Hello,
I'm trying to add a reference to the KeyInfo node, to mimic this xades signed xml:
<?xml version="1.0" encoding="UTF-8"?>
<Solicitud_Registro_Entrada>
<Datos_Firmados>
<Datos_Genericos>
<Remitente>
<Nombre>MANIPULADOR</Nombre>
<Apellidos>DE PLACAS</Apellidos>
<Documento_Identificacion>
<Tipo>1</Tipo>
<Numero>DELETED</Numero>
</Documento_Identificacion>
<Correo_Electronico/>
</Remitente>
<Interesados/>
<Asunto>
<Codigo>OBCT</Codigo>
<Descripcion>Operaciones Basicas de Gestion de Custodia Virtual de tarjetas eITV</Descripcion>
</Asunto>
<Destino>
<Codigo>101001</Codigo>
<Descripcion>DGT - Vehículos</Descripcion>
</Destino>
</Datos_Genericos>
<Datos_Especificos>
<operaciones>
<operacion>
<codigoOperacion>EEFF_ALTA_INSCRIPCION_PLACAS_WS</codigoOperacion>
<datos>
<vehiculo>
<matricula>DELETED</matricula>
<bastidor>DELETED</bastidor>
</vehiculo>
<compradorplaca>
<dni>DELETED</dni>
<nombreApellidos>Plaquiforme</nombreApellidos>
<extranjero>No</extranjero>
</compradorplaca>
<expedicion>
<doifabricante>DELETED</doifabricante>
<numManipulador>Kurrupipi</numManipulador>
<numHomologacion/>
<numPlacasexpedir>5</numPlacasexpedir>
<fechaCompra>21/01/2022</fechaCompra>
<observaciones>Plaquetas 05</observaciones>
</expedicion>
</datos>
</operacion>
</operaciones>
</Datos_Especificos>
</Datos_Firmados>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-9da60454-7628-4ebe-ab2c-58690999aa31-Signature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="Reference-ce4ce2c2-33a5-4d0b-bcec-1b7477738d6c" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(ancestor-or-self::ds:Signature)</ds:XPath>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>B39ZTd1oybevaJGJ5gAfgeHBR9pD9XgCS3kS65V+geeqTnd/1Y6OqN5TLRCMFa4d7mV9GwEPCowvoh94kAIj6g==</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#Signature-9da60454-7628-4ebe-ab2c-58690999aa31-SignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>Gff8tbppOY0wVyxImMj9qetO64BjEgMr+JVyOZ2UOd8gVzv4qbnhQL0hfBRMUwj/JGFD1i5iLbIzeXALjzEgBA==</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Signature-9da60454-7628-4ebe-ab2c-58690999aa31-KeyInfo">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>uFd4AVHIscXaQQqA883SE/NCIElh2dybmoFq11q9BnbZ1yNIiTlKNqknP8LGIiq5DisztWaofOQmzgNYcSjBEA==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="Signature-9da60454-7628-4ebe-ab2c-58690999aa31-SignatureValue">
dXf3Hpw2a/MsxmGpIgIbWRmgeMp18mf3yK7mPgJUlRcT2pO8XtSVy+WQmyulDHV16KUPVMbRXLV1puPZcbLWeyJNdRZt+77AX8C5hudwmKtwWmiWAEAcFPv3E//cTRZ9bxyWfB66F8LrAKdvcHQRTnAoZCniK+x7rLdl1kWpKMa2QE7qVAN+BV12lDjByrbUoIfEQfkwY0J2GGJkxHmU2LJlbucUYVxGBPe6lL+ydMIH4k8jvuWsjpCOG0aLIsFC4JBhw9b+onoqxRijYzLDWHHIWHagwWdd5gVl9OwpZ9a38ygV60/zYLURmgaYwutOyEtqmJbtyWdaZYj+tmx0KQ==
</ds:SignatureValue>
<ds:KeyInfo Id="Signature-9da60454-7628-4ebe-ab2c-58690999aa31-KeyInfo">
<ds:X509Data>
<ds:X509Certificate>
DELETED
</ds:X509Certificate>
<ds:X509Certificate>
DELETED
</ds:X509Certificate>
<ds:X509Certificate>
DELETED
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
DELETED
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"
