php';

$cabecalho_xml_evento='<eSocial xmlns="http://www.esocial.gov.br/schema/evt/evtInfoEmpregador/v02_04_01">';
$corpo_xml_evento='<evtInfoEmpregador Id="ID1775187375501192018021417410600070"><ideEvento><tpAmb>2</tpAmb><procEmi>1</procEmi><verProc>1</verProc></ideEvento><ideEmpregador><tpInsc>1</tpInsc><nrInsc>99999999999999</nrInsc></ideEmpregador><infoEmpregador><inclusao><idePeriodo><iniValid>2018-01</iniValid></idePeriodo><infoCadastro><nmRazao>NOME DA EMPRESA</nmRazao><classTrib>85</classTrib><natJurid>1074</natJurid><indCoop>0</indCoop><indConstr>0</indConstr><indDesFolha>0</indDesFolha><indOptRegEletron>0</indOptRegEletron><indEntEd>N</indEntEd><indEtt>N</indEtt><contato><nmCtt>Nome do Contato</nmCtt><cpfCtt>123456789</cpfCtt><foneFixo>123456789</foneFixo><foneCel>123456789</foneCel><email>[email protected]</email></contato><infoOP><nrSiafi>12345</nrSiafi></infoOP><softwareHouse><cnpjSoftHouse>123456789</cnpjSoftHouse><nmRazao>NOME DA SFOTWAREHOUSE</nmRazao><nmCont>Nome do Contato</nmCont><telefone>123456789</telefone><email>[email protected]</email></softwareHouse><infoComplementares><situacaoPJ><indSitPJ>0</indSitPJ></situacaoPJ></infoComplementares></infoCadastro></inclusao></infoEmpregador></evtInfoEmpregador>';
$rodape_xml_evento='</eSocial>';

//Assinar evento
$objEventoDOMDoc = new DOMDocument('1.0','UTF-8');
$objEventoDOMDoc->loadXML($cabecalho_xml_evento.$corpo_xml_evento.$rodape_xml_evento);
$objXMLSecurityDSig = new XMLSecurityDSig(FALSE);
$objXMLSecurityDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$objXMLSecurityDSig->addReference(
  $objEventoDOMDoc, 
  XMLSecurityDSig::SHA256,
  array('http://www.w3.org/2000/09/xmldsig#enveloped-signature','http://www.w3.org/TR/2001/REC-xml-c14n-20010315'),
  array("force_uri"=>true)
);
$objXMLSecurityKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
$objXMLSecurityKey->passphrase = 'senha_chave_privada';
$objXMLSecurityKey->loadKey('/path_para_chave_PEM_privada', TRUE);
$objXMLSecurityDSig->sign($objXMLSecurityKey);
$objXMLSecurityDSig->add509Cert(file_get_contents('/path_para_chave_PEM_publica'));
$objXMLSecurityDSig->appendSignature($objEventoDOMDoc->documentElement);
$objSimpleXMLElement = simplexml_import_dom($objEventoDOMDoc);
$assinatura_xml_evento = $objSimpleXMLElement->Signature->asXml();

//Montar lote  
$lote_xml = '<eSocial xmlns="http://www.esocial.gov.br/schema/lote/eventos/envio/v1_1_1"><envioLoteEventos grupo="1"><ideEmpregador><tpInsc>1</tpInsc><nrInsc>99999999999999</nrInsc></ideEmpregador><ideTransmissor><tpInsc>2</tpInsc><nrInsc>48699999999</nrInsc></ideTransmissor><eventos><evento Id="ID1775187375501192018021417410600070">'.
$cabecalho_xml_evento.$corpo_xml_evento.$assinatura_xml_evento.$rodape_xml_evento
'</evento></eventos></envioLoteEventos></eSocial>';

//Transmitir lote
$strXmlAEnviar = '<EnviarLoteEventos><loteEventos>' . $lote_xml . '</loteEventos></EnviarLoteEventos>';
$params = array(
        'encoding' => 'UTF-8',
        "trace" => 1,
        'cache_wsdl' => 0,
        'connection_timeout' => 25,
        "exceptions" => true,
        "style" => SOAP_RPC,
        "use" => SOAP_ENCODED,
        'soap_version' => SOAP_1_1,
        'cache_wsdl' => WSDL_CACHE_NONE,
        'local_cert' => '/path_para_chaves_PEM_privada_e_publica_combinadas_em_um_unico_arquivo',
        'passphrase' => 'senha_chave_privada',
    );

$client = new SoapClient('https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc?singleWsdl', $params);
$paramSoapCall = new SoapVar($strXmlAEnviar, XSD_ANYXML);
$headers = array();
$headers[] = new SoapHeader('http://www.w3.org/2001/XMLSchema-instance','xsi');
$headers[] = new SoapHeader('http://www.w3.org/2001/XMLSchema','xsd');
$headers[] = new SoapHeader('http://www.w3.org/2003/05/soap-envelope','soap');
$client->__setSoapHeaders($headers);
$response = $client->EnviarLoteEventos($paramSoapCall);

//Processar retorno do envio
$strXmlRetorno = $response->EnviarLoteEventosResult->any;

PHP library for digital signature of xml files

    
16.02.2018 / 16:51
1

Mayara, which piece of XML did you use to generate the signature? You should only subscribe to the event XML, not the batch XML, so you should only sign the snippet that begins with the second 'eSocial' tag (heading) until it closes.

Also, this initial 'batchEvents' tag should not exist, and the group, in the 'sendEventEvent' tag, should be 1 rather than 2, in the case of the S-1010 event.

I created a page a while back with some examples of eSocial XML files. It is out of date, and all examples are from version 2.2.02 of the layout (not the last version, 2.4.01), but you can get an idea: link

I hope it helps.

    
20.02.2018 / 04:26