我正在使用此代码尝试使用签名xades-bes来签名xml:
// open file
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = null;
builder = factory.newDocumentBuilder();
Document doc1 = builder.parse(new File(xmlInPath));
Element elemToSign = doc1.getDocumentElement();
DOMHelper.useIdAsXmlId(elemToSign);
kp = new FileSystemKeyStoreKeyingDataProvider("pkcs12", keyPath, new
FirstCertificateSelector(),
new DirectPasswordProvider(password), new
DirectPasswordProvider(password), true);
DataObjectDesc obj = new
DataObjectReference("#DatosEmision").withTransform(new
EnvelopedSignatureTransform());
SignedDataObjects dataObjs = new
SignedDataObjects().withSignedDataObject(obj);
XadesSigningProfile p = new XadesBesSigningProfile(kp);
XadesSigner signer = p.newSigner();
signer.sign(dataObjs, elemToSign);
这将返回错误,指出找不到ID:
xades4j.XAdES4jXMLSigException: Cannot resolve element with ID DatosEmision
at xades4j.production.SignerBES.sign(SignerBES.java:277)
at xades4j.production.SignerBES.sign(SignerBES.java:130)
at xadessignergt.Signer.sign(Signer.java:63)
at xadessignergt.Cli.main(Cli.java:24)
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException:
Cannot resolve element with ID DatosEmision
提前感谢您的帮助
答案 0 :(得分:0)
是的,问题是根本的,我确实解决了,但是我仍然缺少其他东西,xml结果是在“ object”节点上添加了两个“ certdigest”,而您只需要添加第一个,即以下一个
<xades: Cert>
<xades: CertDigest>
<ds: DigestMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#sha256" />
<ds: DigestValue> bCkfbDWoqt1XCDnbu0uunEXhNYQTgwmA3kvi69fnBKI = </ ds: DigestValue>
</ xades: CertDigest>
<xades: IssuerSerial>
<ds: X509IssuerName> c = GT, o = SAT, cn = FEL </ ds: X509IssuerName>
<ds: X509SerialNumber> 2184761958499123161 </ ds: X509SerialNumber>
</ xades: IssuerSerial>
</ xades: Cert>
不应该。
我将代码和签名的xml部分传递给您,其中您看到了我需要更正的对象:
java代码:
XadesSigningProfile p = new
XadesBesSigningProfile(kp);//.withBasicSignatureOptions(new
BasicSignatureOptions().includeSigningCertificate(SigningCertificateMode.NONE));
XadesSigner signer = p.newSigner();
DataObjectDesc dataObjects = new DataObjectReference("#" +
elemToSign.getAttribute("ID")).withTransform(new EnvelopedSignatureTransform());
signer.sign(new SignedDataObjects(dataObjects), elemToSign2);
Transformer transformer =
TransformerFactory.newInstance().newTransformer();
Result output = new StreamResult(xmlOutPath);
Source input = new DOMSource(doc1);
transformer.transform(input, output);
签名的xml:
ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"
xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-
d404515d-
303f-483f-a665-783618a354ce">
<xades:SignedProperties Id="xmldsig-d404515d-303f-483f-a665-783618a354ce-
signedprops">
<xades:SignedSignatureProperties>
<xades:SigningTime>2019-12-04T08:23:24.757-06:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>jvQigb4Z3jwOpSU+snlj7p7vjERxAxRBWna5uAHob0s=
</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>c=GT,o=SAT,cn=FEL</ds:X509IssuerName>
<ds:X509SerialNumber>8490687699557173471</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
<xades:Cert> /*this does not have to appear - begin*/
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>bCkfbDWoqt1XCDnbu0uunEXhNYQTgwmA3kvi69fnBKI=
</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>c=GT,o=SAT,cn=FEL</ds:X509IssuerName>
<ds:X509SerialNumber>2184761958499123161</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert> /*this does not have to appear - end*/
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
提前感谢您的帮助
答案 1 :(得分:0)
includeSigningCertificate标志控制添加到KeyInfo中的内容。这个问题有点令人困惑,但是对于SigningCertificate,lib将添加KeyingDataProvider返回的所有证书。
因此,在您的情况下,应在false的最后一个参数中提供FileSystemKeyStoreKeyingDataProvider(您的密钥库可能在密钥条目中具有路径的两个证书)。