Id="Signature-9da60454-7628-4ebe-ab2c-58690999aa31-QualifyingProperties"
Target="#Signature-9da60454-7628-4ebe-ab2c-58690999aa31-Signature">
<xades:SignedProperties Id="Signature-9da60454-7628-4ebe-ab2c-58690999aa31-SignedProperties">
<xades:SignedSignatureProperties>
<xades:SigningTime>2022-01-24T09:33:58+01:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> <ds:DigestValue>Br+Id8Ou01FmK+UekIaO5D4euvRdzz0AtlU1wmnSXoVMT5GxcxQx2ES4D11w7pC4fjbE6kAl2Mi3+1MXXXV4vQ==
</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>CN=DELETED
L=DELETED
</ds:X509IssuerName>
<ds:X509SerialNumber>DELETED</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
<xades:SignedDataObjectProperties>
<xades:DataObjectFormat ObjectReference="#Reference-ce4ce2c2-33a5-4d0b-bcec-1b7477738d6c">
<xades:Description/>
<xades:ObjectIdentifier>
<xades:Identifier Qualifier="OIDAsURN">urn:oid:1.2.840.10003.5.109.10</xades:Identifier>
<xades:Description/>
</xades:ObjectIdentifier>
<xades:MimeType>text/xml</xades:MimeType>
<xades:Encoding/>
</xades:DataObjectFormat>
</xades:SignedDataObjectProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</Solicitud_Registro_Entrada>So, I'm overloading the signXAdESFile function on XAdES class to achieve it (if there's a better way, please tell me!).
I'm adding the KeyInfo node with this function:
private function addKeyInfo(string $keyInfoId): DOMElement
{
$parentRef = $this->sigNode;
$baseDoc = $parentRef->ownerDocument;
$xpath = $this->getXPathObj();
$pfx = $parentRef->lookupPrefix(self::XMLDSIGNS);
if (! empty($pfx)) {
$dsigPfx = $pfx . ":";
}
$inserted = false;
$keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsigPfx . 'KeyInfo');
$keyInfo->setAttribute(AttributeNames::Id, $keyInfoId);
$query = "./" . self::searchpfx . ":Object";
$nodeset = $xpath->query($query, $parentRef);
if ($sObject = $nodeset->item(0)) {
$sObject->parentNode->insertBefore($keyInfo, $sObject);
$inserted = true;
}
if (! $inserted) {
$parentRef->appendChild($keyInfo);
}
return $keyInfo;
}and then add the reference, this is the code:
$keyInfoId = $this->baseSignatureId . '-KeyInfo';
$node = $this->addKeyInfo($keyInfoId);
$this->addReference(
$node,
XMLSecurityDSig::SHA256,
null,
[
'force_uri' => '#' . $keyInfoId,
]
);But this ends on a xml without the xmlns:xades namespace on the XAdES node QualifyingProperties:
<?xml version="1.0" encoding="UTF-8"?>
<Solicitud_Registro_Entrada>
<Datos_Firmados Id="DatosParaFirmar">
<Datos_Genericos>
<Remitente>
<Nombre>REDACTED</Nombre>
<Apellidos>bla</Apellidos>
<Documento_Identificacion>
<Tipo>1</Tipo>
<Numero>REDACTED</Numero>
</Documento_Identificacion>
</Remitente>
<Asunto>
<Codigo>OBCT</Codigo>
<Descripcion>REDACTED</Descripcion>
</Asunto>
<Destino>
<Codigo>101001</Codigo>
<Descripcion>REDACTED</Descripcion>
</Destino>
</Datos_Genericos>
<Datos_Especificos>
<operaciones>
<operacion>
<codigoOperacion>REDACTED</codigoOperacion>
<datos>
<vehiculo>
<matricula>REDACTED</matricula>
<bastidor>REDACTED</bastidor>
</vehiculo>
<compradorplaca>
<dni>REDACTED</dni>
<nombreApellidos>Otro 3</nombreApellidos>
<extranjero>No</extranjero>
