Problem with digital signature SHA-256

Asked

Viewed 3,208 times

1

I am generating an xml and signing with SHA-256, but when validating the signature soon after java says that it is not valid

xml generated and signed:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
    <EnviarLoteEventos xmlns="http://www.esocial.gov.br/servicos/empregador/lote/eventos/envio/v1_1_0">
        <loteEventos>
            <eSocial xmlns="http://www.esocial.gov.br/schema/lote/eventos/envio/v1_1_0">
                <envioLoteEventos grupo="1">
                    <ideEmpregador>
                        <tpInsc>1</tpInsc>
                        <nrInsc>00060824000157</nrInsc>
                    </ideEmpregador>
                    <ideTransmissor>
                        <tpInsc>1</tpInsc>
                        <nrInsc>00060824000157</nrInsc>
                    </ideTransmissor>
                    <eventos>
                        <evento Id="ID1000608240001572017071915400600002">
                            <eSocial xmlns="http://www.esocial.gov.br/schema/evt/evtInfoEmpregador/v02_02_02">
                                <evtInfoEmpregador Id="ID1000608240001572017071915400600001">
                                    <ideEvento>
                                        <tpAmb>3</tpAmb>
                                        <procEmi>1</procEmi>
                                        <verProc>11.27.062.05</verProc>
                                    </ideEvento>
                                    <ideEmpregador>
                                        <tpInsc>1</tpInsc>
                                        <nrInsc>00060824</nrInsc>
                                    </ideEmpregador>
                                    <infoEmpregador>
                                        <inclusao>
                                            <idePeriodo>
                                                <iniValid>2010-01</iniValid>
                                            </idePeriodo>
                                            <infoCadastro>
                                                <nmRazao>CONSISANET SISTEMAS DE INFORMACAO LTDA - EPP</nmRazao>
                                                <classTrib>02</classTrib>
                                                <natJurid>2313</natJurid>
                                                <indCoop>0</indCoop>
                                                <indConstr>0</indConstr>
                                                <indDesFolha>0</indDesFolha>
                                                <indOptRegEletron>1</indOptRegEletron>
                                                <multTabRubricas>N</multTabRubricas>
                                                <indEntEd>S</indEntEd>
                                                <indEtt>N</indEtt>
                                                <contato>
                                                    <nmCtt>SOCIO TESTE</nmCtt>
                                                    <cpfCtt>03202055925</cpfCtt>
                                                    <foneFixo>04699786912</foneFixo>
                                                </contato>
                                                <softwareHouse>
                                                    <cnpjSoftHouse>00060824000157</cnpjSoftHouse>
                                                    <nmRazao>CONSISA INFORMÁTICA LTDA</nmRazao>
                                                    <nmCont>MARCIO RODRIGO DE BORTOLI</nmCont>
                                                    <telefone>04635201300</telefone>
                                                </softwareHouse>
                                                <infoComplementares>
                                                    <situacaoPJ>
                                                        <indSitPJ>0</indSitPJ>
                                                    </situacaoPJ>
                                                </infoComplementares>
                                            </infoCadastro>
                                        </inclusao>
                                    </infoEmpregador>
                                </evtInfoEmpregador>
                                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                                    <SignedInfo>
