Статус: Новичок
Группы: Участники
Зарегистрирован: 02.12.2019(UTC) Сообщений: 8 Сказал(а) «Спасибо»: 1 раз
|
Я переделываю подписания на 2012ГОСТ. Пытаюсь повторить, что предлагает ГИС ЖКХ: Код:
public void init() throws Exception {
Init.init();
Security.addProvider(new JCP());
System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
System.setProperty("org.apache.xml.security.resource.config", "resource/jcp.xml");
CustomizableAlgorithmProvider algorithmsProvider = new CustomizableAlgorithmProvider();
algorithmsProvider.setSignatureAlgorithm("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256");
algorithmsProvider.setCanonicalizationAlgorithmForSignature("http://www.w3.org/2001/10/xml-exc-c14n#");
algorithmsProvider.setCanonicalizationAlgorithmForTimeStampProperties("http://www.w3.org/2001/10/xml-exc-c14n#");
algorithmsProvider.setDigestAlgorithmForDataObjsReferences("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256");
algorithmsProvider.setDigestAlgorithmForReferenceProperties("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256");
algorithmsProvider.setDigestAlgorithmForTimeStampProperties("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256");
MessageDigestEngineProvider messageDigestEngineProvider = new CustomizableMessageDigestEngineProvider("GOST3411", Security.getProvider(this.providerName));
XadesSigningProfile profile = (new CustomizableXadesBesSigningProfileFactory()).withKeyingProvider(this.keyingDataProvider).withAlgorithmsProvider(algorithmsProvider).withMessageDigestEngineProvider(messageDigestEngineProvider).create();
this.signer = profile.newSigner();
}
public void sign(SOAPMessage msg, Map<String, Object> ctx) throws SignatureException {
Document document = msg.getSOAPPart();
this.resolveIds(document.getDocumentElement());
Element signedElement = document.getElementById(this.signedElementId);
if (signedElement == null) {
throw new SignatureException("Element to be signed not found: " + this.signedElementId);
} else {
DataObjectDesc obj = new DataObjectReference('#' + this.signedElementId);
obj.withTransform(new EnvelopedSignatureTransform());
obj.withTransform(new ExclusiveCanonicalXMLWithoutComments(new String[0]));
SignedDataObjects dataObjs = new SignedDataObjects(new DataObjectDesc[]{obj});
try {
this.signer.sign(dataObjs, signedElement, SignatureAppendingStrategies.AsFirstChild);
} catch (XAdES4jException var8) {
throw new SignatureException(var8.getMessage(), var8);
}
}
}
protected void resolveIds(Element element) {
DOMHelper.useIdAsXmlId(element);
int i = 0;
for(int count = element.getChildNodes().getLength(); i < count; ++i) {
Node node = element.getChildNodes().item(i);
if (node.getNodeType() == 1) {
Element child = (Element)node;
this.resolveIds(child);
}
}
}
Получаю такую Signature Код:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-68f7c480-fd06-4351-adea-0ba7c737d290">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256"/>
<ds:Reference Id="xmldsig-68f7c480-fd06-4351-adea-0ba7c737d290-ref0" URI="#signed-data-container">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256"/>
