带x509证书的XML签名

时间:2015-01-09 19:43:26

标签: java xml digital-signature x509certificate

我正在尝试生成一个用证书签名的xml x509,以包含以下结构:

<SolicitudRegistro xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.cidge.gob.mx/SCG/Interoperabilidad"
    IdMensaje="8bc49f54-0c70-4697-a140-778aed5cbb6b">
    <FechaEnvio>2012-11-13T15:00:38.9893941-06:00</FechaEnvio>
    <Registrante URI="http://www.cmm.gob.mx" Nombre="Casa de Moneda de México" NombreCorto="CMM" EndPoint="https://srvgestionv.cmm.gob.mx/SACG/Service/ServiceCMM.svc">
        <DatosDeContacto Nombre="Alexandra Del Carmen Morales Bernal" Puesto="Jefe De Proyectos" CorreoElectronico="amorales@cmm.gob.mx" AreaOficina="GERENCIA DE INFORMATICA">
            <Telefonos>
                <Telefono NumeroTelefonico="8346000" Extension="3705" />
            </Telefonos>
        </DatosDeContacto>
        <CertificadoInstancia>MIIE8TCCA9mgA...</CertificadoInstancia>
    </Registrante>
    <Reto>
        <CadenaCifrada>NNhhkdKpvAlES... </CadenaCifrada>
    </Reto>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                        <XPath>ancestor-or-self::*[local-name()='SolicitudRegistro']</XPath>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>brbDI25898iSk7FM1fDNkqt2a/Q=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>Mg/kya5zFOv9f2vKp92GK...</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIIE8TCCA9mgA...</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</SolicitudRegistro>

签名前的流派xml如下:

<SolicitudRegistro xmlns="http://www.cidge.gob.mx/SCG/Interoperabilidad" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    IdMensaje="05d94d58-8fb8-4035-ada3-2f346b5ecfc4">
    <FechaEnvio>2015-01-09T13:22:27.293-06:00</FechaEnvio>
    <Registrante EndPoint="http://www.test.com" Nombre="Nombre" NombreCorto="Nombre" URI="http://www.test2.com">
        <DatosDeContacto AreaOficina="Area" CorreoElectronico="amorales@test.com" Nombre="Nombre" Puesto="Jefe">
            <Telefonos>
                <Telefono Extension="2458" NumeroTelefonico="01-722-21234567" />
            </Telefonos>
        </DatosDeContacto>
        <CertificadoInstancia>MIIFaTCCBFGgAw...</CertificadoInstancia>
    </Registrante>
    <Reto>
        <CadenaCifrada>aSf8OOhQ3/zeSh6q2P2...</CadenaCifrada>
    </Reto>
</SolicitudRegistro>

执行xml符号的方法如下:

public String generarFirmaDigital(Document docXML, PrivateKey privateKey, X509Certificate x509C, String XPathFilter) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, KeyException, TransformerException {

        // Creamos XML Signature Factory

        XMLSignatureFactory xmlSigFactory = XMLSignatureFactory.getInstance("DOM");
        DOMSignContext domSignCtx = new DOMSignContext(privateKey, docXML.getDocumentElement());
        Reference ref = null;
        SignedInfo signedInfo = null;

        // Transformadores

        List<Transform> transforms = new ArrayList<Transform>();
        transforms.add(xmlSigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
        transforms.add(xmlSigFactory.newTransform(Transform.XPATH, new XPathFilterParameterSpec("ancestor-or-self::*[local-name()='" + XPathFilter + "']")));

        try {

            ref = xmlSigFactory.newReference("", xmlSigFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null);
            signedInfo = xmlSigFactory.newSignedInfo(xmlSigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), xmlSigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));

        } catch (NoSuchAlgorithmException ex) {
            ex.printStackTrace();
        } catch (InvalidAlgorithmParameterException ex) {
            ex.printStackTrace();
        }

        // Pasamos la llave publica (.cer)

        KeyInfoFactory kif = xmlSigFactory.getKeyInfoFactory();
        List<X509Certificate> x509Content = new ArrayList<X509Certificate>();
        x509Content.add(x509C);
        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

        // Creamos un nuevo XML Signature

        XMLSignature xmlSignature = xmlSigFactory.newXMLSignature(signedInfo, ki);

        // Firmamos el documento

        try {           
            xmlSignature.sign(domSignCtx);
        } catch (MarshalException ex) {
            ex.printStackTrace();
        } catch (XMLSignatureException ex) {
            ex.printStackTrace();
        }

        // Grabamos el documento firmado

        return UtilXML.docToString(docXML);
    }

这会生成以下与我需要的示例不对应的xml:

<SolicitudRegistro xmlns="http://www.cidge.gob.mx/SCG/Interoperabilidad" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    IdMensaje="05d94d58-8fb8-4035-ada3-2f346b5ecfc4">
    <FechaEnvio xmlns="">2015-01-09T13:22:27.293-06:00</FechaEnvio>
    <Registrante xmlns="" EndPoint="http://www.test.com" Nombre="Nombre" NombreCorto="Nombre" URI="http://www.test2.com">
        <DatosDeContacto AreaOficina="Area" CorreoElectronico="amorales@test.com" Nombre="Nombre" Puesto="Jefe" xmlns="">
            <Telefonos xmlns="">
                <Telefono Extension="2458" NumeroTelefonico="01-722-2123456" xmlns="" />
            </Telefonos>
        </DatosDeContacto>
        <CertificadoInstancia xmlns="">MIIFaTCCBFGgAw...</CertificadoInstancia>
    </Registrante>
    <Reto xmlns="">
        <CadenaCifrada xmlns="">aSf8OOhQ3/ze...</CadenaCifrada>
    </Reto>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#" />
            <Reference URI="" xmlns="http://www.w3.org/2000/09/xmldsig#">
                <Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns="http://www.w3.org/2000/09/xmldsig#" />
                    <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116" xmlns="http://www.w3.org/2000/09/xmldsig#">
                        <XPath xmlns="http://www.w3.org/2000/09/xmldsig#">ancestor-or-self::*[local-name()='SolicitudRegistro']</XPath>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#" />
                <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">2veicqxKM8QBTEJh4Un9J71d1ng=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">Cajc8jW6umgUdfSUs9IQ4a8CF4kOEbe+bNhxx2/1xlz5WEIWq5DO1nMizcI7XG2vXRgDDGJFL5bd
            XzFYzi4qcSy860+6/u1oS/PI/Co3JyuJeTSh38eeoNgrDTXmLpzxIqCyzfJB0o9665Bz4p3PIFmN QjGXAjjPpq/mf8vZfMs=
        </SignatureValue>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIFaTCCBFGgAw...</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</SolicitudRegistro>

第一个细节是重复xmlns =“”属性,并且Signature中的xmlns =“http://www.w3.org/2000/09/xmldsig#”也重复了。

有任何帮助吗? 感谢。

0 个答案:

没有答案
相关问题
最新问题