Reputation: 3056
How to remove namespace from then signature elements in Xades4J signature?
I have the following code, that imports content.xml into document.xml and signs the document.xml root element.
try {
KeyingDataProvider kp = new FileSystemKeyStoreKeyingDataProvider(
"pkcs12",
"C:\\workspace\\tests\\my\\LG.pfx",
new FirstCertificateSelector(),
new DirectPasswordProvider("mykeypass"),
new DirectPasswordProvider("mykeypass"),
true);
XadesSigningProfile p = new XadesBesSigningProfile(kp);
XadesSigner signer = p.newSigner();
javax.xml.parsers.DocumentBuilderFactory factory = javax.xml.parsers.DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
javax.xml.parsers.DocumentBuilder builder = null;
builder = factory.newDocumentBuilder();
Document doc1 = builder.parse(new File("C:\\workspace\\tests\\document.xml"));
Document doc2 = builder.parse(new File("C:\\workspace\\tests\\content.xml"));
Node contentElement = doc2.getDocumentElement();
Node parentElement = doc1.getDocumentElement();
Node adoptedContentElement = doc1.adoptNode(contentElement);
parentElement.appendChild(adoptedContentElement);
Node nodeToSign = doc1.getDocumentElement().getFirstChild();
Node nodeToAttachSignature = doc1.getDocumentElement();
IndividualDataObjsTimeStampProperty dataObjsTimeStamp = new IndividualDataObjsTimeStampProperty();
AllDataObjsCommitmentTypeProperty globalCommitment = AllDataObjsCommitmentTypeProperty.proofOfApproval();
CommitmentTypeProperty commitment = CommitmentTypeProperty.proofOfCreation();
DataObjectDesc obj = new EnvelopedXmlObject(nodeToSign, "text/xml", null);
SignedDataObjects dataObjs = new SignedDataObjects(obj).withCommitmentType(globalCommitment);
signer.sign(dataObjs, nodeToAttachSignature);
Transformer transformer = TransformerFactory.newInstance().newTransformer();
Result output = new StreamResult(new File("C:\\workspace\\tests\\signedDocument.xml"));
Source input = new DOMSource(doc1);
transformer.transform(input, output);
} catch (KeyStoreException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (XadesProfileResolutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ParserConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SAXException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (TransformerConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (TransformerFactoryConfigurationError e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (TransformerException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (XAdES4jException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
that produces the signature like:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-26102a68-cfea-43fd-a40e-9682ae7da4a1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
The question is - how to remove namespace ds: from the signature elements?
Upvotes: 0
Views: 1849
Answers (4)
Reputation: 45
Kindly use java version 6.32 or above to avoid appending ds: in signed XML
Upvotes: 1
Reputation: 134
I saw a line where the prefix "ds" is set in an example named CreateSignature, for the Apache Santuario library in Java.
ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
In the book written by the developer of the library, he specifies how to define the signature, because XAdES4j is mostly to build the signature and not the whole document:
5.2 Signature Production: as previously discussed, a signature can be seen as having two parts: the first consists of the characteristics of the signer and the signature operation itself; the second, the resources being signed. If the signer is seen as a regular signature producer, he’s likely to have a set of characteristics that are used whenever a signature is created, i.e a signature profile. These characteristics are fixed between signatures, while the signed resources vary. Thus, producing a signature is to combine a profile and a set of resources in order to create the final XML structure. This process comes down to three major tasks: gather the needed information (signature and data objects properties, algorithms, keying data) in appropriate order; create the core signature structure using the Apache XML Security API; and create the qualifying properties DOM tree to be appended to the signature. Note that Apache XML Security creates the DOM tree for the core signature structure. However, the XAdES elements are unknown to the Apache API, which means that the last task has to be completely supported by the library.
cited from: XAdES4j — a Java Library for XAdES Signature Services. By Luís Filipe dos Santos Gonçalves
Upvotes: 2
Reputation: 2090
By "removing namespace" I think you meaning removing the prefix. This is not somethign you can control via xades4j because the default prefixes are set by Apache Santuario and then used when creating a XMLSignature. The defaults seem to be set on the Init class; I'm not sure how/if to override the settings.
Upvotes: 1
Related Questions
- xades4j signature in node
- Error signing a sample XML using Xades4J: ReferenceNotInitializedException: Cannot resolve element with ID
- root namespace is added into the <xades:SignedProperties>
- xades4j verification issue with embeded x509 certificate
- Xades4j Verify signature Xades - EPES: Bad XML signature
- xades4j: Sign only one element
- XAdES internally detached signature
- Validate XADES signature with XADES4j
- Xades4j - XML Signature Verification error - SignaturePolicyNotAvailableException
- namespace and xpath