How can I add a Transform to a SignedProperties and KeyInfo Reference ? about xades4j HOT 15 CLOSED

In KeyInfoBuilder class, in the method buildKeyInfo(...), which is called when 
the signer y singing, you can see the lines:

xmlSig.addDocument('#' + keyInfoId,
                   null,                        this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences());

Initialices the Transforms for the KeyInfo to null, so is there any way to set 
the Transforms for the KeyInfo element??

Thanks !!

PD: I'm using 1.4.2 version

Sorry, the version I'm using is 1.2.0

Hi Alberto,

Currently there is no way to add those transforms. I haven't considered that 
scenario, but seems a valid one. However, for correctness, probably not every 
transform should be accepted, so one can be sure that the referred elements are 
actually being signed.

Considering the rest of the API, how/where would you expect this to be 
configured?

Hi Luis, Alberto,

We ran into the same problem (no transforms on signed properties) during a 
project.
We fixed it by reusing the canonicalization transform specified for the 
signature. You can see it in the attached patch file. 

We took this approach because signature and reference are generated by the 
library and therefor are most likely to require the same transformation.

Kind regards,
Kevin

P.S.: the code in the patch is based on the trunk

Here is how I did it for KeyInfo.
1. Modify SignerBES.java

this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
/* Add line below */
signature.getKeyInfo().setId("KeyInfo"); 

2. Defined DataObjectReference to Id = #KeyInfo, with a Transform.
DataObjectDesc obj2 = new DataObjectReference("#KeyInfo").withTransform(new 
ExclusiveCanonicalXMLWithoutComments(""));

3. result in the Signature :
</ds:Reference>
<ds:Reference Id="xmldsig-12eced92-9bab-4aa4-b38d-a0646c0b57b4-ref1" 
URI="#KeyInfo">
<ds:Transforms>
<ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
PrefixList=""/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>6lQav16xHEPBwQANI4gO57OtHxXjmLWa+kJf9gZJRqI=</ds:DigestValue>
</ds:Reference>

David,

1) The KeyInfo id should be unique (prefixed with signature id, for instance).
2) Where did you put the code on 2?

Hello,

I have to obtain a similar result than Alberto:

<ds:Reference Id="SignatureUsuario-XADES-Properties-Ref" 
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties" 
URI="#XADES-Properties">
        <ds:Transforms>
           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <ds:DigestValue>RkQ8X/k1EAfkIoxPlwQ4Jn36kCQ=</ds:DigestValue>
     </ds:Reference>

I want to know if this issue has been resolved in the last version. If not, 
please tell me if you has resolved with a different way.

It is very important to me resolve this problem.

Thank you very much.

In the previous comment I made a mistake with de CODE. This is the correct Code

I have to obtain a similar result than Alberto:


<!-- Referencia al certificado con que se firmó -->
     <ds:Reference Id="SignatureUsuario-KeyInfo-Ref" URI="#KeyInfo">
        <ds:Transforms>
           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
        <ds:DigestValue>oRMY/RmmI9w0GCYVwnbiYKI2ZQA=</ds:DigestValue>
     </ds:Reference>


I want to know if this issue has been resolved in the last version. If not, 
please tell me if you has resolved with a different way.

It is very important to me resolve this problem.

Thank you very much.

The issue is not yet resolved. As previously said and also explained on the 
link below, adding arbitrary transforms is not an option. The only allowed 
transform should be C14N. 

I think the best solution is to use the same C14N algorithm that is used for 
SignedInfo, as suggested by Kevin on comment 4 above.

Would this be enough for you?

http://stackoverflow.com/questions/25789842/xades4j-how-to-produce-an-signature-
with-a-transform-in-the-signedproperties-re

Probably it isn't reasonable to publish a version with that hidden behavior. 
But if you want to implement id for now, you can use the approach suggested by 
Kevin and something similar on KeyInfoBuilder, where the signing certificate 
reference is added.

Luis:

I only have to resolve this reference:

<!-- Referencia al certificado con que se firmó -->
     <ds:Reference Id="SignatureUsuario-KeyInfo-Ref" URI="#KeyInfo">
        <ds:Transforms>
           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
        <ds:DigestValue>oRMY/RmmI9w0GCYVwnbiYKI2ZQA=</ds:DigestValue>
     </ds:Reference>

I don't know how to do it. 

Than you very much.

To sign key info, you can set BasicSignatureOptionsProvider [1] options. 
However, to include the transform you'd need to change the source code on 
KeyInfoBuilder [2].

[1] 
http://xades4j.googlecode.com/svn/release/1.3.1/javadoc/reference/xades4j/provid
ers/BasicSignatureOptionsProvider.html

[2] 
https://code.google.com/p/xades4j/source/browse/src/main/java/xades4j/production
/KeyInfoBuilder.java#79