1

I am trying to sign an xml invoice from my file system using xades4j library to be compliant with Ecuador's SRI (Servicio de Rentas Internas) however I have not been successful, I keep getting the following error when trying to validate the signed xml through the SRI's web service:

39: La validacion de la firma ha fallado: Error en la estructura de la firma FIRMA INVALIDA

The characteristics of the signature should be the following:

signature standard: XAdES-BES Schema version: 1.3.2 Encoding: UTF-8 Signature-Type: Enveloped.

I am pretty lost, I have tried lots of things, even changing the source code of the library to make my signed xml resemble more the valid xml I have as a reference.

Any help would be appreciated.

This is my Java code:

public static void main(String[] args) {

    Document doc = null;
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setNamespaceAware(true);
    
    try {
        DocumentBuilder builder = factory.newDocumentBuilder();
        doc = builder.parse(new File("filepath"); 
        
    } catch (ParserConfigurationException e) {
        System.out.println("UNABLE TO PARSE XML");
        e.printStackTrace();
    } catch (SAXException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }   
                
    KeyingDataProvider kp = FileSystemKeyStoreKeyingDataProvider
                .builder("pkcs12","keystorepath",SigningCertificateSelector.single())
                .storePassword(new DirectPasswordProvider(args[1]))
                .entryPassword(new DirectPasswordProvider(args[1]))
                .fullChain(false)
                .build();
        
    XadesBesSigningProfile p =  null;
        
    p = (XadesBesSigningProfile) new XadesBesSigningProfile(kp).withSignatureAlgorithms(new SignatureAlgorithms()
                    .withDigestAlgorithmForDataObjectReferences(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1)
                    .withDigestAlgorithmForReferenceProperties(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1)
                    .withDigestAlgorithmForTimeStampProperties(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1)
                    .withSignatureAlgorithm("RSA", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1)
                    .withSignatureAlgorithm("EC", XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1)
                    .withSignatureAlgorithm("DSA", XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1)
                    ).withBasicSignatureOptions(new BasicSignatureOptions().includePublicKey(true).signKeyInfo(true));
                    
        
    DataObjectDesc obj = new DataObjectReference("")
                .withTransform(new EnvelopedSignatureTransform())
                .withDataObjectFormat(new DataObjectFormatProperty("text/xml")
                .withDescription("contenido comprobante"))
                ;
    SignedDataObjects dataObjs = new SignedDataObjects(obj);
        
    try {
        XadesSigner signer = p.newSigner();
        Element elemToSign = doc.getDocumentElement();
        signer.sign(new SignedDataObjects(obj), elemToSign);
        TransformerFactory tf = TransformerFactory.newInstance();
        Transformer transformer = tf.newTransformer();          
        DOMSource source = new DOMSource(elemToSign);
        StreamResult result = new StreamResult(new    File("outputPathFile"));
        transformer.transform(source, result);
            
    } catch (XadesProfileResolutionException e) {
        System.out.println("Could not create Signer");
        //TODO Auto-generated catch block
        e.printStackTrace();
    } catch (XAdES4jException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (TransformerConfigurationException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (TransformerException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}
M. Yousfi
  • 578
  • 5
  • 24
JazzDTap
  • 11
  • 1
  • Your code looks good at first glance. The only thing I noticed is "source" being created from the root element instead of the document itself (not sure if it makes a difference). Does it change anything if you create it using new DOMSource(doc) ? The error from the validation service is not very clear, but it seems like a problem with the structure of the XML? Or is it something related to the elements/properties of the signature? – lgoncalves Jun 11 '23 at 11:22
  • Sometime ago there was a thread in the project's issues about a similar scenario: https://github.com/luisgoncalves/xades4j/issues/259 – lgoncalves Jun 11 '23 at 11:22
  • From the issues linked in the above issue, there were more people trying to solve similar problems, without success. It's not clear if there is any issue with xades4j (or what it would be)... so not much I can do at this point :/ – lgoncalves Jun 11 '23 at 11:29

0 Answers0