Problem with eSocial digital signature - Invalid signature

Asked

Viewed 999 times

1

I’m having trouble validating the eSocial xml signature. We have already made several attempts, but in all the return of the event processing is the same: "Invalid event subscription. Suggested Actions: Check for event changes after signing. Check for signature validity."

I wonder if anyone had the same problem and how it solved. And if anyone knows of any problem regarding this in the restricted production environment of eSocial.

Below is the signed xml.

<loteEventos>
	<eSocial xmlns="http://www.esocial.gov.br/schema/lote/eventos/envio/v1_1_1">
		<envioLoteEventos grupo="2">
			<ideEmpregador>
				<tpInsc>1</tpInsc>
				<nrInsc>99999999999999</nrInsc>
			</ideEmpregador>
			<ideTransmissor>
				<tpInsc>1</tpInsc>
				<nrInsc>99999999999999</nrInsc>
			</ideTransmissor>
			<eventos>
				<evento Id="ID1999999999999992018011103585700001">
					<eSocial xmlns="http://www.esocial.gov.br/schema/evt/evtTabRubrica/v02_04_01">
						<evtTabRubrica Id="ID1999999999999992018011103585700001">
							<ideEvento>
								<tpAmb>3</tpAmb>
								<procEmi>1</procEmi>
								<verProc>V2.04.01</verProc>
							</ideEvento>
							<ideEmpregador>
								<tpInsc>1</tpInsc>
								<nrInsc>99999999999999</nrInsc>
							</ideEmpregador>
							<infoRubrica>
								<inclusao>
									<ideRubrica>
										<codRubr>SGU-5</codRubr>
										<ideTabRubr>1</ideTabRubr>
										<iniValid>2018-01</iniValid>
										<fimValid>2018-12</fimValid>
									</ideRubrica>
									<dadosRubrica>
										<dscRubr>RUBRICA DESTINADA AO EVENTO 5-PRODUCAO PARA OS COOPERADOS.</dscRubr>
										<natRubr>3520</natRubr>
										<tpRubr>1</tpRubr>
										<codIncCP>15</codIncCP>
										<codIncIRRF>31</codIncIRRF>
										<codIncFGTS>00</codIncFGTS>
										<codIncSIND>00</codIncSIND>
										<observacao>RUBRICA DESTINADA AO EVENTO 5-PRODUCAO PARA OS COOPERADOS.</observacao>
										<ideProcessoIRRF>
											<nrProc>123</nrProc>
											<codSusp>0</codSusp>
										</ideProcessoIRRF>
									</dadosRubrica>
								</inclusao>
							</infoRubrica>
						</evtTabRubrica>
						<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
							<SignedInfo>
								<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
								<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
								<Reference URI="">
									<Transforms>
										<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
										<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
									</Transforms>
									<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
									<DigestValue>LH5RFX3/ftKopeifmwZCQPMx1yOSt7wR0yhxI6KAdgI=</DigestValue>
								</Reference>
							</SignedInfo>
							<SignatureValue>M5VHtMjVpUWQprqvvVa+FcTUBhGjwunAElleqpIm72PmYnodnXegN7nBrPcTEGVcAdblQr0dJa+CMFssNjDGeWJy0A4VgJzsM/J5Cq3j80KPjLxJX7dK2oiVAeM4l+B/x507kSB7smaP/orPymB4a4NAAsBMPnweqyZYE02ZSJqN87PoBiu+OjFFjIuSE6zxApsceuP72Xpy+LtYKGvpZxRu1H810RzQxGdKA+VZ+22cw2H52W8bvRcXzhLpEoQN5IwNRiFK/R0jRMOQ81Jq/LZKhEqTRzvkdy76u1WoADxtfWcU2fN0iUo3i+H9Rw31ZEBWfb902D1dN07EBBlO5Q==</SignatureValue>
