Menu
▾
▴
signserver-develop
|
From: Cristian A. <cal...@gm...> - 2013-12-13 18:49:14
|
Hi Dear.
My name is Cristian Altamirano and I am testing
signserver using xml file.
I wonder if signserver can make a digital sign wtithout some xml tag.
For example I want to know if the sign can be something
like:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
<ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#183">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="
http://www.w3.org/TR/1999/REC-xpath-19991116">
*<ds:XPath xmlns:ctr="http://www.abcdef.cl/2005/05/CGRDoc
<http://www.abcdef.cl/2005/05/CGRDoc>"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig#>">not(ancestor-or-self::ctr:Folio) and
not(ancestor-or-self::ctr:Fecha) and
not(ancestor-or-self::ctr:Lugar)</ds:XPath>*
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ErGgQ8Ke0hF2C1SSi12Abssi0Kg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#a4dbe2a7-0aac-4391-8773-62b1d519ada82">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>AD6lnb/DQl0tTgF+njpq+qUk9Zc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>CwEOfSDVDFcXlKkhjNm/lqIbHfmsXwxb+RoNndGR0zi+YrAGMchqE+tXmqxyEB4IOp9gciw9NecmSCXFGD13NmEpLJynt6BVcGqe3BuC1txKwOZYQNlN4yLalVUrmfge+wrd0ebfFEDoJPq+fA13Yvo16v7Vj2dvdYjffcUK4jc=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=TEST, O=TEST, OU=TEST, E=...@E-...,
C=CL</ds:X509IssuerName>
<ds:X509SerialNumber>140585008369263210178025</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509SubjectName>C=CL, E=...@TE..., OU=TEST, O=TEST,
CN=TEST</ds:X509SubjectName>
<ds:X509Certificate>MIICUTCCAbqgAwIBAgIKHcUg6kSMM7Cl6TANBgkqhkiG9w0BAQUFADBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwHhcNMTMxMDA3MTMyODM1WhcNMTgxMDA3MTMyODM1WjBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALSvW/fbYisBDVaECeQMTvq4VyT2urClj6WGwwPROa+6iMILy3mtP4aa8ptgjT+l7DNeKceZBIMo+8K2YrMTRS1K/8NRBa/QTRA2pOwp9UVKr5g08f4wOyjonybPNOh0w3797yCh9A39YcJ5KZGSMFiypdOLnJ25KxYxNmMpkWXTAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAwCwYDVR0PBAQDAgSQMA0GCSqGSIb3DQEBBQUAA4GBADkRuoSugzY5/pDkRTR2tFfnwItA2e0r5ga6cOBEsVcfBDe00Clgaks52QoTFSSltgSHKBPsSR4XmE6AmE5gnBVQPeNNmb5TJovG4DnzoODp0mgSpOKj6aO4YY70H8tJzUeeSfWUU1/y0pPdDclN46NFwoAPKSmihvwGeCbuqwua</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>tK9b99tiKwENVoQJ5AxO+rhXJPa6sKWPpYbDA9E5r7qIwgvLea0/hprym2CNP6XsM14px5kEgyj7wrZisxNFLUr/w1EFr9BNEDak7Cn1RUqvmDTx/jA7KOifJs806HTDfv3vIKH0Df1hwnkpkZIwWLKl04ucnbkrFjE2YymRZdM=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
--
Regards.
Cristian Altamirano
|
|
From: Markus K. <ejb...@pr...> - 2013-12-16 07:01:12
|
Dear Cristian, Currently the SignServer XML signer has no support for specifying tags to be excluded. If the underlaying library supports XPath expressions this should be quite easy to develop. What would be the use case for this feature? Cheers, Markus PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 2013-12-13 19:49, Cristian Altamirano wrote: > Hi Dear. > My name is Cristian Altamirano and I am testing > signserver using xml file. > I wonder if signserver can make a digital sign wtithout some xml tag. > For example I want to know if the sign can be > something like: > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" /> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> > <ds:Reference URI="#183"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> > <ds:Transform > Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> > *<ds:XPath > xmlns:ctr="http://www.abcdef.cl/2005/05/CGRDoc" > xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ctr:Folio) > and not(ancestor-or-self::ctr:Fecha) and > not(ancestor-or-self::ctr:Lugar)</ds:XPath>* > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> > <ds:DigestValue>ErGgQ8Ke0hF2C1SSi12Abssi0Kg=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#a4dbe2a7-0aac-4391-8773-62b1d519ada82"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> > <ds:DigestValue>AD6lnb/DQl0tTgF+njpq+qUk9Zc=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>CwEOfSDVDFcXlKkhjNm/lqIbHfmsXwxb+RoNndGR0zi+YrAGMchqE+tXmqxyEB4IOp9gciw9NecmSCXFGD13NmEpLJynt6BVcGqe3BuC1txKwOZYQNlN4yLalVUrmfge+wrd0ebfFEDoJPq+fA13Yvo16v7Vj2dvdYjffcUK4jc=</ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509IssuerSerial> > <ds:X509IssuerName>CN=TEST, O=TEST, OU=TEST, > E=...@E-... <mailto:TE...@E-...>, C=CL</ds:X509IssuerName> > > <ds:X509SerialNumber>140585008369263210178025</ds:X509SerialNumber> > </ds:X509IssuerSerial> > <ds:X509SubjectName>C=CL, E=...@TE... > <mailto:TE...@TE...>, OU=TEST, O=TEST, CN=TEST</ds:X509SubjectName> > > <ds:X509Certificate>MIICUTCCAbqgAwIBAgIKHcUg6kSMM7Cl6TANBgkqhkiG9w0BAQUFADBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwHhcNMTMxMDA3MTMyODM1WhcNMTgxMDA3MTMyODM1WjBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALSvW/fbYisBDVaECeQMTvq4VyT2urClj6WGwwPROa+6iMILy3mtP4aa8ptgjT+l7DNeKceZBIMo+8K2YrMTRS1K/8NRBa/QTRA2pOwp9UVKr5g08f4wOyjonybPNOh0w3797yCh9A39YcJ5KZGSMFiypdOLnJ25KxYxNmMpkWXTAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAwCwYDVR0PBAQDAgSQMA0GCSqGSIb3DQEBBQUAA4GBADkRuoSugzY5/pDkRTR2tFfnwItA2e0r5ga6cOBEsVcfBDe00Clgaks52QoTFSSltgSHKBPsSR4XmE6AmE5gnBVQPeNNmb5TJovG4DnzoODp0mgSpOKj6aO4YY70H8tJzUeeSfWUU1/y0pPdDclN46NFwoAPKSmihvwGeCbuqwua</ds:X509Certificate> > </ds:X509Data> > <ds:KeyValue> > <ds:RSAKeyValue> > > <ds:Modulus>tK9b99tiKwENVoQJ5AxO+rhXJPa6sKWPpYbDA9E5r7qIwgvLea0/hprym2CNP6XsM14px5kEgyj7wrZisxNFLUr/w1EFr9BNEDak7Cn1RUqvmDTx/jA7KOifJs806HTDfv3vIKH0Df1hwnkpkZIwWLKl04ucnbkrFjE2YymRZdM=</ds:Modulus> > <ds:Exponent>AQAB</ds:Exponent> > </ds:RSAKeyValue> > </ds:KeyValue> > </ds:KeyInfo> > </ds:Signature> > > > > -- > Regards. > Cristian Altamirano > > > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > > > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ |
|
From: Markus K. <ma...@pr...> - 2014-01-07 09:00:09
Attachments:
smime.p7s
|
Hi Cristian, (I included the mailinglist, please respond to the list) We don't have any sample code for that at the moment. In https://jira.primekey.se/browse/DSS-300 we will add support in the AdminGUI (which can use the WS interface) for adding workers so after that we might consider adding some samples for it. However this would be the process from my head: --- To set up the xmlsigner as in doc/sample-configs/qs_xmlsigner_configuration.properties 1. Setting the "CLASSPATH" global property // GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.P12CryptoToken adminws.setGlobalProperty("GLOB.", "SIGNERTOKEN.CLASSPATH", "org.signserver.server.cryptotokens.P12CryptoToken"); 2. Setting the "SIGNERTOKEN.CLASSPATH" global property: // GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.P12CryptoToken adminws.setGlobalProperty("GLOB.", "SIGNERTOKEN.CLASSPATH", "org.signserver.server.cryptotokens.P12CryptoToken"); 3. Setting the worker properties adminws.setWorkerProperty(123, "NAME", "XMLSigner"); adminws.setWorkerProperty(123, "AUTHTYPE", "NOAUTH"); adminws.setWorkerProperty(123, "KEYSTOREPATH", "/opt/signserver/p12/signer2.p12"); adminws.setWorkerProperty(123, "KEYSTOREPASSWORD", "foo123"); 4. Reload configuration adminws.reloadConfiguration(123); --- Best regards, Markus On 2014-01-06 22:28, Cristian Altamirano wrote: > Hi Markus. > This work fine for me. > I have verified the sign using > http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/Validate.java > > Other consultation. > > How I can create a worker from adminws? > > Have some sample code that you can show me? > > > I can create it using the settings that bring in examples running the > command > > ./signserver setproperties file_configuration.properties > > > Regards. > > > > On Fri, Dec 27, 2013 at 4:47 AM, Markus Kilås <ma...@pr... > <mailto:ma...@pr...>> wrote: > > Hi Cristian, > > Including the KeyValue tag is not currently supported. Let us know > if you are interested in this feature. > > If you want to develop it yourself we would be happy to recieve a patch. > > What I think you could do (not tested) is to in XMLSigner.java use > something like: > ---- > KeyInfoFactory kif = fac.getKeyInfoFactory(); > X509Data x509d = kif.newX509Data(x509CertChain); > List<XMLStructure> kviItems = new LinkedList<XMLStructure>(); > kviItems.add(x509d);* > RSAKeyValue rsaKeyValue = kif.newKeyValue(publicKey);* > *kviItems.add(rsaKeyValue);* > ---- > > Best regards, > > Markus > > PrimeKey Solutions offers a commercial EJBCA & SignServer support > subscription and training. Please see www.primekey.se > <http://www.primekey.se> or contact in...@pr... > <mailto:in...@pr...> for more information. > http://www.primekey.se/Services/Support/ > http://www.primekey.se/Services/Training/ > > > On 2013-12-23 14:42, Cristian Altamirano wrote: >> Markus, >> This function is rarely used. However there is a state >> agency that uses it. I have another consultation. >> When I use xmlsigner need theTAG <Signature >> xmlns="http://www.w3.org/2000/09/xmldsig#"> return TAG <KeyValue>. >> >> For Example: >> >> <Signature >> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >> URI=""><Transforms><Transform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>itzC/c4YAzqfJN9PNUmqTMiI8Xo=</DigestValue></Reference></SignedInfo><SignatureValue>L0jE/ia5qxCydsFszdbdWiJoJDmn38htrvZJnFhb/KUQn6ReVDM+FNTa3L6pE0EqC9fOXOdT01lu >> vqDwubmjRtyPZG7y2jauqFOUFN1RJIq8WZKeI7JUqK9yOXCo10WbmXDWY8ePIXXPh9sV3sgcusue >> FxgOFBGq/3PtQT73qWCE5fkkOKB7v7/UB6EJhEQz6Xh5ttIehYDLWbzBYZhgNdSDdhkvSAPXVUpt >> /hiJ+BRRMBtxM6IWb59oshDOSDi3GgvnjruG3C1rOZgYh8+WGTVI77Uf+At+TtxfUOkQpDGEuCmv >> ZR3CgOvftwZkc+zSSsTIw7V5YlkxQhnJEBWOsg==</SignatureValue><KeyInfo>*<KeyValue><RSAKeyValue><Modulus>z+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc/EV2cwVdHAbW >> we9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3AHGyWXjnZ/sYX >> wBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZzK9RhYJ0CpngQ >> gNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQWewmeTTr9dCnh >> 9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+Rxhw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue>*<X509Data><X509Certificate>MIIGXTCCBUWgAwIBAgIQaP7ZrIUusx5x3hw0yfiX4zANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UE >> BhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 >> b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlkdWFsIFN1YnNj >> cmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDAeFw0xMzEyMjAw >> MDAwMDBaFw0xNDEyMjAyMzU5NTlaMIIBJTEUMBIGA1UEChMLRS1TaWduIFMuQS4xLTArBgNVBAsT >> JFRlcm1pbm9zIGRlIHVzbyBlbiB3d3cuZS1zaWduLmNsL3JwYTElMCMGA1UECxMcQXV0aGVudGlj >> YXRlZCBieSBFLVNpZ24gUy5BLjEnMCUGA1UECxMeTWVtYmVyLCBTeW1hbnRlYyBUcnVzdCBOZXR3 >> b3JrMRswGQYDVQQLExJEaWdpdGFsIElEIENsYXNzIDIxGTAXBgNVBAsUEFJVVCAtIDEzODQ1Mjgw >> LTgxLTArBgNVBAMMJENyaXN0aWFuIEFsZWphbmRybyBBbHRhbWlyYW5vIExMYW5vczEnMCUGCSqG >> SIb3DQEJARYYY2FsdGFtaXJhbm9AZXNpZ24tbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A >> MIIBCgKCAQEAz+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc >> /EV2cwVdHAbWwe9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3A >> HGyWXjnZ/sYXwBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZz >> K9RhYJ0CpngQgNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQW >> ewmeTTr9dCnh9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+RxhwIDAQABo4ICATCCAf0wIwYDVR0R >> BBwwGqAYBggrBgEEAcEBAaAMFgoxMzg0NTI4MC04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgME8G >> A1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0VTaWduU0FDU0ND >> bGFzczJHMi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFNvPd2JYCzg2JS0a0mrEVAGybkwOMB0G >> A1UdDgQWBBS+9VwTBT8X7iyiTi+YarFB/SQLATA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGG >> H2h0dHA6Ly9vbnNpdGUtb2NzcC52ZXJpc2lnbi5jb20wgZgGA1UdIASBkDCBjTCBigYLYIZIAYb4 >> RQEHFwIwezAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >> bTBGBggrBgEFBQcCAjA6GjhDZXJ0aWZpY2FkbyBwYXJhIHVzbyBUcmlidXRhcmlvLCBDb21lcmNp >> bywgUGFnb3MgeSBPdHJvczARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIG >> CCsGAQUFBwMEMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1NTE3NDAtSzANBgkqhkiG9w0B >> AQUFAAOCAQEAvet0Rwq6W4zzLPYsT6rbpnx/lUAKLmBAJhQKK2zH1QSPM68FkVMe9+XSV3y6KFt9 >> PVRdYq/M2b2QZ//YHHFEoLeU6gcTTNgL6oVo+PQqUWYtrsU+H023ci9TA7F3EejJPRIRrRxMMN+a >> Dh9Zqu0qTCtQQ00sWUfjm1xL0UxWsRwYLnjDdwJlxwVdQ4pzN2yy/MqkNs6T6xVnMktfQmH1mgc7 >> gIHBhZk3oqFe/auzLvjQ/tdaGrnVfCulS7+SUXO0xzIjrWwZiefJgJQ3xj3KqmHJvVWovbMHpfYQ >> 6qVSq1qqhKgeQEydPJiK7d+DQ0V1eJ6b2ZNd8CALDSA3UjT4hA==</X509Certificate></X509Data></KeyInfo></Signature> >> >> >> If I use signserver (xmlsigner configuration) the TAG signature >> return this: >> >> <Signature >> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >> URI=""><Transforms><Transform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>itzC/c4YAzqfJN9PNUmqTMiI8Xo=</DigestValue></Reference></SignedInfo><SignatureValue>mcI/lJbd/mq36HU/RM8UQOceJmVwVSzEqkIezJOMXmPjM3OdIKOD7IDkY5B+xcte5r77eG6OOREt >> DV1bf8UxWkdToUR9XNxswOhPFDRwmpavVLivY0B41d0Rbq8Ee3HyotxPJeiS7ZX1E0A7xobot/cN >> qA/EbnZQDisiEsugfrI+pU2uTBNRaUgETC5+ODs7fjuGvo6iKBp7vU8ijDR2HCLYtzhx2fczMKjE >> OyLiK2MehGWWe4gyOi2jssFKEGSVCRToG2lU4taJo2AUKzN3AXJBKcL53VtbUn/IgeyWWt6IwYAn >> oveZ7KcWpUp2x2Lw4MhDmfLgf1Wb14WDgUDVBg==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIGXTCCBUWgAwIBAgIQaP7ZrIUusx5x3hw0yfiX4zANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UE >> BhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 >> b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlkdWFsIFN1YnNj >> cmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDAeFw0xMzEyMjAw >> MDAwMDBaFw0xNDEyMjAyMzU5NTlaMIIBJTEUMBIGA1UEChMLRS1TaWduIFMuQS4xLTArBgNVBAsT >> JFRlcm1pbm9zIGRlIHVzbyBlbiB3d3cuZS1zaWduLmNsL3JwYTElMCMGA1UECxMcQXV0aGVudGlj >> YXRlZCBieSBFLVNpZ24gUy5BLjEnMCUGA1UECxMeTWVtYmVyLCBTeW1hbnRlYyBUcnVzdCBOZXR3 >> b3JrMRswGQYDVQQLExJEaWdpdGFsIElEIENsYXNzIDIxGTAXBgNVBAsUEFJVVCAtIDEzODQ1Mjgw >> LTgxLTArBgNVBAMMJENyaXN0aWFuIEFsZWphbmRybyBBbHRhbWlyYW5vIExMYW5vczEnMCUGCSqG >> SIb3DQEJARYYY2FsdGFtaXJhbm9AZXNpZ24tbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A >> MIIBCgKCAQEAz+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc >> /EV2cwVdHAbWwe9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3A >> HGyWXjnZ/sYXwBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZz >> K9RhYJ0CpngQgNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQW >> ewmeTTr9dCnh9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+RxhwIDAQABo4ICATCCAf0wIwYDVR0R >> BBwwGqAYBggrBgEEAcEBAaAMFgoxMzg0NTI4MC04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgME8G >> A1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0VTaWduU0FDU0ND >> bGFzczJHMi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFNvPd2JYCzg2JS0a0mrEVAGybkwOMB0G >> A1UdDgQWBBS+9VwTBT8X7iyiTi+YarFB/SQLATA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGG >> H2h0dHA6Ly9vbnNpdGUtb2NzcC52ZXJpc2lnbi5jb20wgZgGA1UdIASBkDCBjTCBigYLYIZIAYb4 >> RQEHFwIwezAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >> bTBGBggrBgEFBQcCAjA6GjhDZXJ0aWZpY2FkbyBwYXJhIHVzbyBUcmlidXRhcmlvLCBDb21lcmNp >> bywgUGFnb3MgeSBPdHJvczARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIG >> CCsGAQUFBwMEMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1NTE3NDAtSzANBgkqhkiG9w0B >> AQUFAAOCAQEAvet0Rwq6W4zzLPYsT6rbpnx/lUAKLmBAJhQKK2zH1QSPM68FkVMe9+XSV3y6KFt9 >> PVRdYq/M2b2QZ//YHHFEoLeU6gcTTNgL6oVo+PQqUWYtrsU+H023ci9TA7F3EejJPRIRrRxMMN+a >> Dh9Zqu0qTCtQQ00sWUfjm1xL0UxWsRwYLnjDdwJlxwVdQ4pzN2yy/MqkNs6T6xVnMktfQmH1mgc7 >> gIHBhZk3oqFe/auzLvjQ/tdaGrnVfCulS7+SUXO0xzIjrWwZiefJgJQ3xj3KqmHJvVWovbMHpfYQ >> 6qVSq1qqhKgeQEydPJiK7d+DQ0V1eJ6b2ZNd8CALDSA3UjT4hA==</X509Certificate><X509Certificate>MIIGTTCCBTWgAwIBAgIQKbLznlYRzv8kSNGZCYBXdTANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE >> BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO >> ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk >> IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRp >> ZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNMTIxMTE1MDAwMDAwWhcNMTcxMTE0MjM1OTU5WjCB >> qDELMAkGA1UEBhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBU >> cnVzdCBOZXR3b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlk >> dWFsIFN1YnNjcmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDCC >> ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+9QdJcqEZ+rG7t+iW8F9chMQ0N+GkWyYet >> ivwzy/Kvh3ngQVe8UOrOM1Zx5hDJxtxk4GO2kXbpXoYlkak6jOpnlvGtf92Atz7CJ4w9WiuebvcX >> EcczTY7Ne+TZK+TnXyLtcw77vl4ZKTfblO1l2euHzRp6bXYmJ5948watkvshtRlvrxeaH48jHN0r >> 0u2F9hQKgRXLWwOISQYakT+BgIyHdf1JJvAWwnystqMI4RHfSLgPRRwERfSB2gWwS/BKZdCp479D >> s4ZAtxt1zgQKyGQYYNoRkVP48NVCwia04JSVCLHWrodKvxHRp/Uq4X/Zyo1dKQfc4iEjRe1GuiA3 >> X7sCAwEAAaOCAk0wggJJMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAYYcaHR0cDovL3BraS1v >> Y3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHcGA1UdIARwMG4wbAYLYIZIAYb4 >> RQEHFwIwXTAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >> bWwwJwYIKwYBBQUHAgIwGxoZaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JwYTA0BgNVHR8ELTArMCmg >> J6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EyLWczLmNybDAOBgNVHQ8BAf8EBAMCAQYw >> KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEEFmZmlsaWF0ZS0yMDQ4LTQwHQYDVR0OBBYEFNvPd2JY >> Czg2JS0a0mrEVAGybkwOMIHwBgNVHSMEgegwgeWhgdCkgc0wgcoxCzAJBgNVBAYTAlVTMRcwFQYD >> VQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgG >> A1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFF >> MEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1 >> dGhvcml0eSAtIEczghBhcMtJjF+YRSnnsKbZUFt6MA0GCSqGSIb3DQEBBQUAA4IBAQA8PGoxQFzV >> 0Cmct9QP6Px6oFSAxJ9dt47CtMO+qZzu367Oo+ij+6iIMHWs9+wHjJM9VoOe6S8RUwywcVYEqsdI >> gProsYFJmsgGVPLihxFfIVI+OVKexIAZrfRqR4Blf75D4C0eFdLU+6K/iKY8ag9874kKhhOuRMHy >> IsUz+vQYn3GmvsWBXSx5BG4uzOXwjPgPe4dTvpIHen/1tKzip1Ti3cZFgLmiIy+CkvBLsKDQepRj >> W6PPv5nRYhQGgHheShH6UdRx9cEhx3xkY1ucWjFq3dawIaMcVGtaicgHXWsoyX5vmnjARd2H3ie6 >> zNcqlO6Z5cjvCpJyqSq0Kw6HccLw</X509Certificate><X509Certificate>MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNVBAYTAlVT >> MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y >> azE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ug >> b25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0 >> aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJ >> BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 >> c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y >> aXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBD >> ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC >> AQEArwoNwtUs22e5LeWUJ92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6 >> tW8UvxDOJxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUYwZF7 >> C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9okoqQHgiBVrKtaaNS >> 0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjNqWm6o+sdDZykIKbBoMXRRkwXbdKs >> Zj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/ESrg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0 >> JhU8wI1NQ0kdvekhktdmnLfexbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf >> 0xwLRtxyID+u7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU >> sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RIsH/7NiXaldDx >> JBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTPcjnhsUPgKM+351psE2tJs//j >> GHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q</X509Certificate></X509Data></KeyInfo></Signature> >> >> >> Regards. >> >> Cristian Altamirano >> >> >> On Mon, Dec 16, 2013 at 4:01 AM, Markus Kilås >> <ejb...@pr... <mailto:ejb...@pr...>> wrote: >> >> Dear Cristian, >> >> Currently the SignServer XML signer has no support for >> specifying tags to be excluded. If the underlaying library >> supports XPath expressions this should be quite easy to develop. >> What would be the use case for this feature? >> >> >> Cheers, >> Markus >> >> PrimeKey Solutions offers a commercial EJBCA & SignServer >> support subscription and training. Please see www.primekey.se >> <http://www.primekey.se> or contact in...@pr... >> <mailto:in...@pr...> for more information. >> http://www.primekey.se/Services/Support/ >> http://www.primekey.se/Services/Training/ >> >> >> >> On 2013-12-13 19:49, Cristian Altamirano wrote: >>> Hi Dear. >>> My name is Cristian Altamirano and I am >>> testing signserver using xml file. >>> I wonder if signserver can make a digital sign wtithout some >>> xml tag. >>> For example I want to know if the sign can >>> be something like: >>> >>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> >>> <ds:SignedInfo> >>> <ds:CanonicalizationMethod >>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" >>> /> >>> <ds:SignatureMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> >>> <ds:Reference URI="#183"> >>> <ds:Transforms> >>> <ds:Transform >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >>> /> >>> <ds:Transform >>> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> >>> *<ds:XPath >>> xmlns:ctr="http://www.abcdef.cl/2005/05/CGRDoc" >>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ctr:Folio) >>> and not(ancestor-or-self::ctr:Fecha) and >>> not(ancestor-or-self::ctr:Lugar)</ds:XPath>* >>> </ds:Transform> >>> </ds:Transforms> >>> <ds:DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> >>> >>> <ds:DigestValue>ErGgQ8Ke0hF2C1SSi12Abssi0Kg=</ds:DigestValue> >>> </ds:Reference> >>> <ds:Reference >>> URI="#a4dbe2a7-0aac-4391-8773-62b1d519ada82"> >>> <ds:Transforms> >>> <ds:Transform >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >>> /> >>> </ds:Transforms> >>> <ds:DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> >>> >>> <ds:DigestValue>AD6lnb/DQl0tTgF+njpq+qUk9Zc=</ds:DigestValue> >>> </ds:Reference> >>> </ds:SignedInfo> >>> >>> <ds:SignatureValue>CwEOfSDVDFcXlKkhjNm/lqIbHfmsXwxb+RoNndGR0zi+YrAGMchqE+tXmqxyEB4IOp9gciw9NecmSCXFGD13NmEpLJynt6BVcGqe3BuC1txKwOZYQNlN4yLalVUrmfge+wrd0ebfFEDoJPq+fA13Yvo16v7Vj2dvdYjffcUK4jc=</ds:SignatureValue> >>> <ds:KeyInfo> >>> <ds:X509Data> >>> <ds:X509IssuerSerial> >>> <ds:X509IssuerName>CN=TEST, O=TEST, OU=TEST, >>> E=...@E-... <mailto:TE...@E-...>, >>> C=CL</ds:X509IssuerName> >>> >>> <ds:X509SerialNumber>140585008369263210178025</ds:X509SerialNumber> >>> </ds:X509IssuerSerial> >>> <ds:X509SubjectName>C=CL, E=...@TE... >>> <mailto:TE...@TE...