</compradorplaca>
<expedicion>
<doifabricante>REDACTED</doifabricante>
<numManipulador>55</numManipulador>
<numHomologacion/>
<numPlacasExpedir>5</numPlacasExpedir>
<fechaCompra>28/08/2024</fechaCompra>
<observaciones/>
</expedicion>
</datos>
</operacion>
</operaciones>
</Datos_Especificos>
</Datos_Firmados>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-b507effc-75e8-43ef-9cab-cd6c155ecb78-Signature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#Signature-b507effc-75e8-43ef-9cab-cd6c155ecb78-QualifyingProperties"
Type="http://uri.etsi.org/01903#SignedProperties">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>IG5+tLUpBaJHbbttHvxttb8nwLcUfN7d7zN6ypBPO44=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="" Id="Reference-1af390af-dd56-fedd-4c6b-716691fdd2b9">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>ancestor-or-self::Datos_Firmados</ds:XPath>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>k3sy5f2wSsVQIqprr1IfT9Hx7kXZz90Xhzls6LTAq+Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Signature-b507effc-75e8-43ef-9cab-cd6c155ecb78-KeyInfo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>d0+ZAQQjNe27Yy0/i1GM0Ws5kL0x4pwLvZB9iETGoMI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
REDACTED
</ds:SignatureValue>
<ds:KeyInfo Id="Signature-b507effc-75e8-43ef-9cab-cd6c155ecb78-KeyInfo">
<ds:X509Data>
<ds:X509Certificate>
REDACTED
</ds:X509Certificate>
<ds:X509Certificate>
REDACTED
</ds:X509Certificate>
<ds:X509Certificate>
REDACTED
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
REDACTED
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties Target="#Signature-b507effc-75e8-43ef-9cab-cd6c155ecb78-Signature">
<xades:SignedProperties Id="Signature-b507effc-75e8-43ef-9cab-cd6c155ecb78-QualifyingProperties">
<xades:SignedSignatureProperties>
<xades:SigningTime>2024-08-28T10:36:11Z</xades:SigningTime>
<xades:SigningCertificateV2>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>NkjU5OGJITvqvRZPp0qlGIKTqbOik1KY13BA4N0HOig=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerialV2>
REDACTED
</xades:IssuerSerialV2>
</xades:Cert>
</xades:SigningCertificateV2>
</xades:SignedSignatureProperties>
<xades:SignedDataObjectProperties>
<xades:DataObjectFormat ObjectReference="#Reference-1af390af-dd56-fedd-4c6b-716691fdd2b9">
<xades:ObjectIdentifier>
<xades:Identifier Qualifier="OIDAsURN">urn:oid:1.2.840.10003.5.109.10</xades:Identifier>
</xades:ObjectIdentifier>
<xades:MimeType>text/xml</xades:MimeType>
</xades:DataObjectFormat>
</xades:SignedDataObjectProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</Solicitud_Registro_Entrada>Any clue what I'm doing wrong?
Thanks!
Hello,
I'm trying to add a reference to the KeyInfo node, to mimic this xades signed xml:
So, I'm overloading the
signXAdESFilefunction onXAdESclass to achieve it (if there's a better way, please tell me!).I'm adding the
KeyInfonode with this function:and then add the reference, this is the code:
But this ends on a xml without the
xmlns:xadesnamespace on the XAdES nodeQualifyingProperties:Any clue what I'm doing wrong?
Thanks!