1. 首頁
  2. 問答
  3. 將根名稱空間添加到<xades:SignedProperties>

將根名稱空間添加到<xades:SignedProperties>

2012-11-08 32 views
2

庫中:apache Santuario + xades4j。將根名稱空間添加到<xades:SignedProperties>

使用xpathto選擇元素並對它們進行簽名。

如果我嘗試籤一個簡單的XML不包含命名空間和驗證簽名,它工作得很好,但如果XML定義了一個命名空間,例如XML如下:

<ClinicalDocument xmlns="urn:hl7-org:v3"> 
    <element1tobesigned.../> 
    <element2tobesigned.../> 
</ClinicalDocument>

和異常發現驗證簽名

 

    858 WARN [main] org.apache.xml.security.signature.Reference  - Verification failed for URI "#xmldsig-5fb20abe-b14c-4d84-a908-e22e776cd6f1-signedprops" 
    858 WARN [main] org.apache.xml.security.signature.Reference  - Expected Digest: q0WnWFf9j0kcT46t5cXmcPnVvu5o51oAcmej/SjCazQ= 
    858 WARN [main] org.apache.xml.security.signature.Reference  - Actual Digest: 41zXKVkRCsxUYpNZXW5b9KkZlTC9LM9WA8O7WHQz1Rg= 

    xades4j.verification.ReferenceValueException: Reference '#xmldsig-5fb20abe-b14c-4d84-a908-e22e776cd6f1-signedprops' cannot be validated

當原因是XML命名空間(甕:HL7的組織:V3)加入到XAdES的:SignedProperties那麼摘要成了不同。

858 DEBUG [main] org.apache.xml.security.utils.DigesterOutputStream  - Pre-digested input 
858 DEBUG [main] org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns="urn:hl7-org:v3" ........./>

這裏是簽名生成代碼

 

    XadesTSigningProfile profile = new XadesTSigningProfile(keyProvider); 
    profile.withTimeStampTokenProvider(TestTimeStampTokenProvider.class) 
    .withAlgorithmsProviderEx(ExclusiveC14nForTimeStampsAlgorithmsProvider.class); 

    XadesSigner signer = profile.newSigner(); 

    DataObjectDesc obj1 = new DataObjectReference("") 
    .withTransform(new ExclusiveCanonicalXMLWithoutComments()) 
    .withTransform(new XPathTransform(xPath); 

    SignedDataObjects dataObjs = new SignedDataObjects().withSignedDataObject(obj1); 

changed 2012-11-20 begin 

// signer.sign(dataObjs, docToSign.getDocumentElement()); 
     new Enveloped(signer).sign(docToSign.getDocumentElement()); 

changed 2012-11-20 end

,這裏是正確的驗證碼

NodeList signatureNodeList = getSigElement(getDocument("my/my-document.signed.bes.countersign.xml")); 

for (int i = 0; i < signatureNodeList.getLength(); i++) { 
    Element signatureNode = (Element) signatureNodeList.item(i); 
    verifySignature(signatureNode, new XadesVerificationProfile(VerifierTestBase.validationProviderMySigs)); 
    log.info("successful validation");   
} 

public static XAdESForm verifySignature(Element sigElem, 
      XadesVerificationProfile p) throws Exception { 
     XAdESVerificationResult res = p.newVerifier().verify(sigElem, null); 

     return res.getSignatureForm(); 
    }

它看起來像有一個關於Apache的聖所常見問題解答這個問題的文件,

2.6. I sign a document and when I try to verify using the same key, it fails 
After you have created the XMLSignature object, before you sign the document, you must embed the signature element in the owning document (using a call to XMLSignature.getElement() to retrieve the newly created Element node from the signature) before calling the XMLSignature.sign() method, 

During canonicalisation of the SignedInfo element, the library looks at the parent and ancestor nodes of the Signature element to find any namespaces that the SignedInfo node has inherited. Any that are found are embedded in the canonical form of the SignedInfo. (This is not true when Exclusive Canonicalisation is used, but it is still good practice to insert the element node prior to the sign() method being called). 

If you have not embedded the signature node in the document, it will not have any parent or ancestor nodes, so it will not inherit their namespaces. If you then embed it in the document and call verify(), the namespaces will be found and the canonical form of SignedInfo will be different to that generated during sign().