>, OU=TEST, O=TEST, >>> CN=TEST</ds:X509SubjectName> >>> >>> <ds:X509Certificate>MIICUTCCAbqgAwIBAgIKHcUg6kSMM7Cl6TANBgkqhkiG9w0BAQUFADBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwHhcNMTMxMDA3MTMyODM1WhcNMTgxMDA3MTMyODM1WjBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALSvW/fbYisBDVaECeQMTvq4VyT2urClj6WGwwPROa+6iMILy3mtP4aa8ptgjT+l7DNeKceZBIMo+8K2YrMTRS1K/8NRBa/QTRA2pOwp9UVKr5g08f4wOyjonybPNOh0w3797yCh9A39YcJ5KZGSMFiypdOLnJ25KxYxNmMpkWXTAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAwCwYDVR0PBAQDAgSQMA0GCSqGSIb3DQEBBQUAA4GBADkRuoSugzY5/pDkRTR2tFfnwItA2e0r5ga6cOBEsVcfBDe00Clgaks52QoTFSSltgSHKBPsSR4XmE6AmE5gnBVQPeNNmb5TJovG4DnzoODp0mgSpOKj6aO4YY70H8tJzUeeSfWUU1/y0pPdDclN46NFwoAPKSmihvwGeCbuqwua</ds:X509Certificate> >>> </ds:X509Data> >>> <ds:KeyValue> >>> <ds:RSAKeyValue> >>> >>> <ds:Modulus>tK9b99tiKwENVoQJ5AxO+rhXJPa6sKWPpYbDA9E5r7qIwgvLea0/hprym2CNP6XsM14px5kEgyj7wrZisxNFLUr/w1EFr9BNEDak7Cn1RUqvmDTx/jA7KOifJs806HTDfv3vIKH0Df1hwnkpkZIwWLKl04ucnbkrFjE2YymRZdM=</ds:Modulus> >>> <ds:Exponent>AQAB</ds:Exponent> >>> </ds:RSAKeyValue> >>> </ds:KeyValue> >>> </ds:KeyInfo> >>> </ds:Signature> >>> >>> >>> >>> -- >>> Regards. >>> Cristian Altamirano >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Rapidly troubleshoot problems before they affect your business. Most IT >>> organizations don't have a clear picture of how application performance >>> affects their revenue. With AppDynamics, you get 100% visibility into your >>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! >>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk >>> >>> >>> _______________________________________________ >>> SignServer-develop mailing list >>> Sig...@li... <mailto:Sig...@li...> >>> https://lists.sourceforge.net/lists/listinfo/signserver-develop >> >> >> -- >> >> PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se <http://www.primekey.se> or contact in...@pr... <mailto:in...@pr...> for more information. >> http://www.primekey.se/Services/Support/ >> http://www.primekey.se/Services/Training/ >> >> >> >> >> -- >> Saluda. >> Cristian Altamirano >> >> > > > -- > Kind regards, > Markus Kilås > PKI Specialist > > PrimeKey Solutions AB > > Anderstorpsv. 16 > 171 54 Solna > Sweden > > Phone: +46 70 424 94 85 <tel:%2B46%2070%20424%2094%2085> > Skype: markusatskype > Email: mar...@pr... <mailto:mar...@pr...> > > www.primekey.se <http://www.primekey.se> > > > > > > -- > Saluda. > Cristian Altamirano > > -- Kind regards, Markus Kilås PrimeKey Solutions AB |
|
From: Markus K. <ma...@pr...> - 2014-01-07 09:16:07
|
Thank you Cristian for the submitting the patch. I have created https://jira.primekey.se/browse/DSS-709 to eventually have this added to SignServer. Best regards, Markus > > On 2014-01-06 22:28, Cristian Altamirano wrote: >> Hi Markus. >> This work fine for me. >> I have verified the sign using >> http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/Validate.java >> >> Other consultation. >> >> How I can create a worker from adminws? >> >> Have some sample code that you can show me? >> >> >> I can create it using the settings that bring in examples running the >> command >> >> ./signserver setproperties file_configuration.properties >> >> >> Regards. >> >> >> >> On Fri, Dec 27, 2013 at 4:47 AM, Markus Kilås <ma...@pr... >> <mailto:ma...@pr...>> wrote: >> >> Hi Cristian, >> >> Including the KeyValue tag is not currently supported. Let us know >> if you are interested in this feature. >> >> If you want to develop it yourself we would be happy to recieve a patch. >> >> What I think you could do (not tested) is to in XMLSigner.java use >> something like: >> ---- >> KeyInfoFactory kif = fac.getKeyInfoFactory(); >> X509Data x509d = kif.newX509Data(x509CertChain); >> List<XMLStructure> kviItems = new LinkedList<XMLStructure>(); >> kviItems.add(x509d);* >> RSAKeyValue rsaKeyValue = kif.newKeyValue(publicKey);* >> *kviItems.add(rsaKeyValue);* >> ---- >> >> Best regards, >> >> Markus >> >> PrimeKey Solutions offers a commercial EJBCA & SignServer support >> subscription and training. Please see www.primekey.se >> <http://www.primekey.se> or contact in...@pr... >> <mailto:in...@pr...> for more information. >> http://www.primekey.se/Services/Support/ >> http://www.primekey.se/Services/Training/ >> >> >> On 2013-12-23 14:42, Cristian Altamirano wrote: >>> Markus, >>> This function is rarely used. However there is a state >>> agency that uses it. I have another consultation. >>> When I use xmlsigner need theTAG <Signature >>> xmlns="http://www.w3.org/2000/09/xmldsig#"> return TAG <KeyValue>. >>> >>> For Example: >>> >>> <Signature >>> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >>> URI=""><Transforms><Transform >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>itzC/c4YAzqfJN9PNUmqTMiI8Xo=</DigestValue></Reference></SignedInfo><SignatureValue>L0jE/ia5qxCydsFszdbdWiJoJDmn38htrvZJnFhb/KUQn6ReVDM+FNTa3L6pE0EqC9fOXOdT01lu >>> vqDwubmjRtyPZG7y2jauqFOUFN1RJIq8WZKeI7JUqK9yOXCo10WbmXDWY8ePIXXPh9sV3sgcusue >>> FxgOFBGq/3PtQT73qWCE5fkkOKB7v7/UB6EJhEQz6Xh5ttIehYDLWbzBYZhgNdSDdhkvSAPXVUpt >>> /hiJ+BRRMBtxM6IWb59oshDOSDi3GgvnjruG3C1rOZgYh8+WGTVI77Uf+At+TtxfUOkQpDGEuCmv >>> ZR3CgOvftwZkc+zSSsTIw7V5YlkxQhnJEBWOsg==</SignatureValue><KeyInfo>*<KeyValue><RSAKeyValue><Modulus>z+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc/EV2cwVdHAbW >>> we9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3AHGyWXjnZ/sYX >>> wBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZzK9RhYJ0CpngQ >>> gNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQWewmeTTr9dCnh >>> 9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+Rxhw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue>*<X509Data><X509Certificate>MIIGXTCCBUWgAwIBAgIQaP7ZrIUusx5x3hw0yfiX4zANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UE >>> BhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlkdWFsIFN1YnNj >>> cmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDAeFw0xMzEyMjAw >>> MDAwMDBaFw0xNDEyMjAyMzU5NTlaMIIBJTEUMBIGA1UEChMLRS1TaWduIFMuQS4xLTArBgNVBAsT >>> JFRlcm1pbm9zIGRlIHVzbyBlbiB3d3cuZS1zaWduLmNsL3JwYTElMCMGA1UECxMcQXV0aGVudGlj >>> YXRlZCBieSBFLVNpZ24gUy5BLjEnMCUGA1UECxMeTWVtYmVyLCBTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMRswGQYDVQQLExJEaWdpdGFsIElEIENsYXNzIDIxGTAXBgNVBAsUEFJVVCAtIDEzODQ1Mjgw >>> LTgxLTArBgNVBAMMJENyaXN0aWFuIEFsZWphbmRybyBBbHRhbWlyYW5vIExMYW5vczEnMCUGCSqG >>> SIb3DQEJARYYY2FsdGFtaXJhbm9AZXNpZ24tbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A >>> MIIBCgKCAQEAz+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc >>> /EV2cwVdHAbWwe9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3A >>> HGyWXjnZ/sYXwBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZz >>> K9RhYJ0CpngQgNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQW >>> ewmeTTr9dCnh9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+RxhwIDAQABo4ICATCCAf0wIwYDVR0R >>> BBwwGqAYBggrBgEEAcEBAaAMFgoxMzg0NTI4MC04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgME8G >>> A1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0VTaWduU0FDU0ND >>> bGFzczJHMi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFNvPd2JYCzg2JS0a0mrEVAGybkwOMB0G >>> A1UdDgQWBBS+9VwTBT8X7iyiTi+YarFB/SQLATA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGG >>> H2h0dHA6Ly9vbnNpdGUtb2NzcC52ZXJpc2lnbi5jb20wgZgGA1UdIASBkDCBjTCBigYLYIZIAYb4 >>> RQEHFwIwezAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >>> bTBGBggrBgEFBQcCAjA6GjhDZXJ0aWZpY2FkbyBwYXJhIHVzbyBUcmlidXRhcmlvLCBDb21lcmNp >>> bywgUGFnb3MgeSBPdHJvczARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIG >>> CCsGAQUFBwMEMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1NTE3NDAtSzANBgkqhkiG9w0B >>> AQUFAAOCAQEAvet0Rwq6W4zzLPYsT6rbpnx/lUAKLmBAJhQKK2zH1QSPM68FkVMe9+XSV3y6KFt9 >>> PVRdYq/M2b2QZ//YHHFEoLeU6gcTTNgL6oVo+PQqUWYtrsU+H023ci9TA7F3EejJPRIRrRxMMN+a >>> Dh9Zqu0qTCtQQ00sWUfjm1xL0UxWsRwYLnjDdwJlxwVdQ4pzN2yy/MqkNs6T6xVnMktfQmH1mgc7 >>> gIHBhZk3oqFe/auzLvjQ/tdaGrnVfCulS7+SUXO0xzIjrWwZiefJgJQ3xj3KqmHJvVWovbMHpfYQ >>> 6qVSq1qqhKgeQEydPJiK7d+DQ0V1eJ6b2ZNd8CALDSA3UjT4hA==</X509Certificate></X509Data></KeyInfo></Signature> >>> >>> >>> If I use signserver (xmlsigner configuration) the TAG signature >>> return this: >>> >>> <Signature >>> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference >>> URI=""><Transforms><Transform >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>itzC/c4YAzqfJN9PNUmqTMiI8Xo=</DigestValue></Reference></SignedInfo><SignatureValue>mcI/lJbd/mq36HU/RM8UQOceJmVwVSzEqkIezJOMXmPjM3OdIKOD7IDkY5B+xcte5r77eG6OOREt >>> DV1bf8UxWkdToUR9XNxswOhPFDRwmpavVLivY0B41d0Rbq8Ee3HyotxPJeiS7ZX1E0A7xobot/cN >>> qA/EbnZQDisiEsugfrI+pU2uTBNRaUgETC5+ODs7fjuGvo6iKBp7vU8ijDR2HCLYtzhx2fczMKjE >>> OyLiK2MehGWWe4gyOi2jssFKEGSVCRToG2lU4taJo2AUKzN3AXJBKcL53VtbUn/IgeyWWt6IwYAn >>> oveZ7KcWpUp2x2Lw4MhDmfLgf1Wb14WDgUDVBg==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIGXTCCBUWgAwIBAgIQaP7ZrIUusx5x3hw0yfiX4zANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UE >>> BhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlkdWFsIFN1YnNj >>> cmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDAeFw0xMzEyMjAw >>> MDAwMDBaFw0xNDEyMjAyMzU5NTlaMIIBJTEUMBIGA1UEChMLRS1TaWduIFMuQS4xLTArBgNVBAsT >>> JFRlcm1pbm9zIGRlIHVzbyBlbiB3d3cuZS1zaWduLmNsL3JwYTElMCMGA1UECxMcQXV0aGVudGlj >>> YXRlZCBieSBFLVNpZ24gUy5BLjEnMCUGA1UECxMeTWVtYmVyLCBTeW1hbnRlYyBUcnVzdCBOZXR3 >>> b3JrMRswGQYDVQQLExJEaWdpdGFsIElEIENsYXNzIDIxGTAXBgNVBAsUEFJVVCAtIDEzODQ1Mjgw >>> LTgxLTArBgNVBAMMJENyaXN0aWFuIEFsZWphbmRybyBBbHRhbWlyYW5vIExMYW5vczEnMCUGCSqG >>> SIb3DQEJARYYY2FsdGFtaXJhbm9AZXNpZ24tbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A >>> MIIBCgKCAQEAz+jlSLP5ZTDFgV25Kcq6xfb30GKssWhn1MpfQUgZvXUWWuC91p6PXLl5Um8Nj6lc >>> /EV2cwVdHAbWwe9z3spVk7g3WNt6gw6khwZmj/tbJZ+iLKYNdCAoQi9I6kQFSh7Ted0GjNBBng3A >>> HGyWXjnZ/sYXwBNDpgd7Vf0H9j1icdlNX7rtjpBXi+jbnTg1dndbzWvmSnA70SJx3/BN5CgBNpZz >>> K9RhYJ0CpngQgNcyJdAevKk8flpeAhDiBqY7a400yE4vHKgdFt/8dtBsNajBngpSsCjpvQZ91hQW >>> ewmeTTr9dCnh9r92ZwDcNnoxC/mYjA9i61rLWPRei9OwZ+RxhwIDAQABo4ICATCCAf0wIwYDVR0R >>> BBwwGqAYBggrBgEEAcEBAaAMFgoxMzg0NTI4MC04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgME8G >>> A1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0VTaWduU0FDU0ND >>> bGFzczJHMi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFNvPd2JYCzg2JS0a0mrEVAGybkwOMB0G >>> A1UdDgQWBBS+9VwTBT8X7iyiTi+YarFB/SQLATA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGG >>> H2h0dHA6Ly9vbnNpdGUtb2NzcC52ZXJpc2lnbi5jb20wgZgGA1UdIASBkDCBjTCBigYLYIZIAYb4 >>> RQEHFwIwezAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >>> bTBGBggrBgEFBQcCAjA6GjhDZXJ0aWZpY2FkbyBwYXJhIHVzbyBUcmlidXRhcmlvLCBDb21lcmNp >>> bywgUGFnb3MgeSBPdHJvczARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIG >>> CCsGAQUFBwMEMCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1NTE3NDAtSzANBgkqhkiG9w0B >>> AQUFAAOCAQEAvet0Rwq6W4zzLPYsT6rbpnx/lUAKLmBAJhQKK2zH1QSPM68FkVMe9+XSV3y6KFt9 >>> PVRdYq/M2b2QZ//YHHFEoLeU6gcTTNgL6oVo+PQqUWYtrsU+H023ci9TA7F3EejJPRIRrRxMMN+a >>> Dh9Zqu0qTCtQQ00sWUfjm1xL0UxWsRwYLnjDdwJlxwVdQ4pzN2yy/MqkNs6T6xVnMktfQmH1mgc7 >>> gIHBhZk3oqFe/auzLvjQ/tdaGrnVfCulS7+SUXO0xzIjrWwZiefJgJQ3xj3KqmHJvVWovbMHpfYQ >>> 6qVSq1qqhKgeQEydPJiK7d+DQ0V1eJ6b2ZNd8CALDSA3UjT4hA==</X509Certificate><X509Certificate>MIIGTTCCBTWgAwIBAgIQKbLznlYRzv8kSNGZCYBXdTANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE >>> BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO >>> ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk >>> IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRp >>> ZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNMTIxMTE1MDAwMDAwWhcNMTcxMTE0MjM1OTU5WjCB >>> qDELMAkGA1UEBhMCQ0wxFDASBgNVBAoTC0UtU2lnbiBTLkEuMR8wHQYDVQQLExZTeW1hbnRlYyBU >>> cnVzdCBOZXR3b3JrMUEwPwYDVQQDEzhFLVNpZ24gU0MgQ2xhc3MgMiBDb25zdW1lciBJbmRpdmlk >>> dWFsIFN1YnNjcmliZXIgQ0EgLSBHMjEfMB0GCSqGSIb3DQEJARYQZS1zaWduQGUtc2lnbi5jbDCC >>> ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+9QdJcqEZ+rG7t+iW8F9chMQ0N+GkWyYet >>> ivwzy/Kvh3ngQVe8UOrOM1Zx5hDJxtxk4GO2kXbpXoYlkak6jOpnlvGtf92Atz7CJ4w9WiuebvcX >>> EcczTY7Ne+TZK+TnXyLtcw77vl4ZKTfblO1l2euHzRp6bXYmJ5948watkvshtRlvrxeaH48jHN0r >>> 0u2F9hQKgRXLWwOISQYakT+BgIyHdf1JJvAWwnystqMI4RHfSLgPRRwERfSB2gWwS/BKZdCp479D >>> s4ZAtxt1zgQKyGQYYNoRkVP48NVCwia04JSVCLHWrodKvxHRp/Uq4X/Zyo1dKQfc4iEjRe1GuiA3 >>> X7sCAwEAAaOCAk0wggJJMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAYYcaHR0cDovL3BraS1v >>> Y3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHcGA1UdIARwMG4wbAYLYIZIAYb4 >>> RQEHFwIwXTAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JlcG9zaXRvcmlvLmh0 >>> bWwwJwYIKwYBBQUHAgIwGxoZaHR0cHM6Ly93d3cuZS1zaWduLmNsL3JwYTA0BgNVHR8ELTArMCmg >>> J6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EyLWczLmNybDAOBgNVHQ8BAf8EBAMCAQYw >>> KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEEFmZmlsaWF0ZS0yMDQ4LTQwHQYDVR0OBBYEFNvPd2JY >>> Czg2JS0a0mrEVAGybkwOMIHwBgNVHSMEgegwgeWhgdCkgc0wgcoxCzAJBgNVBAYTAlVTMRcwFQYD >>> VQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgG >>> A1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFF >>> MEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1 >>> dGhvcml0eSAtIEczghBhcMtJjF+YRSnnsKbZUFt6MA0GCSqGSIb3DQEBBQUAA4IBAQA8PGoxQFzV >>> 0Cmct9QP6Px6oFSAxJ9dt47CtMO+qZzu367Oo+ij+6iIMHWs9+wHjJM9VoOe6S8RUwywcVYEqsdI >>> gProsYFJmsgGVPLihxFfIVI+OVKexIAZrfRqR4Blf75D4C0eFdLU+6K/iKY8ag9874kKhhOuRMHy >>> IsUz+vQYn3GmvsWBXSx5BG4uzOXwjPgPe4dTvpIHen/1tKzip1Ti3cZFgLmiIy+CkvBLsKDQepRj >>> W6PPv5nRYhQGgHheShH6UdRx9cEhx3xkY1ucWjFq3dawIaMcVGtaicgHXWsoyX5vmnjARd2H3ie6 >>> zNcqlO6Z5cjvCpJyqSq0Kw6HccLw</X509Certificate><X509Certificate>MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNVBAYTAlVT >>> MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y >>> azE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ug >>> b25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0 >>> aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJ >>> BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 >>> c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y >>> aXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBD >>> ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC >>> AQEArwoNwtUs22e5LeWUJ92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6 >>> tW8UvxDOJxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUYwZF7 >>> C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9okoqQHgiBVrKtaaNS >>> 0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjNqWm6o+sdDZykIKbBoMXRRkwXbdKs >>> Zj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/ESrg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0 >>> JhU8wI1NQ0kdvekhktdmnLfexbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf >>> 0xwLRtxyID+u7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU >>> sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RIsH/7NiXaldDx >>> JBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTPcjnhsUPgKM+351psE2tJs//j >>> GHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q</X509Certificate></X509Data></KeyInfo></Signature> >>> >>> >>> Regards. >>> >>> Cristian Altamirano >>> >>> >>> On Mon, Dec 16, 2013 at 4:01 AM, Markus Kilås >>> <ejb...@pr... <mailto:ejb...@pr...>> wrote: >>> >>> Dear Cristian, >>> >>> Currently the SignServer XML signer has no support for >>> specifying tags to be excluded. If the underlaying library >>> supports XPath expressions this should be quite easy to develop. >>> What would be the use case for this feature? >>> >>> >>> Cheers, >>> Markus >>> >>> PrimeKey Solutions offers a commercial EJBCA & SignServer >>> support subscription and training. Please see www.primekey.se >>> <http://www.primekey.se> or contact in...@pr... >>> <mailto:in...@pr...> for more information. >>> http://www.primekey.se/Services/Support/ >>> http://www.primekey.se/Services/Training/ >>> >>> >>> >>> On 2013-12-13 19:49, Cristian Altamirano wrote: >>>> Hi Dear. >>>> My name is Cristian Altamirano and I am >>>> testing signserver using xml file. >>>> I wonder if signserver can make a digital sign wtithout some >>>> xml tag. >>>> For example I want to know if the sign can >>>> be something like: >>>> >>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> >>>> <ds:SignedInfo> >>>> <ds:CanonicalizationMethod >>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" >>>> /> >>>> <ds:SignatureMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> >>>> <ds:Reference URI="#183"> >>>> <ds:Transforms> >>>> <ds:Transform >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >>>> /> >>>> <ds:Transform >>>> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> >>>> *<ds:XPath >>>> xmlns:ctr="http://www.abcdef.cl/2005/05/CGRDoc" >>>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ctr:Folio) >>>> and not(ancestor-or-self::ctr:Fecha) and >>>> not(ancestor-or-self::ctr:Lugar)</ds:XPath>* >>>> </ds:Transform> >>>> </ds:Transforms> >>>> <ds:DigestMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> >>>> >>>> <ds:DigestValue>ErGgQ8Ke0hF2C1SSi12Abssi0Kg=</ds:DigestValue> >>>> </ds:Reference> >>>> <ds:Reference >>>> URI="#a4dbe2a7-0aac-4391-8773-62b1d519ada82"> >>>> <ds:Transforms> >>>> <ds:Transform >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >>>> /> >>>> </ds:Transforms> >>>> <ds:DigestMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> >>>> >>>> <ds:DigestValue>AD6lnb/DQl0tTgF+njpq+qUk9Zc=</ds:DigestValue> >>>> </ds:Reference> >>>> </ds:SignedInfo> >>>> >>>> <ds:SignatureValue>CwEOfSDVDFcXlKkhjNm/lqIbHfmsXwxb+RoNndGR0zi+YrAGMchqE+tXmqxyEB4IOp9gciw9NecmSCXFGD13NmEpLJynt6BVcGqe3BuC1txKwOZYQNlN4yLalVUrmfge+wrd0ebfFEDoJPq+fA13Yvo16v7Vj2dvdYjffcUK4jc=</ds:SignatureValue> >>>> <ds:KeyInfo> >>>> <ds:X509Data> >>>> <ds:X509IssuerSerial> >>>> <ds:X509IssuerName>CN=TEST, O=TEST, OU=TEST, >>>> E=...