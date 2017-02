// Body

this.body.addAttribute(this.generateName("wsu", "Id"), this.getID("body"));

this.body.setIdAttribute("wsu:Id", true);



// Security header

SOAPElement security = this.header.addChildElement(this.generateName("wsse", "Security"));

security.addNamespaceDeclaration("wsu", this.namespaces.get("wsu"));

security.addAttribute(this.generateName("soap", "mustUnderstand"), "1");



// Binary security token

SOAPElement binarySecurityToken = security.addChildElement("BinarySecurityToken", "wsse");

binarySecurityToken.addAttribute(this.generateName("EncodingType"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");

binarySecurityToken.addAttribute(this.generateName("ValueType"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");

binarySecurityToken.addAttribute(this.generateName("wsu", "Id"), this.getID("reference"));

binarySecurityToken.setValue(Base64.getEncoder().encodeToString(this.receipt.keyChain.getCertificate().getEncoded()));



// Signature

XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM");

KeyInfoFactory keyInfoF = sigF.getKeyInfoFactory();

SOAPFactory soapF = SOAPFactory.newInstance();

SOAPElement securityTokenReference = soapF.createElement(this.generateName("wsse", "SecurityTokenReference"));

securityTokenReference.setAttribute("wsu:Id", this.getID("str"));

SOAPElement reference = securityTokenReference.addChildElement(this.generateName("wsse", "Reference"));

reference.setAttribute("URI", "#" + this.getID("reference"));

reference.setAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");



// Prevent unnecessary linebreaks

Field f = XMLUtils.class.getDeclaredField("ignoreLineBreaks");

f.setAccessible(true);

f.set(null, Boolean.TRUE);



XMLSignature xmlSignature = sigF.newXMLSignature(

sigF.newSignedInfo(

sigF.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", new ExcC14NParameterSpec(Arrays.asList(new String[]{"soap"}))),

sigF.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null),

Collections.singletonList(sigF.newReference(

"#" + this.getID("body"),

sigF.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", null),

Collections.singletonList(sigF.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", new ExcC14NParameterSpec())),

(String) null,

(String) null

//, Base64.getDecoder().decode("TWpSLQpOXSUe8k6Q8lAd7DyMhWkTIcbHNifrPnWDG/M=")

))

),

keyInfoF.newKeyInfo(Arrays.asList(new XMLStructure[]{new DOMStructure(securityTokenReference)}), this.getID("ki")),

null,

this.getID("signature"),

null

);



DOMSignContext domSignContext = new DOMSignContext(this.receipt.keyChain.getPrivateKey(), this.header.getFirstChild());

domSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");

domSignContext.putNamespacePrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "ec");



xmlSignature.sign(domSignContext);

this.message.saveChanges();

<?xml version="1.0" encoding="UTF-8"?>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">

