Java 带有XadesBes时间戳的包络签名
我正在尝试将Java 带有XadesBes时间戳的包络签名,java,xml,xades4j,Java,Xml,Xades4j,我正在尝试将2019-09-20T14:57:46传递给函数,并使用root标记中的数字签名对其进行签名 这是一个预期结果: <?xml version="1.0" encoding="UTF-8"?> <EDoc> <NextMsg ID="Edoc">2019-09-20T14:57:46</NextMsg> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id=
2019-09-20T14:57:46传递给函数,并使用root
标记中的数字签名对其进行签名
这是一个预期结果:
<?xml version="1.0" encoding="UTF-8"?>
<EDoc>
<NextMsg ID="Edoc">2019-09-20T14:57:46</NextMsg>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DS_A2B2112853C1478C8860CB8DC6FA23D2">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>op0/fC+H5/0h7AGdUiEaNnNzd9WXs3VDouQQhRk8XgU=</DigestValue>
</Reference>
<Reference URI="#SP_A2B2112853C1478C8860CB8DC6FA23D2" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>Kv75qkIImVnf9H7PZV+1er1n8YIBY5yRGXdpWSUIAX4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>=sign-value=</SignatureValue>
<ds:Object xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<QualifyingPropertiesReference URI="http://www.test.com"/>
<QualifyingProperties Target="#DS_A2B2112853C1478C8860CB8DC6FA23D2">
<SignedProperties Id="SP_A2B2112853C1478C8860CB8DC6FA23D2">
<SignedSignatureProperties>
<SigningTime>2019-09-20T14:57:48+03:00</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>woG3fsImDUeqxznickzLkpeY9R4=</DigestValue>
</CertDigest>
<IssuerSerial>
<ds:X509IssuerName>XXX</ds:X509IssuerName>
<ds:X509SerialNumber>YYY</ds:X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied/>
</SignaturePolicyIdentifier>
</SignedSignatureProperties>
</SignedProperties>
</QualifyingProperties>
</ds:Object>
</Signature>
</EDoc>
但结果是
<NextMsg Id="Edoc">2019-09-20T14:57:46<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-ref0" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8t2TvSeJ1iz7XTyYV7VHYJtTRLrbx/72Z35rkyEBGLs=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-signedprops">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>t6UMqsiPZoXoxf7wOOg+beyztdEjD4u5GjWMrlyS1nI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-sigvalue">
STjMdaycvdWLWYVMd2bCvxjIUxoI0/aOWFshihQ8lurmLnmAMlQGAt7yzYMcrywV/7t58Eip+xOp
fuU+S7UsB9b9cS9iy1m0U5fy9pGdud5HqKgDEeNjx//kAGKSZQP232PVTlZ5i+QB1kfotpfrZp6h
FAtwJGd4fijdJ5JuAYI=
</ds:SignatureValue>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-24f667da-ced7-4727-b107-0daa2be5b690">
<xades:SignedProperties Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-signedprops">
<xades:SignedSignatureProperties>
<xades:SigningTime>2019-09-20T20:21:33.956+03:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>woG3fsImDUeqxznickzLkpeY9R4=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>cn=LB-LITAS-CA,ou=MSD,o=Lietuvos bankas,l=Vilnius,c=LT</ds:X509IssuerName>
<ds:X509SerialNumber>105704079740755226136574</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
<xades:UnsignedProperties>
<xades:UnsignedSignatureProperties>
<xades:SignatureTimeStamp>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</xades:SignatureTimeStamp>
</xades:UnsignedSignatureProperties>
</xades:UnsignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</NextMsg>
2019-09-20T14:57:46
8t2TvSeJ1iz7XTyYV7VHYJtTRLrbx/72Z35rkyEBGLs=
t6UMqsiPZoXoxf7wOOg+beyztdEjD4u5GjWMrlyS1nI=
STjMdaycvdWLWYVMd2bCvxjIUxoI0/aowfshihq8lurmlnamlqgat7yzymcrywv/7t58Eip+xOp和xD;
fuU+S7USB9B9CS9IY1M0U5FY9PGDUD5HQKGDENJX//kAGKSZQP232PVTlZ5i+QB1kfotpfrZp6h和#xD;
FAtwJGd4fijdJ5JuAYI=
2019-09-20T20:21:33.956+03:00
WOG3FSIMDUEQZNICKZLKPEY9R4=
cn=LB-LITAS-CA,ou=MSD,o=Lietuvos-bankas,l=Vilnius,c=LT
105704079740755226136574
我想我搞乱了xades4j的封装或传递的参数。我真的不希望签名包含在被签名的元素中——我希望签名像上面预期的结构一样包含在元素中。有人能告诉我我做错了什么吗 XadesSigner.sign
将签名添加为所提供元素的子元素。因为您说您正在字符串参数中传递…
,所以输出应该是这样的
要复制您想要的输出,您可能需要传递…
并将文档节点传递给sign
方法(我将根元素和子元素分开,然后将根元素传递给XadesSigner.sign,它就起作用了。在我看来,sign
函数的名称可能应该重命名为includeSignatureTo
<NextMsg Id="Edoc">2019-09-20T14:57:46<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-ref0" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8t2TvSeJ1iz7XTyYV7VHYJtTRLrbx/72Z35rkyEBGLs=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-signedprops">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>t6UMqsiPZoXoxf7wOOg+beyztdEjD4u5GjWMrlyS1nI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-sigvalue">
STjMdaycvdWLWYVMd2bCvxjIUxoI0/aOWFshihQ8lurmLnmAMlQGAt7yzYMcrywV/7t58Eip+xOp
fuU+S7UsB9b9cS9iy1m0U5fy9pGdud5HqKgDEeNjx//kAGKSZQP232PVTlZ5i+QB1kfotpfrZp6h
FAtwJGd4fijdJ5JuAYI=
</ds:SignatureValue>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-24f667da-ced7-4727-b107-0daa2be5b690">
<xades:SignedProperties Id="xmldsig-24f667da-ced7-4727-b107-0daa2be5b690-signedprops">
<xades:SignedSignatureProperties>
<xades:SigningTime>2019-09-20T20:21:33.956+03:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>woG3fsImDUeqxznickzLkpeY9R4=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>cn=LB-LITAS-CA,ou=MSD,o=Lietuvos bankas,l=Vilnius,c=LT</ds:X509IssuerName>
<ds:X509SerialNumber>105704079740755226136574</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
<xades:UnsignedProperties>
<xades:UnsignedSignatureProperties>
<xades:SignatureTimeStamp>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</xades:SignatureTimeStamp>
</xades:UnsignedSignatureProperties>
</xades:UnsignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</NextMsg>