添加名称空间时无效的XML签名

时间:2014-07-03 10:48:00

标签: digital-signature xml-namespaces xml-signature

我正在生成XML Xades签名。我需要在TAG签名中添加名称空间http://uri.etsi.org/01903/v1.3.2#

如果我在签署文档后添加此TAG,则会收到无效的签名错误。

我之前不知道如何添加它,因为签名后我只有TAG签名。

这是添加命名空间的代码

void addNamespace(doc)
{

    NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");

    Node a = nl.item(0);

    Element sig = (Element)a;

sig.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:etsi","http://uri.etsi.org/01903/v1.3.2#");

}

签名代码:

signContext = new DOMSignContext(pk, parentElement);
signContext.putNamespacePrefix("http://uri.etsi.org/01903/v1.3.2#","etsi");
XMLSignature signature;
signature.sign(signContext);
addNamespace(doc);

XML:

<note>
<to>Tove</to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Don't forget me this weekend!</body>

&lt; ds:签名xmlns:ds =“http://www.w3.org/2000/09/xmldsig#”Id =“签名-830342”&gt; 

 <ds:SignedInfo Id="SignedInfo-830342">
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <ds:Reference URI="">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 </ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>tKDaVHCywRrFbblaDIKZjUviXkI=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties-830342">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>M/coSDm1tqC4DKkbCyXUP82fB58=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#KeyInfo-830342">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>pInn5xZepngScAKAse0zZPuhyNU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>

<ds:SignatureValue Id="SignatureValue843847">
PTJj6kXgDNRwXKQvDH5xr+FF5+naKjAo3bl70Wwlc6MAU2EgMTaCnh7Ml7wvfKvNWbPvTL+5bXYH FlSuC3PsDn2SguQ1vvWm1xI6cZAKh0w4sMiQiS9UDjxIifyZZqNwcZ7uCX2c6K+S7xNQZzcPi5HW oQ+6Pq8vtSZODxN6b0Y=
</ds:SignatureValue>

<ds:KeyInfo Id="KeyInfo-830342">
<ds:X509Data>
<ds:X509Certificate>
MIIDiTCCAnGgAwIBAgIBKjANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJFUzESMBAGA1UECBMJ QmFyY2Vsb25hMQ8wDQYDVQQKEwZpc2lnbWExFzAVBgNVBAMTDmlzaWdtYSByb290IENBMR8wHQYJ KoZIhvcNAQkBFhBpc2lnbWFAaXNpZ21hLmVzMB4XDTE0MDUzMDA4MjgxOFoXDTE5MDUyOTA4Mjgx OFowgZsxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwliYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9u YTEPMA0GA1UEChMGaXNpZ21hMQswCQYDVQQLEwJpdDETMBEGA1UEAxMKRGVtb3MgdXNlcjESMBAG A1UEBRMJMTIzNDU2NzhaMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGlzaWdtYS5lczCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAl+AvFwUL16YdzlPT42EMEBhvWQP5Cmt4RXFMKTZ7TXes0y/jT/l1 VF3evNuGI+RZCweUGVqzRWA3z+tV3qbVXuRKtNfXjGvhtG8RTX2SYwqvjDGsnR0XS8Gd1kGUGbeL fOE8vF3q5O2OiN5FF0xMg/0uEw2fZ3P9zONVLsT/A6kCAwEAAaOBiTCBhjAJBgNVHRMEAjAAMAsG A1UdDwQEAwIHgDAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw HQYDVR0OBBYEFCc/oVSDFtH46U81hILH78cwLnR9MB8GA1UdIwQYMBaAFLIkRa3EwPkvEabba+7h fY4FDjr9MA0GCSqGSIb3DQEBBQUAA4IBAQB1TpQ66zJL+69iooqSQIryzLykWqcXeVeJOAWbGwbP x2P5LVboqXRxj5j9jmlTyqQLRoHLS5BaExq+P+2sPd/BOU2/QV9yrv7uAFkxyQjcMip8eqj1pc0X gqW+JoIkeeqa+UWj+fVQg/YqHsFNgkSoxCf4aPWC2x5X33SH6D8QkXQw4FJcRppfmr4ljsbPmuvV V1uk34I6PTb3gRlVIiTvUWtRaOLQ0lDlFa5bO5rd9nQV7UsK2e7ghXZpUtdW6OAYIuP3ASweOlE1 6z2DiMlYMGJ8Ci/vdcG1eEhVQoV0+z2s78ybJXelTiuxHvuJLPTNk5eoG5zAOAz8oFoQi+51
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object Id="Signature20257-data545881">
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"Target="#Signature-830342">
<xades:SignedProperties Id="SignedProperties-830342">
<xades:SignedSignatureProperties>
<xades:SigningTime>2014-07-08T12:40:02+02:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ivK7JSJgkt1YHLuXeUphxagMGcI=</ds:DigestValue>
</xades:CertDigest>
</xades:Cert>
</xades:SigningCertificate>
<xades:SignaturePolicyIdentifier>
<xades:SignaturePolicyId>
<xades:SigPolicyId>
<xades:Identifier>
http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf
</xades:Identifier>
<xades:Description>facturae31</xades:Description>
</xades:SigPolicyId>
<xades:SigPolicyHash>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Ohixl6upD6av8N7pEvDABhEL6hM=</ds:DigestValue>
</xades:SigPolicyHash>
</xades:SignaturePolicyId>
</xades:SignaturePolicyIdentifier>
<xades:SignerRole>
<xades:ClaimedRoles>
<xades:ClaimedRole>supplier</xades:ClaimedRole>
</xades:ClaimedRoles>
</xades:SignerRole>
</xades:SignedSignatureProperties>
<xades:SignedDataObjectProperties/>
</xades:SignedProperties>
<xades:UnsignedProperties/>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</note>

我需要该命名空间将在TAG签名中而不是TAG对象

1 个答案:

答案 0 :(得分:0)

命名空间用于计算哈希值。规范化应将它们添加到文档中(另外按字母顺序)。 将名称空间添加到签名文档显然会改变其哈希值

相关问题
最新问题