I am working on a xades-bes type signature with Android Studio. The library that I use is not xades4j. My country's government provided another library jor java and I am using it. I am trying to sign a XML file.
I have a XML file for my xades signature in /raw directory (not test file):
<?xml version="1.0" encoding="utf-8"?>
<xmlsignature_config xmlns="http://uekae.tubitak.gov.tr/xml/signature#">
<locale language="tr" country="TR"/>
<http>
<proxy-host></proxy-host>
<proxy-port></proxy-port>
<proxy-username></proxy-username>
<proxy-password></proxy-password>
<basic-authentication-username></basic-authentication-username>
<basic-authentication-password></basic-authentication-password>
<connection-timeout-in-milliseconds>2000</connection-timeout-in-milliseconds>
</http>
<!--
IdResolver, DOMResolver, HttpResolver, XPointerResolver, FileResolver;
-->
<resolvers>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.IdResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.DOMResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.HttpResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.XPointerResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.FileResolver"/>
</resolvers>
<timestamp-server>
<host>http://tzd.kamusm.gov.tr</host>
<digest-alg>SHA-256</digest-alg>
<!-- leave below settings blank, if not ESYA Timestamp Server! -->
<!-- for test timestamp account mail to bilgi@kamusm.gov.tr -->
<userid>user_id</userid>
<password>password</password>
</timestamp-server>
<algorithms>
<digest-method>http://www.w3.org/2001/04/xmlenc#sha256</digest-method>
</algorithms>
<validation>
<grace-period-in-seconds>0</grace-period-in-seconds>
<!-- how old revocation data should be accepted? -->
<last-revocation-period-in-seconds>17280000</last-revocation-period-in-seconds>
<!-- compare resolved policy with the one at policy uri, if indicated -->
<check-policy-uri>false</check-policy-uri>
<!-- loosening below 2 settings will cause warnings instead of validation failure -->
<!-- referenced validation data must be used for cert validation is set true -->
<force-strict-reference-use>true</force-strict-reference-use>
<!-- validation data must be published after creation ifs set true, requires grace period for signers -->
<use-validation-data-published-after-creation>false</use-validation-data-published-after-creation>
<validate-certificate-before-signing>false</validate-certificate-before-signing>
<!-- if there is a signing time in the signature, decide if you want to trust -->
<trust-signing-time>false</trust-signing-time>
<validators>
<!--
valid profile types are XMLDSig, XAdES_BES, XAdES_EPES, XAdES_T,
XAdES_C, XAdES_X, XAdES_X_L and XAdES_A
-->
<profile type="XMLDSig">
</profile>
<profile type="XAdES_BES" inherit-validators-from="XMLDSig">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AllDataObjectsTimeStampValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.DataObjectFormatValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.IndividualDataObjectsTimeStampValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SigningCertificateValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SigningTimeValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.TurkishESigProfileAttributeValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.TurkishESigProfileValidator"/>
</profile>
<profile type="XAdES_EPES" inherit-validators-from="XAdES_BES" >
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SignaturePolicyValidator"/>
</profile>
<profile type="XAdES_T" inherit-validators-from="XAdES_EPES">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SignatureTimeStampValidator"/>
</profile>
<profile type="XAdES_C" inherit-validators-from="XAdES_T">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.CompleteCertificateRefsValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.CompleteRevocationRefsValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttributeCertificateRefsValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttributeRevocationRefsValidator"/>
</profile>
<profile type="XAdES_X" inherit-validators-from="XAdES_C">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SigAndRefsTimestampValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.RefsOnlyTimestampValidator"/>
</profile>
<profile type="XAdES_X_L" inherit-validators-from="XAdES_X">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.CertificateValuesValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.RevocationValuesValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttrAuthoritiesCertValuesValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttributeRevocationValuesValidator"/>
</profile>
<profile type="XAdES_A" inherit-validators-from="XAdES_X_L">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.ArchiveTimestampValidator"/>
<!--validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator."/-->
</profile>
</validators>
</validation>
<parameters>
<!-- should referenced validation data be written to signature dir, or
certvalidation is configured to write that data to somewhere
eg local cert store? -->
<write-referencedvalidationdata-to-file-on-upgrade value="false"/>
</parameters>
</xmlsignature_config>
And in my mainActivity class related part of my code is:
String sourceFilePath = filePathView.getText().toString();
if (sourceFilePath.isEmpty()) {
exc = new Exception("No File Selected.");
return null;
}
mAPDUSmartCard.login(pwdText);
Pair<CardTerminal, ECertificate> selection = certListAdapter.getSelection();
ECertificate signCert = selection.second;
BaseSigner signer = mAPDUSmartCard.getSigner(signCert.asX509Certificate(), Algorithms.SIGNATURE_RSA_SHA256);
Resources res1 = getResources();
Config conf = new Config ( res1.openRawResource(R.raw.xmlsignature_config));
Context context = new Context();
context.setConfig(conf);
XMLSignature signature = new XMLSignature(context);
signature.addDocument( sourceFilePath, "application/xml", false); // This part's first parameter can be the reason of error.
signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);
signature.addKeyInfo(signCert);
signature.sign(signer);
signature.write(new FileOutputStream(sourceFilePath + ".xsig"));
The program is working. However, when I choose the file and click the Sign button:
1- I am taking a reference error, in log it says that uri could not found the path of sourceFilePath variable which is the path of file to sign. It also gives a Reference id with the error. When I give an empty string ("") instead of sourceFilePath variable, the program says the file has been signed ( I don't understand how can it be signed without giving parameter in addDocument method. Anyway, the validation program for signed files does not validate the file because of reference not found error.
2- Also in my xml file xmlns="http://uekae.tubitak.gov.tr/xml/signature# line gives error of "Uri is not registered". I have done what I have found here but the problem was not solved. Can this situation be the reason for error that I face?
I have been working on this issue for days but still could not find any solution.
