Cześć,
na środowisku testowym ksef-test
z metody online/Session/InitSigned otrzymuję:
{
"exception": {
"serviceCtx": "srvTEMFA",
"serviceCode": "20220215-EX-78917B2CA6-396E20C0A6-B1",
"serviceName": "online.session.session.signed.init",
"timestamp": "2022-02-15T1108.003Z",
"referenceNumber": "20220215-SE-3FE8F43F8D-7DA9575004-D9",
"exceptionDetailList": [
{
"exceptionCode": 9101,
"exceptionDescription": "Nieprawidłowe kodowanie dokumentu."
}
]
}
}
wygenerowałem certyfikaty (jak poniżej podjąc hasło qwerty1234)
-
openssl req -new -keyout mykey.key -subj '/CN=Jan Kowalski/SN=Kowalski/GN=Jan/O=Testowa firma/C=PL/L=Mazowieckie/serialNumber=NIP-1801908070/description=Jan Kowalski NIP-1801908070' -out mycsr.csr
-
openssl req -in mycsr.csr -noout -text -nameopt sep_multiline
Certificate Request:
Data:
Version: 1 (0x0)
Subject:
CN=Jan Kowalski
SN=Kowalski
GN=Jan
O=Testowa firma
C=PL
L=Mazowieckie
serialNumber=NIP-1801908070
description=Jan Kowalski NIP-1801908070
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00f0ef7f2cb31cfe:
24db4d506a66f051:
2ee1f41d497916cd:
065dd4eb97ecf2a1:
e6aaae32c901c928:
7a98235f385633f9:
e4212a0dd4f1808b:
03aa153f3fb7d07a:
51e52b179a32bc0d:
4d6604c076cb2cf6:
d9826d05ace8e49b:
164d22c339ea995b:
11ce6a14dfd22d62:
97364d7846a76691:
d938b1723fe2d5c8:
ca7bde2a6fff3d74:
d93d4f70445a82cd:
e2:ff
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
2ff56c6e28bb8f5129
16b47b8c4e8adf853a
ac182be06afeff18df
e03ea94eb7669aa98c
fd2800b7ba6fd7aae8
9a7615c61676359ceb
437a35bd4412f2ba6a
c01941a07d2119e89d
3ba39fe6b9bf20eefe
ab5eba995fbf803b56
7f89cd3dbd44dc6555
9533dffdaa3ae36657
6994fe0f8c26cadc6e
ebdeda25d2799fda44
4067:e3
- openssl x509 -signkey mykey.key -in mycsr.csr -req -days 365 -out certificate.pem
Signature ok
subject=CN = Jan Kowalski, SN = Kowalski, GN = Jan, O = Testowa firma, C = PL, L = Mazowieckie, serialNumber = NIP-1801908070, description = Jan Kowalski NIP-1801908070
- openssl x509 -text -noout -in certificate.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
6a9dcc3c2e4707f75ea2:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Jan Kowalski, SN = Kowalski, GN = Jan, O = Testowa firma, C = PL, L = Mazowieckie, serialNumber = NIP-1801908070, description = Jan Kowalski NIP-1801908070
Validity
Not Before: Feb 15 1354 2022 GMT
Not After : Feb 15 1354 2023 GMT
Subject: CN = Jan Kowalski, SN = Kowalski, GN = Jan, O = Testowa firma, C = PL, L = Mazowieckie, serialNumber = NIP-1801908070, description = Jan Kowalski NIP-1801908070
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00f0ef7f2cb31cfe:
24db4d506a66f051:
2ee1f41d497916cd:
065dd4eb97ecf2a1:
e6aaae32c901c928:
7a98235f385633f9:
e4212a0dd4f1808b:
03aa153f3fb7d07a:
51e52b179a32bc0d:
4d6604c076cb2cf6:
d9826d05ace8e49b:
164d22c339ea995b:
11ce6a14dfd22d62:
97364d7846a76691:
d938b1723fe2d5c8:
ca7bde2a6fff3d74:
d93d4f70445a82cd:
e2:ff
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
8f8300d261330f95e3
f6806d4ed484834bb9
f58710735ff0cad594
81126b056d1a33df0a
063aea61e7338c5c8b
e99fd8d2becf58548b
5bacfa3a58fa28752e
ddf266e2affaffa501
bcc4d6399d3709d186
c9c40d26896e703b87
4761ec301e64cda833
4fae0a8fb8d54905f9
8a2babe8660444436a
2c57a229262064ec4f
4390:01
- openssl pkcs12 -export -out keyStore.p12 -inkey mykey.key -in certificate.pem
następnie wywołuję żądanie /api/online/Session/AuthorisationChallenge i podstawiam dane do xml:
<?xml version="1.0" encoding="UTF-8"?>
