Problem with digital signature SHA-256

Question

Problem with digital signature SHA-256

Navigation

#1 by (1 votes)

0

I am generating an xml and signing with SHA-256, however when I validate the signature, then the java says that it is not valid

xml generated and signed:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
    <EnviarLoteEventos xmlns="http://www.esocial.gov.br/servicos/empregador/lote/eventos/envio/v1_1_0">
        <loteEventos>
            <eSocial xmlns="http://www.esocial.gov.br/schema/lote/eventos/envio/v1_1_0">
                <envioLoteEventos grupo="1">
                    <ideEmpregador>
                        <tpInsc>1</tpInsc>
                        <nrInsc>00060824000157</nrInsc>
                    </ideEmpregador>
                    <ideTransmissor>
                        <tpInsc>1</tpInsc>
                        <nrInsc>00060824000157</nrInsc>
                    </ideTransmissor>
                    <eventos>
                        <evento Id="ID1000608240001572017071915400600002">
                            <eSocial xmlns="http://www.esocial.gov.br/schema/evt/evtInfoEmpregador/v02_02_02">
                                <evtInfoEmpregador Id="ID1000608240001572017071915400600001">
                                    <ideEvento>
                                        <tpAmb>3</tpAmb>
                                        <procEmi>1</procEmi>
                                        <verProc>11.27.062.05</verProc>
                                    </ideEvento>
                                    <ideEmpregador>
                                        <tpInsc>1</tpInsc>
                                        <nrInsc>00060824</nrInsc>
                                    </ideEmpregador>
                                    <infoEmpregador>
                                        <inclusao>
                                            <idePeriodo>
                                                <iniValid>2010-01</iniValid>
                                            </idePeriodo>
                                            <infoCadastro>
                                                <nmRazao>CONSISANET SISTEMAS DE INFORMACAO LTDA - EPP</nmRazao>
                                                <classTrib>02</classTrib>
                                                <natJurid>2313</natJurid>
                                                <indCoop>0</indCoop>
                                                <indConstr>0</indConstr>
                                                <indDesFolha>0</indDesFolha>
                                                <indOptRegEletron>1</indOptRegEletron>
                                                <multTabRubricas>N</multTabRubricas>
                                                <indEntEd>S</indEntEd>
                                                <indEtt>N</indEtt>
                                                <contato>
                                                    <nmCtt>SOCIO TESTE</nmCtt>
                                                    <cpfCtt>03202055925</cpfCtt>
                                                    <foneFixo>04699786912</foneFixo>
                                                </contato>
                                                <softwareHouse>
                                                    <cnpjSoftHouse>00060824000157</cnpjSoftHouse>
                                                    <nmRazao>CONSISA INFORMÁTICA LTDA</nmRazao>
                                                    <nmCont>MARCIO RODRIGO DE BORTOLI</nmCont>
                                                    <telefone>04635201300</telefone>
                                                </softwareHouse>
                                                <infoComplementares>
                                                    <situacaoPJ>
                                                        <indSitPJ>0</indSitPJ>
                                                    </situacaoPJ>
                                                </infoComplementares>
                                            </infoCadastro>
                                        </inclusao>
                                    </infoEmpregador>
                                </evtInfoEmpregador>
                                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                                    <SignedInfo>
