Проверяю на
http://smev.gosuslugi.ru...l/services-tools.jsp.Что подпись не верная понятно, не понятно только что не так.
На входе <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<wsse:Security>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SenderCertificate"></wsse:BinarySecurityToken>
</wsse:Security>
</s:Header>
<s:Body wsu:id="body"> <DocumentType_SelectAll xmlns="http://asur.mos.ru/isi/declarants/v8">123</DocumentType_SelectAll></s:Body>
</s:Envelope>
На выходе<?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header><wsse:Security s:actor="http://smev.gosuslugi.ru/actors/smev" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/><ds:Reference URI="#body"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/><ds:DigestValue>D2TMl4T8QZ61rQzPf7NnapkNSJN+Wdkwd9vX1T+2C4s=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>IG2di7gfXPuX54N6JF/TlDZZjPyjERnyQY5XnvJj+uGsIfZ3asWiY8HTZAKYwyZvSoJVZqmqDumC
Zye3ifaPgg==</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#SenderCertificate" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security>
<wsse:Security>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SenderCertificate">MIIDWDCCAwegAwIBAgIKOml6JwACAALvLzAIBgYqhQMCAgMwZTEgMB4GCSqGSIb3DQEJARYRaW5m
b0BjcnlwdG9wcm8ucnUxCzAJBgNVBAYTAlJVMRMwEQYDVQQKEwpDUllQVE8tUFJPMR8wHQYDVQQD
ExZUZXN0IENlbnRlciBDUllQVE8tUFJPMB4XDTEyMTExMjEzMzcyMloXDTE0MTAwNDA3MDk0MVow
gZYxITAfBgkqhkiG9w0BCQEWEnMudGlraG9ub3ZAcGZsYi5ydTEYMBYGA1UEAwwPU2VyZ2V5IFRp
a2hvbm92MQswCQYDVQQLDAJwdDEYMBYGA1UECgwPUGVyZm9ybWFuY2UgTGFiMRAwDgYDVQQHDAdJ
emhldnNrMREwDwYDVQQIDAhVZG11cnRpYTELMAkGA1UEBhMCUlUwYzAcBgYqhQMCAhMwEgYHKoUD
AgIkAAYHKoUDAgIeAQNDAARAPER4v38TwpnhIF3Ij267uUb4VMEDekh7FJ/5pHCaPXQlaxoKTNj9
hPJ3/AVa1au7lSB2bHK50s7T5WcwgyoVI6OCAWMwggFfMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUE
DDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUHNTlpciCZLWfTcbDf7J3uMDskQQwHwYDVR0jBBgwFoAU
bY9eBdlfrJEXlB6VmgUwODd6ECowVQYDVR0fBE4wTDBKoEigRoZEaHR0cDovL3d3dy5jcnlwdG9w
cm8ucnUvQ2VydEVucm9sbC9UZXN0JTIwQ2VudGVyJTIwQ1JZUFRPLVBSTygyKS5jcmwwgaAGCCsG
AQUFBwEBBIGTMIGQMDMGCCsGAQUFBzABhidodHRwOi8vd3d3LmNyeXB0b3Byby5ydS9vY3NwbmMv
b2NzcC5zcmYwWQYIKwYBBQUHMAKGTWh0dHA6Ly93d3cuY3J5cHRvcHJvLnJ1L0NlcnRFbnJvbGwv
cGtpLXNpdGVfVGVzdCUyMENlbnRlciUyMENSWVBUTy1QUk8oMikuY3J0MAgGBiqFAwICAwNBAAqB
APw6bOtkGwXNHTFQy7bGjIJhRvEcdsyGX1rAythLrOgkA8Wume+Dw4/Z+BZl+eSiif5qRbVWJ7Sq
bNc6h6M=</wsse:BinarySecurityToken>
</wsse:Security>
</s:Header>
<s:Body wsu:id="body"> <DocumentType_SelectAll xmlns="http://asur.mos.ru/isi/declarants/v8">123</DocumentType_SelectAll></s:Body>
</s:Envelope>
Код стандартный :com.sun.org.apache.xml.internal.security.Init.init();
org.apache.xml.security.Init.init();
//начинаем обработку MEssage. СОзадем SOAPMessage
MessageFactory mf = MessageFactory.newInstance();
SOAPMessage message = mf.createMessage();
SOAPPart soapPart = message.getSOAPPart();
soapPart.setContent(new StreamSource(new StringReader(soapMSG)));
message.getSOAPPart().getEnvelope().addNamespaceDeclaration("ds", "http://www.w3.org/2000/09/xmldsig#");
Document doc = message.getSOAPPart().getEnvelope().getOwnerDocument();
//формируем заголовок
WSSecHeader header = new WSSecHeader();
header.setActor("http://smev.gosuslugi.ru/actors/smev"/*"RSMEVAUTH"*/);
header.setMustUnderstand(false);
header.insertSecurityHeader(message.getSOAPPart().getEnvelope().getOwnerDocument());
Element token = header.getSecurityHeader();
//говолрим что ID это идентификатор ,а то иначе не понимает
((Element) XPathAPI.selectSingleNode(token, "//*[@wsu:id='"+"body"+"']")).setIdAttribute( "wsu:id", true);
XMLSignatureFactory fac = getSigFactory();
//Преобразования над узлом ds:SignedInfo:
List<Transform> transformList = new ArrayList<Transform>();
Transform transform = fac.newTransform(Transform.ENVELOPED, (XMLStructure) null);
Transform transformC14N = fac.newTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, (XMLStructure) null);
transformList.add(transform);
transformList.add(transformC14N);
//Добавляем ссылку на подписываемый узел с идентификатором
Reference refData = fac.newReference("#"+"body", fac.newDigestMethod(getDigestMethod(), null),transformList, null, null);
//Задаём алгоритм подписи:
SignedInfo si = fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec) null), fac.newSignatureMethod(getSignatureMethod(), null) , Collections.singletonList(refData));
//Создаём узел ds:KeyInfo с информацией о сертификате:
KeyInfoFactory kif = fac.getKeyInfoFactory();
X509Data x509d = kif.newX509Data(Collections.singletonList((X509Certificate) cert));
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(x509d));
//Подписываем данные в элементе token:
javax.xml.crypto.dsig.XMLSignature sig = fac.newXMLSignature(si, ki);
DOMSignContext signContext = new DOMSignContext((Key) getPrivateKey(), token);
signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds");
sig.sign(signContext);
logger.info(getResultString(token));
Element sigE = (Element) XPathAPI.selectSingleNode(signContext.getParent(), "//ds:Signature");
Node keyE = XPathAPI.selectSingleNode(sigE, "//ds:KeyInfo", sigE);
Element cerVal = (Element) XPathAPI.selectSingleNode(token, "//*[@wsu:Id='SenderCertificate']");
cerVal.setTextContent(XPathAPI.selectSingleNode(keyE, "//ds:X509Certificate", keyE).getFirstChild().getNodeValue());
keyE.removeChild(XPathAPI.selectSingleNode(keyE, "//ds:X509Data", keyE));
NodeList chl = keyE.getChildNodes();
for (int i = 0; i < chl.getLength(); i++) {
keyE.removeChild(chl.item(i));
}
Node str = keyE.appendChild(doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:SecurityTokenReference"));
Element strRef = (Element)str.appendChild(doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Reference"));
strRef.setAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
strRef.setAttribute("URI", "#SenderCertificate");
header.getSecurityHeader().appendChild(sigE);
Есть идеи что не так?
