【发布时间】:2021-09-07 02:41:57
【问题描述】:
我需要使用 NODEJS 用我的 .PEM 证书和密码签署一个 XML 文件。预期的结果将是具有以下格式的 XML 输出文件:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>zHZj0KS0h60yrhNIijxk0HgKEQI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>e6ENjwpibfoCkWL13X......</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>BaWgAwIBAgIIUgD9d3AI..</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
但我无法添加此标签 <X509Certificate> 及其值。
我的输出 xml 文件是这样的:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>zHZj0KS0h60yrhNIijxk0HgKEQI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>e6ENjwpibfoCkWL13X......</SignatureValue>
<KeyInfo>
<X509Data>
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
检查下面我在 Node.js v16.0.3 中的代码:
var select = require('xml-crypto').xpath
, dom = require('xmldom').DOMParser
, SignedXml = require('xml-crypto').SignedXml
, FileKeyInfo = require('xml-crypto').FileKeyInfo
, fs = require('fs')
function signXml(xml, xpath, key, dest) {
var sig = new SignedXml()
sig.signingKey = fs.readFileSync(key)
// not working:
sig.canonicalizationAlgorithm = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
sig.addReference(xpath, ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"])
// working:
// sig.addReference(xpath)
sig.computeSignature(xml)
fs.writeFileSync(dest, sig.getSignedXml())
}
function MyKeyInfo() {
this.getKeyInfo = function(key) {
return "<X509Data></X509Data>"
};
this.getKey = function(keyInfo) {
return fs.readFileSync("certificate.pem", 'utf-8');
};
}
//formatando nota fiscal
var xml = '<ns1:ReqConsultaNotas ' +
'xmlns:ns1="http://localhost:8080/WsNFe2/lote" ' +
'xmlns:tipos="http://localhost:8080/WsNFe2/tp" ' +
'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ' +
'xsi:schemaLocation="http://localhost:8080/WsNFe2/lote http://localhost:8080/WsNFe2/xsd/ReqConsultaNotas.xsd">' +
'<Header Id="Consulta:notas">' +
'<Version>1</Version>' +
'</Header>' +
'</ns1:ReqConsultaNotas>'
//sign an xml document
signXml(xml,
"//*[@Id='Consulta:notas']",
"certificate.pem",
"result.xml")
console.log("xml signed succesfully")
var xml = fs.readFileSync("result.xml").toString()
var sig = new SignedXml();
sig.keyInfoProvider = new MyKeyInfo();
//sig.addReference("//*[local-name(.)='InfNfse']");
sig.signingKey = fs.readFileSync("certificate.pem");
sig.computeSignature(xml);
fs.writeFileSync("signed.xml", sig.getSignedXml());
任何提示如何添加<X509Certificate>标签?
【问题讨论】:
-
怎么会失败?
-
@MichaelKay 我的代码不会生成
值。如 BaWgAwIBAgIIUgD9d3AI..
标签: javascript node.js xml certificate x509certificate