XAdES-BES分离SignedProperties引用错误的DigestValue(Java)

时间:2015-06-02 13:02:58

标签: java digital-signature digital-certificate canonicalization

您好我正在寻找答案为什么SignedProperties Reference中的DigestValue不正确。我尝试以每一种方式消化元素,我找到了示例或文档。

这是我的签名文件(我签署了证书详情):

<?xml version="1.0" encoding="UTF-8"?>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="#Signature-1919784195">
   <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference Id="Reference1-1552126515" URI="test.zip">
         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
         <ds:DigestValue>s+zv7GDSuBlZ8PhyI9SAjP6eDlI=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference Id="SignedProperties-Reference-1552126515" Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties-1552126515">
         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
         <ds:DigestValue>guKwI4aww2EUnGl1toBMSIZOPkk=</ds:DigestValue>
      </ds:Reference>
   </ds:SignedInfo>
   <ds:SignatureValue>m0by6gzpBeBXCvKlsr6cknRCVFPLZ+q+MuMgSz1X6sBS2b93AykpqJA6la1lliqcp+0kp6JPhq9q
igruA7bu/OEOWIn3peUdodkeD1DkrjukOijNwDoJp1c1ssqD/2aKQkCQn9XaRtEnXVtc6jXLBUf+
llJKEUjWBeWoGEKCcbnLw+xl6aqPFntvQC5pR8nYU1pdQizTIOr8uWBgP18B8F8exyGvaJbS6MxK
DaiYpQay31gOBgyaM6jtkAhBP0wkDxFDd15DNlbKF0LYiGz7z0e37Ai4nS/Ae7081a6F5JuOxUJA
gJuUqkgoX6QSxs3BB4Eszu/1kq8JDiMc8q8ucw==</ds:SignatureValue>
   <ds:KeyInfo>
      <ds:X509Data>
         <ds:X509IssuerSerial>
            <ds:X509IssuerName>TEST</ds:X509IssuerName>
            <ds:X509SerialNumber>0000</ds:X509SerialNumber>
         </ds:X509IssuerSerial>
         <ds:X509SubjectName>TEST</ds:X509SubjectName>
         <ds:X509Certificate>Mf6nW1fbhMdhSfKZnykvaG6sebhrE1tYAfShErijYxQd+qA==</ds:X509Certificate>
      </ds:X509Data>
   </ds:KeyInfo>
   <ds:Object Id="QualifyingInfos">
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#Signature-1919784195">
         <xades:SignedProperties Id="SignedProperties-1552126515">
            <xades:SignedSignatureProperties>
               <xades:SigningTime>2015-05-29T13:14:043Z</xades:SigningTime>
               <xades:SigningCertificate>
                  <xades:Cert>
                     <xades:CertDigest>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>NlFeJOqtZcEqMYgCBWN46qG1V5g=</ds:DigestValue>
                     </xades:CertDigest>
                     <xades:IssuerSerial>
                        <ds:X509IssuerName>TEST</ds:X509IssuerName>
                        <ds:X509SerialNumber>00000</ds:X509SerialNumber>
                     </xades:IssuerSerial>
                  </xades:Cert>
               </xades:SigningCertificate>
            </xades:SignedSignatureProperties>
            <xades:SignedDataObjectProperties>
               <xades:DataObjectFormat ObjectReference="Reference1-1552126515">
                  <xades:Description>MIME-Version: 1.0 Content-Type: application/zip Content-Transfer-Encoding: binary Content-Disposition: filename="test.zip"</xades:Description>
                  <xades:MimeType>application/zip</xades:MimeType>
               </xades:DataObjectFormat>
            </xades:SignedDataObjectProperties>
         </xades:SignedProperties>
      </xades:QualifyingProperties>
   </ds:Object>
</ds:Signature>

这是用于生成签名文件的代码:

        DigestMethod dm = fac.newDigestMethod(DigestMethod.SHA1, null);
        CanonicalizationMethod cn = fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,(C14NMethodParameterSpec) null);

        List<Reference> refs = new ArrayList<Reference>();
        Reference ref1 = fac.newReference(pathName, dm,null,null,signedRefID,messageDigest2.digest(datax));
        refs.add(ref1);

        Canonicalizer cn14 = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS);
        byte[] canon;
        canon = cn14.canonicalizeSubtree(SPElement);
        Reference ref2 = fac.newReference("#"+signedPropID,dm, null , sigProp , signedPropRefID,messageDigest2.digest(canon));
        refs.add(ref2);

        SignatureMethod sm = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
        SignedInfo si = fac.newSignedInfo(cn, sm, refs);

        XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);

        signature.sign(dsc);

当我签署XAdES封套时,一切正常。 有人解决这样的问题吗? 这个封圣是正确的吗? 我将非常感谢你的帮助或建议。

0 个答案:

没有答案