@E-... <mailto:TE...@E-...>, >>>> C=CL</ds:X509IssuerName> >>>> >>>> <ds:X509SerialNumber>140585008369263210178025</ds:X509SerialNumber> >>>> </ds:X509IssuerSerial> >>>> <ds:X509SubjectName>C=CL, E=...@TE... >>>> <mailto:TE...@TE...>, OU=TEST, O=TEST, >>>> CN=TEST</ds:X509SubjectName> >>>> >>>> <ds:X509Certificate>MIICUTCCAbqgAwIBAgIKHcUg6kSMM7Cl6TANBgkqhkiG9w0BAQUFADBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwHhcNMTMxMDA3MTMyODM1WhcNMTgxMDA3MTMyODM1WjBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALSvW/fbYisBDVaECeQMTvq4VyT2urClj6WGwwPROa+6iMILy3mtP4aa8ptgjT+l7DNeKceZBIMo+8K2YrMTRS1K/8NRBa/QTRA2pOwp9UVKr5g08f4wOyjonybPNOh0w3797yCh9A39YcJ5KZGSMFiypdOLnJ25KxYxNmMpkWXTAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAwCwYDVR0PBAQDAgSQMA0GCSqGSIb3DQEBBQUAA4GBADkRuoSugzY5/pDkRTR2tFfnwItA2e0r5ga6cOBEsVcfBDe00Clgaks52QoTFSSltgSHKBPsSR4XmE6AmE5gnBVQPeNNmb5TJovG4DnzoODp0mgSpOKj6aO4YY70H8tJzUeeSfWUU1/y0pPdDclN46NFwoAPKSmihvwGeCbuqwua</ds:X509Certificate> >>>> </ds:X509Data> >>>> <ds:KeyValue> >>>> <ds:RSAKeyValue> >>>> >>>> <ds:Modulus>tK9b99tiKwENVoQJ5AxO+rhXJPa6sKWPpYbDA9E5r7qIwgvLea0/hprym2CNP6XsM14px5kEgyj7wrZisxNFLUr/w1EFr9BNEDak7Cn1RUqvmDTx/jA7KOifJs806HTDfv3vIKH0Df1hwnkpkZIwWLKl04ucnbkrFjE2YymRZdM=</ds:Modulus> >>>> <ds:Exponent>AQAB</ds:Exponent> >>>> </ds:RSAKeyValue> >>>> </ds:KeyValue> >>>> </ds:KeyInfo> >>>> </ds:Signature> >>>> >>>> >>>> >>>> -- >>>> Regards. >>>> Cristian Altamirano >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Rapidly troubleshoot problems before they affect your business. Most IT >>>> organizations don't have a clear picture of how application performance >>>> affects their revenue. With AppDynamics, you get 100% visibility into your >>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk >>>> >>>> >>>> _______________________________________________ >>>> SignServer-develop mailing list >>>> Sig...@li... <mailto:Sig...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop >>> >>> >>> -- >>> >>> PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se <http://www.primekey.se> or contact in...@pr... <mailto:in...@pr...> for more information. >>> http://www.primekey.se/Services/Support/ >>> http://www.primekey.se/Services/Training/ >>> >>> >>> >>> >>> -- >>> Saluda. >>> Cristian Altamirano >>> >>> >> >> >> -- >> Kind regards, >> Markus Kilås >> PKI Specialist >> >> PrimeKey Solutions AB >> >> Anderstorpsv. 16 >> 171 54 Solna >> Sweden >> >> Phone: +46 70 424 94 85 <tel:%2B46%2070%20424%2094%2085> >> Skype: markusatskype >> Email: mar...@pr... <mailto:mar...@pr...> >> >> www.primekey.se <http://www.primekey.se> >> >> >> >> >> >> -- >> Saluda. >> Cristian Altamirano >> >> > > > > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > > > > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås PKI Specialist PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Cristian A. <cal...@gm...> - 2014-01-07 22:07:51
|
Markus.
This works for me.
code:
System.setProperty("javax.net.ssl.trustStore",
"/home/cristian/truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "******");
System.setProperty("javax.net.ssl.keyStore",
"/home/cristian/tomcat.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "********");
AdminWSServiceLocator service = new AdminWSServiceLocator();
AdminWS as = service.getAdminWSPort();
as.setGlobalProperty(GlobalConfiguration.SCOPE_GLOBAL,
"WORKER1.CLASSPATH", "org.signserver.module.pdfsigner.PDFSigner");
as.setGlobalProperty(GlobalConfiguration.SCOPE_GLOBAL,
"WORKER1.SIGNERTOKEN.CLASSPATH",
"org.signserver.server.cryptotokens.P12CryptoToken");
as.setWorkerProperty(1, "NAME", "PDFSignerTest");
as.setWorkerProperty(1, "AUTHTYPE", "NOAUTH");
as.setWorkerProperty(1,
"KEYSTOREPATH","/home/cristian/caltamirano.p12");
as.setWorkerProperty(1, "KEYSTOREPASSWORD", "********");
as.reloadConfiguration(1);
Thank you.
|
|
From: Markus K. <ma...@pr...> - 2014-01-08 08:40:53
|
Dear Cristian, Thank you for sharing. Regards, Markus PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 2014-01-07 23:07, Cristian Altamirano wrote: > Markus. > This works for me. > > code: > > > System.setProperty("javax.net.ssl.trustStore", > "/home/cristian/truststore.jks"); > System.setProperty("javax.net.ssl.trustStorePassword", "******"); > System.setProperty("javax.net.ssl.keyStore", > "/home/cristian/tomcat.jks"); > System.setProperty("javax.net.ssl.keyStorePassword", "********"); > > AdminWSServiceLocator service = new AdminWSServiceLocator(); > AdminWS as = service.getAdminWSPort(); > > as.setGlobalProperty(GlobalConfiguration.SCOPE_GLOBAL, > "WORKER1.CLASSPATH", "org.signserver.module.pdfsigner.PDFSigner"); > as.setGlobalProperty(GlobalConfiguration.SCOPE_GLOBAL, > "WORKER1.SIGNERTOKEN.CLASSPATH", > "org.signserver.server.cryptotokens.P12CryptoToken"); > as.setWorkerProperty(1, "NAME", "PDFSignerTest"); > as.setWorkerProperty(1, "AUTHTYPE", "NOAUTH"); > as.setWorkerProperty(1, > "KEYSTOREPATH","/home/cristian/caltamirano.p12"); > as.setWorkerProperty(1, "KEYSTOREPASSWORD", "********"); > as.reloadConfiguration(1); > > Thank you. |
Thanks for helping keep SourceForge clean.
X