也有一個關於這個問題的文件如下

https://stackoverflow.com/a/12759909/1809884

看起來,這不是xades4j的一個bug,而是一個XML簽名問題。

--add二○一二年十一月一十五日

here is how to get the docToSign . in fact , i just reused the code in class SignatureServicesTestBase . so i am sure that it is namespaceaware. 
static 
    { 
      DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
      dbf.setNamespaceAware(true); 
      db = dbf.newDocumentBuilder(); 
    } 
public static Document getDocument(String fileName) throws Exception 
    { 
     String path = toPlatformSpecificXMLDirFilePath(fileName); 
     Document doc = db.parse(new FileInputStream(path)); 
     // Apache Santuario now uses Document.getElementById; use this convention for tests. 
     Element elem = doc.getDocumentElement(); 
     DOMHelper.useIdAsXmlId(elem); 
     return doc; 
    } 

and docToSign is return by calling SignatureServicesTestBase.getDocument() 

Document docToSign = SignatureServicesTestBase.getDocument("my/cdamessage.xml");

和如下

<xades:SignedSignatureProperties> 
<xades:SigningTime>2012-11-15T13:58:26.167+09:00</xades:SigningTime> 
<xades:SigningCertificate> 
<xades:Cert> 
<xades:CertDigest> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>4btVb5gQ5cdcNhGpvDSWQZabPQrR9jf1x8e3YF9Ajss=</ds:DigestValue> 
</xades:CertDigest> 
<xades:IssuerSerial> 
<ds:X509IssuerName>CN=Itermediate,OU=CC,O=ISEL,C=PT</ds:X509IssuerName> 
<ds:X509SerialNumber>-119284162484605703133798696662099777223</ds:X509SerialNumber> 
</xades:IssuerSerial> 
</xades:Cert> 
<xades:Cert> 
<xades:CertDigest> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>vm5QpbblsWV7fCYXotPhNTeCt4nk8cLFuF36L5RJ4Ok=</ds:DigestValue> 
</xades:CertDigest> 
<xades:IssuerSerial> 
<ds:X509IssuerName>CN=TestCA,OU=CC,O=ISEL,C=PT</ds:X509IssuerName> 
<ds:X509SerialNumber>-46248926895392336918291885380930606289</ds:X509SerialNumber> 
</xades:IssuerSerial> 
</xades:Cert> 
<xades:Cert> 
<xades:CertDigest> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>AUaN+IdhKQqxIVmEOrFwq+Dn22ebTkXJqD3BoOP/x8E=</ds:DigestValue> 
</xades:CertDigest> 
<xades:IssuerSerial> 
<ds:X509IssuerName>CN=TestCA,OU=CC,O=ISEL,C=PT</ds:X509IssuerName> 
<ds:X509SerialNumber>-99704378678639105802976522062798066869</ds:X509SerialNumber> 
</xades:IssuerSerial> 
</xades:Cert> 
</xades:SigningCertificate> 
</xades:SignedSignatureProperties> 
</xades:SignedProperties>

也是SignedProperties元件,我使用XPath來獲得元件進行簽名,和命名空間(的xmlns = 「urn:hl7-org:v3」)也被添加到結果中。

543 DEBUG [main] org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transform", "null") 
544 DEBUG [main] org.apache.xml.security.utils.ElementProxy  - setElement("dsig-xpath:XPath", "null") 
658 DEBUG [main] org.apache.xml.security.utils.DigesterOutputStream  - Pre-digested input: 
658 DEBUG [main] org.apache.xml.security.utils.DigesterOutputStream  - <component xmlns="urn:hl7-org:v3" Id="ES" contextConductionInd="true" typeCode="COMP"> 
     <section classCode="DOCSECT" moodCode="EVN"> 
      <code code="ES" codeSystem="2.16.840.1.113883.6.1" codeSystemName="SectionCode" codeSystemVersion="1.0" displayName="english"></code> 
      <text>english</text> 
     </section> 
     </component>

xpath有問題嗎? xpath正在讓我瘋狂。我認爲我必須從現在開始研究xpath。

chris

來源

2012-11-08 chris.shi

+0

一些信息添加 –

+0

我不認爲你從聖所引述常見問題其實是一個問題的事實..這只是事情是這樣的。您需要將簽名元素附加到DOM樹中,以便首先解決引用問題。儘管如此,包含在簽名屬性中的命名空間聲明看起來很奇怪。 – lgoncalves

+0

謝謝.lgoncaves。 –

回答

1

您正在創建一個enveloped signature但包絡簽名轉換已丟失!由於整個文件正在簽署,簽名節點本身必須被排除,因爲它的一些內容在簽名計算後發生變化。

簡直不敢相信,直到你提到Enveloped類時我纔看到它。順便說一句,這個類只是一個簡單,直接的包絡sigantures實用程序類。它甚至不應該在那裏。你可以只添加了改變自己:

DataObjectDesc obj1 = new DataObjectReference("") 
.withTransform(new EnvelopedSignatureTransform()) 
.withTransform(new ExclusiveCanonicalXMLWithoutComments()) 
...

