题
I'm trying to validate Xades signatures using Xades4j.
Some of those signatures are generated by another tool (which is not Xades4j) and those signatures have no Type attribute in the Reference tag :
https://stackoverflow.com/questions/17086725
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<ds:Reference URI="#signedProps">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>KUAGWItLLNF6sNZ3kXy+/6oJyEo=</ds:DigestValue>
</ds:Reference>
i've got this Exception when i try to validate it :
xades4j.verification.QualifyingPropertiesIncorporationException: SignedProperties reference not found
at xades4j.verification.SignatureUtils.processReferences(SignatureUtils.java:221)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:132)
at com.jeremp.x4j.App.verify(App.java:110)
at com.jeremp.x4j.App.main(App.java:70)
I looked into the source code of SignatureUtils.java and it seems that the API use the Type attribute to identify the Reference tag.
Is there a way to validate this kind of signature with xades4j ?
解决方案
There's no way to validate those signatures using xades4j, unless you change the source code. I wouldn't recommend this since the XAdES spec clearly states that the Type attribute is mandatory. From section 6.3.1:
Additionally, the present document MANDATES the use of the Type attribute of this particular ds:Reference element, with its value set to http://uri.etsi.org/01903#SignedProperties.
