在签署XML文档时将名称空间添加到SignedInfo节点

时间:2018-10-23 23:43:43

标签: java xml security digital-signature xml-signature

我正在签署XML文档,并且一切正常,但是他们拒绝了该文档,因为他们告诉我SignedInfo节点不包含名称空间作为属性,这是我所获得的带有SignedInfo节点的XML

<?xml version="1.0" encoding="UTF-8"?>
<Cancelacion xmlns="http://cancelacfd.sat.gob.mx" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" Fecha="2018-10-23T17:35:34" RfcEmisor="UFR9909228Z9">

<Folios>
<UUID>6A060FA2-CB85-4AEA-A75A-278FFE50B090</UUID>
</Folios>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo >

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>nPQPle8XKLA88xuGNMsdWzTqFeE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>gcqzyUnesstrdS96ch8+kbdt8W9k9N0krvMCe/zBPObAtEucd3Ry8trO39uMGhzHj3Vx4nZPmuazhrkVaEJ+0pcnl52WERSstszDGhTjXNDZHgZPLjCKyDxwdH4u3G1b8hHkD7LOlCfcdDveEFc0ChH473+pZE+YE6UMGOwi7KlozYTosKrMbg8QEZ7bB1J4tg8REg2Q0G2yY06MnpxvXlyZN4I1tStzUEE0VntszVq6z3mqRQsOGKbw6BKxeuLaXwl3u5QiDJMRiZXD2KLSbr7BitUXcnZofWHek9GhPmzClK9v8fpdlOI8pomYFHjcAqSniZlTH+iBb3xMdlWPsA==</SignatureValue>
<KeyInfo>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>OID.1.2.840.113549.1.9.2=Responsable: Administración Central de Servicios Tributarios al Contribuyente, OID.2.5.4.45=SAT970701NN3, L=Cuauhtémoc, ST=Distrito Federal, C=MX, OID.2.5.4.17=06300, STREET="Av. Hidalgo 77, Col. Guerrero", EMAILADDRESS=acods@sat.gob.mx, OU=Administración de Seguridad de la Información, O=Servicio de Administración Tributaria, CN=A.C. del Servicio de Administración Tributaria</X509IssuerName>
<X509SerialNumber>275106190557734483187066766810932856999912748337</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MIIGRjCCBC6gAwIBAgIUMDAwMDEwMDAwMDA0MDIxMzkxNTEwDQYJKoZIhvcNAQELBQAwggGyMTgwNgYDVQQDDC9BLkMuIGRlbCBTZXJ2aWNpbyBkZSBBZG1pbmlzdHJhY2nDs24gVHJpYnV0YXJpYTEvMC0GA1UECgwmU2VydmljaW8gZGUgQWRtaW5pc3RyYWNpw7NuIFRyaWJ1dGFyaWExODA2BgNVBAsML0FkbWluaXN0cmFjacOzbiBkZSBTZWd1cmlkYWQgZGUgbGEgSW5mb3JtYWNpw7NuMR8wHQYJKoZIhvcNAQkBFhBhY29kc0BzYXQuZ29iLm14MSYwJAYDVQQJDB1Bdi4gSGlkYWxnbyA3NywgQ29sLiBHdWVycmVybzEOMAwGA1UEEQwFMDYzMDAxCzAJBgNVBAYTAk1YMRkwFwYDVQQIDBBEaXN0cml0byBGZWRlcmFsMRQwEgYDVQQHDAtDdWF1aHTDqW1vYzEVMBMGA1UELRMMU0FUOTcwNzAxTk4zMV0wWwYJKoZIhvcNAQkCDE5SZXNwb25zYWJsZTogQWRtaW5pc3RyYWNpw7NuIENlbnRyYWwgZGUgU2VydmljaW9zIFRyaWJ1dGFyaW9zIGFsIENvbnRyaWJ1eWVudGUwHhcNMTYwNDIwMTUyMjQzWhcNMjAwNDIwMTUyMjQzWjCB5jEoMCYGA1UEAxMfVU5JVkVSU08gREUgRlJBR0FOQ0lBUyBTQSBERSBDVjEoMCYGA1UEKRMfVU5JVkVSU08gREUgRlJBR0FOQ0lBUyBTQSBERSBDVjEoMCYGA1UEChMfVU5JVkVSU08gREUgRlJBR0FOQ0lBUyBTQSBERSBDVjElMCMGA1UELRMcVUZSOTkwOTIyOFo5IC8gWUFQRTU0MDcxMlRMMDEeMBwGA1UEBRMVIC8gWUFQRTU0MDcxMk1ORUJSTTAzMR8wHQYDVQQLExZVTklWRVJTTyBERSBGUkFHQU5DSUFTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTNpJ1jftQoWSnVS028DCny3uQyQqaLAm0cPHrM2plnAPHA+7LYBoig3+RyObjM0AM+CKJepqyJm03VsuwrrHVeFQox7P5A513124o+qWqeQFcftV31iHzzhloZoF4U8RSvt4yOc8W/RGsRQUdVN0h5Nd+bN4IOdY1vT6mQW7LoPPwuQGXwGtrqpwaHVvO//wimEjca0t9VYf5MrP21+P5iKLoxXxyKS2rsZMgyG1QBsW/Rr2IpwPtNsUfqb8atv8APeqsFPTHgsm31n+xiP+0P1s7dbSiboYW04ny9MzkeJSAz/4bpVrfPUrRoRTVXTJYb3mpsNy8LJcN//DvpmTQIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAgEAJszSReWEYl/g97nMfbuBSG47yrX1QB+ddLm1s8NmxLvQYeI8jf+9AzJovJyMA3epc2CoJtmS88/9QVGqfpdSO27YG22N6tI51U70Nc7He3jk/dfXB5w0E/fu/9x4O26a4Nrbie0XWZj/XiWaOxBY+HmrKiaJnNdHtm7uCHtw1coRpYkOP/3mryIhMs+vEFGleGNnt1//SZ3iM125TmJO6lCCxjukfJBbwVSOhk8/TGOyBdBcSbBVht2axv1sHGDZ73SYj66tV3Nv1NSaMLLI368+6cYNpwWpWacGghGJfAV5G63jp1nXtwJAWnxwvlrBt0I8OMJz+uLOeeABI7M14a3sap02FKqdTV6hIQfzCBjn07o3qUO+DUhy3fZRRHribKcp5/p+vBn+6xyik0JBoowayLa2ZYI+7cgVu5SIWwj0S5R6SAUwrvKZHRIP7g2CYWLlgMVrOCilSNer+MK4VrGYPlplitJFW/bQJdzAIzfrPWCZroeDPC/362shOSJVIic0wEaeZaTDHnCl8UG2Z6Y3XkyKWu8ddKx4Nn/5o7Kn0o0g0xg7j1T03asbzOpyE0IkpIcS+Fd6t8eQXBMLGEBgZdG19BaDViQ3exuCd3Z1PziMlavzmphRwEsOmfvzi/4xkgjVBnxcZL/PmqGQpYK04o4VeEVsPPRMMxLsqmo=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Cancelacion>

