[SDK Java] Error when validating original Simplified_Invoice.xml

Is this expected? What do I do to remove the errors if this is not normal?

C:\laragon\www\zatca-einvoicing-sdk-238-R3.3.6\zatca-einvoicing-sdk-238-R3.3.6>fatoora -validate -invoice C:\laragon\www\zatca-einvoicing-sdk-238-R3.3.6\zatca-einvoicing-sdk-238-R3.3.6\Data\Samples\Simplified\Invoice\Simplified_Invoice.xml ********** Welcome to ZATCA E-Invoice Java SDK 3.3.6 *********************
This SDK uses Java to call the SDK (jar) passing it an invoice XML file.
It can take a Standard or Simplified XML, Credit Note, or Debit Note.
It returns if the validation is successful or shows errors where the XML validation fails.
It checks for syntax and content as well.
You can use the command (fatoora -help) for more information.

****************************************************************
2024-11-20 16:36:48,749 [INFO] ValidationProcessorImpl - [XSD] validation result : PASSED
2024-11-20 16:36:49,555 [INFO] ValidationProcessorImpl - [EN] validation result : PASSED
2024-11-20 16:36:49,887 [INFO] ValidationProcessorImpl - [KSA] validation result : PASSED
2024-11-20 16:36:50,386 [INFO] ValidationProcessorImpl - [QR] validation result : PASSED
2024-11-20 16:36:50,430 [ERROR] ECDSAUtil - Curve not supported: secp256k1 (1.3.132.0.10)
2024-11-20 16:36:50,512 [INFO] ValidationProcessorImpl - [SIGNATURE] validation result : FAILED
2024-11-20 16:36:50,512 [ERROR] ValidationProcessorImpl - signature validation errors :
2024-11-20 16:36:50,512 [ERROR] ValidationProcessorImpl - CODE : signatureValue, MESSAGE : wrong signature Value
2024-11-20 16:36:50,515 [INFO] ValidationProcessorImpl - [PIH] validation result : PASSED
2024-11-20 16:36:50,516 [INFO] InvoiceValidationService -  *** GLOBAL VALIDATION RESULT = FAILED

Dear @mohdarafathossain

Thanks for reaching out,

The provided error is related to missing the private key, Can I kindly ask you to elaborate the steps you followed to generate the CSR from your config file?

Additionally, If you can share the config file this will help us to provide comprehensive support as usual.

Thanks,
Ibrahem Daoud.

I just wanted to test out the command of “Signing and Generating Invoice Hash” using the files provided in the SDK using the command:

fatoora -sign -invoice -signedInvoice

Using the original simplified invoice file:

zatca-einvoicing-sdk-238-R3.3.6\Data\Samples\Simplified\Invoice\Simplified_Invoice.xml

I wanted to see the expected output.

It doesn’t specify that it uses the config file in the documentation

zatca-einvoicing-sdk-238-R3.3.6/Readme/Java/readme.pdf

Here is the CSR Config used:

csr.common.name=TST-886431145-399999999900003
csr.serial.number=1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f
csr.organization.identifier=399999999900003
csr.organization.unit.name=Riyadh Branch
csr.organization.name=Maximum Speed Tech Supply LTD
csr.country.name=SA
csr.invoice.type=1100
csr.location.address=RRRD2929
csr.industry.business.category=Supply activities

CSR previously generated gave this as output:

