问题
I'm using xades4j to crate a XAdES-T enveloped signature for an XML file. When I'm verifying the signed XML I get an error saying "Digest value computed does not match the digest value within the ds:Reference" where the reference points to the element of Type="http://uri.etsi.org/01903#SignedProperties". The digest value of the root XML element itself is OK.
Has anybody faced with such a problem?
The only thing I could detect is that the signing time is not in the Zulu format but looks like this: 2015-12-14T22:12:12.302+01:00. Is there a way to change its format in the signature?
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-795a7c1b-9b15-4d5f-b363-4cb106ca238b-signedprops">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>iJu8ShMAGXPF1tmQveXzHkrmpFgfUR1ByH6en+2eIhU=</ds:DigestValue>
...
<xades:SignedProperties Id="xmldsig-795a7c1b-9b15-4d5f-b363-4cb106ca238b-signedprops"><xades:SignedSignatureProperties><xades:SigningTime>2015-12-14T22:12:12.302+01:00</xades:SigningTime>
...
回答1:
Problems solved:
You can change the timezone of the signing time by as follows:
XadesSigner signer = new XadesTSigningProfile(keyingDataProvider) .withSignaturePropertiesProvider(new SignaturePropertiesProvider() { public void provideProperties(SignaturePropertiesCollector signedPropsCol) { signedPropsCol.setSigningTime(new SigningTimeProperty(new GregorianCalendar(TimeZone.getTimeZone("Zulu")))); } })...The digest mismatch was caused by not setting namespace awareness while reading the XML file:
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); dbFactory.setNamespaceAware(true);
来源:https://stackoverflow.com/questions/34277666/digest-value-mismatch