Incorrect reference in signature

大城市里の小女人 提交于 2019-12-12 13:58:33

问题


I have another problem with Counter Signature. This time I forced it to work... almost.

Bellow is the copy of the Signature:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86">
<ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    <ds:Reference Id="xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86-ref0" URI="">
        <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <ds:DigestValue>tYHwvIGQOhMyX1gAfjLqUwxPaQVEbr9b5aVRNb1GLZA=</ds:DigestValue>
    </ds:Reference>
    <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86-signedprops">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <ds:DigestValue>60WWYTr+S6Na75HS+IDlenFiSImMmDdJGn9VH/Jm00o=</ds:DigestValue>
    </ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86-sigvalue">
cbJxI3IQOBZqcsGTCl/kgBR3aqS876ck9glukj4gJh4QggnUW46+eb3yucrtxojyF4W9jwqhVmwP
IYUJpKjgDnRbIIrVKWYiLpQV70MqWsV8DKPLdzz7vofDZuWQAsKSlEQqzkd1JMQf/HkgDK0PbXCX
iXBCye/+W1eshR/byrU=
</ds:SignatureValue>
<ds:KeyInfo>
    <ds:X509Data>
        <ds:X509Certificate>
MIICODCCAaGgAwIBAgIBFjANBgkqhkiG9w0BAQUFADA0MQswCQYDVQQGEwJQTDEOMAwGA1UEChMF
cGVrYW8xFTATBgNVBAMUDENBX1BFS0FPX1NTTDAeFw0xNDA2MjYxMDU2MzdaFw0xNTA2MjYxMDU2
MzdaMF8xCzAJBgNVBAYTAlBMMQ4wDAYDVQQKEwVQRUtBTzEWMBQGA1UECxMNUGVrYW9CSVpORVMy
NDEoMCYGA1UEAxQfQkFSVE9TWiBK01pFRiBKQVJLT1dTS0ksIDcxMDU4NjCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA4ZlPMdEYmwlsy1wFoGTVGShW6nPyHHeAVm2r+nuin9ZOeRFlDl+PPyTJ
oZ6avZKCyt1R3o4oju7LmKQhlCsSR88CZrXF0vPovZjthblvrUJ742RC4laoiBSR9hZIg4CWorF1
rk3/bHobz3ZLCLg+P64RKmTI7WYrgCeHsBJMPfECAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8E
BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAiJqNtI1ml8OKSnB5
PzbhfCJlK+12SPFX6GcQkO6dF7ezNFzzC9bcD6MOkAEnR4IfEkD3CIl8Jx8v29XV/eCes3gDa9Z6
OSzVZpMBDFQicWtLfch7Xmh/KS2GFelbkiqHHf/UKfhcN32fsV86WOP6DOb8XMJLrcgmMz0bxvl3
yfM=
        </ds:X509Certificate>
    </ds:X509Data>
</ds:KeyInfo>
<ds:Object>
    <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86">
        <xades:SignedProperties Id="xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86-signedprops">
            <xades:SignedSignatureProperties>
                <xades:SigningTime>2014-07-08T15:14:22.357+02:00</xades:SigningTime>
                <xades:SigningCertificate>
                    <xades:Cert>
                        <xades:CertDigest>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                            <ds:DigestValue>XmRm5R3UpnVKBPiumnYVL6TXgnqCsbk0XF/JwA5he4c=</ds:DigestValue>
                        </xades:CertDigest>
                        <xades:IssuerSerial>
                            <ds:X509IssuerName>DELETED</ds:X509IssuerName>
                            <ds:X509SerialNumber>22</ds:X509SerialNumber>
                        </xades:IssuerSerial>
                    </xades:Cert>
                </xades:SigningCertificate>
            </xades:SignedSignatureProperties>
            <xades:SignedDataObjectProperties>
                <xades:CommitmentTypeIndication>
                    <xades:CommitmentTypeId>
                        <xades:Identifier>http://uri.etsi.org/01903/v1.2.2#ProofOfApproval</xades:Identifier>
                        <xades:Description>Indicates that the signer has approved the content of the signed data object</xades:Description>
                    </xades:CommitmentTypeId>
                    <xades:ObjectReference>#xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86-ref0</xades:ObjectReference>
                </xades:CommitmentTypeIndication>
            </xades:SignedDataObjectProperties>
        </xades:SignedProperties>
        <xades:UnsignedProperties>
            <xades:UnsignedSignatureProperties>
                <xades:CounterSignature>
                    <ds:Signature Id="xmldsig-d848b745-aee3-476c-8b93-6ceafa34eaea" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                            <ds:Reference Id="xmldsig-d848b745-aee3-476c-8b93-6ceafa34eaea-ref0" URI="#xmldsig-33fefaee-5877-4bcb-8ee2-782d23424a86-sigvalue">
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                <ds:DigestValue>5bEeIUwcOzwar60fKN7CQrkhukdl1twK+h/J3iLgSso=</ds:DigestValue>
                            </ds:Reference>
                            <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-d848b745-aee3-476c-8b93-6ceafa34eaea-signedprops">
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                <ds:DigestValue>VpjF9Ag6SUwezpv1FL/wSgLr5eBme67r3mXz9gqXegE=</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue Id="xmldsig-d848b745-aee3-476c-8b93-6ceafa34eaea-sigvalue">
0V/J3Tgooevc0vkLAkd/2OGMN1mSvfy/Xn12iBTDEejcQR7c9JR96RIQpZGkYw23tufBf1uReLkf
R7mdHuOWIVeDJjPZYL+l9rP7dv9ceJMtjOxUUgY/codnb5yRv0LnhBkPVBBiEfIogqzsgSM99Rpw
byiAPW6jZT2Qb4MIrlc=
                        </ds:SignatureValue>
                        <ds:KeyInfo>
                            <ds:X509Data>
                                <ds:X509Certificate>
MIICODCCAaGgAwIBAgIBFjANBgkqhkiG9w0BAQUFADA0MQswCQYDVQQGEwJQTDEOMAwGA1UEChMF
cGVrYW8xFTATBgNVBAMUDENBX1BFS0FPX1NTTDAeFw0xNDA2MjYxMDU2MzdaFw0xNTA2MjYxMDU2
MzdaMF8xCzAJBgNVBAYTAlBMMQ4wDAYDVQQKEwVQRUtBTzEWMBQGA1UECxMNUGVrYW9CSVpORVMy
NDEoMCYGA1UEAxQfQkFSVE9TWiBK01pFRiBKQVJLT1dTS0ksIDcxMDU4NjCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA4ZlPMdEYmwlsy1wFoGTVGShW6nPyHHeAVm2r+nuin9ZOeRFlDl+PPyTJ
oZ6avZKCyt1R3o4oju7LmKQhlCsSR88CZrXF0vPovZjthblvrUJ742RC4laoiBSR9hZIg4CWorF1
rk3/bHobz3ZLCLg+P64RKmTI7WYrgCeHsBJMPfECAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8E
BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAiJqNtI1ml8OKSnB5
PzbhfCJlK+12SPFX6GcQkO6dF7ezNFzzC9bcD6MOkAEnR4IfEkD3CIl8Jx8v29XV/eCes3gDa9Z6
OSzVZpMBDFQicWtLfch7Xmh/KS2GFelbkiqHHf/UKfhcN32fsV86WOP6DOb8XMJLrcgmMz0bxvl3
yfM=
                                </ds:X509Certificate>
                            </ds:X509Data>
                        </ds:KeyInfo>
                        <ds:Object>
                            <xades:QualifyingProperties Target="#xmldsig-d848b745-aee3-476c-8b93-6ceafa34eaea" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#">
                                <xades:SignedProperties Id="xmldsig-d848b745-aee3-476c-8b93-6ceafa34eaea-signedprops">
                                    <xades:SignedSignatureProperties>
                                        <xades:SigningTime>2014-07-08T15:17:53.877+02:00</xades:SigningTime>
                                        <xades:SigningCertificate>
                                            <xades:Cert>
                                                <xades:CertDigest>
                                                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                                    <ds:DigestValue>XmRm5R3UpnVKBPiumnYVL6TXgnqCsbk0XF/JwA5he4c=</ds:DigestValue>
                                                </xades:CertDigest>
                                                <xades:IssuerSerial>
                                                    <ds:X509IssuerName>DELETED</ds:X509IssuerName>
                                                    <ds:X509SerialNumber>22</ds:X509SerialNumber>
                                                </xades:IssuerSerial>
                                            </xades:Cert>
                                        </xades:SigningCertificate>
                                    </xades:SignedSignatureProperties>
                                </xades:SignedProperties>
                            </xades:QualifyingProperties>
                        </ds:Object>
                    </ds:Signature>
                </xades:CounterSignature>
            </xades:UnsignedSignatureProperties>
        </xades:UnsignedProperties>
    </xades:QualifyingProperties>
</ds:Object>

