0

Now i am programming with digital signature, and i have a problem when i generate the signature. I added KeyValue first, then add X509Data, but the tag just append first. I have a code for create signinfo:

private KeyInfo createKeyInfo(PublicKey publicKey, X509Certificate x509Certificate) throws KeyException {
    KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();
    KeyInfo keyInfo = null;
    KeyValue keyValue = null;
    List items = null;
    //Just with public key
    if(publicKey != null){
        keyValue = keyInfoFactory.newKeyValue(publicKey);
        keyInfo = keyInfoFactory.newKeyInfo(singletonList(keyValue));
    }

    if(x509Certificate != null){
        List x509list = new ArrayList();

        x509list.add(x509Certificate.getSubjectX500Principal().getName());
        x509list.add(x509Certificate);
        X509Data x509Data = keyInfoFactory.newX509Data(x509list);
        items = new ArrayList();

        items.add(x509Data);
        if(keyValue != null){
            items.add(keyValue);
        }
        keyInfo = keyInfoFactory.newKeyInfo(items);
    }

    return keyInfo;
}

and the result is:

<KeyInfo>
          <X509Data>
            <X509SubjectName>name</X509SubjectName>
            <X509Certificate>
              base 64 encode
            </X509Certificate>
          </X509Data>
          <KeyValue>
            <RSAKeyValue>
              <Modulus>
               base 64 encode key
              </Modulus>
              <Exponent>AQAB</Exponent>
            </RSAKeyValue>
          </KeyValue>
        </KeyInfo>

and i want the result is: 

<KeyInfo>
          <KeyValue>
            <RSAKeyValue>
              <Modulus>
                base 64 encode
              </Modulus>
              <Exponent>AQAB</Exponent>
            </RSAKeyValue>
          </KeyValue>
          <X509Data>
            <X509SubjectName>Name</X509SubjectName>
            <X509Certificate>
              base 64 endcode
            </X509Certificate>
          </X509Data>
        </KeyInfo>

Who can help me. Thank you so much!

Henry Nguyen
  • 11
  • 4

2 Answers2

0

You should not consider the order between <X509Data> and <KeyValue>. The XSD stablish that they can appear in any order

https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd#

<element name="KeyInfo" type="ds:KeyInfoType"/>
<complexType name="KeyInfoType" mixed="true">
   <choice maxOccurs="unbounded">
      <element ref="ds:KeyName"/>
      <element ref="ds:KeyValue"/>
      <element ref="ds:RetrievalMethod"/>
      <element ref="ds:X509Data"/>
      <element ref="ds:PGPData"/>
      <element ref="ds:SPKIData"/>
      <element ref="ds:MgmtData"/>
      <any processContents="lax" namespace="##other"/>
      <!--  (1,1) elements from (0,unbounded) namespaces  -->
    </choice>
    <attribute name="Id" type="ID" use="optional"/>
</complexType>
pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Thank you, but i sign my xml document, then i validate it, but validation failed. i don't know why :( – Henry Nguyen Oct 03 '17 at 02:16
  • Then I suggest to open a new question with the verification issues, because I`m afraid your question can not be answered in another way in which I did it. – pedrofb Oct 03 '17 at 05:18
0

In Chile the internal tax service has the same problem. Fails on validation when the KeyValue is after x509 certificate. Although it should not have order according to the XSD, it can be solved using another list implementation, use a ordered List.

You need to change

List x509list = new ArrayList();

to

LinkedList x509list = new LinkedList();

and invert the order when you add the elements

 if(keyValue != null){
       items.add(keyValue);
 }
 items.add(x509Data);
Carlos Lorca
  • 11
  • 2