I have a government-issued document with the following format (much was redacted as it contained some personal information), which contains a doc/docx file and a certificate, encoded in base64:
<?xml version="1.0" encoding="UTF-8"?>
<gov.il:SignedRoot xmlns:gov.il="http://www.gov.il/xmldigsig/v_1_0_0" version="1.0.0">
<gov.il:SigningAppInfo>
<gov.il:ApplicationName>Sign and Verify</gov.il:ApplicationName>
<gov.il:ApplicationVersion>2.0.0</gov.il:ApplicationVersion>
</gov.il:SigningAppInfo>
<gov.il:SignedObject Id="il-ae******-****-****-****-***********" MimeType="multipart/form-data">
<gov.il:SignedInfo Id="il-ea******-****-****-****-***********">
<gov.il:Data MimeType="multipart/form-data" DataEncodingType="base64">UkVEQUNURUQgV09SRCBET0NVTUVOVA==</gov.il:Data>
<gov.il:OptionalDataParams>
<gov.il:FileName>*****.DOCX</gov.il:FileName>
<gov.il:ContentCreationTime>2018-06-**T**:**:**Z</gov.il:ContentCreationTime>
</gov.il:OptionalDataParams>
</gov.il:SignedInfo>
</gov.il:SignedObject>
<gov.il:Signature xmlns:gov.il="http://www.w3.org/2000/09/xmldsig#" Id="il-********-****-****-****-************">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#il-********-****-****-****-************">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>/DJC0pAZUaSAQGe1Pl1eDlap75E=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">UkVEQUNURUQ=</SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509SubjectName>CN=REDACTED, OU=REDACTED, O=Gov, C=IL</X509SubjectName>
<X509Certificate>UkVEQUNURUQ=</X509Certificate>
</X509Data>
</KeyInfo>
</gov.il:Signature>
</gov.il:SignedRoot>
Whoever sent me this document is expecting me to download and install a "special program" that is able to open the file and validate the signature.
Since this "mysterious format" is a simple XML, I would like to convert the information found in it into some other format, which can be opened or validated without their dedicated software. Ideally the output would be one of these:
From what I gathered so far, these are the fields of interest:
<gov.il:Data MimeType="multipart/form-data" DataEncodingType="base64">...</gov.il:Data>
<DigestValue>/DJC0pAZUaSAQGe1Pl1eDlap75E=</DigestValue>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">...</SignatureValue>
<X509Data>
...
</X509Data>
but I don't know what to do from here.
P.S.
If this question is a better fit for Information Security, please comment, and I'll flag it for migration.
This is an answer to question #1.
I have managed to create a partially-working validator in Kotlin on the basis of Apache's javax.xml.crypto.dsig.samples.Validate example.
Admittedly, the code below has a bug where the computed Digest value doesn't match the one appearing in the XML (and the validation ultimately fails). However, there is some educational value here since all required validation steps are shown and explained.
This was tested on Kotlin 1.2.50 and JDK 9.0.1.
import org.w3c.dom.Element
import javax.xml.crypto.*
import javax.xml.crypto.dsig.*
import javax.xml.crypto.dsig.dom.DOMValidateContext
import javax.xml.crypto.dsig.keyinfo.*
import java.io.FileInputStream
import java.security.*
import java.security.cert.X509Certificate
import javax.management.modelmbean.XMLParseException
import javax.xml.parsers.DocumentBuilderFactory
/**
* This is a simple example of validating an XML
* Signature using the JSR 105 API. It assumes the key needed to
* validate the signature is contained in a KeyValue KeyInfo.
*/
object Validate {
//
// Synopsis: java Validate [document]
//
// where "document" is the name of a file containing the XML document
// to be validated.
//
@JvmStatic
fun main(args: Array<String>) {
// Instantiate the document to be validated
val dbf = DocumentBuilderFactory.newInstance()
dbf.isNamespaceAware = true
val doc = dbf.newDocumentBuilder().parse(FileInputStream(args[0]))
// Find Signature element
val nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature")
if (nl.length == 0) {
throw XMLParseException("Cannot find any Signature elements")
}
// Find SignedInfo elements that have an "Id" property and explicitly set them to be
// of type "ID". Inspired by: https://stackoverflow.com/a/7466809/3372061
val nd = doc.getElementsByTagNameNS("*", "SignedInfo")
(0 until nd.length)
.map { nd.item(it) }
.filter { it -> it.attributes.getNamedItem("Id") != null }
.forEach { it -> (it as Element).setIdAttribute("Id", true) }
// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
val fac = XMLSignatureFactory.getInstance("DOM")
// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
val valContext = DOMValidateContext(KeyValueKeySelector(), nl.item(0))
// Unmarshal the XMLSignature
val signature = fac.unmarshalXMLSignature(valContext)
// Validate the XMLSignature (generated above)
val coreValidity = signature.validate(valContext)
// Check core validation status
if (!coreValidity) {
System.err.println("Signature failed core validation")
val sv = signature.signatureValue.validate(valContext)
println("signature validation status: " + sv)
// check the validation status of each Reference
val i = signature.signedInfo.references.iterator()
var j = 0
while (i.hasNext()) {
val refValid = i.next().validate(valContext)
println("ref[$j] validity status: $refValid")
j++
}
} else {
println("Signature passed core validation")
}
}
/**
* KeySelector which retrieves the public key out of the
* KeyValue element and returns it.
* NOTE: If the key algorithm doesn't match signature algorithm,
* then the public key will be ignored.
*/
private class KeyValueKeySelector : KeySelector() {
@Throws(KeySelectorException::class)
override fun select(keyInfo: KeyInfo?,
purpose: KeySelector.Purpose,
method: AlgorithmMethod,
context: XMLCryptoContext): KeySelectorResult {
if (keyInfo == null) {
throw KeySelectorException("Null KeyInfo object!")
}
val sm = method as SignatureMethod
val list = keyInfo.content
var pk: PublicKey? = null
for (item in list) {
val xmlStructure = item as XMLStructure
if (xmlStructure is KeyValue) {
try {
pk = xmlStructure.publicKey
} catch (ke: KeyException) {
throw KeySelectorException(ke)
}
} else if (xmlStructure is X509Data) {
for (data in xmlStructure.content) {
if (data is X509Certificate) {
pk = data.publicKey
break
}
}
}
// make sure algorithm is compatible with method
if (algEquals(sm.algorithm, pk!!.algorithm)) {
return SimpleKeySelectorResult(pk)
}
}
throw KeySelectorException("No KeyValue element found!")
}
companion object {
//@@@FIXME: this should also work for key types other than DSA/RSA
internal fun algEquals(algURI: String, algName: String): Boolean {
return (algName.equals("DSA", ignoreCase = true) &&
algURI.equals(SignatureMethod.DSA_SHA1, ignoreCase = true)) ||
(algName.equals("RSA", ignoreCase = true) &&
algURI.equals(SignatureMethod.RSA_SHA1, ignoreCase = true))
}
}
}
private class SimpleKeySelectorResult
internal constructor(private val pk: PublicKey) : KeySelectorResult {
override fun getKey(): Key {
return pk
}
}
}