0

I'm trying to sign an xml file using the XADES4j. I also use the smart card certification (will be loaded from the windows store).

Is there an example that meet my search because i'm new with XML signature and smart cards. I searched a fix for few weeks without success.

There are others example about it but it's not very clear :

Example1 Example2

I found this demonstration at https://github.com/luisgoncalves/xades4j/wiki/DefiningKeyingData, but I don't know how to set the function PKCS11KeyStoreKeyingDataProvider to apply the Windows certificate parameters and their pin code:

    KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
              "path/to/native/lib",
               "MS SABRI", // CERTIFICATE NAME
               new FirstCertificateSelector(),
               null, 
               null,false);,

My code:

          try {

     // >>> TEST N°1
     // KeyingDataProvider kp = new DirectKeyingDataProvider((X509Certificate) certExemple, PrivateKEY);

      // >>> TEST N°2
      KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
              "path/to/native/lib",
               "name", // CERTIFICATE NAME
               new FirstCertificateSelector(),
               new DirectPasswordProvider("123456"), // PIN CODE
               new DirectPasswordProvider("123456"), // PIN CODE
               false);



      // XADES
      XadesSigningProfile p = new XadesBesSigningProfile(kp);
      XadesSigner signer    = p.newSigner();

      javax.xml.parsers.DocumentBuilderFactory factory = javax.xml.parsers.DocumentBuilderFactory.newInstance();
      factory.setNamespaceAware(true);
      javax.xml.parsers.DocumentBuilder builder = null;
      builder = factory.newDocumentBuilder();


      // XML FILE TO BE SIGNED
      Document doc1 = builder.parse(new File("FileNotSigned.xml"));

      // NODE
      Node parentElement            = doc1.getDocumentElement();
      Node nodeToSign               = doc1.getDocumentElement().getFirstChild();
      Node nodeToAttachSignature    = doc1.getDocumentElement();


      IndividualDataObjsTimeStampProperty dataObjsTimeStamp = new IndividualDataObjsTimeStampProperty();
      AllDataObjsCommitmentTypeProperty globalCommitment    = AllDataObjsCommitmentTypeProperty.proofOfApproval();
      CommitmentTypeProperty commitment                     = CommitmentTypeProperty.proofOfCreation();   

      // XPATH STRING
      String xpathHeader    ="/InvoiceHeader";
      String xpathBody      ="/InvoiceBody";

      // OBJECT
      DataObjectDesc obj1 = new DataObjectReference("");
      obj1.withTransform(XPath2Filter.intersect( xpathHeader ).intersect(xpathBody));
      SignedDataObjects dataObjs = new SignedDataObjects( obj1 );

      // SIGN
      signer.sign(dataObjs, nodeToAttachSignature);

      // TRANSFORMER
      Transformer transformer = TransformerFactory.newInstance().newTransformer();

      // XML SIGNED
      Result output = new StreamResult(new File("FileSigned.xml"));
      Source input  = new DOMSource(doc1);
      transformer.transform(input, output);
Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Sabri Mbarek
  • 31
  • 1
  • 12

1 Answers1

0

I'm not sure what you mean by "Windows store + smart card" as both seem exclusive. Anyway, ff you want to use a smart card, you code is almost OK.

Smart cards usually have a native library that is installed on the host OS. On the first argument of PKCS11KeyStoreKeyingDataProvider you should pass the path to that library. The second parameter (name) is just the name to register the instance of the provider. Since the smart card usually handles the PIN to access the key, you usually can supply null for the keyStorePasswordProvider and entryPasswordProvider arguments.

On the library unit tests you can find an example using the Portuguese citizen card.

Hope this helps.

lgoncalves
  • 2,040
  • 1
  • 14
  • 12
  • Thank you Luis for your help. I managed to do the signing successfully. But when checking xml file from the certificate provider, he sent me this answer: "Error during securityController: java.lang.String can not be cast to java.security.cert.X509Certificate". Can you tell me the cause of this error? and how can we solve it? Thank you again Luis. – Sabri Mbarek Oct 21 '17 at 12:36
  • The exception seems pretty obvious.. form the stack trace you should be able to find the code line that is causing that problem.. Doesn't seem to be a problem with xades4j, but let me know if it is. – lgoncalves Oct 22 '17 at 20:20
  • Yes, it does not seem to be a problem with xades4j. I deleted the block and the problem is solved. I still have other signature verification issues (certificate provider side) and I am still checking them out.Example: I have to keep a single reference in the signature block (reference that I created contains the XPATH2), so must eliminate the code that creates the automatic reference that gathers to the block SignedProperties : normally it does not create problems is not it? . I am waiting for your help if I have encountered a blocking error soon ! Thanks again Luis. – Sabri Mbarek Oct 24 '17 at 08:13