<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-AB79979F3364F5119A14761286403811">MIIEmDCCA4CgAwIBAgIEVjaXMDANBgkqhkiG9w0BAQsFADB3MRIwEAYKCZImiZPyLGQBGRYCQ1oxQzBBBgNVBAoMOsSMZXNrw6EgUmVwdWJsaWthIOKAkyBHZW5lcsOhbG7DrSBmaW5hbsSNbsOtIMWZZWRpdGVsc3R2w60xHDAaBgNVBAMTE0VFVCBDQSAxIFBsYXlncm91bmQwHhcNMTYwOTMwMDkwMjQ0WhcNMTkwOTMwMDkwMjQ0WjBDMRIwEAYKCZImiZPyLGQBGRYCQ1oxFTATBgNVBAMTDENaMTIxMjEyMTIxODEWMBQGA1UEDRMNZnl6aWNrYSBvc29iYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIY6O5tIJmB+GFrZsIAjZukigWqFWm9JR6y+O23BFSFIsNxLXlSr+o8PMlvc2xn325R2mlBmfWGSeNVC+VzNj0lUnXt5xkFAQTzUAGy5Vw395w0gjffP0a0aEOJbpP/j/NKVwMmcNCgmR7TMdrHFY+iVlUeBXayShQUi5iwkioSJ7lVHnZpo/vPEuGK1P9ZCbr60HwyRrsgmE+ZPtlBUi5zPtNj0tFVRQ6p31fgDBFNKS+vRL8p9pBI0u2x+Ju64j2LBm4wbyX1tlgqNV0Eg/B+aHIi5LJNfX4AKEVQggso4ymD6RLP84UsYR03gRxGRVdrVx45LW0zslUg2M/OFFl8CAwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJPcMF6yIt00KetjxoNkR6lS1Sc7MB8GA1UdIwQYMBaAFHwwdqzM1ofR7Mkf4nAILONf3gwHMA4GA1UdDwEB/wQEAwIGwDBjBgNVHSAEXDBaMFgGCmCGSAFlAwIBMAEwSjBIBggrBgEFBQcCAjA8DDpUZW50byBjZXJ0aWZpa8OhdCBieWwgdnlkw6FuIHBvdXplIHBybyB0ZXN0b3ZhY8OtIMO6xI1lbHkuMIGXBgNVHR8EgY8wgYwwgYmggYaggYOGKWh0dHA6Ly9jcmwuY2ExLXBnLmVldC5jei9lZXRjYTFwZy9hbGwuY3JshipodHRwOi8vY3JsMi5jYTEtcGcuZWV0LmN6L2VldGNhMXBnL2FsbC5jcmyGKmh0dHA6Ly9jcmwzLmNhMS1wZy5lZXQuY3ovZWV0Y2ExcGcvYWxsLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAOd3TksJlO4Cq6BfuAoWUqJP28p10f11W60X2TZ0LLEIeJHvlZ2to6Pht8Pf50ZE4XPKyJclUDhT4dEoR0JcCiFZci8Oei35p6PAZ/dFEXBLHylMO5JOY5JNwhUJNkhE2oSoCDBWpZ+tF6sPPeQv+dR9Zcj6vy767D0XGz6zyrxB3Lb1t03SO+pGac/1C7dc3rOkBkqxz7b7dVRl7hT31ct/TTSMBBvPqStiUNF375nKb1pRTSZtj5jt8m8UHChmu6bWyFGYLqil9XFHr3xeIGK8hRb4pPdjMEOY6HULZwImPg3SnP8fInbXA47hWoHb7pGwpdE5Jybveo6ae8HNx4w==</wsse:BinarySecurityToken>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-AB79979F3364F5119A14761286404065">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>

</ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="#id-AB79979F3364F5119A14761286403964">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>TWpSLQpOXSUe8k6Q8lAd7DyMhWkTIcbHNifrPnWDG/M=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>SX8rtbZ6ip6ayGLQsmoSjd5wVKJEXfbOIqP75E3HchB5QD09YYKuMpXVzLawtJHNVFPE8AvN0jqQaQkJCS2NaI0BZfBsryEx/Pnoq8dkwEYbEa7XgBIzblVNmN9iiaQoQPC2Q/PHCwhOSYUmMRM8liwBnkdaqNWw/6BySw7PWcS/BMDm3d3O/igheuO8Tbi3ksybTDun5lf8xsWdFFRZ2hJX4rJm9p2ro128AbDO6yJIy/sfsyEvMFkpSQ8pms66EIgz0OflhplvPxOsYjA4V0aB31M5t2qXAUNKBcaZkyUZDhLSgBf63GzcfQ501s8R/fwmH07NxfDFmSsrsP3LHw==</ds:SignatureValue>

<ds:KeyInfo Id="KI-AB79979F3364F5119A14761286403862">

<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STR-AB79979F3364F5119A14761286403893">

<wsse:Reference URI="#X509-AB79979F3364F5119A14761286403811" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>

</wsse:Security>

</SOAP-ENV:Header>

<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-AB79979F3364F5119A14761286403964">

<Trzba xmlns="http://fs.mfcr.cz/eet/schema/v3">

<Hlavicka dat_odesl="2016-09-19T19:06:37+02:00" prvni_zaslani="false" uuid_zpravy="ab1bc7a0-5ab0-4d61-a170-2982f2d83784"/>

<Data celk_trzba="34113.00" cerp_zuct="679.00" cest_sluz="5460.00" dan1="-172.39" dan2="-530.73" dan3="975.65" dat_trzby="2016-08-05T00:30:12+02:00" dic_popl="CZ1212121218" id_pokl="/5546/RO24" id_provoz="273" porad_cis="0/6460/ZQ42" pouzit_zboz1="784.00" pouzit_zboz2="967.00" pouzit_zboz3="189.00" rezim="0" urceno_cerp_zuct="324.00" zakl_dan1="-820.92" zakl_dan2="-3538.20" zakl_dan3="9756.46" zakl_nepodl_dph="3036.00"/>

