Xades4j: error with policy 'self:policy/general'

Question

I'm trying to sign an invoice for the spanish administration using xades4j. They provide an online checker for the signed xml and just one step of the overall check is failing:

Step: Checks if the signature policy is correct Result: Unknown policy self:policy/general

Other steps like integrity and certificate status are ok.

My guess is self:policy/general is some kind of placeholder in the xades4j library that I should somehow override?

Right now I'm using this code for the policy

SignaturePolicyInfoProvider policyInfoProvider = new SignaturePolicyInfoProvider()
{
    String FACTURAE_URL = "http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf";
    public SignaturePolicyBase getSignaturePolicy()
    {                       
        InputStream is = null;
        try {
            URL url = new URL(FACTURAE_URL);
            URLConnection conn = url.openConnection();
            is = conn.getInputStream();
        } catch (IOException e) {
            e.printStackTrace();
        }
        SignaturePolicyBase base = new SignaturePolicyIdentifierProperty(new ObjectIdentifier(FACTURAE_URL),is);
        return base;
    }
};

The requirements are in this online document (spanish) https://www.facturae.gob.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf

My xml output seems to comply:

            <xades:SignaturePolicyIdentifier>
                <xades:SignaturePolicyId>
                    <xades:SigPolicyId>
                        <xades:Identifier>http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf</xades:Identifier>
                    </xades:SigPolicyId>
                    <xades:SigPolicyHash>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</ds:DigestValue>
                    </xades:SigPolicyHash>
                </xades:SignaturePolicyId>
            </xades:SignaturePolicyIdentifier>

score 0 · Answer 1 · answered Jan 24 '20 at 15:10

0

My guess is self:policy/general is some kind of placeholder in the xades4j library that I should somehow override?

There's no such thing. This is probably a detail of the verifying application.

I noticed that the URL in the question text is HTTPS, while the one in the code is HTTP. It seems that the later redirects to HTTPs, but it seems that URLConnection doesn't follow redirects when protocols are different.

Try using the final HTTPS URL in your code.

answered Jan 24 '20 at 15:10

lgoncalves

2,040
1
14
12

If I use https I get https://stackoverflow.com/questions/19540289/how-to-fix-the-java-security-cert-certificateexception-no-subject-alternative. If I bypass the https check I get java.net.SocketException: Connection reset. Thankfully the spanish admin provides a signer application with command lines and that's what I'm using right now – jpp1jpp1 Jan 27 '20 at 16:58

Xades4j: error with policy 'self:policy/general'

1 Answers1