                                        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                                        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                                        <Reference URI="#ID1000608240001572017071915400600001">
                                            <Transforms>
                                                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                                <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                                            </Transforms>
                                            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                            <DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue>
                                        </Reference>
                                    </SignedInfo>
                                    <SignatureValue>a70ld/0B4VX+FiPWaXYYNjJmGHZtEV7YxjOwLeqSjcWmo45mUySGv2oyXQFEU9ahKSizPkfQoYqpERG4r/Z2qChEkpHDJkGwRCGycPd5ZdxJDht/0dip6KkGzqb/iYpdeRXq1ljlnelfMTcOvaLxaFh1PQ4hP28jFu3TxE/xEWuWA4kvIzFURcQdeuPfv/99P4lZKTX/vZAiPGePLa2QkqnqMbLrdI5Ze5D9/igt/hsWTo3OXxO3AAUAwKMwjYSaWp3Rs/i3IVKmHIk2oIxXIQGDPBCl8VJKMRUlvBXEkFT82YFy0vlSnD+REYlJyfk/ECBayt6delMLHHVRyD4Ecw==</SignatureValue>
                                    <KeyInfo>
                                        <X509Data>
                                            <X509Certificate>MIIIADCCBeigAwIBAgIIdBH1hsRuUe0wDQYJKoZIhvcNAQELBQAwczELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEXMBUGA1UEAxMOQUMgU0FGRVdFQiBSRkIwHhcNMTcwNjEyMTE0MDA0WhcNMTgwNjEyMTE0MDA0WjCB5TELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxCzAJBgNVBAgTAlBSMRowGAYDVQQHExFGUkFOQ0lTQ08gQkVMVFJBTzE2MDQGA1UECxMtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRYwFAYDVQQLEw1SRkIgZS1DTlBKIEExMRIwEAYDVQQLEwlBUiBGVVRVUkExNDAyBgNVBAMTK0NPTlNJU0EgSU5GT1JNQVRJQ0EgTFREQSBFUFA6MDAwNjA4MjQwMDAxNTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVU0M1Iq7sRQJUUUQuS7fkIVYAuZ31wKSTKISECMMS5DachOvMBN0E13Jin/ocoUK0dy/0aNIIA74x9IdWw4oTPWQBWmVp0f/8k+kcRIFiD8/zmDqTdjjYMt2+WxYQ1M/zOMo/WOL8pLzGjvYwddzpVPrZHU/4zmyHkAjX7JGtG2+zQqIq4Nu6kEcro45pKtwkwUcJFB3kOvNInU+OEhFN6jODOXsQD4zbz1Nnv/+B0wvH+uM5LSCPx8BsK4nKrn1C6jkik+P/fItAPNE+S8mIyvia59GzXLutnwHf/bl2KnUrbaNkUHW3i3+sbpeZiBuDwLJFg3FNaIHSdm1Pitb7AgMBAAGjggMjMIIDHzAfBgNVHSMEGDAWgBTfRU9Px+HcOMxKDCDn+OlZrR9eYTAOBgNVHQ8BAf8EBAMCBeAwbQYDVR0gBGYwZDBiBgZgTAECATMwWDBWBggrBgEFBQcCARZKaHR0cDovL3JlcG9zaXRvcmlvLmFjc2FmZXdlYi5jb20uYnIvYWMtc2FmZXdlYnJmYi9hYy1zYWZld2ViLXJmYi1wYy1hMS5wZGYwgf8GA1UdHwSB9zCB9DBPoE2gS4ZJaHR0cDovL3JlcG9zaXRvcmlvLmFjc2FmZXdlYi5jb20uYnIvYWMtc2FmZXdlYnJmYi9sY3ItYWMtc2FmZXdlYnJmYnYyLmNybDBQoE6gTIZKaHR0cDovL3JlcG9zaXRvcmlvMi5hY3NhZmV3ZWIuY29tLmJyL2FjLXNhZmV3ZWJyZmIvbGNyLWFjLXNhZmV3ZWJyZmJ2Mi5jcmwwT6BNoEuGSWh0dHA6Ly9hY3JlcG9zaXRvcmlvLmljcGJyYXNpbC5nb3YuYnIvbGNyL1NBRkVXRUIvbGNyLWFjLXNhZmV3ZWJyZmJ2Mi5jcmwwgYsGCCsGAQUFBwEBBH8wfTBRBggrBgEFBQcwAoZFaHR0cDovL3JlcG9zaXRvcmlvLmFjc2FmZXdlYi5jb20uYnIvYWMtc2FmZXdlYnJmYi9hYy1zYWZld2VicmZidjIucDdiMCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5hY3NhZmV3ZWIuY29tLmJyMIHCBgNVHREEgbowgbeBHUNBTUlMQS5ERVpBTkVUQENPTlNJU0FORVQuQ09NoCgGBWBMAQMCoB8THUpPU0UgQU5UT05JTyBBTlRVTkVTIFpBTlJPU1NPoBkGBWBMAQMDoBATDjAwMDYwODI0MDAwMTU3oDgGBWBMAQMEoC8TLTA1MDIxOTU5NDIyNzU1MDQ5MTUwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDB6AOEwwwMDAwMDAwMDAwMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggIBAHc+285LZluwRoBDg2tXsWM8TfFA1WwDy23NUeqw/zfIqMCk+grD8ZtrhKFFGGhHxTknekBgQ02SMj2GbtIwTPZk2HVEjCCfKvLh4N5cx2ngXMjMbjib6DDv9A4Q5HifyiU5Z/uRVTxtgGUMHEEmCfhf5N8Nf1OQQi+cNznpcKVU/pDPQJXKnRlM1JCKTMVt6JKf5MUVbn2Nz8NUdP0ZS44YxmNCDD4cDq3paBtDy+NVuagA467gL1Gg+r7LjNGFhIY3MqvNxsklKyjVkqnhScDmvI/3KIqkLufHe+B+/Olf1yjQA6D9lrAljYKQfJoqUZ6Y1FMWHzSeSYopoWC3mBM0nnTryw1Ma+CP+6gh2TaHUrzbQv2Ehfvooc1VV+EQXjgWF9Lmk5+8woqUqZWytS3yCe91nUTR26+y+msMKChxkMMBOXsAWidY6K54BVy2LRDKsgyP4cOPzvOv/vKDX3opFBuloU2ipY/tS2caRK0/7SyzQZz0yXISYoQeB2IWdw49YoHhfCsh9TsmYbM043BnUAazGGxu2Pz2UswHFbjr/Q5BGhRysRJWLnYEPmVXxdxYVWt3WGqiYRnQUXQ0jS7LHVwwK4++ylpgyfn3487YW5tVpoVH90Cb3Blrw0wE3DInaz59IupjyZ+hWNW8wOyqu3q9m9Z3GDDaADtYmAKl</X509Certificate>
                                        </X509Data>
                                    </KeyInfo>
                                </Signature>
                            </eSocial>
                        </evento>
                    </eventos>
                </envioLoteEventos>
            </eSocial>
        </loteEventos>
    </EnviarLoteEventos>
</soap:Body>