<ns3:InitSessionSignedRequest
xmlns="http://ksef.mf.gov.pl/schema/gtw/svc/online/types/2021/10/01/0001"
xmlns:ns2="http://ksef.mf.gov.pl/schema/gtw/svc/types/2021/10/01/0001"
xmlns:ns3="http://ksef.mf.gov.pl/schema/gtw/svc/online/auth/request/2021/10/01/0001">
ns3:Context
<Timestamp>2022-02-15T1352.436Z</Timestamp>
<Challenge>20220215-CR-5BED009452-BF962F725E-80</Challenge>
<Identifier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:SubjectIdentifierByCompanyType">
ns2:Identifier1801908070</ns2:Identifier>
</Identifier>
<DocumentType>
ns2:ServiceKSeF</ns2:Service>
ns2:FormCode
ns2:SystemCodeFA (1)</ns2:SystemCode>
ns2:SchemaVersion1-0E</ns2:SchemaVersion>
ns2:TargetNamespacehttp://crd.gov.pl/wzor/2021/11/29/11089/</ns2:TargetNamespace>
ns2:ValueFA</ns2:Value>
</ns2:FormCode>
</DocumentType>
<Type>SerialNumber</Type>
</ns3:Context>
</ns3:InitSessionSignedRequest>
podpisany plik wygląda następująco:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><ns3:initsessionsignedrequest xmlns:ns3="http://ksef.mf.gov.pl/schema/gtw/svc/online/auth/request/2021/10/01/0001" xmlns="http://ksef.mf.gov.pl/schema/gtw/svc/online/types/2021/10/01/0001" xmlns:ns2="http://ksef.mf.gov.pl/schema/gtw/svc/types/2021/10/01/0001">
<ns3:Context>
<Timestamp>2022-02-15T13:17:52.436Z</Timestamp>
<Challenge>20220215-CR-5BED009452-BF962F725E-80</Challenge>
<Identifier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:SubjectIdentifierByCompanyType">
<ns2:Identifier>1801908070</ns2:Identifier>
</Identifier>
<DocumentType>
<ns2:Service>KSeF</ns2:Service>
<ns2:FormCode>
<ns2:SystemCode>FA (1)</ns2:SystemCode>
<ns2:SchemaVersion>1-0E</ns2:SchemaVersion>
<ns2:TargetNamespace>http://crd.gov.pl/wzor/2021/11/29/11089/</ns2:TargetNamespace>
<ns2:Value>FA</ns2:Value>
</ns2:FormCode>
</DocumentType>
<Type>SerialNumber</Type>
</ns3:Context>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f">
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f-ref0" URI="">
ds:Transforms
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
ds:DigestValuexKt+f2N++PlFCvr4kkI6UdEFK5ub6qiQAiY14XQreu0=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f-signedprops">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
ds:DigestValuetsFB6sZDnX/3+ncUYxozy1fccWCsX8CvBA0uwz+/ZMk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f-sigvalue">
37BF1K3dMMo5neS3MPTpuSezNR37wnB8fFcQxsjS+YaoT4lba8jid/kGMc90HdjYz3l4znBahzeg
TJKLmzr9BaoXUv7UwKa5hRFDf03VVlVXd/E0CkpXDePMx8aBS9mR/Lg3lsJa006jP7h1amdqTIN6
eT3yBKq3sMQdKvJkoDuk069ayxTBOwHG7goZzFJE0uJ/qI2uxfuLFJkpDumSHBTzbBFy/XzTjSGQ
N6Vn5KNH6IKCwagWDSA4K0iumYYpLsqQJCaEViDwmdZe6/cFN6P/WUlJ6KeTpANkwShbMCB5pC19
XCeRkwfRRMYFtdXAA9OHYI3/pqvIH/kOVg2PZg==
</ds:SignatureValue>
ds:KeyInfo
ds:X509Data
ds:X509Certificate
MIID7TCCAtUCFCo6ZpfZbxEGDIb+BxMax3HmpDL5MA0GCSqGSIb3DQEBCwUAMIGyMRUwEwYDVQQD
DAxKYW4gS293YWxza2kxETAPBgNVBAQMCEtvd2Fsc2tpMQwwCgYDVQQqDANKYW4xFjAUBgNVBAoM
DVRlc3Rvd2EgZmlybWExCzAJBgNVBAYTAlBMMRQwEgYDVQQHDAtNYXpvd2llY2tpZTEXMBUGA1UE
BRMOTklQLTE4MDE5MDgwNzAxJDAiBgNVBA0MG0phbiBLb3dhbHNraSBOSVAtMTgwMTkwODA3MDAe
Fw0yMjAyMTQxMjA5MTlaFw0yMzAyMTQxMjA5MTlaMIGyMRUwEwYDVQQDDAxKYW4gS293YWxza2kx
ETAPBgNVBAQMCEtvd2Fsc2tpMQwwCgYDVQQqDANKYW4xFjAUBgNVBAoMDVRlc3Rvd2EgZmlybWEx
CzAJBgNVBAYTAlBMMRQwEgYDVQQHDAtNYXpvd2llY2tpZTEXMBUGA1UEBRMOTklQLTE4MDE5MDgw
NzAxJDAiBgNVBA0MG0phbiBLb3dhbHNraSBOSVAtMTgwMTkwODA3MDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOA9v5Fb09S7mXhP7nMsu7FD1VyDs4uBR8BqMxChkBNh/UKrOjGAz79C