-----BEGIN CERTIFICATE REQUEST-----
MIICFTCCAbwCAQAwdTELMAkGA1UEBhMCU0ExFjAUBgNVBAsMDVJpeWFkaCBCcmFu
Y2gxJjAkBgNVBAoMHU1heGltdW0gU3BlZWQgVGVjaCBTdXBwbHkgTFREMSYwJAYD
VQQDDB1UU1QtODg2NDMxMTQ1LTM5OTk5OTk5OTkwMDAwMzBWMBAGByqGSM49AgEG
BSuBBAAKA0IABNJTovHygOp6s7+HGRq+GtGWd0T2Biz0jnPftGw+O5ut8aQP2ZwU
Uw+GwwyYTL69rSgH3xGG9lIW+f8kYLiuA7KggecwgeQGCSqGSIb3DQEJDjGB1jCB
0zAhBgkrBgEEAYI3FAIEFAwSWkFUQ0EtQ29kZS1TaWduaW5nMIGtBgNVHREEgaUw
gaKkgZ8wgZwxOzA5BgNVBAQMMjEtVFNUfDItVFNUfDMtZWQyMmYxZDgtZTZhMi0x
MTE4LTliNTgtZDlhOGYxMWU0NDVmMR8wHQYKCZImiZPyLGQBAQwPMzk5OTk5OTk5
OTAwMDAzMQ0wCwYDVQQMDAQxMTAwMREwDwYDVQQaDAhSUlJEMjkyOTEaMBgGA1UE
DwwRU3VwcGx5IGFjdGl2aXRpZXMwCgYIKoZIzj0EAwIDRwAwRAIgE/npifmeXidR
oCYbBJ++fsKMItuLwnGOwRdgKRxHuzYCIDCDfNbpdTnM5wKbULBw79xznbn4KLYw
oXSlhh/RAEmC
-----END CERTIFICATE REQUEST-----

Note: I did get the CSID successfully previously.

            {
                "csr":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ0dUQ0NBYjhDQVFBd2RURUxNQWtHQTFVRUJoTUNVMEV4RmpBVUJnTlZCQXNNRFZKcGVXRmthQ0JDY21GdQpZMmd4SmpBa0JnTlZCQW9NSFUxaGVHbHRkVzBnVTNCbFpXUWdWR1ZqYUNCVGRYQndiSGtnVEZSRU1TWXdKQVlEClZRUUREQjFVVTFRdE9EZzJORE14TVRRMUxUTTVPVGs1T1RrNU9Ua3dNREF3TXpCV01CQUdCeXFHU000OUFnRUcKQlN1QkJBQUtBMElBQkhSVExvNnRuWFdqajhjUlcwbldSdjkzOGJRWnJNL2FoazJRZUtIYThsaGlMZlM5eG9FQgp4bSs2UVhBenBrbjA3U2ZSMTlCTCtyb1dzYkpHRUpTdnNiQ2dnZW93Z2VjR0NTcUdTSWIzRFFFSkRqR0IyVENCCjFqQWtCZ2tyQmdFRUFZb2ZGQUlFRnhNVlZGTlVXa0ZVUTBFdFEyOWtaUzFUYVdkdWFXNW5NSUd0QmdOVkhSRUUKZ2FVd2dhS2tnWjh3Z1p3eE96QTVCZ05WQkFRTU1qRXRWRk5VZkRJdFZGTlVmRE10WldReU1tWXhaRGd0WlRaaApNaTB4TVRFNExUbGlOVGd0WkRsaE9HWXhNV1UwTkRWbU1SOHdIUVlLQ1pJbWlaUHlMR1FCQVF3UE16azVPVGs1Ck9UazVPVEF3TURBek1RMHdDd1lEVlFRTURBUXhNVEF3TVJFd0R3WURWUVFhREFoU1VsSkVNamt5T1RFYU1CZ0cKQTFVRUR3d1JVM1Z3Y0d4NUlHRmpkR2wyYVhScFpYTXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdVWXA4V01JTQo4RVNBUlF2WTNQNE0zSWo3czc5bHBRUXRQKzlIM0JNK0F5Y0NJUUNXcnQ5VGE5Sk0yZWR6TXRWNXFWNE9seVBoCm1OaFpTUFBUTlY2TWxyUlJxQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=",
                "binarySecurityToken":"TUlJQ1BUQ0NBZU9nQXdJQkFnSUdBWk5KYWphZk1Bb0dDQ3FHU000OUJBTUNNQlV4RXpBUkJnTlZCQU1NQ21WSmJuWnZhV05wYm1jd0hoY05NalF4TVRJd01URTFNVFV5V2hjTk1qa3hNVEU1TWpFd01EQXdXakIxTVFzd0NRWURWUVFHRXdKVFFURVdNQlFHQTFVRUN3d05VbWw1WVdSb0lFSnlZVzVqYURFbU1DUUdBMVVFQ2d3ZFRXRjRhVzExYlNCVGNHVmxaQ0JVWldOb0lGTjFjSEJzZVNCTVZFUXhKakFrQmdOVkJBTU1IVlJUVkMwNE9EWTBNekV4TkRVdE16azVPVGs1T1RrNU9UQXdNREF6TUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUVkRk11anEyZGRhT1B4eEZiU2RaRy8zZnh0Qm1zejlxR1RaQjRvZHJ5V0dJdDlMM0dnUUhHYjdwQmNET21TZlR0SjlIWDBFdjZ1aGF4c2tZUWxLK3hzS09Cd1RDQnZqQU1CZ05WSFJNQkFmOEVBakFBTUlHdEJnTlZIUkVFZ2FVd2dhS2tnWjh3Z1p3eE96QTVCZ05WQkFRTU1qRXRWRk5VZkRJdFZGTlVmRE10WldReU1tWXhaRGd0WlRaaE1pMHhNVEU0TFRsaU5UZ3RaRGxoT0dZeE1XVTBORFZtTVI4d0hRWUtDWkltaVpQeUxHUUJBUXdQTXprNU9UazVPVGs1T1RBd01EQXpNUTB3Q3dZRFZRUU1EQVF4TVRBd01SRXdEd1lEVlFRYURBaFNVbEpFTWpreU9URWFNQmdHQTFVRUR3d1JVM1Z3Y0d4NUlHRmpkR2wyYVhScFpYTXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdGQUxkWWJkWlQ5aWJDQ3B3MUlON1JRQWJRVHN2N3pzbTErcG4xZDhOOHMwQ0lRQzVRa0J3OUt1Z3QrU0kyZUl6UnNMZHU1OTU0SUhOL1Q0cnNWaGZqNzNlY0E9PQ==",
                "dispositionMessage":"ISSUED",
                "requestID":1234567890123,
                "secret":"5Ti4+lQjS2U2acqTmuL+a5kkUswWVWv3HIqddUPVAC0=",
                "errors":null,
                "privateKeyContent":"MHQCAQEEINXO5e3fEwl\/bUXVUXUzX66de3GW77UyBlRrt0MK\/4EfoAcGBSuBBAAKoUQDQgAEdFMujq2ddaOPxxFbSdZG\/3fxtBmsz9qGTZB4odryWGIt9L3GgQHGb7pBcDOmSfTtJ9HX0Ev6uhaxskYQlK+xsA=="  
            }

What must I do to get rid of the errors? If I am not doing it wrong then please guide me.

Dear @mohdarafathossain

Thanks for your comprehensive clarification of what you are facing, please find the below response:

In order to resolve the pervious error, you need to decode the “binarySecurityToken” and replace it in the cert.pem file following this path in the SDK (zatca-einvoicing-sdk-238-R3.3.6\zatca-einvoicing-sdk-238-R3.3.6\Data\Certificates)
Additionally, replace the private key that generated along when you generate your CSR with the (ec-secp256k1-priv-key.pem) file following the same path.

After following the above solution, you need to sign the invoice with your CCSID and private key before validating it.

Kindly follow the suggested solution and let me know if you need any further support.

Thanks,
Ibrahem Daoud.