signature method code used

public static String assinarSHA256(String xml, String tagRoot, String tagId, String tagAssinar,
        CertificadoBean certificadoBean, boolean lote) throws Throwable {

    Document doc = XMLW3CUtil.stringToDocument(xml);
    NodeList elements = doc.getElementsByTagName(tagAssinar);
    int quantidade = elements.getLength();

    try {
        for (int i = 0; i < quantidade; i++) {
            Element el = (Element) elements.item(i);

            String id = el.getAttribute(tagId);
            el.setIdAttribute("Id", true);

            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

            List<Transform> transformList = new ArrayList<Transform>();
            transformList.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
            transformList.add(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
                    (C14NMethodParameterSpec) null));

            Reference ref = fac.newReference("#" + id, fac.newDigestMethod(DigestMethod.SHA256, null),
                    transformList, null, null);

            SignedInfo si = fac.newSignedInfo(
                    fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
                    fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null),
                    Collections.singletonList(ref));

            KeyInfoFactory kif = fac.getKeyInfoFactory();
            X509Data x509Data = kif.newX509Data(Collections.singletonList(certificadoBean.getCertificado()));
            KeyInfo ki = kif.newKeyInfo(Collections.singletonList(x509Data));

            DOMSignContext dsc = new DOMSignContext(certificadoBean.getChavePrivada(), el.getParentNode());

            XMLSignature signature = fac.newXMLSignature(si, ki);
            signature.sign(dsc);
        }
    } catch (NoSuchAlgorithmException e) {
        logger.error(e);
    } catch (InvalidAlgorithmParameterException e) {
        logger.error(e);
    } catch (MarshalException e) {
        logger.error(e);
    } catch (XMLSignatureException e) {
        throw new Exception(
                "Erro ao assinar o documento, verificar se o certificado " + "esta configurado corretamente");
    }

    return XMLW3CUtil.documentToString(doc);
}

however after this I call a method that does validation and is returned that the signature is not valid, log shown during xml signature process and signature validation:

