我正在尝试使用 X509Certificate 对 xml 进行签名,我正在使用签名者 gem。
private_key_file = File.join(File.dirname(__FILE__), '/cert/1234567890001_priKEY.pem')
cert_file = File.join(File.dirname(__FILE__), '/cert/1234567890001_certKEY.pem')
input_xml_file = File.join(File.dirname(__FILE__), 'nfce_xml.xml')
signer = Signer.new(File.read(input_xml_file))
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "")
signer.security_node = signer.document.root
signer.security_token_id = ""
signer.digest!(signer.document.root, :id => "NFe51150501882109000162650010000000011064552496", :enveloped => true)
signer.sign!(:issuer_serial => true)
signed_xml = signer.to_xml
File.open("signed.xml", 'w') {|f| f.write(signed_xml) }
签名:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#NFe51150501882109000162650010000000011064552496">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>xgvKmWBZeQSt0vue30DzzBvc494=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>DE8BKKsxBAh/zEnX/N/P0f/xOZD7O...</SignatureValue>
<KeyInfo>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>System.Security.Cryptography.X509Certificates.X500DistinguishedName</X509IssuerName>
<X509SerialNumber>2701224559233645315</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MIIIHzCCBgegAwIBAgIIJXytbMe...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
但我需要删除 X509IssuerSerial 标签,添加此转换:
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
并将 CanonicalizationMethod 更改为:
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
有人可以帮忙吗?
谢谢。
最佳答案
关于格式,您无能为力。
Captain obvious 建议在 signer.sign!(:issuer_serial => true)
中禁用 issuer_serial 以删除 X509IssuerSerial 标签?
关于ruby-on-rails - 如何在 Ruby 中使用 X509Certificate 对 xml 进行签名?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30059354/