							<KeyInfo>
								<X509Data>
									<X509Certificate>MIIIRTCCBi2gAwIBAgIQDgKKPBcCGhj838PCXYRWgDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEkMCIGA1UEAxMbQUMgSW5zdGl0dXRvIEZlbmFjb24gUkZCIEczMB4XDTE3MDgwNzIwMDcxNFoXDTE4MDgwNzIwMDcxNFowggEFMQswCQYDVQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDELMAkGA1UECAwCU0MxEjAQBgNVBAcMCUpPSU5WSUxMRTE2MDQGA1UECwwtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRYwFAYDVQQLDA1SRkIgZS1DTlBKIEExMSUwIwYDVQQLDBxBdXRlbnRpY2FkbyBwb3IgQVIgU2VzY29uIFNDMUkwRwYDVQQDDEBVTklNRUQgRE8gRVNUQURPIERFIFNBTlRBIENBVEFSSU5BIEZFREVSQUNBTyBFU1RBOjc2NTkwODg0MDAwMTQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR/RPicd5VCh6TvZk06K06wQhAXB2AQh6J6hWjTv5pSr6KtEaR8WuNpbFbPBmt76WeVzN/0E+mE2+QgWbdoS5ei/d0sDVbhR0BlHU5ZV8d/QGhous6mmEI9jzX9fL/jextcfnScH1syTzxvuZJanXCt5xr/fbiYCVCBOqs9DdpT1lMoRf0aw7ToJBKcAEUCgdLFPOjA4WZFS7cYSJhjBUn14DZZq3gygifSRblPahGyQoXyxD0UAjP0TM0SOZc64zO+1f+AVvExushJBTbAY61HiNdOJQnv3N5ojFtlTM/j1n8PfRpcyMb7TS9MS6H6Q0OYRwgzbsVo6hG/KB/JTaQIDAQABo4IDMTCCAy0wgbsGA1UdEQSBszCBsKA9BgVgTAEDBKA0BDIwODA4MTk2Njc3NDAwODQ0OTIwMDAwMDAwMDAwMDAwMDAwMDAwMDEzNjYyMDFTU1BTQ6AgBgVgTAEDAqAXBBVBTEJFUlRPIEdVR0VMTUlOIE5FVE+gGQYFYEwBAwOgEAQONzY1OTA4ODQwMDAxNDOgFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwgRljcGhpbGlwcGVAdW5pbWVkc2MuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUJseUPXqHfn9LeIqHPeDPtc6psNowgYYGA1UdIAR/MH0wewYGYEwBAgEiMHEwbwYIKwYBBQUHAgEWY2h0dHA6Ly9pY3AtYnJhc2lsLmFjZmVuYWNvbi5jb20uYnIvcmVwb3NpdG9yaW8vZHBjL0FDLUluc3RpdHV0by1GZW5hY29uLVJGQi9EUENfQUNfSUZlbmFjb25fUkZCLnBkZjCBygYDVR0fBIHCMIG/MF6gXKBahlhodHRwOi8vaWNwLWJyYXNpbC5hY2ZlbmFjb24uY29tLmJyL3JlcG9zaXRvcmlvL2xjci9BQ0luc3RpdHV0b0ZlbmFjb25SRkJHMy9MYXRlc3RDUkwuY3JsMF2gW6BZhldodHRwOi8vaWNwLWJyYXNpbC5vdXRyYWxjci5jb20uYnIvcmVwb3NpdG9yaW8vbGNyL0FDSW5zdGl0dXRvRmVuYWNvblJGQkczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDCBuwYIKwYBBQUHAQEEga4wgaswZgYIKwYBBQUHMAKGWmh0dHA6Ly9pY3AtYnJhc2lsLmFjZmVuYWNvbi5jb20uYnIvcmVwb3NpdG9yaW8vY2VydGlmaWNhZG9zL0FDX0luc3RpdHV0b19GZW5hY29uX1JGQkczLnA3YzBBBggrBgEFBQcwAYY1aHR0cDovL29jc3AtYWMtaW5zdGl0dXRvLWZlbmFjb24tcmZiLmNlcnRpc2lnbi5jb20uYnIwDQYJKoZIhvcNAQELBQADggIBAFdvnBA5gS3VM9iXHmlVbAd6ZTsnvdWii24PNc9v9j8T9e4YwuTUanGrWO+xBCA6VenhdNf+n3YWlNaJuVw3cLKyHBRY6AT/C+wuB58WNh7TpVsQ2uRUDQPN/6ayZypZhMzi9O75oZBgL/chNIwEDVuHXMoGQqSHE4zZK8lkAXF31TY9Tubt0IxnSwTkUXlAJfd9pBDTUOCbvY4+FB22JXSJvJn7rhoea/UTgaaDYAUdPtMpahEvQch8ttoJoV6Lz9q1vnnyooTZK/7YAuT3mkThYQ/qLjTI7fN459rKbq2UklfpFn4qFxng4HOVpedoYDSrPZEkLGEPrvyrY0nx+nQ72qw6103V7Fv/DP0yt6XO9BOGXyleZK366aQP7gj/byhuCDZ/SnTKWdp3MHiEx0FEgw6uCIhFCtcH6myrR8StQL/dgSdn9sX1ZRMJwEhC1WAc167rbZTBbf9FsP0qMQR1coMXChtCq0nVEfcDsdflDwiU874eidd1yONKmNpLQLrF2KcokhdSYMpvYmezDiJgsfplVfsX/8FShK2DqcVBWNiJqAObVTtT4iKc95Y8XH7qV+ac+nxXwe2a9sVfKLyFi4gpY0wdI0NraVywTCny6+W0YL+SJrWy/3QQVunurYZOB3e5fxh1mRG2fy8m6lkIc3Zmxwsv1DoNrMd/OD1S</X509Certificate>
								</X509Data>
							</KeyInfo>
						</Signature>
					</eSocial>
				</evento>
			</eventos>
		</envioLoteEventos>
	</eSocial>
</loteEventos>