<KontrolniKody>

<pkp cipher="RSA2048" digest="SHA256" encoding="base64">JvCv0lXfT74zuviJaHeO91guUfum1MKhq0NNPxW0YlBGvIIt+I4QxEC3QP6BRwEkIS14n2WN+9oQ8nhQPYwZX7L4W9Ie7CYv1ojcl/YiF4560EdB3IpRNRj3UjQlwSZ5ucSM9vWqp0UTbhJDSUk5/WjC/CEiSYv7OQIqa0NJ0f0+ldzGveLRSF34eu2iqAhs/yfDnENlnMDPVB5ko/zQO0vcC93k5DEWEoytTIAsKd6jKSO7eama8Qe+d0wq9vBzudkfLgCe2C1iERJuyHknhjo9KOx10h5wk99QqVGX8tthpAmryDcX2N0ZGkzJHuzzebnYsxXFYI2tKOJLiLLoLQ==</pkp>

<bkp digest="SHA1" encoding="base16">3F9119C1-FBF34535-D30B60F8-9859E4A6-C8C8AAFA</bkp>

</KontrolniKody>

</Trzba>

</soap:Body>

</soap:Envelope>

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">

<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-AB79979F3364F5119A14761286403811">MIIEmDCCA4CgAwIBAgIEVjaXMDANBgkqhkiG9w0BAQsFADB3MRIwEAYKCZImiZPyLGQBGRYCQ1oxQzBBBgNVBAoMOsSMZXNrw6EgUmVwdWJsaWthIOKAkyBHZW5lcsOhbG7DrSBmaW5hbsSNbsOtIMWZZWRpdGVsc3R2w60xHDAaBgNVBAMTE0VFVCBDQSAxIFBsYXlncm91bmQwHhcNMTYwOTMwMDkwMjQ0WhcNMTkwOTMwMDkwMjQ0WjBDMRIwEAYKCZImiZPyLGQBGRYCQ1oxFTATBgNVBAMTDENaMTIxMjEyMTIxODEWMBQGA1UEDRMNZnl6aWNrYSBvc29iYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIY6O5tIJmB+GFrZsIAjZukigWqFWm9JR6y+O23BFSFIsNxLXlSr+o8PMlvc2xn325R2mlBmfWGSeNVC+VzNj0lUnXt5xkFAQTzUAGy5Vw395w0gjffP0a0aEOJbpP/j/NKVwMmcNCgmR7TMdrHFY+iVlUeBXayShQUi5iwkioSJ7lVHnZpo/vPEuGK1P9ZCbr60HwyRrsgmE+ZPtlBUi5zPtNj0tFVRQ6p31fgDBFNKS+vRL8p9pBI0u2x+Ju64j2LBm4wbyX1tlgqNV0Eg/B+aHIi5LJNfX4AKEVQggso4ymD6RLP84UsYR03gRxGRVdrVx45LW0zslUg2M/OFFl8CAwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJPcMF6yIt00KetjxoNkR6lS1Sc7MB8GA1UdIwQYMBaAFHwwdqzM1ofR7Mkf4nAILONf3gwHMA4GA1UdDwEB/wQEAwIGwDBjBgNVHSAEXDBaMFgGCmCGSAFlAwIBMAEwSjBIBggrBgEFBQcCAjA8DDpUZW50byBjZXJ0aWZpa8OhdCBieWwgdnlkw6FuIHBvdXplIHBybyB0ZXN0b3ZhY8OtIMO6xI1lbHkuMIGXBgNVHR8EgY8wgYwwgYmggYaggYOGKWh0dHA6Ly9jcmwuY2ExLXBnLmVldC5jei9lZXRjYTFwZy9hbGwuY3JshipodHRwOi8vY3JsMi5jYTEtcGcuZWV0LmN6L2VldGNhMXBnL2FsbC5jcmyGKmh0dHA6Ly9jcmwzLmNhMS1wZy5lZXQuY3ovZWV0Y2ExcGcvYWxsLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAOd3TksJlO4Cq6BfuAoWUqJP28p10f11W60X2TZ0LLEIeJHvlZ2to6Pht8Pf50ZE4XPKyJclUDhT4dEoR0JcCiFZci8Oei35p6PAZ/dFEXBLHylMO5JOY5JNwhUJNkhE2oSoCDBWpZ+tF6sPPeQv+dR9Zcj6vy767D0XGz6zyrxB3Lb1t03SO+pGac/1C7dc3rOkBkqxz7b7dVRl7hT31ct/TTSMBBvPqStiUNF375nKb1pRTSZtj5jt8m8UHChmu6bWyFGYLqil9XFHr3xeIGK8hRb4pPdjMEOY6HULZwImPg3SnP8fInbXA47hWoHb7pGwpdE5Jybveo6ae8HNx4w==</wsse:BinarySecurityToken>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-AB79979F3364F5119A14761286404065">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>

</ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="#id-AB79979F3364F5119A14761286403964">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>W35ybR5oW/sQ4l3ItXnUQTxYoAX/1YQ58Os2CoUkz2g=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>SvuF3zoc5RU2iAmkyFTkJV1yJZ9WPRrXQqRsaBU96pIXCx/9S94wxplwJfcVu0ClpkcDNeRtg3HPTBYcedaf5m8VujFQr5x2+G9BH0bMfoHOzzHVS88v9kvH9D+shjteuzmpk9ZrtlQWWON09TVQ7tfHk0wmETpKfUtUTCDawfp5JmHjEuuGWacebMPFpKuzfpCXaGHM5WYJN/WH7+8o6qWkGJghdWtHGwAs4N4nScpTHKZYAViTtsKsi6Y5Vx51JjaQFOavCsA9YUpxdpu91O4nx34+gxmc2CJgO16BlPZcZrOZpBmj0jAIO17MUvftLEP3Cg+vNQtwNdnDkLlMaQ==</ds:SignatureValue>

<ds:KeyInfo Id="KI-AB79979F3364F5119A14761286403862">

<wsse:SecurityTokenReference wsu:Id="STR-AB79979F3364F5119A14761286403893">

<wsse:Reference URI="#X509-AB79979F3364F5119A14761286403811" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>

</wsse:Security>

</SOAP-ENV:Header>

<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-AB79979F3364F5119A14761286403964">

<Trzba xmlns="http://fs.mfcr.cz/eet/schema/v3">

<Hlavicka dat_odesl="2016-09-19T19:06:37+02:00" prvni_zaslani="false" uuid_zpravy="ab1bc7a0-5ab0-4d61-a170-2982f2d83784"/>

<Data celk_trzba="34113.00" cerp_zuct="679.00" cest_sluz="5460.00" dan1="-172.39" dan2="-530.73" dan3="975.65" dat_trzby="2016-08-05T00:30:12+02:00" dic_popl="CZ1212121218" id_pokl="/5546/RO24" id_provoz="273" porad_cis="0/6460/ZQ42" pouzit_zboz1="784.00" pouzit_zboz2="967.00" pouzit_zboz3="189.00" rezim="0" urceno_cerp_zuct="324.00" zakl_dan1="-820.92" zakl_dan2="-3538.20" zakl_dan3="9756.46" zakl_nepodl_dph="3036.00"/>

<KontrolniKody>

<pkp cipher="RSA2048" digest="SHA256" encoding="base64">JvCv0lXfT74zuviJaHeO91guUfum1MKhq0NNPxW0YlBGvIIt+I4QxEC3QP6BRwEkIS14n2WN+9oQ8nhQPYwZX7L4W9Ie7CYv1ojcl/YiF4560EdB3IpRNRj3UjQlwSZ5ucSM9vWqp0UTbhJDSUk5/WjC/CEiSYv7OQIqa0NJ0f0+ldzGveLRSF34eu2iqAhs/yfDnENlnMDPVB5ko/zQO0vcC93k5DEWEoytTIAsKd6jKSO7eama8Qe+d0wq9vBzudkfLgCe2C1iERJuyHknhjo9KOx10h5wk99QqVGX8tthpAmryDcX2N0ZGkzJHuzzebnYsxXFYI2tKOJLiLLoLQ==</pkp>

<bkp digest="SHA1" encoding="base16">3F9119C1-FBF34535-D30B60F8-9859E4A6-C8C8AAFA</bkp>

</KontrolniKody>

</Trzba>

</soap:Body>

</soap:Envelope>

Dobrý den, už několik dní se mořím s podepisováním zpráv pro EET v rámci bakalářky. Za tu dobu se mi podařilo nějaký podpis vytvořit, ten ale není platný (relevantní kód níže), EET playground vrací chybu 4: Neplatny podpis SOAP zpravy.Metodou pokus omyl jsem došel k názoru, že chyba je v kanonizaci, protože když použiji digest value z ukázky (a stejné údaje účtenky), tak je vygenerován platný podpis (dostanu FIK). Jenže už se mi nedaří přijít na to, co mám špatně.Předem děkuji za jakékoli nasměrování či pomoc.Kód:Ukázka z webu EET:Mým kódem vygenerovaný XML: