Hi Scott sorry for bothering you again. In your previous message you gave
me an idea regarding validation against xsd files, so I made this function
to validate the structure of the file signed and saved on disk.
public static void validateXML_XSD(Document doc, String[] xsdFilePaths)
throws SAXException, IOException {
// Cargar los esquemas XSD como StreamSources
StreamSource[] schemaSources = new
StreamSource[xsdFilePaths.length];
for (int i = 0; i < xsdFilePaths.length; i++) {
schemaSources[i] = new StreamSource(new File(xsdFilePaths[i]));
}
// Crear un SchemaFactory y cargar los esquemas
SchemaFactory schemaFactory =
SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema combinedSchema = schemaFactory.newSchema(schemaSources);
// Validar el documento
Validator validator = combinedSchema.newValidator();
validator.validate(new DOMSource(doc));
}
public static void validateXML_XSD(File signedXMLFile, String[]
xsdFilePaths) throws SAXException, IOException,
ParserConfigurationException {
// Cargar los esquemas XSD como StreamSources
StreamSource[] schemaSources = new
StreamSource[xsdFilePaths.length];
for (int i = 0; i < xsdFilePaths.length; i++) {
File xsdFile = new File(xsdFilePaths[i]);
System.out.println("Loading XSD: " + xsdFile.getAbsolutePath());
schemaSources[i] = new StreamSource(xsdFile);
}
// Crear un SchemaFactory y cargar los esquemas
SchemaFactory schemaFactory =
SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema combinedSchema = schemaFactory.newSchema(schemaSources);
// Parsear el archivo firmado para obtener el documento
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(signedXMLFile);
// Validar el documento
Validator validator = combinedSchema.newValidator();
try {
validator.validate(new DOMSource(doc));
System.out.println("XML is valid.");
} catch (SAXException e) {
System.out.println("XML is not valid because: " +
e.getMessage());
throw e;
}
}
the result was successful, however it was not when I wanted to validate
the signature of the file, I tried to validate it before saving the file
and it throws this error
jun. 27, 2024 7:38:40 P. M. org.apache.xml.security.signature.Reference
verify
WARNING: Verification failed for URI
"#SIGNED-PROPS-ba04b31c-0d8b-482c-9f1b-a81e53d64dfb"
jun. 27, 2024 7:38:40 P. M. org.apache.xml.security.signature.Reference
verify
WARNING: Expected Digest: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
jun. 27, 2024 7:38:40 P. M. org.apache.xml.security.signature.Reference
verify
WARNING: Actual Digest: DDja/1WyAM4NDawjCu+C/k6j92B3cvXFgiIrh7cKQ/c=
and after saving it and trying to validate the signature, it throws this
error:
org.apache.xml.security.signature.MissingResourceFailureException: The
Reference for URI #SIGNED-PROPS-ba04b31c-0d8b-482c-9f1b-a81e53d64dfb has no
XMLSignatureInput
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot
resolve element with ID SIGNED-PROPS-ba04b31c-0d8b-482c-9f1b-a81e53d64dfb
Original Exception was
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID SIGNED-PROPS-ba04b31c-0d8b-482c-9f1b-a81e53d64dfb
at
org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:406)
at
org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:286)
at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:896)
I really don't know what I can do to make it work anymore.
Thank you very much for responding to my message and I hope you can help me.
Alex.
El mié, 26 jun 2024 a la(s) 4:54 p.m., Cantor, Scott ([email protected])
escribió:
> > As you can see, the reference to SIGNED-PROPS-384a4f25
> >-5fd6-46ba-a61b-91d00ff7e012 exists in the saved file.
>
> That doesn't matter. The fact that the attribute is called ID doesn't make
> it an "ID" in XML schema terms. Welcome to XML.
>
> > Isn't the already signed doc content supposed to be faithfully
> > saved in the xml file on disk?
>
> It's not a matter of "faithful" reproduction. IDness in "base" XML is not
> a concept. It only exists in XML Schema or DTD world. You have to have a
> grammar for the document and validate with that grammar to establish that,
> or you have to apply code at runtime to forcibly make them IDs with the DOM
> API to allow resolution of the ID after parsing.
>
> Those setIdAttribute calls you made while creating the document have to be
> used on the other side as well.
>
> -- Scott
>
>
>