                                        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                                        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                                        <Reference URI="#ID1000608240001572017071915400600001">
                                            <Transforms>
                                                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                                <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                                            </Transforms>
                                            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                            <DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue>
                                        </Reference>
                                    </SignedInfo>
                                    <SignatureValue>a70ld/0B4VX+FiPWaXYYNjJmGHZtEV7YxjOwLeqSjcWmo45mUySGv2oyXQFEU9ahKSizPkfQoYqpERG4r/Z2qChEkpHDJkGwRCGycPd5ZdxJDht/0dip6KkGzqb/iYpdeRXq1ljlnelfMTcOvaLxaFh1PQ4hP28jFu3TxE/xEWuWA4kvIzFURcQdeuPfv/99P4lZKTX/vZAiPGePLa2QkqnqMbLrdI5Ze5D9/igt/hsWTo3OXxO3AAUAwKMwjYSaWp3Rs/i3IVKmHIk2oIxXIQGDPBCl8VJKMRUlvBXEkFT82YFy0vlSnD+REYlJyfk/ECBayt6delMLHHVRyD4Ecw==</SignatureValue>
                                    <KeyInfo>
                                        <X509Data>
                                            <X509Certificate>MIIIADCCBeigAwIBAgIIdBH1hsRuUe0wDQYJKoZIhvcNAQELBQAwczELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEXMBUGA1UEAxMOQUMgU0FGRVdFQiBSRkIwHhcNMTcwNjEyMTE0MDA0WhcNMTgwNjEyMTE0MDA0WjCB5TELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxCzAJBgNVBAgTAlBSMRowGAYDVQQHExFGUkFOQ0lTQ08gQkVMVFJBTzE2MDQGA1UECxMtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRYwFAYDVQQLEw1SRkIgZS1DTlBKIEExMRIwEAYDVQQLEwlBUiBGVVRVUkExNDAyBgNVBAMTK0NPTlNJU0EgSU5GT1JNQVRJQ0EgTFREQSBFUFA6MDAwNjA4MjQwMDAxNTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVU0M1Iq7sRQJUUUQuS7fkIVYAuZ31wKSTKISECMMS5DachOvMBN0E13Jin/ocoUK0dy/0aNIIA74x9IdWw4oTPWQBWmVp0f/8k+kcRIFiD8/zmDqTdjjYMt2+WxYQ1M/zOMo/WOL8pLzGjvYwddzpVPrZHU/4zmyHkAjX7JGtG2+zQqIq4Nu6kEcro45pKtwkwUcJFB3kOvNInU+OEhFN6jODOXsQD4zbz1Nnv/+B0wvH+uM5LSCPx8BsK4nKrn1C6jkik+P/fItAPNE+S8mIyvia59GzXLutnwHf/bl2KnUrbaNkUHW3i3+sbpeZiBuDwLJFg3FNaIHSdm1Pitb7AgMBAAGjggMjMIIDHzAfBgNVHSMEGDAWgBTfRU9Px+HcOMxKDCDn+OlZrR9eYTAOBgNVHQ8BAf8EBAMCBeAwbQYDVR0gBGYwZDBiBgZgTAECATMwWDBWBggrBgEFBQcCARZKaHR0cDovL3JlcG9zaXRvcmlvLmFjc2FmZXdlYi5jb20uYnIvYWMtc2FmZXdlYnJmYi9hYy1zYWZld2ViLXJmYi1wYy1hMS5wZGYwgf8GA1UdHwSB9zCB9DBPoE2gS4ZJaHR0cDovL3JlcG9zaXRvcmlvLmFjc2FmZXdlYi5jb20uYnIvYWMtc2FmZXdlYnJmYi9sY3ItYWMtc2FmZXdlYnJmYnYyLmNybDBQoE6gTIZKaHR0cDovL3JlcG9zaXRvcmlvMi5hY3NhZmV3ZWIuY29tLmJyL2FjLXNhZmV3ZWJyZmIvbGNyLWFjLXNhZmV3ZWJyZmJ2Mi5jcmwwT6BNoEuGSWh0dHA6Ly9hY3JlcG9zaXRvcmlvLmljcGJyYXNpbC5nb3YuYnIvbGNyL1NBRkVXRUIvbGNyLWFjLXNhZmV3ZWJyZmJ2Mi5jcmwwgYsGCCsGAQUFBwEBBH8wfTBRBggrBgEFBQcwAoZFaHR0cDovL3JlcG9zaXRvcmlvLmFjc2FmZXdlYi5jb20uYnIvYWMtc2FmZXdlYnJmYi9hYy1zYWZld2VicmZidjIucDdiMCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5hY3NhZmV3ZWIuY29tLmJyMIHCBgNVHREEgbowgbeBHUNBTUlMQS5ERVpBTkVUQENPTlNJU0FORVQuQ09NoCgGBWBMAQMCoB8THUpPU0UgQU5UT05JTyBBTlRVTkVTIFpBTlJPU1NPoBkGBWBMAQMDoBATDjAwMDYwODI0MDAwMTU3oDgGBWBMAQMEoC8TLTA1MDIxOTU5NDIyNzU1MDQ5MTUwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDB6AOEwwwMDAwMDAwMDAwMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggIBAHc+285LZluwRoBDg2tXsWM8TfFA1WwDy23NUeqw/zfIqMCk+grD8ZtrhKFFGGhHxTknekBgQ02SMj2GbtIwTPZk2HVEjCCfKvLh4N5cx2ngXMjMbjib6DDv9A4Q5HifyiU5Z/uRVTxtgGUMHEEmCfhf5N8Nf1OQQi+cNznpcKVU/pDPQJXKnRlM1JCKTMVt6JKf5MUVbn2Nz8NUdP0ZS44YxmNCDD4cDq3paBtDy+NVuagA467gL1Gg+r7LjNGFhIY3MqvNxsklKyjVkqnhScDmvI/3KIqkLufHe+B+/Olf1yjQA6D9lrAljYKQfJoqUZ6Y1FMWHzSeSYopoWC3mBM0nnTryw1Ma+CP+6gh2TaHUrzbQv2Ehfvooc1VV+EQXjgWF9Lmk5+8woqUqZWytS3yCe91nUTR26+y+msMKChxkMMBOXsAWidY6K54BVy2LRDKsgyP4cOPzvOv/vKDX3opFBuloU2ipY/tS2caRK0/7SyzQZz0yXISYoQeB2IWdw49YoHhfCsh9TsmYbM043BnUAazGGxu2Pz2UswHFbjr/Q5BGhRysRJWLnYEPmVXxdxYVWt3WGqiYRnQUXQ0jS7LHVwwK4++ylpgyfn3487YW5tVpoVH90Cb3Blrw0wE3DInaz59IupjyZ+hWNW8wOyqu3q9m9Z3GDDaADtYmAKl</X509Certificate>
                                        </X509Data>
                                    </KeyInfo>
                                </Signature>
                            </eSocial>
                        </evento>
                    </eventos>
                </envioLoteEventos>
            </eSocial>
        </loteEventos>
    </EnviarLoteEventos>
</soap:Body>

