XML Stack Overflow: XML signature with x509 Certificate

I am trying to generate a xml x509 signed with a certificate to contain the following structure:


<SolicitudRegistro xmlns:xsi="http://ift.tt/ra1lAU" xmlns:xsd="http://ift.tt/tphNwY" xmlns="http://ift.tt/1tRvVPT"
    IdMensaje="8bc49f54-0c70-4697-a140-778aed5cbb6b">
    <FechaEnvio>2012-11-13T15:00:38.9893941-06:00</FechaEnvio>
    <Registrante URI="http://www.cmm.gob.mx" Nombre="Casa de Moneda de México" NombreCorto="CMM" EndPoint="http://ift.tt/1tRvVPZ">
        <DatosDeContacto Nombre="Alexandra Del Carmen Morales Bernal" Puesto="Jefe De Proyectos" CorreoElectronico="amorales@cmm.gob.mx" AreaOficina="GERENCIA DE INFORMATICA">
            <Telefonos>
                <Telefono NumeroTelefonico="8346000" Extension="3705" />
            </Telefonos>
        </DatosDeContacto>
        <CertificadoInstancia>MIIE8TCCA9mgA...</CertificadoInstancia>
    </Registrante>
    <Reto>
        <CadenaCifrada>NNhhkdKpvAlES... </CadenaCifrada>
    </Reto>
    <Signature xmlns="http://ift.tt/uq6naF">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://ift.tt/y9fQ1c" />
            <SignatureMethod Algorithm="http://ift.tt/zf1Wx4" />
            <Reference URI="">
                <Transforms>
                    <Transform Algorithm="http://ift.tt/A1C4L2" />
                    <Transform Algorithm="http://ift.tt/1tRvWTS">
                        <XPath>ancestor-or-self::*[local-name()='SolicitudRegistro']</XPath>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://ift.tt/yuvO4a" />
                <DigestValue>brbDI25898iSk7FM1fDNkqt2a/Q=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>Mg/kya5zFOv9f2vKp92GK...</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIIE8TCCA9mgA...</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</SolicitudRegistro>

The xml that genre before being signed , comes as follows:


<SolicitudRegistro xmlns="http://ift.tt/1tRvVPT" xmlns:xsd="http://ift.tt/tphNwY" xmlns:xsi="http://ift.tt/ra1lAU"
    IdMensaje="05d94d58-8fb8-4035-ada3-2f346b5ecfc4">
    <FechaEnvio>2015-01-09T13:22:27.293-06:00</FechaEnvio>
    <Registrante EndPoint="http://www.test.com" Nombre="Nombre" NombreCorto="Nombre" URI="http://www.test2.com">
        <DatosDeContacto AreaOficina="Area" CorreoElectronico="amorales@test.com" Nombre="Nombre" Puesto="Jefe">
            <Telefonos>
                <Telefono Extension="2458" NumeroTelefonico="01-722-21234567" />
            </Telefonos>
        </DatosDeContacto>
        <CertificadoInstancia>MIIFaTCCBFGgAw...</CertificadoInstancia>
    </Registrante>
    <Reto>
        <CadenaCifrada>aSf8OOhQ3/zeSh6q2P2...</CadenaCifrada>
    </Reto>
</SolicitudRegistro>

The method to do xml sign as follows:


public String generarFirmaDigital(Document docXML, PrivateKey privateKey, X509Certificate x509C, String XPathFilter) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, KeyException, TransformerException {

        // Creamos XML Signature Factory

        XMLSignatureFactory xmlSigFactory = XMLSignatureFactory.getInstance("DOM");
        DOMSignContext domSignCtx = new DOMSignContext(privateKey, docXML.getDocumentElement());
        Reference ref = null;
        SignedInfo signedInfo = null;

        // Transformadores

        List<Transform> transforms = new ArrayList<Transform>();
        transforms.add(xmlSigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
        transforms.add(xmlSigFactory.newTransform(Transform.XPATH, new XPathFilterParameterSpec("ancestor-or-self::*[local-name()='" + XPathFilter + "']")));

        try {

            ref = xmlSigFactory.newReference("", xmlSigFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null);
            signedInfo = xmlSigFactory.newSignedInfo(xmlSigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), xmlSigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));

