I'm generating a XML Xades signature. I need to add the namespace http://uri.etsi.org/01903/v1.3.2# in the TAG signature.
If I add this TAG after signing the doc, I get invalid signature error.
I don't know how to add it before, because I only have the TAG Signature after signing.´
This is the code to add namespace
void addNamespace(doc)
{
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
Node a = nl.item(0);
Element sig = (Element)a;
sig.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:etsi","http://uri.etsi.org/01903/v1.3.2#");
}
The code for signature:
signContext = new DOMSignContext(pk, parentElement);
signContext.putNamespacePrefix("http://uri.etsi.org/01903/v1.3.2#","etsi");
XMLSignature signature;
signature.sign(signContext);
addNamespace(doc);
The XML:
<note>
<to>Tove</to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Don't forget me this weekend!</body>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-830342">
<ds:SignedInfo Id="SignedInfo-830342">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>tKDaVHCywRrFbblaDIKZjUviXkI=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties-830342">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>M/coSDm1tqC4DKkbCyXUP82fB58=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#KeyInfo-830342">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>pInn5xZepngScAKAse0zZPuhyNU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue843847">
PTJj6kXgDNRwXKQvDH5xr+FF5+naKjAo3bl70Wwlc6MAU2EgMTaCnh7Ml7wvfKvNWbPvTL+5bXYH FlSuC3PsDn2SguQ1vvWm1xI6cZAKh0w4sMiQiS9UDjxIifyZZqNwcZ7uCX2c6K+S7xNQZzcPi5HW oQ+6Pq8vtSZODxN6b0Y=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyInfo-830342">
<ds:X509Data>
<ds:X509Certificate>
MIIDiTCCAnGgAwIBAgIBKjANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJFUzESMBAGA1UECBMJ QmFyY2Vsb25hMQ8wDQYDVQQKEwZpc2lnbWExFzAVBgNVBAMTDmlzaWdtYSByb290IENBMR8wHQYJ KoZIhvcNAQkBFhBpc2lnbWFAaXNpZ21hLmVzMB4XDTE0MDUzMDA4MjgxOFoXDTE5MDUyOTA4Mjgx OFowgZsxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwliYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9u YTEPMA0GA1UEChMGaXNpZ21hMQswCQYDVQQLEwJpdDETMBEGA1UEAxMKRGVtb3MgdXNlcjESMBAG A1UEBRMJMTIzNDU2NzhaMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGlzaWdtYS5lczCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAl+AvFwUL16YdzlPT42EMEBhvWQP5Cmt4RXFMKTZ7TXes0y/jT/l1 VF3evNuGI+RZCweUGVqzRWA3z+tV3qbVXuRKtNfXjGvhtG8RTX2SYwqvjDGsnR0XS8Gd1kGUGbeL fOE8vF3q5O2OiN5FF0xMg/0uEw2fZ3P9zONVLsT/A6kCAwEAAaOBiTCBhjAJBgNVHRMEAjAAMAsG A1UdDwQEAwIHgDAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw HQYDVR0OBBYEFCc/oVSDFtH46U81hILH78cwLnR9MB8GA1UdIwQYMBaAFLIkRa3EwPkvEabba+7h fY4FDjr9MA0GCSqGSIb3DQEBBQUAA4IBAQB1TpQ66zJL+69iooqSQIryzLykWqcXeVeJOAWbGwbP x2P5LVboqXRxj5j9jmlTyqQLRoHLS5BaExq+P+2sPd/BOU2/QV9yrv7uAFkxyQjcMip8eqj1pc0X gqW+JoIkeeqa+UWj+fVQg/YqHsFNgkSoxCf4aPWC2x5X33SH6D8QkXQw4FJcRppfmr4ljsbPmuvV V1uk34I6PTb3gRlVIiTvUWtRaOLQ0lDlFa5bO5rd9nQV7UsK2e7ghXZpUtdW6OAYIuP3ASweOlE1 6z2DiMlYMGJ8Ci/vdcG1eEhVQoV0+z2s78ybJXelTiuxHvuJLPTNk5eoG5zAOAz8oFoQi+51
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object Id="Signature20257-data545881">
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"Target="#Signature-830342">
<xades:SignedProperties Id="SignedProperties-830342">
<xades:SignedSignatureProperties>
<xades:SigningTime>2014-07-08T12:40:02+02:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ivK7JSJgkt1YHLuXeUphxagMGcI=</ds:DigestValue>
</xades:CertDigest>
</xades:Cert>
</xades:SigningCertificate>
<xades:SignaturePolicyIdentifier>
<xades:SignaturePolicyId>
<xades:SigPolicyId>
<xades:Identifier>
http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf
</xades:Identifier>
<xades:Description>facturae31</xades:Description>
</xades:SigPolicyId>
<xades:SigPolicyHash>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Ohixl6upD6av8N7pEvDABhEL6hM=</ds:DigestValue>
</xades:SigPolicyHash>
</xades:SignaturePolicyId>
</xades:SignaturePolicyIdentifier>
<xades:SignerRole>
<xades:ClaimedRoles>
<xades:ClaimedRole>supplier</xades:ClaimedRole>
</xades:ClaimedRoles>
</xades:SignerRole>
</xades:SignedSignatureProperties>
<xades:SignedDataObjectProperties/>
</xades:SignedProperties>
<xades:UnsignedProperties/>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</note>
I need that namespace will be in the TAG Signature instead of the TAG Object
XMLSignature signature; signature.sign(signContext);should fail, shouldn't it – mklsignof an unassigned variable. As it is not failing, i assume that you simply did not provide the assignment of the signature object. – mkladdNamespacecall? Furthermore, which verifier gives you that invalid signature error? – mkl