他们提供给我的示例文档如下

<?xml version="1.0" encoding="utf-8"?>
<Cancelacion xmlns="http://cancelacfd.sat.gob.mx" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Fecha="2017-06-28T18:49:15" RfcEmisor="XXXXXXXXXXXX">
<Folios>
<UUID>037A26FB-XXXX-4865-XXXX-4FCA9A051B38</UUID>
</Folios>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>uj49AdMRF4BGqGU/XVuE8eFn68w=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>m8I4zYXuHGV6H5Rw4qUSQXZk29jShpu1wn+0WBeFbwNDwMLBGedF/dfxQp6UrNeQIcmANAXH6OHeR52zBf6ymUo9fph6NCZzOlWYDyCUuhfprxq4A93XHHIOfbDbIeINGGFwyiCD/hsK5SRmy6xnPDjamPVao4y9DDK1XkeXylHPVUyrmFNiGTSpNr1M7EDTZNNZQktXduBoVTQaXTMGfoK3jksJc0awjiOrYLZrW8NNVeF97lqAWpQjQe4EM4jfGM8s9FF10mFU8i7GfWK8JSr5PZKCZDEl1n7zjH9JtgTVntZ41aJi+Y4iFCRggbACoPJjN+uixGSnHYVqKPNV+A==</SignatureValue>
<KeyInfo>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>C