2 answers

1

<?
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
require_once dirname(__FILE__).'/../xmlseclibs-master/src/XMLSecurityDSig.php';
require_once dirname(__FILE__).'/../xmlseclibs-master/src/XMLSecurityKey.php';
require_once dirname(__FILE__).'/../xmlseclibs-master/src/XMLSecEnc.php';

$cabecalho_xml_evento='<eSocial xmlns="http://www.esocial.gov.br/schema/evt/evtInfoEmpregador/v02_04_01">';
$corpo_xml_evento='<evtInfoEmpregador Id="ID1775187375501192018021417410600070"><ideEvento><tpAmb>2</tpAmb><procEmi>1</procEmi><verProc>1</verProc></ideEvento><ideEmpregador><tpInsc>1</tpInsc><nrInsc>99999999999999</nrInsc></ideEmpregador><infoEmpregador><inclusao><idePeriodo><iniValid>2018-01</iniValid></idePeriodo><infoCadastro><nmRazao>NOME DA EMPRESA</nmRazao><classTrib>85</classTrib><natJurid>1074</natJurid><indCoop>0</indCoop><indConstr>0</indConstr><indDesFolha>0</indDesFolha><indOptRegEletron>0</indOptRegEletron><indEntEd>N</indEntEd><indEtt>N</indEtt><contato><nmCtt>Nome do Contato</nmCtt><cpfCtt>123456789</cpfCtt><foneFixo>123456789</foneFixo><foneCel>123456789</foneCel><email>[email protected]</email></contato><infoOP><nrSiafi>12345</nrSiafi></infoOP><softwareHouse><cnpjSoftHouse>123456789</cnpjSoftHouse><nmRazao>NOME DA SFOTWAREHOUSE</nmRazao><nmCont>Nome do Contato</nmCont><telefone>123456789</telefone><email>[email protected]</email></softwareHouse><infoComplementares><situacaoPJ><indSitPJ>0</indSitPJ></situacaoPJ></infoComplementares></infoCadastro></inclusao></infoEmpregador></evtInfoEmpregador>';
$rodape_xml_evento='</eSocial>';