log4j:ERROR Could not find value for key log4j.appender.LOGTXT
log4j:ERROR Could not instantiate appender named "LOGTXT".
log4j:WARN No appenders could be found for logger         (com.consisa.global.utils.conexao.seguranca.CredentialManager).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
DEBUG Init:114 - Registering default algorithms
DEBUG DOMReference:312 - Marshalling Reference
DEBUG DOMReference:337 - Adding digestValueElem
DEBUG ResourceResolver:94 - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
DEBUG ResolverFragment:131 - State I can resolve reference: "#ID1000608240001572017071915400600001"
DEBUG ResolverFragment:95 - Try to catch an Element with ID ID1000608240001572017071915400600001 and Element was [evtInfoEmpregador: null]
DEBUG DOMReference:423 - URIDereferencer class name: org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer
DEBUG DOMReference:424 - Data class name: org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData
DEBUG Transform:360 - Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
DEBUG Transform:362 - The NodeList is [Transform: null]
DEBUG ElementProxy:181 - setElement(Transform, "null"
DEBUG ApacheTransform:145 - Created transform for algorithm: http://www.w3.org/2000/09/xmldsig#enveloped-signature
DEBUG ApacheTransform:166 - ApacheData = true
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [Transform: null]
DEBUG ElementProxy:181 - setElement(Transform, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:230 - ApacheData = true
DEBUG DigesterOutputStream:88 - Pre-digested input:
DEBUG DigesterOutputStream:93 - <evtInfoEmpregador xmlns="http://www.esocial.gov.br/schema/evt/evtInfoEmpregador/v02_02_02" Id="ID1000608240001572017071915400600001"><ideEvento><tpAmb>3</tpAmb><procEmi>1</procEmi><verProc>11.27.062.05</verProc></ideEvento><ideEmpregador><tpInsc>1</tpInsc><nrInsc>00060824</nrInsc></ideEmpregador><infoEmpregador><inclusao><idePeriodo><iniValid>2010-01</iniValid></idePeriodo><infoCadastro><nmRazao>CONSISANET SISTEMAS DE INFORMACAO LTDA - EPP</nmRazao><classTrib>02</classTrib><natJurid>2313</natJurid><indCoop>0</indCoop><indConstr>0</indConstr><indDesFolha>0</indDesFolha><indOptRegEletron>1</indOptRegEletron><multTabRubricas>N</multTabRubricas><indEntEd>S</indEntEd><indEtt>N</indEtt><contato><nmCtt>SOCIO TESTE</nmCtt><cpfCtt>03202055925</cpfCtt><foneFixo>04699786912</foneFixo></contato><softwareHouse><cnpjSoftHouse>00060824000157</cnpjSoftHouse><nmRazao>CONSISA INFORMￃﾁTICA LTDA</nmRazao><nmCont>MARCIO RODRIGO DE BORTOLI</nmCont><telefone>04635201300</telefone></softwareHouse><infoComplementares><situacaoPJ><indSitPJ>0</indSitPJ></situacaoPJ></infoComplementares></infoCadastro></inclusao></infoEmpregador></evtInfoEmpregador>
DEBUG DOMReference:361 - Reference object uri = #ID1000608240001572017071915400600001
DEBUG DOMReference:373 - Reference digesting completed
DEBUG DOMSignatureMethod:269 - Signature provider:SunRsaSign version 1.8
DEBUG DOMSignatureMethod:270 - Signing with key: sun.security.rsa.RSAPrivateCrtKeyImpl@fff8a957
DEBUG DOMSignatureMethod:271 - JCA Algorithm: SHA256withRSA
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [CanonicalizationMethod: null]
DEBUG ElementProxy:181 - setElement(CanonicalizationMethod, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:235 - isNodeSet() = true
DEBUG DOMSignedInfo:243 - Canonicalized SignedInfo:
DEBUG DOMSignedInfo:248 - <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#ID1000608240001572017071915400600001"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue></Reference></SignedInfo>
DEBUG DOMSignedInfo:249 - Data to be signed/verified:PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiPjwvQ2Fub25pY2FsaXphdGlvbk1ldGhvZD48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiI+PC9TaWduYXR1cmVNZXRob2Q+PFJlZmVyZW5jZSBVUkk9IiNJRDEwMDA2MDgyNDAwMDE1NzIwMTcwNzE5MTU0MDA2MDAwMDEiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSI+PC9UcmFuc2Zvcm0+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiI+PC9EaWdlc3RNZXRob2Q+PERpZ2VzdFZhbHVlPlNtMHFQVVgrODlobk9Ha1FQN2hzeFROVUlmQXJ5Q2RZQldZWE0xK09tSnM9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+
DEBUG DOMSignatureMethod:222 - Signature provider:SunRsaSign version 1.8
DEBUG DOMSignatureMethod:223 - Verifying with key: Sun RSA public key, 2048 bits
  modulus: 18850565723518694304036681294904955376724231871364234526408990712505004320383621186417985414445105832462854179885482777052872657757253057498276138689217124788313055652738068786152007030341157717350629030807302506296786052005145921775458384455332804013031584688081901027146715120332778706117692138572155315212459970637104450132114335517756099838544318343025698054701160186011605999191313387389709562683755957006454728356593750500899887605586015518285164570248753404551631162415424346573421063111556516263872766146218478987848418776173293386026256616764023342134329374433270339343343588810070112038383709045990970021627
  public exponent: 65537
DEBUG DOMSignatureMethod:224 - JCA Algorithm: SHA256withRSA