signature method code used

public static String assinarSHA256(String xml, String tagRoot, String tagId, String tagAssinar,
        CertificadoBean certificadoBean, boolean lote) throws Throwable {

    Document doc = XMLW3CUtil.stringToDocument(xml);
    NodeList elements = doc.getElementsByTagName(tagAssinar);
    int quantidade = elements.getLength();

    try {
        for (int i = 0; i < quantidade; i++) {
            Element el = (Element) elements.item(i);

            String id = el.getAttribute(tagId);
            el.setIdAttribute("Id", true);

            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

            List<Transform> transformList = new ArrayList<Transform>();
            transformList.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
            transformList.add(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
                    (C14NMethodParameterSpec) null));

            Reference ref = fac.newReference("#" + id, fac.newDigestMethod(DigestMethod.SHA256, null),
                    transformList, null, null);

            SignedInfo si = fac.newSignedInfo(
                    fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
                    fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null),
                    Collections.singletonList(ref));

            KeyInfoFactory kif = fac.getKeyInfoFactory();
            X509Data x509Data = kif.newX509Data(Collections.singletonList(certificadoBean.getCertificado()));
            KeyInfo ki = kif.newKeyInfo(Collections.singletonList(x509Data));

            DOMSignContext dsc = new DOMSignContext(certificadoBean.getChavePrivada(), el.getParentNode());