//Assinar evento
$objEventoDOMDoc = new DOMDocument('1.0','UTF-8');
$objEventoDOMDoc->loadXML($cabecalho_xml_evento.$corpo_xml_evento.$rodape_xml_evento);
$objXMLSecurityDSig = new XMLSecurityDSig(FALSE);
$objXMLSecurityDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$objXMLSecurityDSig->addReference(
  $objEventoDOMDoc, 
  XMLSecurityDSig::SHA256,
  array('http://www.w3.org/2000/09/xmldsig#enveloped-signature','http://www.w3.org/TR/2001/REC-xml-c14n-20010315'),
  array("force_uri"=>true)
);
$objXMLSecurityKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
$objXMLSecurityKey->passphrase = 'senha_chave_privada';
$objXMLSecurityKey->loadKey('/path_para_chave_PEM_privada', TRUE);
$objXMLSecurityDSig->sign($objXMLSecurityKey);
$objXMLSecurityDSig->add509Cert(file_get_contents('/path_para_chave_PEM_publica'));
$objXMLSecurityDSig->appendSignature($objEventoDOMDoc->documentElement);
$objSimpleXMLElement = simplexml_import_dom($objEventoDOMDoc);
$assinatura_xml_evento = $objSimpleXMLElement->Signature->asXml();

//Montar lote  
$lote_xml = '<eSocial xmlns="http://www.esocial.gov.br/schema/lote/eventos/envio/v1_1_1"><envioLoteEventos grupo="1"><ideEmpregador><tpInsc>1</tpInsc><nrInsc>99999999999999</nrInsc></ideEmpregador><ideTransmissor><tpInsc>2</tpInsc><nrInsc>48699999999</nrInsc></ideTransmissor><eventos><evento Id="ID1775187375501192018021417410600070">'.
$cabecalho_xml_evento.$corpo_xml_evento.$assinatura_xml_evento.$rodape_xml_evento
'</evento></eventos></envioLoteEventos></eSocial>';

//Transmitir lote
$strXmlAEnviar = '<EnviarLoteEventos><loteEventos>' . $lote_xml . '</loteEventos></EnviarLoteEventos>';
$params = array(
        'encoding' => 'UTF-8',
        "trace" => 1,
        'cache_wsdl' => 0,
        'connection_timeout' => 25,
        "exceptions" => true,
        "style" => SOAP_RPC,
        "use" => SOAP_ENCODED,
        'soap_version' => SOAP_1_1,
        'cache_wsdl' => WSDL_CACHE_NONE,
        'local_cert' => '/path_para_chaves_PEM_privada_e_publica_combinadas_em_um_unico_arquivo',
        'passphrase' => 'senha_chave_privada',
    );

$client = new SoapClient('https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc?singleWsdl', $params);
$paramSoapCall = new SoapVar($strXmlAEnviar, XSD_ANYXML);
$headers = array();
$headers[] = new SoapHeader('http://www.w3.org/2001/XMLSchema-instance','xsi');
$headers[] = new SoapHeader('http://www.w3.org/2001/XMLSchema','xsd');
$headers[] = new SoapHeader('http://www.w3.org/2003/05/soap-envelope','soap');
$client->__setSoapHeaders($headers);
$response = $client->EnviarLoteEventos($paramSoapCall);

//Processar retorno do envio
$strXmlRetorno = $response->EnviarLoteEventosResult->any;

PHP library for digital signature of xml files

  • It would be nice if you included a brief description of how exactly this script solves the question.

1

Mayara, which XML snippet did you use to generate the signature? You should only sign the event XML, not the batch XML, so you should only sign the snippet that starts with the second tag 'eSocial' (rubric), until it closes.

Also, there should not be this initial tag 'loteEventos', and the group, in the tag 'envioLoteEventos', should be 1 and not 2, in the case of the rubric event (S-1010).

I created a page a while ago with some examples of eSocial XML files. It is outdated, and all the examples are from version 2.2.02 of the layout (and not from the latest version, 2.4.01), but you can get an idea: http://suporte.quarta.com.br/eSocial/ExemplosEventosXml.htm#S1010

I hope it helps.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.