How to verify for counter signed XML document?

Question

How to verify the use library Xades4j for counter signed xml document. Iam getting the following error when verifying with Xades4j :

xades4j.verification.CounterSignatureSigValueRefException: Verification failed for property 'CounterSignature': the counter signature doesn't reference the SignatureValue element of the countersigned signature at xades4j.verification.CounterSignatureVerifier.verify(CounterSignatureVerifier.java:75) at xades4j.verification.CounterSignatureVerifier.verify(CounterSignatureVerifier.java:37) at xades4j.verification.GenericDOMDataVerifier.verify(GenericDOMDataVerifier.java:65) at xades4j.verification.GenericDOMDataVerifier.verify(GenericDOMDataVerifier.java:30) at xades4j.verification.QualifyingPropertiesVerifierImpl.verifyProperties(QualifyingPropertiesVerifierImpl.java:59) at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:187) at com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:92) at com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:87) at com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:64)

My validation function :

static void checkSigned(File file) {
     InputStream inputStream = null;
     try {
         inputStream = new FileInputStream(file);
         XadesVerifyOperation verifyOperation = new XadesVerifyOperation();
         ArrayList<XadesVerificationResults> results = verifyOperation.verifySignature(inputStream);
            System.out.println("results size: " + results.size());
            for (XadesVerificationResults result : results) {
                System.out.println(result.SigningCertificate.getIssuerDN());
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                inputStream.close();
            } catch (IOException ex) {
            }
      }
 }

EDIT:

My counter signed function :

public void CounterSign() throws TransformerFactoryConfigurationError, Exception {
        Document doc = SignatureServicesBase.getDocument(_inputStream);
        Element sigElem = (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE).item(0);

        System.out.println(sigElem.getNodeName());

        org.apache.xml.security.Init.init();
        XMLSignature xmlSig = new XMLSignature(sigElem, doc.getBaseURI());

         //Create counter signer
        XadesBesSigningProfile signingProfile = new XadesBesSigningProfile(new Pkcs11KeyingDataProvider(_certInfo));
        signingProfile.withAlgorithmsProvider(Sha1AlgProvider.class);
        signingProfile.withBasicSignatureOptionsProvider(new MyBasicSignatureOptionsProvider(true, true, false));
        final XadesSigner counterSigner = signingProfile.newSigner();

        //Extend with counter signature
        XadesFormatExtenderProfile extenderProfile = new XadesFormatExtenderProfile();
        XadesSignatureFormatExtender extender = extenderProfile.getFormatExtender();
        List unsignedProps = Arrays.asList(new CounterSignatureProperty(counterSigner));
        extender.enrichSignature(xmlSig, new UnsignedProperties(unsignedProps));

        SignatureServicesBase.outputDocument(doc, _outStream);

        if (!_isStream) {
            _inputStream.close();
            _outStream.close();
        }
    }

Answer 1

I'm not sure I completely understood your question. If you're asking how to verify a counter signature property, it is already done as part of the verification of the "main" signature. Please note:

• The same XadesVerifier is used for both the main signature and the counter signature.
• If the validation succeeds, a property of type CounterSignatureProperty is added to the result.

• You can access the property through the verification result of the main signature

  XAdESVerificationResult res = ...;
  CounterSignatureProperty p =  res.getPropertiesFilter().getOfType(CounterSignatureProperty.class);
  

EDIT:

The message says everything: the counter signature is probably invalid. By definition, a counter signature must include a reference to the countersigned SignatureValue element.

Can you lookup the CounterSignature element on the original XML document and post it here?