            XMLSignature signature = fac.newXMLSignature(si, ki);
            signature.sign(dsc);
        }
    } catch (NoSuchAlgorithmException e) {
        logger.error(e);
    } catch (InvalidAlgorithmParameterException e) {
        logger.error(e);
    } catch (MarshalException e) {
        logger.error(e);
    } catch (XMLSignatureException e) {
        throw new Exception(
                "Erro ao assinar o documento, verificar se o certificado " + "esta configurado corretamente");
    }

    return XMLW3CUtil.documentToString(doc);
}

however after this I call a method that does the validation and it is returned that the signature is not valid, log shown during xml signing process and signature validation:

log4j:ERROR Could not find value for key log4j.appender.LOGTXT
log4j:ERROR Could not instantiate appender named "LOGTXT".
log4j:WARN No appenders could be found for logger         (com.consisa.global.utils.conexao.seguranca.CredentialManager).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
DEBUG Init:114 - Registering default algorithms
DEBUG DOMReference:312 - Marshalling Reference
DEBUG DOMReference:337 - Adding digestValueElem
DEBUG ResourceResolver:94 - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
DEBUG ResolverFragment:131 - State I can resolve reference: "#ID1000608240001572017071915400600001"
DEBUG ResolverFragment:95 - Try to catch an Element with ID ID1000608240001572017071915400600001 and Element was [evtInfoEmpregador: null]
DEBUG DOMReference:423 - URIDereferencer class name: org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer
DEBUG DOMReference:424 - Data class name: org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData
DEBUG Transform:360 - Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
DEBUG Transform:362 - The NodeList is [Transform: null]
DEBUG ElementProxy:181 - setElement(Transform, "null"
DEBUG ApacheTransform:145 - Created transform for algorithm: http://www.w3.org/2000/09/xmldsig#enveloped-signature
DEBUG ApacheTransform:166 - ApacheData = true
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [Transform: null]
DEBUG ElementProxy:181 - setElement(Transform, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:230 - ApacheData = true
DEBUG DigesterOutputStream:88 - Pre-digested input:
DEBUG DigesterOutputStream:93 - <evtInfoEmpregador xmlns="http://www.esocial.gov.br/schema/evt/evtInfoEmpregador/v02_02_02" Id="ID1000608240001572017071915400600001"><ideEvento><tpAmb>3</tpAmb><procEmi>1</procEmi><verProc>11.27.062.05</verProc></ideEvento><ideEmpregador><tpInsc>1</tpInsc><nrInsc>00060824</nrInsc></ideEmpregador><infoEmpregador><inclusao><idePeriodo><iniValid>2010-01</iniValid></idePeriodo><infoCadastro><nmRazao>CONSISANET SISTEMAS DE INFORMACAO LTDA - EPP</nmRazao><classTrib>02</classTrib><natJurid>2313</natJurid><indCoop>0</indCoop><indConstr>0</indConstr><indDesFolha>0</indDesFolha><indOptRegEletron>1</indOptRegEletron><multTabRubricas>N</multTabRubricas><indEntEd>S</indEntEd><indEtt>N</indEtt><contato><nmCtt>SOCIO TESTE</nmCtt><cpfCtt>03202055925</cpfCtt><foneFixo>04699786912</foneFixo></contato><softwareHouse><cnpjSoftHouse>00060824000157</cnpjSoftHouse><nmRazao>CONSISA INFORMᅢチTICA LTDA</nmRazao><nmCont>MARCIO RODRIGO DE BORTOLI</nmCont><telefone>04635201300</telefone></softwareHouse><infoComplementares><situacaoPJ><indSitPJ>0</indSitPJ></situacaoPJ></infoComplementares></infoCadastro></inclusao></infoEmpregador></evtInfoEmpregador>
DEBUG DOMReference:361 - Reference object uri = #ID1000608240001572017071915400600001
DEBUG DOMReference:373 - Reference digesting completed
DEBUG DOMSignatureMethod:269 - Signature provider:SunRsaSign version 1.8
DEBUG DOMSignatureMethod:270 - Signing with key: sun.security.rsa.RSAPrivateCrtKeyImpl@fff8a957
DEBUG DOMSignatureMethod:271 - JCA Algorithm: SHA256withRSA
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [CanonicalizationMethod: null]
DEBUG ElementProxy:181 - setElement(CanonicalizationMethod, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:235 - isNodeSet() = true
DEBUG DOMSignedInfo:243 - Canonicalized SignedInfo:
DEBUG DOMSignedInfo:248 - <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#ID1000608240001572017071915400600001"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue></Reference></SignedInfo>
DEBUG DOMSignedInfo:249 - Data to be signed/verified:PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiPjwvQ2Fub25pY2FsaXphdGlvbk1ldGhvZD48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiI+PC9TaWduYXR1cmVNZXRob2Q+PFJlZmVyZW5jZSBVUkk9IiNJRDEwMDA2MDgyNDAwMDE1NzIwMTcwNzE5MTU0MDA2MDAwMDEiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSI+PC9UcmFuc2Zvcm0+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiI+PC9EaWdlc3RNZXRob2Q+PERpZ2VzdFZhbHVlPlNtMHFQVVgrODlobk9Ha1FQN2hzeFROVUlmQXJ5Q2RZQldZWE0xK09tSnM9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+