</X509IssuerName>
    <X509SerialNumber>286524172099382162235533054548081509963387843123</X509SerialNumber>
    </X509IssuerSerial>
    <X509Certificate>MIIF4jCCA8qgAwIBAgIUMjAwMDEwMDAwMDAzMDAwMjIzMjMwDQYJKoZIhvcNAQELBQAwggFmMSAwHgYDVQQDDBdBLkMuIDIgZGUgcHJ1ZWJhcyg0MDk2KTEvMC0GA1UECgwmU2VydmljaW8gZGUgQWRtaW5pc3RyYWNpw7NuIFRyaWJ1dGFyaWExODA2BgNVBAsML0FkbWluaXN0cmFjacOzbiBkZSBTZWd1cmlkYWQgZGUgbGEgSW5mb3JtYWNpw7NuMSkwJwYJKoZIhvcNAQkBFhphc2lzbmV0QHBydWViYXMuc2F0LmdvYi5teDEmMCQGA1UECQwdQXYuIEhpZGFsZ28gNzcsIENvbC4gR3VlcnJlcm8xDjAMBgNVBBEMBTA2MzAwMQswCQYDVQQGEwJNWDEZMBcGA1UECAwQRGlzdHJpdG8gRmVkZXJhbDESMBAGA1UEBwwJQ295b2Fjw6FuMRUwEwYDVQQtEwxTQVQ5NzA3MDFOTjMxITAfBgkqhkiG9w0BCQIMElJlc3BvbnNhYmxlOiBBQ0RNQTAeFw0xNjA3MjkyMzE1MzJaFw0yMDA3MjkyMzE1MzJaMIHOMSIwIAYDVQQDExlBWlVMIFNJTiBMSU1JVEVTIFNBIERFIENWMSIwIAYDVQQpExlBWlVMIFNJTiBMSU1JVEVTIFNBIERFIENWMSIwIAYDVQQKExlBWlVMIFNJTiBMSU1JVEVTIFNBIERFIENWMSUwIwYDVQQtExxEQUwwNTA2MDFMMzUgLyBGVUFCNzcwMTE3QlhBMR4wHAYDVQQFExUgLyBGVUFCNzcwMTE3TURGUk5OMDkxGTAXBgNVBAsUEFBBQyBDRkRJX1BSVUVCQVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuhhm16MtcFTmOaqVJiK4rb4Dyt+wTV23JCo5UcVmvUJnJlSaNWau7dbW4PQaBsxLLu2HDVCJ+X0GxsWo3Z+kJ/28yEu6k+WNGyYBFZy0APNzXkEH7fAKNKiInJ7gGyyWHHzeurUfP7XyTI9JOQoM+xXDxJu2LkIU/T8vaaXRlWzVQiMIT2Rx4CsZ5/lqsTZmvOq/QuDZo0KHj1jN66KC3AATF2Aq+Xnlswrkhtd7zt4fh/3wVS9NEYxeDtHtctwQTUeHwl7Ji3VA7qD/pPZ48Sb6QAun6HZTx4zX8s3t4j5yz/30t3mBsAX/CqbON5rhQs8nGVyRNjswVCM2Y7ILvAgMBAAGjHTAbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMA0GCSqGSIb3DQEBCwUAA4ICAQADLbB3nGXh5g+vqDiuMtzay7MtOrquzr7S+tZbi0SleNx5yjnqBvZB+iQg4V67hsQG/SfOFuFW0of1tYSTztXQCJKcTqZgAsvX6JaPf3hcVfxgY1KMZYsP8siFkpL8RY0oBcEFKoOWpFH08xRO+mADl1xJV7t8E20+ytPvixK5vJqgoeN2gKYihsde7DD8imEU3M3IWbLqdqF9B1zZDFHcVyY86Db7D/HeTMF5RgC5waYLNk+ymD1z65M0SaRYTMUKbfiZq7SZ0gSILzuZd0jXdatT3lpoV+79VPmdlSnc/wZzArohoW07CkvpXM+reWdIDRSOGJU5AxlH+dO18z8dbTFvKJlHn4JEJwV3VP61gvn5bGpgf2njkM1TmJTibNOJHMq6bTnrKKhCXg9aetA78OgJeIzDtqTEhSNayMZL3ELRIJkuEOn+R3vu/3au0NpXz2RuOY2W8/7RAsR2seN6W+KAd2G3PscgtHMHURi8394CxlkJ4tThfq+NEVTwowmoSRMN4wsOeCQOize2Cj/nSyX3s++XcQ2pF41HJ2F8Ici4VBZBjpp7kvMdRpLvezpxXkIaYH8nr4Qqy6I4Hn2//xHlQGd3FrQ+8e4NYjCPF9y9ulIrmrLSmy4UCt/igZgg6nbvK2XiyIGegLDXJzpBHcfMGga4HtCGmWmpDh+HJg==</X509Certificate>
    </X509Data>
    </KeyInfo>
    </Signature>
    </Cancelacion>

