Comments (15)
In KeyInfoBuilder class, in the method buildKeyInfo(...), which is called when
the signer y singing, you can see the lines:
xmlSig.addDocument('#' + keyInfoId,
null, this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences());
Initialices the Transforms for the KeyInfo to null, so is there any way to set
the Transforms for the KeyInfo element??
Thanks !!
PD: I'm using 1.4.2 version
Original comment by [email protected]
on 13 Feb 2012 at 11:39
from xades4j.
Sorry, the version I'm using is 1.2.0
Original comment by [email protected]
on 14 Feb 2012 at 9:02
from xades4j.
Hi Alberto,
Currently there is no way to add those transforms. I haven't considered that
scenario, but seems a valid one. However, for correctness, probably not every
transform should be accepted, so one can be sure that the referred elements are
actually being signed.
Considering the rest of the API, how/where would you expect this to be
configured?
Original comment by luis.fgoncalv
on 14 Feb 2012 at 9:33
from xades4j.
Hi Luis, Alberto,
We ran into the same problem (no transforms on signed properties) during a
project.
We fixed it by reusing the canonicalization transform specified for the
signature. You can see it in the attached patch file.
We took this approach because signature and reference are generated by the
library and therefor are most likely to require the same transformation.
Kind regards,
Kevin
P.S.: the code in the patch is based on the trunk
Original comment by [email protected]
on 31 Oct 2012 at 9:35
Attachments:
from xades4j.
Here is how I did it for KeyInfo.
1. Modify SignerBES.java
this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
/* Add line below */
signature.getKeyInfo().setId("KeyInfo");
2. Defined DataObjectReference to Id = #KeyInfo, with a Transform.
DataObjectDesc obj2 = new DataObjectReference("#KeyInfo").withTransform(new
ExclusiveCanonicalXMLWithoutComments(""));
3. result in the Signature :
</ds:Reference>
<ds:Reference Id="xmldsig-12eced92-9bab-4aa4-b38d-a0646c0b57b4-ref1"
URI="#KeyInfo">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList=""/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>6lQav16xHEPBwQANI4gO57OtHxXjmLWa+kJf9gZJRqI=</ds:DigestValue>
</ds:Reference>
Original comment by [email protected]
on 13 Dec 2012 at 11:26
from xades4j.
David,
1) The KeyInfo id should be unique (prefixed with signature id, for instance).
2) Where did you put the code on 2?
Original comment by luis.fgoncalv
on 14 Dec 2012 at 12:52
from xades4j.
Hello,
I have to obtain a similar result than Alberto:
<ds:Reference Id="SignatureUsuario-XADES-Properties-Ref"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"
URI="#XADES-Properties">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RkQ8X/k1EAfkIoxPlwQ4Jn36kCQ=</ds:DigestValue>
</ds:Reference>
I want to know if this issue has been resolved in the last version. If not,
please tell me if you has resolved with a different way.
It is very important to me resolve this problem.
Thank you very much.
Original comment by [email protected]
on 3 Nov 2014 at 12:14
from xades4j.
In the previous comment I made a mistake with de CODE. This is the correct Code
I have to obtain a similar result than Alberto:
<!-- Referencia al certificado con que se firmó -->
<ds:Reference Id="SignatureUsuario-KeyInfo-Ref" URI="#KeyInfo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>oRMY/RmmI9w0GCYVwnbiYKI2ZQA=</ds:DigestValue>
</ds:Reference>
I want to know if this issue has been resolved in the last version. If not,
please tell me if you has resolved with a different way.
It is very important to me resolve this problem.
Thank you very much.
Original comment by [email protected]
on 3 Nov 2014 at 2:27
from xades4j.
The issue is not yet resolved. As previously said and also explained on the
link below, adding arbitrary transforms is not an option. The only allowed
transform should be C14N.
I think the best solution is to use the same C14N algorithm that is used for
SignedInfo, as suggested by Kevin on comment 4 above.
Would this be enough for you?
http://stackoverflow.com/questions/25789842/xades4j-how-to-produce-an-signature-
with-a-transform-in-the-signedproperties-re
Original comment by luis.fgoncalv
on 3 Nov 2014 at 10:08
from xades4j.
Probably it isn't reasonable to publish a version with that hidden behavior.
But if you want to implement id for now, you can use the approach suggested by
Kevin and something similar on KeyInfoBuilder, where the signing certificate
reference is added.
Original comment by luis.fgoncalv
on 3 Nov 2014 at 10:15
from xades4j.
Luis:
I only have to resolve this reference:
<!-- Referencia al certificado con que se firmó -->
<ds:Reference Id="SignatureUsuario-KeyInfo-Ref" URI="#KeyInfo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>oRMY/RmmI9w0GCYVwnbiYKI2ZQA=</ds:DigestValue>
</ds:Reference>
I don't know how to do it.
Than you very much.
Original comment by [email protected]
on 5 Nov 2014 at 1:57
from xades4j.
To sign key info, you can set BasicSignatureOptionsProvider [1] options.
However, to include the transform you'd need to change the source code on
KeyInfoBuilder [2].
[1]
http://xades4j.googlecode.com/svn/release/1.3.1/javadoc/reference/xades4j/provid
ers/BasicSignatureOptionsProvider.html
[2]
https://code.google.com/p/xades4j/source/browse/src/main/java/xades4j/production
/KeyInfoBuilder.java#79
Original comment by luis.fgoncalv
on 5 Nov 2014 at 3:59
from xades4j.
Dear Luis:
How could I change the Id of the tags: example, in the default library Id = "xmldsig-d0587ed9-0741-436f-9c5e-bf5a72a038f0" is generated, what I want is to put only xmldsig, in the same way for the other tags , the same for the other tags that need id.
I want to do this with the purpose of comparing with a valid signature result, since at the moment I get an incorrect signature, I think it is due to the digest calculation.
Thank you
from xades4j.
from xades4j.
C14N is added to KeyInfo and SignedProperties references since v1.4.0
from xades4j.
Related Issues (20)
- FileSystemKeyStoreKeyingDataProvider pass certificate as String/Bytes HOT 5
- How to use XpathTransform HOT 10
- Add Compatibility to Java17 HOT 13
- Error generating signature with .pfx certificate DIAN Colombia HOT 11
- Problems with signature validation HOT 2
- On verify TBES signature the excepion "invalid token signature" is thrown HOT 1
- Problem validating sign in https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation HOT 5
- NoClassDefFoundError with XadesSigningProfile HOT 2
- Have you installed xades4j's dependencies? The missing class is from Guice, a library used by xades4j. Is Guice available in the classpath of your application? The same applies to Apache XML Security and Bouncy Castle.
- Edit and add attributes in nodes of xadesBES according to especific format HOT 8
- Key store has more than one private key entry HOT 1
- Bump xmlsec to at least 2.3.0 HOT 3
- JAXBException with newSigner method HOT 11
- signature invalid HOT 2
- BindingSourceRestriction uses some methods missing in Java implementation for Android HOT 4
- SignatureAppendingStrategy issue with XPath transform HOT 2
- Invalid hash when signing HOT 27
- Invalid Signature produced by Xades4j HOT 10
- Migrating from Xades4j 1.7.0 to Xades4j 2.2.0 HOT 1
- Transform nodes in a Signature Policy HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xades4j.