<ds:DigestValue>A/a10pV7ybIfQsw1ZiU9EkHuUF+2jYlA81QdDTuRMFM=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-68f7c480-fd06-4351-adea-0ba7c737d290-signedprops">
<ds:DigestMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256"/>
<ds:DigestValue>UrZNn4KYE6mt35JHqLK9nK/5huHspWEyk1tDFQniyX0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-68f7c480-fd06-4351-adea-0ba7c737d290-sigvalue">IQ87GqkdjFp0bMvt5aUdE0+a9DBZfleitmUHff/uYIKwaILkXcCCdym+GNiXeN7kLMX5ue8d3VjX+KfEP83K0A==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIJ0DCCCX2gAwIBAgIRAZYCawASq2uETUaTSjBZBZEwCgYIKoUDBwEBAwIwggHoMRswGQYJKoZIhvcNAQkBFgxjYUBzZXJ0dW0ucnUxGDAWBgUqhQNkARINMTExNjY3MzAwODUzOTEaMBgGCCqFAwOBAwEBEgwwMDY2NzMyNDAzMjgxCzAJBgNVBAYTAlJVMTMwMQYDVQQIDCo2NiDQodCy0LXRgNC00LvQvtCy0YHQutCw0Y8g0L7QsdC70LDRgdGC0YwxITAfBgNVBAcMGNCV0LrQsNGC0LXRgNC40L3QsdGD0YDQszFSMFAGA1UECQxJ0YPQu9C40YbQsCDQo9C70YzRj9C90L7QstGB0LrQsNGPLCDQtC4gMTMsINC70LjRgtC10YAg0JAsINC+0YTQuNGBIDIwOSDQkTFsMGoGA1UECgxj0J7QsdGJ0LXRgdGC0LLQviDRgSDQvtCz0YDQsNC90LjRh9C10L3QvdC+0Lkg0L7RgtCy0LXRgtGB0YLQstC10L3QvdC+0YHRgtGM0Y4gItCh0LXRgNGC0YPQvC3Qn9GA0L4iMWwwagYDVQQDDGPQntCx0YnQtdGB0YLQstC+INGBINC+0LPRgNCw0L3QuNGH0LXQvdC90L7QuSDQvtGC0LLQtdGC0YHRgtCy0LXQvdC90L7RgdGC0YzRjiAi0KHQtdGA0YLRg9C8LdCf0YDQviIwHhcNMTkxMTI3MDYyNDM3WhcNMjAxMTMwMTAzOTAwWjCCAeoxITAfBgkqhkiG9w0BCQEWEmlnb3JAY2hlbGludmVzdC5ydTEaMBgGCCqFAwOBAwEBEgwwMDc0MjEwMDAyMDAxFjAUBgUqhQNkAxILMDI1NzAwNjc5MzMxGDAWBgUqhQNkARINMTAyNzQwMDAwMTY1MDFLMEkGA1UEDAxC0JfQsNC80LXRgdGC0LjRgtC10LvRjCDQn9GA0LXQtNGB0LXQtNCw0YLQtdC70Y8g0J/RgNCw0LLQu9C10L3QuNGPMTAwLgYDVQQKDCfQn9CQ0J4gItCn0JXQm9Cv0JHQmNCd0JLQldCh0KLQkdCQ0J3QmiIxKjAoBgNVBAkMIdCf0Jsg0KDQldCS0J7Qm9Cu0KbQmNCYLCDQlNCe0JwgODEbMBkGA1UEBwwS0KfQtdC70Y/QsdC40L3RgdC6MTEwLwYDVQQIDCg3NCDQp9C10LvRj9Cx0LjQvdGB0LrQsNGPINC+0LHQu9Cw0YHRgtGMMQswCQYDVQQGEwJSVTEmMCQGA1UEKgwd0JjQs9C+0YDRjCDQodC10YDQs9C10LXQstC40YcxFTATBgNVBAQMDNCu0LTQvtCy0LjRhzEwMC4GA1UEAwwn0J/QkNCeICLQp9CV0JvQr9CR0JjQndCS0JXQodCi0JHQkNCd0JoiMGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQKpwFExO3/84DCyo0f+6i1RAd6v6kwG4fhawcneRnFWomKfjFOOMwr8pkRKaKp5RbtngEM/kXXne8+tl9wgsghWjggTzMIIE7zAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0RBBYwFIESaWdvckBjaGVsaW52ZXN0LnJ1MB0GA1UdIAQWMBQwCAYGKoUDZHEBMAgGBiqFA2RxAjBCBgNVHSUEOzA5BggrBgEFBQcDAgYHKoUDAgIiBgYIKwYBBQUHAwQGByqFAwOBOQEGCCqFAwMFCgIMBgcqhQMDBwgBMIHVBggrBgEFBQcBAQSByDCBxTA3BggrBgEFBQcwAYYraHR0cDovL3BraS5zZXJ0dW0tcHJvLnJ1L29jc3BxMjAxMi9vY3NwLnNyZjBGBggrBgEFBQcwAoY6aHR0cDovL2NhLnNlcnR1bS1wcm8ucnUvY2VydGlmaWNhdGVzL3NlcnR1bS1wcm8tcS0yMDE5LmNydDBCBggrBgEFBQcwAoY2aHR0cDovL2NhLnNlcnR1bS5ydS9jZXJ0aWZpY2F0ZXMvc2VydHVtLXByby1xLTIwMTkuY3J0MCsGA1UdEAQkMCKADzIwMTkxMTI3MDYyNDM2WoEPMjAyMDExMzAxMDM5MDBaMIIBMwYFKoUDZHAEggEoMIIBJAwrItCa0YDQuNC/0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gNC4wKQxTItCj0LTQvtGB0YLQvtCy0LXRgNGP0Y7RidC40Lkg0YbQtdC90YLRgCAi0JrRgNC40L/RgtC+0J/RgNC+INCj0KYiINCy0LXRgNGB0LjQuCAyLjAMT9Ch0LXRgNGC0LjRhNC40LrQsNGCINGB0L7QvtGC0LLQtdGC0YHRgtCy0LjRjyDihJYg0KHQpC8xMjQtMzM4MCDQvtGCIDExLjA1LjIwMTgMT9Ch0LXRgNGC0LjRhNC40LrQsNGCINGB0L7QvtGC0LLQtdGC0YHRgtCy0LjRjyDihJYg0KHQpC8xMjgtMzU5MiDQvtGCIDE3LjEwLjIwMTgwIwYFKoUDZG8EGgwYItCa0YDQuNC/0YLQvtCf0YDQviBDU1AiMHcGA1UdHwRwMG4wN6A1oDOGMWh0dHA6Ly9jYS5zZXJ0dW0tcHJvLnJ1L2NkcC9zZXJ0dW0tcHJvLXEtMjAxOS5jcmwwM6AxoC+GLWh0dHA6Ly9jYS5zZXJ0dW0ucnUvY2RwL3NlcnR1bS1wcm8tcS0yMDE5LmNybDCCAWAGA1UdIwSCAVcwggFTgBTE3NaGTiZBnTBOD7UuUxG6ghZ/g6GCASykggEoMIIBJDEeMBwGCSqGSIb3DQEJARYPZGl0QG1pbnN2eWF6LnJ1MQswCQYDVQQGEwJSVTEYMBYGA1UECAwPNzcg0JzQvtGB0LrQstCwMRkwFwYDVQQHDBDQsy4g0JzQvtGB0LrQstCwMS4wLAYDVQQJDCXRg9C70LjRhtCwINCi0LLQtdGA0YHQutCw0Y8sINC00L7QvCA3MSwwKgYDVQQKDCPQnNC40L3QutC+0LzRgdCy0Y/Qt9GMINCg0L7RgdGB0LjQuDEYMBYGBSqFA2QBEg0xMDQ3NzAyMDI2NzAxMRowGAYIKoUDA4EDAQESDDAwNzcxMDQ3NDM3NTEsMCoGA1UEAwwj0JzQuNC90LrQvtC80YHQstGP0LfRjCDQoNC+0YHRgdC40LiCCwCOdpB1AAAAAAJUMB0GA1UdDgQWBBT8+bUCRIzTs9VVu0r2GDDkF6WbdzAKBggqhQMHAQEDAgNBAOLgrKZEFQMup6sAazAzR2Z0Y0+2wczUDeZuXiOxdx9NXpQjR+t3Ou+9rRj598Pa+HpgjhIiCcvSOx1k3blVWeQ=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-68f7c480-fd06-4351-adea-0ba7c737d290">
<xades:SignedProperties Id="xmldsig-68f7c480-fd06-4351-adea-0ba7c737d290-signedprops">
<xades:SignedSignatureProperties>
<xades:SigningTime>2019-12-02T09:00:36.265+05:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<DigestMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256"/>
<DigestValue>m5okrCi9LmWyYqLyzeeX4ubHT24t2OLrrHSdWAr+g9Q=</DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<X509IssuerName>cn=Общество с ограниченной ответственностью \"Сертум-Про\",o=Общество с ограниченной ответственностью \"Сертум-Про\",street=улица Ульяновская\, д. 13\, литер А\, офис 209 Б,l=Екатеринбург,st=66 Свердловская область,c=RU,1.2.643.3.131.1.1=006673240328,1.2.643.100.1=1116673008539,1.2.840.113549.1.9.1=ca@sertum.ru</X509IssuerName>
<X509SerialNumber>539679121105998469008628587366123636113</X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
java1.8, jcp2 ГИС ЖКХ ругается на подпись и говорит, что Данный запрос вернул следующее исключение: SGN000023:xades:SigningCertificate does not reference the signing certificate: Certificate: Issuer name=cn=Общество с ограниченной ответственностью \"Сертум-Про\",o=Общество с ограниченной ответственностью \"Сертум-Про\",street=улица Ульяновская\, д. 13\, литер А\, офис 209 Б,l=Екатеринбург,st=66 Свердловская область,c=RU,1.2.643.3.131.1.1=006673240328,1.2.643.100.1=1116673008539,1.2.840.113549.1.9.1=ca@sertum.ru; Serial number=539679121105998469008628587366123636113; Digest=s77YETkeHuWrLxpcQ1k8y3gTCivfVx0d7/qA97aGTWs= CertID: Issuer name=cn=Общество с ограниченной ответственностью \"Сертум-Про\",o=Общество с ограниченной ответственностью \"Сертум-Про\",street=улица Ульяновская\, д. 13\, литер А\, офис 209 Б,l=Екатеринбург,st=66 Свердловская область,c=RU,1.2.643.3.131.1.1=006673240328,1.2.643.100.1=1116673008539,1.2.840.113549.1.9.1=ca@sertum.ru; Serial number=539679121105998469008628587366123636113; Digest=m5okrCi9LmWyYqLyzeeX4ubHT24t2OLrrHSdWAr+g9Q=. На сколько я понял Digest не совпадает. Если меняю setDigestAlgorithmForReferenceProperties на ГОСТ2001, на ГОСТ2012-512, то последняя DigestValue не меняется, хотя DigestMethod меняется. Подскажите в чем может быть проблема? может я как то не правильно подписываю?
|