EDOzoVLcCxvC0H+WKvUnhGPBYeVGD16qw3bMtyH0o1HCS6CkELd6atZNIrYs8imp1iK3YvFKZNdz
bsnZfMKClPBR6751lWlDKFG5IJC+c6aVu9fqvGja3zNHbej3BQo7Ih7eGsjj33RogfZ3lwcusSeh
5cPygRfaQSl0m1klR2Q4K0MZOVq1DCimPgOUQOgzwCpB6BRwbPBFeZ03ltFOjGzmaQVA2gv6Jq3d
HMYK0yLIS7yyKzhZpGxsrvGOcSnmy8ZfiSMKQvSz9mliRB40nwtRaro6tVcCAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAUpGZ7xieU+EZkO7pLjXCyxjEUgh3uzkvv6lgXZ2Cst55iSpjFTBv9wXmeED8
gIYqY6REvG0rANnQhZSIgSlgLexrZFJObqWBEKFuOUvDMHoq0MiL/UFM7R8e0h7tpgWZFF1DQ2iv
izW2DTEngglcyyRQkpijcHN3A9T1evMHVBQitWbaF/0E1pwbrnkyqFfAy+H8VJxzAOuSL8b3uiHz
7TFXGMYEtu54KkQ8NPf+9hTpWSHkvKKDW1bY8K+6SthHLuAOs76DfaTM1OQJKMmTa8MUhKUptATX
+sn994MaOjBdgq1DyMaDnM3VATjon4AGm9b0+JxVVA6tEBYWI/MoeQ==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
ds:Object<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f"><xades:SignedProperties Id="xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f-signedprops">xades:SignedSignaturePropertiesxades:SigningTime2022-02-15T1426.512+01:00</xades:SigningTime>xades:SigningCertificatexades:Certxades:CertDigest<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>ds:DigestValuegt4GMfvmbkM7Rr6JvzxCJx88xjm2Vz8QJMblBdWNH7Q=</ds:DigestValue></xades:CertDigest>xades:IssuerSerialds:X509IssuerName2.5.4.13=#0c1b4a616e204b6f77616c736b69204e49502d31383031393038303730,2.5.4.5=#130e4e49502d31383031393038303730,L=Mazowieckie,C=PL,O=Testowa firma,2.5.4.42=#0c034a616e,2.5.4.4=#0c084b6f77616c736b69,CN=Jan Kowalski</ds:X509IssuerName>ds:X509SerialNumber241079992720937646083700416374795008714188534521</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties>xades:SignedDataObjectProperties<xades:DataObjectFormat ObjectReference="#xmldsig-2b36bd38-4991-43f3-92c4-38918344f10f-ref0">xades:MimeTypetext/xml</xades:MimeType></xades:DataObjectFormat></xades:SignedDataObjectProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object>
</ds:Signature></ns3:InitSessionSignedRequest>
Fragment kodu w java którym generuję podpis:
public class FirstCertificateSelector implements KeyStoreKeyingDataProvider.SigningCertSelector{
@Override
public X509Certificate selectCertificate(List<X509Certificate> list) {
return list.get(0);
}
}
oraz
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
ClassLoader classLoader = Main.class.getClassLoader();
Document doc = docBuilder.parse("./test.xml");
KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector;
KeyingDataProvider kp = new FileSystemKeyStoreKeyingDataProvider(
"pkcs12",
"./keyStore.p12",
new FirstCertificateSelector(),
new KeyStoreKeyingDataProvider.KeyStorePasswordProvider() {
@Override
public char[] getPassword() {
return new String("qwerty1234").toCharArray();
}
},
new KeyStoreKeyingDataProvider.KeyEntryPasswordProvider() {
@Override
public char[] getPassword(String s, X509Certificate x509Certificate) {
return new String("qwerty1234").toCharArray();
}
},
true);
DataObjectDesc obj = new DataObjectReference("")
.withTransform(new EnvelopedSignatureTransform())
.withDataObjectFormat(new DataObjectFormatProperty("text/xml"));
XadesSigner signer = new XadesBesSigningProfile(kp).newSigner();
SignedDataObjects toSign = new SignedDataObjects(obj);
Node el = doc.getDocumentElement();
signer.sign(toSign, el);
try {
writeXMLToFile(doc, "./test_sign.xml");
} catch (Exception e) {
System.out.println("EXCEPTION");
System.out.println(e.getMessage());
}