來源

2012-11-21 19:35:25 lgoncalves

+0

謝謝lgoncalves。你幫了我很大的忙。並感謝你的好工作 - xades4j。 –

0

這裏是帶簽名的整個xml文檔。

<ClinicalDocument xmlns="urn:hl7-org:v3"> 
<typeId extension="99999" root="2.16.840.1.113883.1.3"/> 
<id assigningAuthorityName="Hamamatsu University Hospital" displayable="true" extension="SDTC000018" root="0.2.440.200194.1.1"/> 
<recordTarget contextControlCode="OP" typeCode="RCT"></recordTarget> 
<author contextControlCode="OP" typeCode="AUT"></author> 
<custodian></custodian> 
<informationRecipient typeCode="PRCP"></informationRecipient> 
<component contextConductionInd="true" typeCode="COMP"> 
<structuredBody classCode="DOCBODY" moodCode="EVN"> 
<component Id="ES" contextConductionInd="true" typeCode="COMP"> 
<section classCode="DOCSECT" moodCode="EVN"> 
<code code="ES" codeSystem="2.16.840.1.113883.6.1" codeSystemName="SectionCode" codeSystemVersion="1.0" displayName="english"/> 
<text>english</text> 
</section> 
</component> 
<component contextConductionInd="true" id="PD" typeCode="COMP"> 
<section classCode="DOCSECT" moodCode="EVN"> 
<code code="PD" codeSystem="2.16.840.1.113883.6.1" codeSystemName="SectionCode" codeSystemVersion="1.0"/> 
</section> 
</component> 
<component contextConductionInd="true" id="PH" typeCode="COMP"> 
<section classCode="DOCSECT" moodCode="EVN"> 
<code code="PH" codeSystem="2.16.840.1.113883.6.1" codeSystemName="SectionCode" codeSystemVersion="1.0"/> 
</section> 
</component> 
<component contextConductionInd="true" id="FH" typeCode="COMP"> 
<section classCode="DOCSECT" moodCode="EVN"> 
<code code="FH" codeSystem="2.16.840.1.113883.6.1" codeSystemName="SectionCode" codeSystemVersion="1.0"/> 
</section> 
</component> 
</structuredBody> 
</component> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-8b61c63a-3334-4bcc-b062-41d0c43e79b7"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/> 
</ds:CanonicalizationMethod> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> 
<ds:Reference Id="xmldsig-8b61c63a-3334-4bcc-b062-41d0c43e79b7-ref0" URI=""> 
<ds:Transforms> 
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/> 
</ds:Transform> 
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> 
<ds:XPath> 
/:ClinicalDocument/:component/:structuredBody/:component[:section/:code[@code='ES']] 
</ds:XPath> 
</ds:Transform> 
<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"> 
<dsig-xpath:XPath xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> 
/:ClinicalDocument/:component/:structuredBody/:component[:section/:code[@code='ES']] 
</dsig-xpath:XPath> 
</ds:Transform> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>mcv7LJpbTXQngNHslyMTC0iFusliYOx07TpmQFifXxU=</ds:DigestValue> 
</ds:Reference> 
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-8b61c63a-3334-4bcc-b062-41d0c43e79b7-signedprops"> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>BJL+/1gsB+LLPuoIsQd/XRkCMwLDLU1yc/RqMkzo9JY=</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue Id="xmldsig-8b61c63a-3334-4bcc-b062-41d0c43e79b7-sigvalue"> 
