Menu
▾
▴
Re: [SignServer-develop] consultation
|
From: Markus K. <ma...@pr...> - 2014-01-07 09:16:07
|
Thank you Cristian for the submitting the patch. I have created https://jira.primekey.se/browse/DSS-709 to eventually have this added to SignServer. Best regards, Markus > > On 2014-01-06 22:28, Cristian Altamirano wrote: >> Hi Markus. >> This work fine for me. >> I have verified the sign using >> http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/Validate.java >> >> Other consultation. >> >> How I can create a worker from adminws? >> >> Have some sample code that you can show me? >> >> >> I can create it using the settings that bring in examples running the >> command >> >> ./signserver setproperties file_configuration.properties >> >> >> Regards. >> >> >> >> On Fri, Dec 27, 2013 at 4:47 AM, Markus Kilås <ma...@pr... >> <mailto:ma...@pr...>> wrote: >> >> Hi Cristian, >> >> Including the KeyValue tag is not currently supported. Let us know >> if you are interested in this feature. >> >> If you want to develop it yourself we would be happy to recieve a patch. >> >> What I think you could do (not tested) is to in XMLSigner.java use >> something like: >> ---- >> KeyInfoFactory kif = fac.getKeyInfoFactory(); >> X509Data x509d = kif.newX509Data(x509CertChain); >> List<XMLStructure> kviItems = new LinkedList<XMLStructure>(); >> kviItems.add(x509d);* >> RSAKeyValue rsaKeyValue = kif.newKeyValue(publicKey);* >> *kviItems.add(rsaKeyValue);* >> ---- >> >> Best regards, >> >> Markus >> >> PrimeKey Solutions offers a commercial EJBCA & SignServer support >> subscription and training. Please see www.primekey.se >> <http://www.primekey.se> or contact in...@pr... >> <mailto:in...@pr...> for more information. >> http://www.primekey.se/Services/Support/ >> http://www.primekey.se/Services/Training/ >> >> >> On 2013-12-23 14:42, Cristian Altamirano wrote: >>> Markus, >>> This function is rarely used. However there is a state >>> agency that uses it. I have another consultation. >>> When I use xmlsigner need theTAG <Signature >>> xmlns="http://www.w3.org/2000/09/xmldsig#"> return TAG <KeyValue>. >>> >>> For Example: >>> >>> <Signature >>> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >>> URI=""><Transforms><Transform >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>itzC/c4YAzqfJN9PNUmqTMiI8Xo=</DigestValue></Reference></SignedInfo><SignatureValue>L0jE/ia5qxCydsFszdbdWiJoJDmn38htrvZJnFhb/KUQn6ReVDM+FNTa3L6pE0EqC9fOXOdT01lu >>> vqDwubmjRtyPZG7y2jauqFOUFN1RJIq8WZKeI7JUqK9yOXCo10WbmXDWY8ePIXXPh9sV3sgcusue >>> FxgOFBGq/3PtQT73qWCE5fkkOKB7v7/UB6EJhEQz6Xh5ttIehYDLWbzBYZhgNdSDdhkvSAPXVUpt >>> /hiJ+BRRMBtxM6IWb59oshDOSDi3GgvnjruG3C1rOZgYh8+WGTVI77Uf+At+TtxfUOkQpDGEuCmv >>> ZR3CgOvftwZkc+zSSsTIw7V5YlkxQhnJEBWOsg==</SignatureValue><KeyInfo>*<KeyValue><RSAKeyValue><Modulus>z+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc/EV2cwVdHAbW >>> we9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3AHGyWXjnZ/sYX >>> wBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZzK9RhYJ0CpngQ >>> gNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQWewmeTTr9dCnh >>> 9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+Rxhw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue>*<X509Data><X509Certificate>MIIGXTCCBUWgAwIBAgIQaP7ZrIUusx5x3hw0yfiX4zANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UE >>> BhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlkdWFsIFN1YnNj >>> cmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDAeFw0xMzEyMjAw >>> MDAwMDBaFw0xNDEyMjAyMzU5NTlaMIIBJTEUMBIGA1UEChMLRS1TaWduIFMuQS4xLTArBgNVBAsT >>> JFRlcm1pbm9zIGRlIHVzbyBlbiB3d3cuZS1zaWduLmNsL3JwYTElMCMGA1UECxMcQXV0aGVudGlj >>> YXRlZCBieSBFLVNpZ24gUy5BLjEnMCUGA1UECxMeTWVtYmVyLCBTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMRswGQYDVQQLExJEaWdpdGFsIElEIENsYXNzIDIxGTAXBgNVBAsUEFJVVCAtIDEzODQ1Mjgw >>> LTgxLTArBgNVBAMMJENyaXN0aWFuIEFsZWphbmRybyBBbHRhbWlyYW5vIExMYW5vczEnMCUGCSqG >>> SIb3DQEJARYYY2FsdGFtaXJhbm9AZXNpZ24tbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A >>> MIIBCgKCAQEAz+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc >>> /EV2cwVdHAbWwe9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3A >>> HGyWXjnZ/sYXwBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZz >>> K9RhYJ0CpngQgNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQW >>> ewmeTTr9dCnh9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+RxhwIDAQABo4ICATCCAf0wIwYDVR0R >>> BBwwGqAYBggrBgEEAcEBAaAMFgoxMzg0NTI4MC04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgME8G >>> A1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0VTaWduU0FDU0ND >>> bGFzczJHMi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFNvPd2JYCzg2JS0a0mrEVAGybkwOMB0G >>> A1UdDgQWBBS+9VwTBT8X7iyiTi+YarFB/SQLATA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGG >>> H2h0dHA6Ly9vbnNpdGUtb2NzcC52ZXJpc2lnbi5jb20wgZgGA1UdIASBkDCBjTCBigYLYIZIAYb4 >>> RQEHFwIwezAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >>> bTBGBggrBgEFBQcCAjA6GjhDZXJ0aWZpY2FkbyBwYXJhIHVzbyBUcmlidXRhcmlvLCBDb21lcmNp >>> bywgUGFnb3MgeSBPdHJvczARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIG >>> CCsGAQUFBwMEMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1NTE3NDAtSzANBgkqhkiG9w0B >>> AQUFAAOCAQEAvet0Rwq6W4zzLPYsT6rbpnx/lUAKLmBAJhQKK2zH1QSPM68FkVMe9+XSV3y6KFt9 >>> PVRdYq/M2b2QZ//YHHFEoLeU6gcTTNgL6oVo+PQqUWYtrsU+H023ci9TA7F3EejJPRIRrRxMMN+a >>> Dh9Zqu0qTCtQQ00sWUfjm1xL0UxWsRwYLnjDdwJlxwVdQ4pzN2yy/MqkNs6T6xVnMktfQmH1mgc7 >>> gIHBhZk3oqFe/auzLvjQ/tdaGrnVfCulS7+SUXO0xzIjrWwZiefJgJQ3xj3KqmHJvVWovbMHpfYQ >>> 6qVSq1qqhKgeQEydPJiK7d+DQ0V1eJ6b2ZNd8CALDSA3UjT4hA==</X509Certificate></X509Data></KeyInfo></Signature> >>> >>> >>> If I use signserver (xmlsigner configuration) the TAG signature >>> return this: >>> >>> <Signature >>> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >>> URI=""><Transforms><Transform >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>itzC/c4YAzqfJN9PNUmqTMiI8Xo=</DigestValue></Reference></SignedInfo><SignatureValue>mcI/lJbd/mq36HU/RM8UQOceJmVwVSzEqkIezJOMXmPjM3OdIKOD7IDkY5B+xcte5r77eG6OOREt >>> DV1bf8UxWkdToUR9XNxswOhPFDRwmpavVLivY0B41d0Rbq8Ee3HyotxPJeiS7ZX1E0A7xobot/cN >>> qA/EbnZQDisiEsugfrI+pU2uTBNRaUgETC5+ODs7fjuGvo6iKBp7vU8ijDR2HCLYtzhx2fczMKjE >>> OyLiK2MehGWWe4gyOi2jssFKEGSVCRToG2lU4taJo2AUKzN3AXJBKcL53VtbUn/IgeyWWt6IwYAn >>> oveZ7KcWpUp2x2Lw4MhDmfLgf1Wb14WDgUDVBg==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIGXTCCBUWgAwIBAgIQaP7ZrIUusx5x3hw0yfiX4zANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UE >>> BhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlkdWFsIFN1YnNj >>> cmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDAeFw0xMzEyMjAw >>> MDAwMDBaFw0xNDEyMjAyMzU5NTlaMIIBJTEUMBIGA1UEChMLRS1TaWduIFMuQS4xLTArBgNVBAsT >>> JFRlcm1pbm9zIGRlIHVzbyBlbiB3d3cuZS1zaWduLmNsL3JwYTElMCMGA1UECxMcQXV0aGVudGlj >>> YXRlZCBieSBFLVNpZ24gUy5BLjEnMCUGA1UECxMeTWVtYmVyLCBTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMRswGQYDVQQLExJEaWdpdGFsIElEIENsYXNzIDIxGTAXBgNVBAsUEFJVVCAtIDEzODQ1Mjgw >>> LTgxLTArBgNVBAMMJENyaXN0aWFuIEFsZWphbmRybyBBbHRhbWlyYW5vIExMYW5vczEnMCUGCSqG >>> SIb3DQEJARYYY2FsdGFtaXJhbm9AZXNpZ24tbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A >>> MIIBCgKCAQEAz+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc >>> /EV2cwVdHAbWwe9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3A >>> HGyWXjnZ/sYXwBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZz >>> K9RhYJ0CpngQgNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQW >>> ewmeTTr9dCnh9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+RxhwIDAQABo4ICATCCAf0wIwYDVR0R >>> BBwwGqAYBggrBgEEAcEBAaAMFgoxMzg0NTI4MC04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgME8G >>> A1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0VTaWduU0FDU0ND >>> bGFzczJHMi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFNvPd2JYCzg2JS0a0mrEVAGybkwOMB0G >>> A1UdDgQWBBS+9VwTBT8X7iyiTi+YarFB/SQLATA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGG >>> H2h0dHA6Ly9vbnNpdGUtb2NzcC52ZXJpc2lnbi5jb20wgZgGA1UdIASBkDCBjTCBigYLYIZIAYb4 >>> RQEHFwIwezAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >>> bTBGBggrBgEFBQcCAjA6GjhDZXJ0aWZpY2FkbyBwYXJhIHVzbyBUcmlidXRhcmlvLCBDb21lcmNp >>> bywgUGFnb3MgeSBPdHJvczARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIG >>> CCsGAQUFBwMEMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1NTE3NDAtSzANBgkqhkiG9w0B >>> AQUFAAOCAQEAvet0Rwq6W4zzLPYsT6rbpnx/lUAKLmBAJhQKK2zH1QSPM68FkVMe9+XSV3y6KFt9 >>> PVRdYq/M2b2QZ//YHHFEoLeU6gcTTNgL6oVo+PQqUWYtrsU+H023ci9TA7F3EejJPRIRrRxMMN+a >>> Dh9Zqu0qTCtQQ00sWUfjm1xL0UxWsRwYLnjDdwJlxwVdQ4pzN2yy/MqkNs6T6xVnMktfQmH1mgc7 >>> gIHBhZk3oqFe/auzLvjQ/tdaGrnVfCulS7+SUXO0xzIjrWwZiefJgJQ3xj3KqmHJvVWovbMHpfYQ >>> 6qVSq1qqhKgeQEydPJiK7d+DQ0V1eJ6b2ZNd8CALDSA3UjT4hA==</X509Certificate><X509Certificate>MIIGTTCCBTWgAwIBAgIQKbLznlYRzv8kSNGZCYBXdTANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE >>> BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO >>> ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk >>> IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRp >>> ZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNMTIxMTE1MDAwMDAwWhcNMTcxMTE0MjM1OTU5WjCB >>> qDELMAkGA1UEBhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBU >>> cnVzdCBOZXR3b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlk >>> dWFsIFN1YnNjcmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDCC >>> ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+9QdJcqEZ+rG7t+iW8F9chMQ0N+GkWyYet >>> ivwzy/Kvh3ngQVe8UOrOM1Zx5hDJxtxk4GO2kXbpXoYlkak6jOpnlvGtf92Atz7CJ4w9WiuebvcX >>> EcczTY7Ne+TZK+TnXyLtcw77vl4ZKTfblO1l2euHzRp6bXYmJ5948watkvshtRlvrxeaH48jHN0r >>> 0u2F9hQKgRXLWwOISQYakT+BgIyHdf1JJvAWwnystqMI4RHfSLgPRRwERfSB2gWwS/BKZdCp479D >>> s4ZAtxt1zgQKyGQYYNoRkVP48NVCwia04JSVCLHWrodKvxHRp/Uq4X/Zyo1dKQfc4iEjRe1GuiA3 >>> X7sCAwEAAaOCAk0wggJJMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAYYcaHR0cDovL3BraS1v >>> Y3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHcGA1UdIARwMG4wbAYLYIZIAYb4 >>> RQEHFwIwXTAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >>> bWwwJwYIKwYBBQUHAgIwGxoZaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JwYTA0BgNVHR8ELTArMCmg >>> J6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EyLWczLmNybDAOBgNVHQ8BAf8EBAMCAQYw >>> KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEEFmZmlsaWF0ZS0yMDQ4LTQwHQYDVR0OBBYEFNvPd2JY >>> Czg2JS0a0mrEVAGybkwOMIHwBgNVHSMEgegwgeWhgdCkgc0wgcoxCzAJBgNVBAYTAlVTMRcwFQYD >>> VQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgG >>> A1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFF >>> MEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1 >>> dGhvcml0eSAtIEczghBhcMtJjF+YRSnnsKbZUFt6MA0GCSqGSIb3DQEBBQUAA4IBAQA8PGoxQFzV >>> 0Cmct9QP6Px6oFSAxJ9dt47CtMO+qZzu367Oo+ij+6iIMHWs9+wHjJM9VoOe6S8RUwywcVYEqsdI >>> gProsYFJmsgGVPLihxFfIVI+OVKexIAZrfRqR4Blf75D4C0eFdLU+6K/iKY8ag9874kKhhOuRMHy >>> IsUz+vQYn3GmvsWBXSx5BG4uzOXwjPgPe4dTvpIHen/1tKzip1Ti3cZFgLmiIy+CkvBLsKDQepRj >>> W6PPv5nRYhQGgHheShH6UdRx9cEhx3xkY1ucWjFq3dawIaMcVGtaicgHXWsoyX5vmnjARd2H3ie6 >>> zNcqlO6Z5cjvCpJyqSq0Kw6HccLw</X509Certificate><X509Certificate>MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNVBAYTAlVT >>> MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y >>> azE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ug >>> b25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0 >>> aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJ >>> BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 >>> c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y >>> aXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBD >>> ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC >>> AQEArwoNwtUs22e5LeWUJ92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6 >>> tW8UvxDOJxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUYwZF7 >>> C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9okoqQHgiBVrKtaaNS >>> 0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjNqWm6o+sdDZykIKbBoMXRRkwXbdKs >>> Zj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/ESrg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0 >>> JhU8wI1NQ0kdvekhktdmnLfexbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf >>> 0xwLRtxyID+u7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU >>> sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RIsH/7NiXaldDx >>> JBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTPcjnhsUPgKM+351psE2tJs//j >>> GHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q</X509Certificate></X509Data></KeyInfo></Signature> >>> >>> >>> Regards. >>> >>> Cristian Altamirano >>> >>> >>> On Mon, Dec 16, 2013 at 4:01 AM, Markus Kilås >>> <ejb...@pr... <mailto:ejb...@pr...>> wrote: >>> >>> Dear Cristian, >>> >>> Currently the SignServer XML signer has no support for >>> specifying tags to be excluded. If the underlaying library >>> supports XPath expressions this should be quite easy to develop. >>> What would be the use case for this feature? >>> >>> >>> Cheers, >>> Markus >>> >>> PrimeKey Solutions offers a commercial EJBCA & SignServer >>> support subscription and training. Please see www.primekey.se >>> <http://www.primekey.se> or contact in...@pr... >>> <mailto:in...@pr...> for more information. >>> http://www.primekey.se/Services/Support/ >>> http://www.primekey.se/Services/Training/ >>> >>> >>> >>> On 2013-12-13 19:49, Cristian Altamirano wrote: >>>> Hi Dear. >>>> My name is Cristian Altamirano and I am >>>> testing signserver using xml file. >>>> I wonder if signserver can make a digital sign wtithout some >>>> xml tag. >>>> For example I want to know if the sign can >>>> be something like: >>>> >>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> >>>> <ds:SignedInfo> >>>> <ds:CanonicalizationMethod >>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" >>>> /> >>>> <ds:SignatureMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> >>>> <ds:Reference URI="#183"> >>>> <ds:Transforms> >>>> <ds:Transform >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >>>> /> >>>> <ds:Transform >>>> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> >>>> *<ds:XPath >>>> xmlns:ctr="http://www.abcdef.cl/2005/05/CGRDoc" >>>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ctr:Folio) >>>> and not(ancestor-or-self::ctr:Fecha) and >>>> not(ancestor-or-self::ctr:Lugar)</ds:XPath>* >>>> </ds:Transform> >>>> </ds:Transforms> >>>> <ds:DigestMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> >>>> >>>> <ds:DigestValue>ErGgQ8Ke0hF2C1SSi12Abssi0Kg=</ds:DigestValue> >>>> </ds:Reference> >>>> <ds:Reference >>>> URI="#a4dbe2a7-0aac-4391-8773-62b1d519ada82"> >>>> <ds:Transforms> >>>> <ds:Transform >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >>>> /> >>>> </ds:Transforms> >>>> <ds:DigestMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> >>>> >>>> <ds:DigestValue>AD6lnb/DQl0tTgF+njpq+qUk9Zc=</ds:DigestValue> >>>> </ds:Reference> >>>> </ds:SignedInfo> >>>> >>>> <ds:SignatureValue>CwEOfSDVDFcXlKkhjNm/lqIbHfmsXwxb+RoNndGR0zi+YrAGMchqE+tXmqxyEB4IOp9gciw9NecmSCXFGD13NmEpLJynt6BVcGqe3BuC1txKwOZYQNlN4yLalVUrmfge+wrd0ebfFEDoJPq+fA13Yvo16v7Vj2dvdYjffcUK4jc=</ds:SignatureValue> >>>> <ds:KeyInfo> >>>> <ds:X509Data> >>>> <ds:X509IssuerSerial> >>>> <ds:X509IssuerName>CN=TEST, O=TEST, OU=TEST, >>>> E=...@E-... <mailto:TE...@E-...>, >>>> C=CL</ds:X509IssuerName> >>>> >>>> <ds:X509SerialNumber>140585008369263210178025</ds:X509SerialNumber> >>>> </ds:X509IssuerSerial> >>>> <ds:X509SubjectName>C=CL, E=...@TE... >>>> <mailto:TE...@TE...>, OU=TEST, O=TEST, >>>> CN=TEST</ds:X509SubjectName> >>>> >>>> <ds:X509Certificate>MIICUTCCAbqgAwIBAgIKHcUg6kSMM7Cl6TANBgkqhkiG9w0BAQUFADBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwHhcNMTMxMDA3MTMyODM1WhcNMTgxMDA3MTMyODM1WjBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALSvW/fbYisBDVaECeQMTvq4VyT2urClj6WGwwPROa+6iMILy3mtP4aa8ptgjT+l7DNeKceZBIMo+8K2YrMTRS1K/8NRBa/QTRA2pOwp9UVKr5g08f4wOyjonybPNOh0w3797yCh9A39YcJ5KZGSMFiypdOLnJ25KxYxNmMpkWXTAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAwCwYDVR0PBAQDAgSQMA0GCSqGSIb3DQEBBQUAA4GBADkRuoSugzY5/pDkRTR2tFfnwItA2e0r5ga6cOBEsVcfBDe00Clgaks52QoTFSSltgSHKBPsSR4XmE6AmE5gnBVQPeNNmb5TJovG4DnzoODp0mgSpOKj6aO4YY70H8tJzUeeSfWUU1/y0pPdDclN46NFwoAPKSmihvwGeCbuqwua</ds:X509Certificate> >>>> </ds:X509Data> >>>> <ds:KeyValue> >>>> <ds:RSAKeyValue> >>>> >>>> <ds:Modulus>tK9b99tiKwENVoQJ5AxO+rhXJPa6sKWPpYbDA9E5r7qIwgvLea0/hprym2CNP6XsM14px5kEgyj7wrZisxNFLUr/w1EFr9BNEDak7Cn1RUqvmDTx/jA7KOifJs806HTDfv3vIKH0Df1hwnkpkZIwWLKl04ucnbkrFjE2YymRZdM=</ds:Modulus> >>>> <ds:Exponent>AQAB</ds:Exponent> >>>> </ds:RSAKeyValue> >>>> </ds:KeyValue> >>>> </ds:KeyInfo> >>>> </ds:Signature> >>>> >>>> >>>> >>>> -- >>>> Regards. >>>> Cristian Altamirano >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Rapidly troubleshoot problems before they affect your business. Most IT >>>> organizations don't have a clear picture of how application performance >>>> affects their revenue. With AppDynamics, you get 100% visibility into your >>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk >>>> >>>> >>>> _______________________________________________ >>>> SignServer-develop mailing list >>>> Sig...@li... <mailto:Sig...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop >>> >>> >>> -- >>> >>> PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se <http://www.primekey.se> or contact in...@pr... <mailto:in...@pr...> for more information. >>> http://www.primekey.se/Services/Support/ >>> http://www.primekey.se/Services/Training/ >>> >>> >>> >>> >>> -- >>> Saluda. >>> Cristian Altamirano >>> >>> >> >> >> -- >> Kind regards, >> Markus Kilås >> PKI Specialist >> >> PrimeKey Solutions AB >> >> Anderstorpsv. 16 >> 171 54 Solna >> Sweden >> >> Phone: +46 70 424 94 85 <tel:%2B46%2070%20424%2094%2085> >> Skype: markusatskype >> Email: mar...@pr... <mailto:mar...@pr...> >> >> www.primekey.se <http://www.primekey.se> >> >> >> >> >> >> -- >> Saluda. >> Cristian Altamirano >> >> > > > > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > > > > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås PKI Specialist PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