他们对我的区别是:

错误节点:<SignedInfo>

期望的节点(带有名称空间):<SignedInfo xmlns = "http://www.w3.org/2000/09/xmldsig#" xmlns: xsd = "http://www.w3.org/2001/XMLSchema" xmlns: xsi = "http: // www.w3.org/2001/XMLSchema-instance ">

我的签名流程:

private String sign(String xml, KeyStore.PrivateKeyEntry privateKeyEntry) {
        String xmlCancelacion = null;
        try {
            Init.init();
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
            // Create a Reference to an external URI that will be digested
            // using the SHA1 digest algorithm
            Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),
                    Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),
                    null, null);
            // Create the SignedInfo
            SignedInfo si = fac.newSignedInfo(
                   fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
                    fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                    Collections.singletonList(ref));
            X509Certificate cert = (X509Certificate) privateKeyEntry.getCertificate();
            KeyInfoFactory kif = fac.getKeyInfoFactory();
            X509IssuerSerial issuerSerial = kif.newX509IssuerSerial(cert.getIssuerDN().getName(), cert.getSerialNumber());
            List<Object> x509DataContent = new ArrayList<>();
           // if (ambiente().equalsIgnoreCase("P")) {
                x509DataContent.add(issuerSerial);
            //}
            x509DataContent.add(cert);
            X509Data x509data = kif.newX509Data(x509DataContent);
            KeyValue keyValue = kif.newKeyValue(cert.getPublicKey());
            List<Object> keyInfoContent = new ArrayList<>();
            keyInfoContent.add(x509data);
            //keyInfoContent.add(keyValue);
            KeyInfo ki = kif.newKeyInfo(keyInfoContent);
            // Create the XMLSignature (but don't sign it yet)
            XMLSignature signature = fac.newXMLSignature(si, ki);
            // Create the Document that will hold the resulting XMLSignature
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true); // must be set
            org.w3c.dom.Document doc = dbf.newDocumentBuilder().parse(new InputSource(new StringReader(xml)));
            DOMSignContext signContext = new DOMSignContext(privateKeyEntry.getPrivateKey(), doc.getDocumentElement());
            signContext.setNextSibling(doc.getDocumentElement().getNextSibling());
            signature.sign(signContext);
            signature.getSignatureValue();
            TransformerFactory tf = TransformerFactory.newInstance();
            Transformer transformer = tf.newTransformer();
            transformer.setOutputProperty(OutputKeys.METHOD, "xml");
            StringWriter writer = new StringWriter();
            transformer.transform(new DOMSource(doc), new StreamResult(writer));
            xmlCancelacion = writer.getBuffer().toString().replaceAll("\n|\r", "");
        } catch (ParserConfigurationException | SAXException | IOException | KeyException | NoSuchAlgorithmException | InvalidAlgorithmParameterException | MarshalException | XMLSignatureException ex) {
            Logger.getLogger(TimbradoCFDICarvajal33.class.getName()).log(Level.SEVERE, null, ex);
        } catch (TransformerConfigurationException ex) {
            Logger.getLogger(TimbradoCFDICarvajal33.class.getName()).log(Level.SEVERE, null, ex);
        } catch (TransformerException ex) {
            Logger.getLogger(TimbradoCFDICarvajal33.class.getName()).log(Level.SEVERE, null, ex);
        }
        return xmlCancelacion;
    }

在过程的哪一部分中,我可以添加代码以按要求显示名称空间,因为如果在签名后不能正确验证签名,则添加它们

0 个答案:

没有答案