By this:

Are you referencing this section:

:black_circle: Adding the Private Key and Certificate:

  1. Replace Data/Certificates/ec-secp256k1-priv-key.pem with your private key using EC
    secp256k1 algorithm without header “-----BEGIN EC PRIVATE KEY-----” and footer “----
    -END EC PRIVATE KEY-----”
  2. Place yourCertificate generated by ZATCA into Data/Certificates/cert.pem without
    header, footer and without any new lines “\n”.
  3. Once done, now you can sign your xml invoice using your private key and matching it
    on validation with the zatca certificate.

of this doc:

zatca-einvoicing-sdk-238-R3.3.6/Readme/Java/readme.pdf

I will come back after doing this as I am confused about the next part that you mention:

The command I see in the same doc in the section Signing and Generating Invoice Hash:

fatoora -sign -invoice <filename> -signedInvoice <filename>

but I don’t see how to sign the invoice using CCSID and private key (using the command or steps in the documentation). Specificly where to put or use the CCSID and private key for Signing.

Dear @mohdarafathossain

Please follow the below steps:

{ “csr”:“LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ0dUQ0NBYjhDQVFBd2RURUxNQWtHQTFVRUJoTUNVMEV4RmpBVUJnTlZCQXNNRFZKcGVXRmthQ0JDY21GdQpZMmd4SmpBa0JnTlZCQW9NSFUxaGVHbHRkVzBnVTNCbFpXUWdWR1ZqYUNCVGRYQndiSGtnVEZSRU1TWXdKQVlEClZRUUREQjFVVTFRdE9EZzJORE14TVRRMUxUTTVPVGs1T1RrNU9Ua3dNREF3TXpCV01CQUdCeXFHU000OUFnRUcKQlN1QkJBQUtBMElBQkhSVExvNnRuWFdqajhjUlcwbldSdjkzOGJRWnJNL2FoazJRZUtIYThsaGlMZlM5eG9FQgp4bSs2UVhBenBrbjA3U2ZSMTlCTCtyb1dzYkpHRUpTdnNiQ2dnZW93Z2VjR0NTcUdTSWIzRFFFSkRqR0IyVENCCjFqQWtCZ2tyQmdFRUFZb2ZGQUlFRnhNVlZGTlVXa0ZVUTBFdFEyOWtaUzFUYVdkdWFXNW5NSUd0QmdOVkhSRUUKZ2FVd2dhS2tnWjh3Z1p3eE96QTVCZ05WQkFRTU1qRXRWRk5VZkRJdFZGTlVmRE10WldReU1tWXhaRGd0WlRaaApNaTB4TVRFNExUbGlOVGd0WkRsaE9HWXhNV1UwTkRWbU1SOHdIUVlLQ1pJbWlaUHlMR1FCQVF3UE16azVPVGs1Ck9UazVPVEF3TURBek1RMHdDd1lEVlFRTURBUXhNVEF3TVJFd0R3WURWUVFhREFoU1VsSkVNamt5T1RFYU1CZ0cKQTFVRUR3d1JVM1Z3Y0d4NUlHRmpkR2wyYVhScFpYTXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdVWXA4V01JTQo4RVNBUlF2WTNQNE0zSWo3czc5bHBRUXRQKzlIM0JNK0F5Y0NJUUNXcnQ5VGE5Sk0yZWR6TXRWNXFWNE9seVBoCm1OaFpTUFBUTlY2TWxyUlJxQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=”,
“binarySecurityToken”:“TUlJQ1BUQ0NBZU9nQXdJQkFnSUdBWk5KYWphZk1Bb0dDQ3FHU000OUJBTUNNQlV4RXpBUkJnTlZCQU1NQ21WSmJuWnZhV05wYm1jd0hoY05NalF4TVRJd01URTFNVFV5V2hjTk1qa3hNVEU1TWpFd01EQXdXakIxTVFzd0NRWURWUVFHRXdKVFFURVdNQlFHQTFVRUN3d05VbWw1WVdSb0lFSnlZVzVqYURFbU1DUUdBMVVFQ2d3ZFRXRjRhVzExYlNCVGNHVmxaQ0JVWldOb0lGTjFjSEJzZVNCTVZFUXhKakFrQmdOVkJBTU1IVlJUVkMwNE9EWTBNekV4TkRVdE16azVPVGs1T1RrNU9UQXdNREF6TUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUVkRk11anEyZGRhT1B4eEZiU2RaRy8zZnh0Qm1zejlxR1RaQjRvZHJ5V0dJdDlMM0dnUUhHYjdwQmNET21TZlR0SjlIWDBFdjZ1aGF4c2tZUWxLK3hzS09Cd1RDQnZqQU1CZ05WSFJNQkFmOEVBakFBTUlHdEJnTlZIUkVFZ2FVd2dhS2tnWjh3Z1p3eE96QTVCZ05WQkFRTU1qRXRWRk5VZkRJdFZGTlVmRE10WldReU1tWXhaRGd0WlRaaE1pMHhNVEU0TFRsaU5UZ3RaRGxoT0dZeE1XVTBORFZtTVI4d0hRWUtDWkltaVpQeUxHUUJBUXdQTXprNU9UazVPVGs1T1RBd01EQXpNUTB3Q3dZRFZRUU1EQVF4TVRBd01SRXdEd1lEVlFRYURBaFNVbEpFTWpreU9URWFNQmdHQTFVRUR3d1JVM1Z3Y0d4NUlHRmpkR2wyYVhScFpYTXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdGQUxkWWJkWlQ5aWJDQ3B3MUlON1JRQWJRVHN2N3pzbTErcG4xZDhOOHMwQ0lRQzVRa0J3OUt1Z3QrU0kyZUl6UnNMZHU1OTU0SUhOL1Q0cnNWaGZqNzNlY0E9PQ==”,
“dispositionMessage”:“ISSUED”,
“requestID”:1234567890123,
“secret”:“5Ti4+lQjS2U2acqTmuL+a5kkUswWVWv3HIqddUPVAC0=”,
“errors”:null,
“privateKeyContent”:“MHQCAQEEINXO5e3fEwl/bUXVUXUzX66de3GW77UyBlRrt0MK/4EfoAcGBSuBBAAKoUQDQgAEdFMujq2ddaOPxxFbSdZG/3fxtBmsz9qGTZB4odryWGIt9L3GgQHGb7pBcDOmSfTtJ9HX0Ev6uhaxskYQlK+xsA==”
}
From this response you need to do the following:
1- Decode binarySecurityToken base64, replace it with cert.pem file in the SDK following this path (zatca-einvoicing-sdk-238-R3.3.6\zatca-einvoicing-sdk-238-R3.3.6\Data\Certificates).

2- When you generate the CSR you must received the private key along with the CSR, here comes the second step to replace the private key with the (ec-secp256k1-priv-key.pem) file in the same directory for cert.pem

3- select the invoice you want to sign from the sample you can follow the samples path in the SDK (zatca-einvoicing-sdk-238-R3.3.6\zatca-einvoicing-sdk-238-R3.3.6\Data\Samples\Simplified\Invoice).

4- Open the invoice that you want to sign, and ensure that (cbc:CompanyID) tag under the (cac:AccountingSupplierParty) in the XML match the same VAT, If not replace it with your VAT, and save the changes.

5- Open the CLI from the same directory for the invoice you want to sign.

6- Using the command (fatoora -sign -invoice “the invoice you want to sign”), This command will generate a new signed XML in the same directory.

7- Validate the signed XML using this command (fatoora -validate -invoice “the signed XML”)

After following the previous steps, the SIGNATURE error will disappear, and the validation process will pass successfully.

I hope it’s clear enough now, for any further support do not hesitate to reach out our support team via below mail.

SP support mail: sp_support@zatca.gov.sa

Thanks,
Ibrahem Daoud.

Thank you! You were extremely helpful. I understood the flow. It is working as expected.

1 Like