My JAVA code:

Element signatureNode = (Element)docSource.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature").item(0);
//If signatureNode is null, it means there is no certificate in the file - need to create new Enveloped Certificate.
//If signatureNode is not null, we can extend it with CounterSignature.
if (signatureNode != null)
{
    String sigValueId = signatureNode.getAttribute(Constants._ATT_ID);
    DataObjectReference sigValueRef = new DataObjectReference('#' + sigValueId)
        .withType(CounterSignatureProperty.COUNTER_SIGNATURE_TYPE_URI);

XadesSignatureFormatExtender instance = (XadesSignatureFormatExtender)new XadesFormatExtenderProfile().getFormatExtender();
XMLSignature sig = new XMLSignature(signatureNode, "");            
Collection<UnsignedSignatureProperty> usp = new ArrayList<UnsignedSignatureProperty>(1);
usp.add(new CounterSignatureProperty(signer));
instance.enrichSignature(sig, new UnsignedProperties(usp));

}
else
{
    DataObjectDesc obj1 = new DataObjectReference("")
        .withTransform(new EnvelopedSignatureTransform());

    signer.sign(new SignedDataObjects(obj1), docSource.getDocumentElement());

//new Enveloped(signer).sign(docSource.getDocumentElement());
}

When I'm trying to verify this document (with two external applications) I'm getting error saying "Incorrect reference in countersign".

Now I'm investigating what went wrong. Did I miss to reference something?

EDIT: I checked with different app and I think I got better error message. It is saying exactly: Signature digest is not equal file digest.

Best Regards John S.

来源:https://stackoverflow.com/questions/24642904/incorrect-reference-in-signature

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!