1

我正在尝试对 XML 文档进行签名,但一个引用 URI 属性不得构成签名的一部分。这可能吗?如果我尝试在没有定义 uri 的情况下进行引用,则 xml 不会被签名。利用https://github.com/Caliper/Xades用 Xades 签署我的 xml 我想要实现的目标:

<document>
  <AppHeader></AppHeader>
  <Body>
    <firstname>Michael</firstname>
    <lastname>Rademeyer</lastname>
    <location>Johannesburg</location>
  </Body>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference>
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>Y0p85S0Uinb000/i8Zviu3/a7qOrJGaEX72y8+E3eFI=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_3c3e1cb4d9384797befc5ea5940c1857" Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>puZLzn1Rv1vrDmG0lInyKeoxHSp9ye5WEqKFNR4E0bg=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_d95ce85f251143e79494fbf23d504aca">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>rrBK5Uo1boaR4mErbdwT9i5LXoL/10f7TBgqyEvEEOg=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>yE6ZY+0CiOOkg9zRPgkzlGbmc57RKYAsnBEalifsNnAYIxVZGj7OjqzwJwPjNUOgy3LsUw97uptpDal19N4PpkfatU+basPm6OWTTgTsopBzJPstd/V4Ce9du+Ang42fwFpxhr+ryxtIYJX8CvWHV8nIsSJ+EsyB6SRiLBhEy14lVHUdq8X4emEVAplObiZLUn9QVl4moBHUWTlPauAT5UX14amk73o1gRDNg0Fzy1UwsRYlRrVZKGbAMeNWiYyZqwotd1HFSftdMO8roCuQmpqYgHsI/K+KmneojuVVeh0XFj4wJBTyHe96spjniCF6BqsG8HMihNexn6dzDjK5NA==</ds:SignatureValue>
    <ds:KeyInfo Id="_d95ce85f251143e79494fbf23d504aca">
      <ds:X509Data>
        <ds:X509IssuerSerial>
          <ds:X509IssuerName>...</ds:X509IssuerName>
          <ds:X509SerialNumber>...</ds:X509SerialNumber>
        </ds:X509IssuerSerial>
      </ds:X509Data>
    </ds:KeyInfo>
    <ds:Object>
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
        <xades:SignedProperties Id="_3c3e1cb4d9384797befc5ea5940c1857">
          <xades:SignedSignatureProperties>
            <xades:SigningTime>2020-01-30T12:22:56</xades:SigningTime>
          </xades:SignedSignatureProperties>
        </xades:SignedProperties>
      </xades:QualifyingProperties>
    </ds:Object>
  </ds:Signature>
</document>

我得到了什么

<document>
  <AppHeader></AppHeader>
  <Body>
    <firstname>Michael</firstname>
    <lastname>Rademeyer</lastname>
    <location>Johannesburg</location>
  </Body>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference>
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>Y0p85S0Uinb000/i8Zviu3/a7qOrJGaEX72y8+E3eFI=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_3c3e1cb4d9384797befc5ea5940c1857" Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>puZLzn1Rv1vrDmG0lInyKeoxHSp9ye5WEqKFNR4E0bg=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_d95ce85f251143e79494fbf23d504aca">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>rrBK5Uo1boaR4mErbdwT9i5LXoL/10f7TBgqyEvEEOg=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>yE6ZY+0CiOOkg9zRPgkzlGbmc57RKYAsnBEalifsNnAYIxVZGj7OjqzwJwPjNUOgy3LsUw97uptpDal19N4PpkfatU+basPm6OWTTgTsopBzJPstd/V4Ce9du+Ang42fwFpxhr+ryxtIYJX8CvWHV8nIsSJ+EsyB6SRiLBhEy14lVHUdq8X4emEVAplObiZLUn9QVl4moBHUWTlPauAT5UX14amk73o1gRDNg0Fzy1UwsRYlRrVZKGbAMeNWiYyZqwotd1HFSftdMO8roCuQmpqYgHsI/K+KmneojuVVeh0XFj4wJBTyHe96spjniCF6BqsG8HMihNexn6dzDjK5NA==</ds:SignatureValue>
    <ds:KeyInfo Id="_d95ce85f251143e79494fbf23d504aca">
      <ds:X509Data>
        <ds:X509IssuerSerial>
          <ds:X509IssuerName>...</ds:X509IssuerName>
          <ds:X509SerialNumber>...</ds:X509SerialNumber>
        </ds:X509IssuerSerial>
      </ds:X509Data>
    </ds:KeyInfo>
    <ds:Object>
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
        <xades:SignedProperties Id="_3c3e1cb4d9384797befc5ea5940c1857">
          <xades:SignedSignatureProperties>
            <xades:SigningTime>2020-01-30T12:22:56</xades:SigningTime>
          </xades:SignedSignatureProperties>
        </xades:SignedProperties>
      </xades:QualifyingProperties>
    </ds:Object>
  </ds:Signature>
</document>
4

0 回答 0