I need to sign an XML-File in Java, which needs to contain 3 References.
While 2 of them are valid (expected digest == actual digest), one is invalid.
The relevant part of the XML Looks like:
<QualifyingProperties xmlns="http://ift.tt/1kBwwA9" Target="Signature1">
<SignedProperties Id="SignedProperties_1">
<SignedSignatureProperties>
<SigningTime>2014-11-27T13:49:36</SigningTime>
</SignedSignatureProperties>
</SignedProperties>
</QualifyingProperties>
The Reference only references the Element "SignedProperties" and its children.
As you can see the "QualifyingProperties" Element defines a namespace (xmlns="http://ift.tt/1kBwwA9") and i guess thats the problem:
After having a look at the log i found, that the "Pre-Digest" Value looks like:
<SignedProperties xmlns="http://ift.tt/1kBwwA9" Id="SignedProperties_1">
<SignedSignatureProperties>
<SigningTime>2014-11-27T13:49:36</SigningTime>
</SignedSignatureProperties>
</SignedProperties>
While the "SignedProperties" Element in the real file does not contain the namespace, but its parent does.
I found out, that the actual digest matches the SHA-256 of the "Pre-Digest" value, while the expected digest matches the SHA-256 of the real file (without the namespace).
The Reference is created with the following code:
Reference sigPropRef = fac.newReference("#SignedProperties_1", fac.newDigestMethod(DigestMethod.SHA256, null),
Collections.singletonList(sigPropTransform), "http://ift.tt/1e3V3K0", "reference-signedpropeties"
);
Where the sigPropTransform is a CanonicalizationMethod.EXCLUSIVE Transform.
My question is, how can i solve the problem, i.e. how can i prevent the namespace to be added to the "SignedProperties" Element, before calculating the digest?
If you need any other informations please leave a comment, i am pretty new to this theme, so i am not sure which informations are relevant and which not.
Thanks a lot!
No comments:
Post a Comment