Xades4j : SignedProperties reference not found

Question

I'm trying to validate Xades signatures using Xades4j.

Some of those signatures are generated by another tool (which is not Xades4j) and those signatures have no Type attribute in the Reference tag :

<ds:Reference URI="#signedProps">
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <ds:DigestValue>KUAGWItLLNF6sNZ3kXy+/6oJyEo=</ds:DigestValue>
</ds:Reference>

i've got this Exception when i try to validate it :

xades4j.verification.QualifyingPropertiesIncorporationException: SignedProperties reference not found
at xades4j.verification.SignatureUtils.processReferences(SignatureUtils.java:221)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:132)
at com.jeremp.x4j.App.verify(App.java:110)
at com.jeremp.x4j.App.main(App.java:70)

I looked into the source code of SignatureUtils.java and it seems that the API use the Type attribute to identify the Reference tag.

Is there a way to validate this kind of signature with xades4j ?

Answer 1

There's no way to validate those signatures using xades4j, unless you change the source code. I wouldn't recommend this since the XAdES spec clearly states that the Type attribute is mandatory. From section 6.3.1:

Additionally, the present document MANDATES the use of the Type attribute of this particular ds:Reference element, with its value set to http://uri.etsi.org/01903#SignedProperties.