kMXCM+/xn6WjCMoYnkDy2FDmZGpmEjYC44CleQ6hJHiGPgeGmDLQ1ahWQHQR5PaBj0oOnNsmDtkD iIRPh0j+UzMINq4iE3HToJtKkttYcXneckSkjTVl1df5YrwOIQzGEgU5jLgCT/6KKBhyhh4V5PtL A01qEG+ianeMNQH7veU= 
</ds:SignatureValue> 
<ds:KeyInfo> 
<ds:X509Data> 
<ds:X509Certificate> 
MIICbTCCAdqgAwIBAgIQpkK0uals+ItHxBlpJuypOTAJBgUrDgMCHQUAMD8xCzAJBgNVBAYTAlBU MQ0wCwYDVQQKEwRJU0VMMQswCQYDVQQLEwJDQzEUMBIGA1UEAxMLSXRlcm1lZGlhdGUwHhcNMTAw NjI1MTc1ODQ5WhcNMzkxMjMxMjM1OTU5WjBCMQswCQYDVQQGEwJQVDENMAsGA1UEChMESVNFTDEL MAkGA1UECxMCQ0MxFzAVBgNVBAMTDkx1aXMgR29uY2FsdmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCpP9acMX69Dbg9ciMLFc5dm1tlpTY9OTNZ/EaCYoGVhh/3+DFgyIbEer6SA24hpREm AhNG9+Ca0AurDPPgb3aKWFY9pj1WcOctis0VsR0YvzqP+2IGFqKDCd7bXFvv2tI0dEvpdc0oO6PF Q02xvJG0kxQf44XljOCjUBU43jkJawIDAQABo28wbTBrBgNVHQEEZDBigBBdbbL4pDKLT56PpOpA /56toTwwOjELMAkGA1UEBhMCUFQxDTALBgNVBAoTBElTRUwxCzAJBgNVBAsTAkNDMQ8wDQYDVQQD EwZUZXN0Q0GCEN00x9qe7SuWQvpLK0/oay8wCQYFKw4DAh0FAAOBgQBSma8g9dQjiQo4WUljRRuG yMUVRyCqW/9oRz8+0EoLNR/AhrIlGqdNbqQ1BkncgNNdqMAus5VD34v/EhgrkgWN5fZajMpYsmcR Ahu4PzJ6hggAlWWMy245JwIYuV0s1Oi39GVTxVNOBIX//AONZlGWO4S2Psb1mqdZ99b/MugsaA== 
</ds:X509Certificate> 
</ds:X509Data> 
</ds:KeyInfo> 
<ds:Object> 
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-8b61c63a-3334-4bcc-b062-41d0c43e79b7"> 
<xades:SignedProperties Id="xmldsig-8b61c63a-3334-4bcc-b062-41d0c43e79b7-signedprops"> 
<xades:SignedSignatureProperties> 
<xades:SigningTime>2012-11-15T14:20:29.121+09:00</xades:SigningTime> 
<xades:SigningCertificate> 
<xades:Cert> 
<xades:CertDigest> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>4btVb5gQ5cdcNhGpvDSWQZabPQrR9jf1x8e3YF9Ajss=</ds:DigestValue> 
</xades:CertDigest> 
<xades:IssuerSerial> 
<ds:X509IssuerName>CN=Itermediate,OU=CC,O=ISEL,C=PT</ds:X509IssuerName> 
<ds:X509SerialNumber>-119284162484605703133798696662099777223</ds:X509SerialNumber> 
</xades:IssuerSerial> 
</xades:Cert> 
<xades:Cert> 
<xades:CertDigest> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>vm5QpbblsWV7fCYXotPhNTeCt4nk8cLFuF36L5RJ4Ok=</ds:DigestValue> 
</xades:CertDigest> 
<xades:IssuerSerial> 
<ds:X509IssuerName>CN=TestCA,OU=CC,O=ISEL,C=PT</ds:X509IssuerName> 
<ds:X509SerialNumber>-46248926895392336918291885380930606289</ds:X509SerialNumber> 
</xades:IssuerSerial> 
</xades:Cert> 
<xades:Cert> 
<xades:CertDigest> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
<ds:DigestValue>AUaN+IdhKQqxIVmEOrFwq+Dn22ebTkXJqD3BoOP/x8E=</ds:DigestValue> 
</xades:CertDigest> 
<xades:IssuerSerial> 
<ds:X509IssuerName>CN=TestCA,OU=CC,O=ISEL,C=PT</ds:X509IssuerName> 
<ds:X509SerialNumber>-99704378678639105802976522062798066869</ds:X509SerialNumber> 
</xades:IssuerSerial> 
</xades:Cert> 
</xades:SigningCertificate> 
</xades:SignedSignatureProperties> 
</xades:SignedProperties> 
<xades:UnsignedProperties> 