DEBUG DOMSignatureMethod:225 - Signature Bytes length: 256
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [CanonicalizationMethod: null]
DEBUG ElementProxy:181 - setElement(CanonicalizationMethod, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:235 - isNodeSet() = true
DEBUG DOMSignedInfo:243 - Canonicalized SignedInfo:
DEBUG DOMSignedInfo:248 - <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#ID1000608240001572017071915400600001"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue></Reference></SignedInfo>
DEBUG DOMSignedInfo:249 - Data to be signed/verified:PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNvYXA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIj48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiPjwvU2lnbmF0dXJlTWV0aG9kPjxSZWZlcmVuY2UgVVJJPSIjSUQxMDAwNjA4MjQwMDAxNTcyMDE3MDcxOTE1NDAwNjAwMDAxIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvVHJhbnNmb3JtPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSI+PC9UcmFuc2Zvcm0+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiPjwvRGlnZXN0TWV0aG9kPjxEaWdlc3RWYWx1ZT5TbTBxUFVYKzg5aG5PR2tRUDdoc3hUTlVJZkFyeUNkWUJXWVhNMStPbUpzPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPg==
DEBUG DOMSignatureMethod:222 - Signature provider:SunRsaSign version 1.8
DEBUG DOMSignatureMethod:223 - Verifying with key: Sun RSA public key, 2048 bits
  modulus: 18850565723518694304036681294904955376724231871364234526408990712505004320383621186417985414445105832462854179885482777052872657757253057498276138689217124788313055652738068786152007030341157717350629030807302506296786052005145921775458384455332804013031584688081901027146715120332778706117692138572155315212459970637104450132114335517756099838544318343025698054701160186011605999191313387389709562683755957006454728356593750500899887605586015518285164570248753404551631162415424346573421063111556516263872766146218478987848418776173293386026256616764023342134329374433270339343343588810070112038383709045990970021627
  public exponent: 65537
DEBUG DOMSignatureMethod:224 - JCA Algorithm: SHA256withRSA
DEBUG DOMSignatureMethod:225 - Signature Bytes length: 256
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [CanonicalizationMethod: null]
DEBUG ElementProxy:181 - setElement(CanonicalizationMethod, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:235 - isNodeSet() = true
DEBUG DOMSignedInfo:243 - Canonicalized SignedInfo:
DEBUG DOMSignedInfo:248 - <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#ID1000608240001572017071915400600001"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue></Reference></SignedInfo>
DEBUG DOMSignedInfo:249 - Data to be signed/verified:PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNvYXA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIj48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiPjwvU2lnbmF0dXJlTWV0aG9kPjxSZWZlcmVuY2UgVVJJPSIjSUQxMDAwNjA4MjQwMDAxNTcyMDE3MDcxOTE1NDAwNjAwMDAxIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvVHJhbnNmb3JtPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSI+PC9UcmFuc2Zvcm0+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiPjwvRGlnZXN0TWV0aG9kPjxEaWdlc3RWYWx1ZT5TbTBxUFVYKzg5aG5PR2tRUDdoc3hUTlVJZkFyeUNkWUJXWVhNMStPbUpzPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPg==
javax.xml.crypto.dsig.XMLSignatureException: Mensagem XML com Assinatura Digital inválida
at com.consisa.esocial.teste.TesteEnvio.validarAssinatura(TesteEnvio.java:581)
at com.consisa.esocial.teste.TesteEnvio.validarAssinatura(TesteEnvio.java:448)
at com.consisa.esocial.teste.TesteEnvio.main(TesteEnvio.java:125)

Can anyone help me with this digital signature?

certificado xml assinatura-digital esocial

asked by anonymous 19.07.2017 / 20:56

1 answer

Google maps warning: getCurrentPosition () and watchPosition () no longer work on insecure origins WhereIn in Eloquent

score 1 · Answer 1

Cristian, for your comment it seems to me that you have already solved the specific problem of your original question, but only remembering that, to create a valid batch for eSocial:

The entire event XML must be used to create the signature, in this case, from the < eSocial > which precedes the < evtInfoEmpreg & > to the < / eSocial > which closes the event (not the one that closes the batch), but it looks like that's just what you did to solve the problem.
As Andre Rezende said in the comment, the xmlns: xsd and xmlns: xsi attributes of the eSocial element should be removed, but you have already done so.
The URI attribute of the Reference element of the signature must be empty.
If the nrInsc that is entered in the eventpredictor group is the 8-digit root CNPJ (most cases), the nrInsc in the batchImprevroup group must also be only 8 digits long, and the CNPJ used to compose the event ID as well should be the 8 digit CNPJ, with zeros to the right to complete the 14 digits.

I created two pages with some tips on eSocial, one with tips on signing and another with tips for accessing the service, I'll leave the links here because you can help others:

link
link