        } catch (NoSuchAlgorithmException ex) {
            ex.printStackTrace();
        } catch (InvalidAlgorithmParameterException ex) {
            ex.printStackTrace();
        }

        // Pasamos la llave publica (.cer)

        KeyInfoFactory kif = xmlSigFactory.getKeyInfoFactory();
        List<X509Certificate> x509Content = new ArrayList<X509Certificate>();
        x509Content.add(x509C);
        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

        // Creamos un nuevo XML Signature

        XMLSignature xmlSignature = xmlSigFactory.newXMLSignature(signedInfo, ki);

        // Firmamos el documento

        try {           
            xmlSignature.sign(domSignCtx);
        } catch (MarshalException ex) {
            ex.printStackTrace();
        } catch (XMLSignatureException ex) {
            ex.printStackTrace();
        }

        // Grabamos el documento firmado

        return UtilXML.docToString(docXML);
    }

And this generates the following xml that does not correspond to the example I need:


<SolicitudRegistro xmlns="http://ift.tt/1tRvVPT" xmlns:xsd="http://ift.tt/tphNwY" xmlns:xsi="http://ift.tt/ra1lAU"
    IdMensaje="05d94d58-8fb8-4035-ada3-2f346b5ecfc4">
    <FechaEnvio xmlns="">2015-01-09T13:22:27.293-06:00</FechaEnvio>
    <Registrante xmlns="" EndPoint="http://www.test.com" Nombre="Nombre" NombreCorto="Nombre" URI="http://www.test2.com">
        <DatosDeContacto AreaOficina="Area" CorreoElectronico="amorales@test.com" Nombre="Nombre" Puesto="Jefe" xmlns="">
            <Telefonos xmlns="">
                <Telefono Extension="2458" NumeroTelefonico="01-722-2123456" xmlns="" />
            </Telefonos>
        </DatosDeContacto>
        <CertificadoInstancia xmlns="">MIIFaTCCBFGgAw...</CertificadoInstancia>
    </Registrante>
    <Reto xmlns="">
        <CadenaCifrada xmlns="">aSf8OOhQ3/ze...</CadenaCifrada>
    </Reto>
    <Signature xmlns="http://ift.tt/uq6naF">
        <SignedInfo xmlns="http://ift.tt/uq6naF">
            <CanonicalizationMethod Algorithm="http://ift.tt/y9fQ1c" xmlns="http://ift.tt/uq6naF" />
            <SignatureMethod Algorithm="http://ift.tt/zf1Wx4" xmlns="http://ift.tt/uq6naF" />
            <Reference URI="" xmlns="http://ift.tt/uq6naF">
                <Transforms xmlns="http://ift.tt/uq6naF">
                    <Transform Algorithm="http://ift.tt/A1C4L2" xmlns="http://ift.tt/uq6naF" />
                    <Transform Algorithm="http://ift.tt/1tRvWTS" xmlns="http://ift.tt/uq6naF">
                        <XPath xmlns="http://ift.tt/uq6naF">ancestor-or-self::*[local-name()='SolicitudRegistro']</XPath>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://ift.tt/yuvO4a" xmlns="http://ift.tt/uq6naF" />
                <DigestValue xmlns="http://ift.tt/uq6naF">2veicqxKM8QBTEJh4Un9J71d1ng=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue xmlns="http://ift.tt/uq6naF">Cajc8jW6umgUdfSUs9IQ4a8CF4kOEbe+bNhxx2/1xlz5WEIWq5DO1nMizcI7XG2vXRgDDGJFL5bd
            XzFYzi4qcSy860+6/u1oS/PI/Co3JyuJeTSh38eeoNgrDTXmLpzxIqCyzfJB0o9665Bz4p3PIFmN QjGXAjjPpq/mf8vZfMs=
        </SignatureValue>
        <KeyInfo xmlns="http://ift.tt/uq6naF">
            <X509Data xmlns="http://ift.tt/uq6naF">
                <X509Certificate xmlns="http://ift.tt/uq6naF">MIIFaTCCBFGgAw...</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</SolicitudRegistro>

The first detail is that the xmlns="" attribute is repeated and xmlns=" http://ift.tt/uq6naF" in Signature also repeated.

Any help? Thanks.

XML Stack Overflow

Friday, 9 January 2015

XML signature with x509 Certificate

No comments:

Post a Comment