DEBUG DOMSignatureMethod:222 - Signature provider:SunRsaSign version 1.8
DEBUG DOMSignatureMethod:223 - Verifying with key: Sun RSA public key, 2048 bits
  modulus: 18850565723518694304036681294904955376724231871364234526408990712505004320383621186417985414445105832462854179885482777052872657757253057498276138689217124788313055652738068786152007030341157717350629030807302506296786052005145921775458384455332804013031584688081901027146715120332778706117692138572155315212459970637104450132114335517756099838544318343025698054701160186011605999191313387389709562683755957006454728356593750500899887605586015518285164570248753404551631162415424346573421063111556516263872766146218478987848418776173293386026256616764023342134329374433270339343343588810070112038383709045990970021627
  public exponent: 65537
DEBUG DOMSignatureMethod:224 - JCA Algorithm: SHA256withRSA
DEBUG DOMSignatureMethod:225 - Signature Bytes length: 256
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [CanonicalizationMethod: null]
DEBUG ElementProxy:181 - setElement(CanonicalizationMethod, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:235 - isNodeSet() = true
DEBUG DOMSignedInfo:243 - Canonicalized SignedInfo:
DEBUG DOMSignedInfo:248 - <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#ID1000608240001572017071915400600001"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue></Reference></SignedInfo>
DEBUG DOMSignedInfo:249 - Data to be signed/verified:PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNvYXA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIj48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiPjwvU2lnbmF0dXJlTWV0aG9kPjxSZWZlcmVuY2UgVVJJPSIjSUQxMDAwNjA4MjQwMDAxNTcyMDE3MDcxOTE1NDAwNjAwMDAxIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvVHJhbnNmb3JtPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSI+PC9UcmFuc2Zvcm0+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiPjwvRGlnZXN0TWV0aG9kPjxEaWdlc3RWYWx1ZT5TbTBxUFVYKzg5aG5PR2tRUDdoc3hUTlVJZkFyeUNkWUJXWVhNMStPbUpzPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPg==
DEBUG DOMSignatureMethod:222 - Signature provider:SunRsaSign version 1.8
DEBUG DOMSignatureMethod:223 - Verifying with key: Sun RSA public key, 2048 bits
  modulus: 18850565723518694304036681294904955376724231871364234526408990712505004320383621186417985414445105832462854179885482777052872657757253057498276138689217124788313055652738068786152007030341157717350629030807302506296786052005145921775458384455332804013031584688081901027146715120332778706117692138572155315212459970637104450132114335517756099838544318343025698054701160186011605999191313387389709562683755957006454728356593750500899887605586015518285164570248753404551631162415424346573421063111556516263872766146218478987848418776173293386026256616764023342134329374433270339343343588810070112038383709045990970021627
  public exponent: 65537
DEBUG DOMSignatureMethod:224 - JCA Algorithm: SHA256withRSA
DEBUG DOMSignatureMethod:225 - Signature Bytes length: 256
DEBUG Transform:360 - Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" class "class org.apache.xml.security.transforms.implementations.TransformC14N"
DEBUG Transform:362 - The NodeList is [CanonicalizationMethod: null]
DEBUG ElementProxy:181 - setElement(CanonicalizationMethod, "null"
DEBUG ApacheCanonicalizer:219 - Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
DEBUG ApacheCanonicalizer:235 - isNodeSet() = true
DEBUG DOMSignedInfo:243 - Canonicalized SignedInfo:
DEBUG DOMSignedInfo:248 - <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#ID1000608240001572017071915400600001"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>Sm0qPUX+89hnOGkQP7hsxTNUIfAryCdYBWYXM1+OmJs=</DigestValue></Reference></SignedInfo>
DEBUG DOMSignedInfo:249 - Data to be signed/verified:PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNvYXA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIj48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiPjwvU2lnbmF0dXJlTWV0aG9kPjxSZWZlcmVuY2UgVVJJPSIjSUQxMDAwNjA4MjQwMDAxNTcyMDE3MDcxOTE1NDAwNjAwMDAxIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvVHJhbnNmb3JtPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSI+PC9UcmFuc2Zvcm0+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiPjwvRGlnZXN0TWV0aG9kPjxEaWdlc3RWYWx1ZT5TbTBxUFVYKzg5aG5PR2tRUDdoc3hUTlVJZkFyeUNkWUJXWVhNMStPbUpzPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPg==
javax.xml.crypto.dsig.XMLSignatureException: Mensagem XML com Assinatura Digital inválida
at com.consisa.esocial.teste.TesteEnvio.validarAssinatura(TesteEnvio.java:581)
at com.consisa.esocial.teste.TesteEnvio.validarAssinatura(TesteEnvio.java:448)
at com.consisa.esocial.teste.TesteEnvio.main(TesteEnvio.java:125)

