您好我正在寻找答案为什么SignedProperties Reference中的DigestValue不正确。我尝试以每一种方式消化元素,我找到了示例或文档。
这是我的签名文件(我签署了证书详情):
<?xml version="1.0" encoding="UTF-8"?>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="#Signature-1919784195">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference Id="Reference1-1552126515" URI="test.zip">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>s+zv7GDSuBlZ8PhyI9SAjP6eDlI=</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="SignedProperties-Reference-1552126515" Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties-1552126515">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>guKwI4aww2EUnGl1toBMSIZOPkk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>m0by6gzpBeBXCvKlsr6cknRCVFPLZ+q+MuMgSz1X6sBS2b93AykpqJA6la1lliqcp+0kp6JPhq9q
igruA7bu/OEOWIn3peUdodkeD1DkrjukOijNwDoJp1c1ssqD/2aKQkCQn9XaRtEnXVtc6jXLBUf+
llJKEUjWBeWoGEKCcbnLw+xl6aqPFntvQC5pR8nYU1pdQizTIOr8uWBgP18B8F8exyGvaJbS6MxK
DaiYpQay31gOBgyaM6jtkAhBP0wkDxFDd15DNlbKF0LYiGz7z0e37Ai4nS/Ae7081a6F5JuOxUJA
gJuUqkgoX6QSxs3BB4Eszu/1kq8JDiMc8q8ucw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>TEST</ds:X509IssuerName>
<ds:X509SerialNumber>0000</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509SubjectName>TEST</ds:X509SubjectName>
<ds:X509Certificate>Mf6nW1fbhMdhSfKZnykvaG6sebhrE1tYAfShErijYxQd+qA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object Id="QualifyingInfos">
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#Signature-1919784195">
<xades:SignedProperties Id="SignedProperties-1552126515">
<xades:SignedSignatureProperties>
<xades:SigningTime>2015-05-29T13:14:043Z</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>NlFeJOqtZcEqMYgCBWN46qG1V5g=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>TEST</ds:X509IssuerName>
<ds:X509SerialNumber>00000</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
<xades:SignedDataObjectProperties>
<xades:DataObjectFormat ObjectReference="Reference1-1552126515">
<xades:Description>MIME-Version: 1.0 Content-Type: application/zip Content-Transfer-Encoding: binary Content-Disposition: filename="test.zip"</xades:Description>
<xades:MimeType>application/zip</xades:MimeType>
</xades:DataObjectFormat>
</xades:SignedDataObjectProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
这是用于生成签名文件的代码:
DigestMethod dm = fac.newDigestMethod(DigestMethod.SHA1, null);
CanonicalizationMethod cn = fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,(C14NMethodParameterSpec) null);
List<Reference> refs = new ArrayList<Reference>();
Reference ref1 = fac.newReference(pathName, dm,null,null,signedRefID,messageDigest2.digest(datax));
refs.add(ref1);
Canonicalizer cn14 = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS);
byte[] canon;
canon = cn14.canonicalizeSubtree(SPElement);
Reference ref2 = fac.newReference("#"+signedPropID,dm, null , sigProp , signedPropRefID,messageDigest2.digest(canon));
refs.add(ref2);
SignatureMethod sm = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
SignedInfo si = fac.newSignedInfo(cn, sm, refs);
XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
signature.sign(dsc);
当我签署XAdES封套时,一切正常。 有人解决这样的问题吗? 这个封圣是正确的吗? 我将非常感谢你的帮助或建议。