I have problems in the signature with xades epes from xades4j library. It worked for a time and I could sign some xml documents until now I got an error.

warami92rez commented 5 years ago

I have been working with DIAN invoice and I could sign some xml documents with the library xades4j until now. when I tried generate other xml document signed I got this error

org.apache.xml.security.c14n.implementations.CanonicalizerBase.outputTextToWriter(CanonicalizerBase.java:843), org.apache.xml.security.c14n.implementations.CanonicalizerBase.canonicalizeSubTree(CanonicalizerBase.java:283), org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:204), org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalize(CanonicalizerBase.java:152), org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:483), org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:465), org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:719), org.apache.xml.security.signature.Reference.generateDigestValue(Reference.java:396), org.apache.xml.security.signature.Manifest.generateDigestValues(Manifest.java:206), org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:595), xades4j.production.SignerBES.sign(SignerBES.java:274),

and this is the code that I use to sign the document...

` Document docRetorna = null; DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setNamespaceAware(false);
    docRetorna = docFactura;

    // Se obtiene la etiqueta que contendrá todo l xml relacionado a la
    // firma
    NodeList tag = docRetorna.getElementsByTagName("ext:ExtensionContent");
    Node elemToSign1 = tag.item(1);
    DataObjectDesc dataObjRef = new DataObjectReference("")
            .withTransform(new EnvelopedSignatureTransform());

    // Se obtiene el keystore y se le estrae el alias del certificado
    KeyStore keyStore = getKeyStore();
    String alias = getAlias(keyStore);

    // Obtencion del certificado para firmar. Utilizaremos el primer
    // certificado del almacen.
    X509Certificate certificate = null;
    certificate = (X509Certificate) keyStore.getCertificate(alias);

    // Obtención de la clave privada asociada al certificado
    PrivateKey privateKey = null;
    KeyStore tmpKs = keyStore;
    privateKey = (PrivateKey) tmpKs.getKey(alias, PASS.toCharArray());

    KeyingDataProvider kdp = new DirectKeyingDataProvider(certificate,
            privateKey);

    // Se adicioina las politicas de la firma
    SignaturePolicyInfoProvider policyInfoProvider = new SignaturePolicyInfoProvider() {
        public SignaturePolicyBase getSignaturePolicy() {
            return new SignaturePolicyIdentifierProperty(
                    new ObjectIdentifier(
                            "https://facturaelectronica.dian.gov.co/politicadefirma/v2/politicadefirmav2.pdf"),
                    getPoliticaFirma());
        }
    };

    // Se adiciona configuraciones relacionadas con el prooveedor
    // (DAT@CENTER)
    SignerEPES signer = (SignerEPES) new XadesEpesSigningProfile(kdp,
            policyInfoProvider).withSignaturePropertiesProvider(
            new SignaturePropertiesProvider() {
                @Override
                public void provideProperties(
                        SignaturePropertiesCollector arg0) {
                    SigningTimeProperty sigTime = new SigningTimeProperty();
                    arg0.setSignerRole(new SignerRoleProperty()
                            .withClaimedRole("supplier"));
                    arg0.setSigningTime(sigTime);
                }
            }).newSigner();

    // Se envia toda la configuracion para que se realice el proceso de
    // firmado
    signer.sign(new SignedDataObjects(new DataObjectDesc[] { dataObjRef }),
            elemToSign1, SignatureAppendingStrategies.AsFirstChild);`

luisgoncalves commented 5 years ago

What's the actual exception message? I think you missed it in the stack trace.

warami92rez commented 5 years ago

it's a nullPointerException, I attached stack trace

java.lang.NullPointerException at org.apache.xml.security.c14n.implementations.CanonicalizerBase.outputTextToWriter(CanonicalizerBase.java:843) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.canonicalizeSubTree(CanonicalizerBase.java:283) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:204) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalize(CanonicalizerBase.java:152) at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:483) at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:465) at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:719) at org.apache.xml.security.signature.Reference.generateDigestValue(Reference.java:396) at org.apache.xml.security.signature.Manifest.generateDigestValues(Manifest.java:206) at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:595) at xades4j.production.SignerBES.sign(SignerBES.java:274)

in this method crashed signer.sign(new SignedDataObjects(new DataObjectDesc[] { dataObjRef }), elemToSign1,SignatureAppendingStrategies.AsFirstChild);

luisgoncalves commented 5 years ago

Did you update xmlsec (Apache Santuario) in your project?
Have you been using dbf.setNamespaceAware(false); from the start?
Can you identify which Reference is causing the error in debug?

warami92rez commented 5 years ago

I'm going to answer your questions:

I have the version 2.0.9 for artifact xmlsec from Apache Santuario.
Yes, I have used dbf.setNamespaceAware(false) from start. Also for that reason worked.
I'm going to attach how I build the dataObjectReference

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(false); docRetorna = docFactura; NodeList tag= docRetorna.getElementsByTagName("ext:ExtensionContent"); Node elemToSign1= tag.item(1); DataObjectDesc dataObjRef = new DataObjectReference("").withTransform(new EnvelopedSignatureTransform());

and the uri inside in dataObject is http://www.w3.org/2000/09/xmldsig#enveloped-signature. It is taken from transforms inside SignedDataObjProps of DataObjectReference

luisgoncalves commented 5 years ago

Regarding the data object reference, I was asking it because the reference causing the error could be one of the set that is added automatically by xades4j (e.g. reference to signed properties).

Regarding the dbf, is it used at all? Where is docFactura coming from?

I'm not sure I can help you any further. If you didn't update any deps and haven't changed any code, maybe there's a change on your execution environment or similar. I guess you'll have to try debugging into xades4j/santuario to try to figure it out...

luisgoncalves commented 5 years ago

Any news on this?

luisgoncalves / xades4j

I have problems in the signature with xades epes from xades4j library. It worked for a time and I could sign some xml documents until now I got an error. #198