Can someone help me with this digital signature ?

xml certified digital-signature esocial
  • 1

    We are having the same problem, when sending to eSocial we get an error that the file may have been changed after signed or that the certificate is not valid. Our certificate seems to be valid as it is not revoked and we were able to log into the e-CAC with it. Anyway, although the certificate chain is not the problem, you have the certificate chain installed? https://certificados.serpro.gov.br/serproacf/certificate-chain

  • Try removing xmlns:xsd and xmlns:xsi attributes from the eSocial element.

  • 1

    is the same problem I had, to solve I signed the xml only of the event, evtInfoEmpregator, I took the xml of that event along with his tag Parent eSocial, and the signature passed to be validated successfully by the service, I hope it helps.

1 answer

1

Cristian, by your comment it seems to me that you have already solved the specific problem of your original question, but, just remembering that, to create a valid batch for eSocial:

  • The XML of the whole event should be used to create the signature, in this case, from the <eSocial> tag that precedes the <evtInfoEmpregator> tag to the </eSocial> tag that closes the event (not the one that closes the batch), but it seems that this is exactly what you did to solve the problem.
  • As Andre Rezende said in the comment, the xmlns:xsd and xmlns:xsi attributes of the eSocial element should be removed, but you have already done this.
  • The URI attribute of the signature element Reference must be empty.
  • If the nrInsc reported in the ideEmployee group of the event is the 8-digit root CNPJ (most cases), the nrInsc in the ideEmployee group of the lot must also have only 8 digits, and the CNPJ used to compose the event ID must also be the 8-digit CNPJ, with zeroes to the right to complete the 14 digits.

I created two pages with some tips on eSocial, one with tips on subscription and the other with tips for access to the service, I’ll leave the links here because it can help others:

Browser other questions tagged xml certified digital-signature esocial

You are not signed in. Login or sign up in order to post.