<xades:UnsignedSignatureProperties> 
<xades:SignatureTimeStamp> 
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds xades"/> 
</ds:CanonicalizationMethod> 
<xades:EncapsulatedTimeStamp> 
MIAGCSqGSIb3DQEHAqCAMIIHigIBAzELMAkGBSsOAwIaBQAwZQYLKoZIhvcNAQkQAQSgVgRUMFICAQEGC2CGSAGG/W4BBxcEMCEwCQYFKw4DAhoFAAQU7rJQI7uJdKs5xbbiyqpa5guYLzkCBH/ml/kYDzIwMTIxMTE1MDUyMDMxWgIGATsCgt+/oIIE5zCCBOMwggPLoAMCAQICAiAJMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMjA0MjYwNzAwMDBaFw0xNzA0MjYwNzAwMDBaMIG3MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEkMCIGA1UEChMbU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgTExDMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xJjAkBgNVBAMTHVN0YXJmaWVsZCBUaW1lc3RhbXAgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vsvX077CIO+Nv95IOWnN5GDmNZsR5NL5gSw3HQC8gfbfwi1CyAgSaZatVE7D1Z7V/T4Iatcb98W+QyZeAAyAjqxumfmT0GcGqSNdg/5zuv7rMuZDfx26D4HgDR+7TrNkE/KICIOnP0D8m+8CA2yrUOoODHsRXFVYiFpZAXDaqUpWX8HGxNWOOJjA4jK1hIRWbcqZe1ytmuMOlPaN2c1OO0F5jRBqe1L+Ge2EfcoAGX4R7U05LeHni25T82/GWJUP7B7tHyFw56E8Gs+sjZL30qbVvMjIw3BhCv5QDI3QKMBwx9uD6gH0YUCJjtf8uJX1yV7fC2IWgnn2vtiTFopiwIDAQABo4IBRTCCAUEwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFMADZvaNmT45q1NReB9p0vRCgPRRMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtVrNzXEMIOqYjnMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3Auc3RhcmZpZWxkdGVjaC5jb20vMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20vc2Zyb290LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W4BBxcCMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQEFBQADggEBAGhCN9f/8Vmp9ND/ErlEKrQyFGB8r00Od/BlzVVOgm2QwkONLPHny4zM5iL8CqYZ09X/anHnl6rMhVOKCvVJri5CXejBIqsD0kdVnck8ZwlFdR9hR22s2vGRwZtzPDnt1CX7hT75WEa2Vyc1vfFtlgwZbAiioUoV32/ptTpNk8PYPsE9UxMJI2lqzwUGmBABp2oibNap+0zwEoQ3WTYuf6OoBC7PLKN0AkxC8mK5h3zptOfgYXxAd9kPiODbjQBpay/vrvD3Bi09DdostEYspTGkApjdqvnMsbK5bWstWanUYM1HtTXrISmX7bPQUMekL5Uf6Swbn+UW5fvM62jPztoxggIkMIICIAIBATBuMGgxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQICIAkwCQYFKw4DAhoFAKCBjDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTEyMTExNTA1MjAzMVowIwYJKoZIhvcNAQkEMRYEFJLw45cYPAF/A74681loPCL7nBIaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFMcvKgrjQtF/4374zCOp8DQLZThYMA0GCSqGSIb3DQEBAQUABIIBALmGS8SGlgGBgjd4vVJI80fMN8caS4tCvR3p+SsPD/Owoo5SaIJN/+Ezth7sBM8PGACXTUuzp7yr/4MNb0iALQhnmya4BNWzWaxDk8Qf5jzY3rGHoKboa5vsWr9TLqHebP/5Gl9e5z25Y1XY5V701IRIQbfNh3+YOJYcEEWoKSVCmBe6xADXrk4RLlGs4oqqM3qvxo9VZEx+RaZVVSuWCHYsKpa4DkR+hiW4wYSCCMEvolFQt4iEVbGpasB5G0+8ubQtasGsiarpLBpkX8sA+OctUbYiN5gb3knzoT9BrxCxCwQ0ZSDpy+yuWnSE863UBXIx0FmagsJv7OnKm7P9qe0AAAAA 
</xades:EncapsulatedTimeStamp> 
</xades:SignatureTimeStamp> 
</xades:UnsignedSignatureProperties> 
</xades:UnsignedProperties> 
</xades:QualifyingProperties> 
</ds:Object> 
</ds:Signature> 
</ClinicalDocument>

來源

2012-11-15 05:29:50

+0

這看起來不錯;命名空間屬性不存在於SignedProperties中。 – lgoncalves

+0

是的。它看起來確實。但在驗證運行時期間會添加命名空間屬性。 –

相關問題

 相關問題