Apex Code Development You need to sign in to do that
Don't have an account?
almazanjl Unable to get a valid signature using APEX Crypto.signXml()
Hi everyone.
I am trying to sign an XML with the APEX method Crypto.signXml(), but I am not able to obtain a valid signature.
I'm developing in Salesforce an integration with an external SOAP Web Service that expects an XML document signed with a certain certificate (Test_Certificate) installed in the Salesforce organization.
Here is my APEX example:
Error: signature verification failed
Here is the return value of the signed document:
Any suggestion is welcome.
Thanks in advance.
I am trying to sign an XML with the APEX method Crypto.signXml(), but I am not able to obtain a valid signature.
I'm developing in Salesforce an integration with an external SOAP Web Service that expects an XML document signed with a certain certificate (Test_Certificate) installed in the Salesforce organization.
Here is my APEX example:
String xml = '<request><request_meta><service>Test 1</service></request_meta></request>';
Dom.Document doc = new dom.Document();
doc.load(xml);
System.Crypto.signXml('RSA-SHA1', doc.getRootElement(), null, 'Test_Certificate');
System.Debug('********** Document signed: ' + doc.toXmlString());
But when I check the validity of the signature (value of doc.toXmlString ()), with an external tool like this: https://www.aleksey.com/xmlsec/xmldsig-verifier.html the result is always the same:Error: signature verification failed
Here is the return value of the signed document:
<?xml version="1.0" encoding="UTF-8"?><request ID="_6087196b72facc986593cf1805d5055f5e5bd52e"><request_meta><service>Test 1</service></request_meta><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#_6087196b72facc986593cf1805d5055f5e5bd52e"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue>cqoiEh1rYlvizSfk5wvTQMUoKu8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>KQqNHBuVf94Lo9cl3xTqYfMyazkqrPtdkV5FzgTBiQwN43wdlwfgU5eC7GErAoeuGTAFPRoJB5Oa wjQbd+03I7KCY3R5IYZbdpgQojGBL1KiEWxno1H2+KQ1Cl55UPGXAhfKW8YsJYeFG/v8j2x9ppxS jliaQCojWVX/wHkDqr2IHzB3Lh/qbHLCnzOkCMH42LX/6hChR8fViF4XXFiQjMUWgsBntTdtnk4l 82Cjuj098HeeyjMJEZyzYBL3hYIeUo/DKdi904mHrAEtpfcdQdk7KcYYI4Fp//XgAyDufECJ5PJv RpJb+YZ37rQFKZjGMN6GFSMgLPPpoqON2+Kirg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>tkMikn1uOvHPnMl3OHfylzKZ97NNoLwpYdlaed8zxuF/XZZgsxOGKwoI08Pp8Kf174ziyyPtGvUQ X9TTy03EDt2BRt6r7B3fO9oN6dXv9E7bH/60eo56oJt7QDtd5epSqxBRCa+5HxeQlYeS6XrmuTmK GGne/ZCJ23uYGKWXvy9MB7yBBZb4AeseKg7ku2rEoEOt/+3TNNQdO4pPZkwRXmAfV3G3dUltznvl 4lATBNAiHW2N2dJGIMt0+dV6pefdzwsYrPwMquYQsL7lKZ5paq3EwMRaeXGuKkGoEo0wUcHazJUo Wgmbhn+PzBvqGZrsV3zTfEjlqmP0cY3ZdKUx5Q==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIERTCCAy2gAwIBAgIJAPy1RVtialntMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAlNQMQ8w DQYDVQQIEwZNYWRyaWQxDzANBgNVBAcTBk1hZHJpZDEVMBMGA1UECgwMVGljTWluZF8yMDQ4MRUw EwYDVQQLDAxUaWNNaW5kXzIwNDgxFTATBgNVBAMMDFRpY01pbmRfMjA0ODAeFw0xODAzMDIwNzI1 MjVaFw0yODAyMjgwNzI1MjVaMHQxCzAJBgNVBAYTAlNQMQ8wDQYDVQQIEwZNYWRyaWQxDzANBgNV BAcTBk1hZHJpZDEVMBMGA1UECgwMVGljTWluZF8yMDQ4MRUwEwYDVQQLDAxUaWNNaW5kXzIwNDgx FTATBgNVBAMMDFRpY01pbmRfMjA0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZD IpJ9bjrxz5zJdzh38pcymfezTaC8KWHZWnnfM8bhf12WYLMThisKCNPD6fCn9e+M4ssj7Rr1EF/U 08tNxA7dgUbeq+wd3zvaDenV7/RO2x/+tHqOeqCbe0A7XeXqUqsQUQmvuR8XkJWHkul65rk5ihhp 3v2Qidt7mBill78vTAe8gQWW+AHrHioO5LtqxKBDrf/t0zTUHTuKT2ZMEV5gH1dxt3VJbc575eJQ EwTQIh1tjdnSRiDLdPnVeqXn3c8LGKz8DKrmELC+5SmeaWqtxMDEWnlxripBqBKNMFHB2syVKFoJ m4Z/j8wb6hma7Fd803xI5apj9HGN2XSlMeUCAwEAAaOB2TCB1jAdBgNVHQ4EFgQUHGAiWj2h4ztZ IE7yUlMzGcPmuqQwgaYGA1UdIwSBnjCBm4AUHGAiWj2h4ztZIE7yUlMzGcPmuqSheKR2MHQxCzAJ BgNVBAYTAlNQMQ8wDQYDVQQIEwZNYWRyaWQxDzANBgNVBAcTBk1hZHJpZDEVMBMGA1UECgwMVGlj TWluZF8yMDQ4MRUwEwYDVQQLDAxUaWNNaW5kXzIwNDgxFTATBgNVBAMMDFRpY01pbmRfMjA0OIIJ APy1RVtialntMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADehkBaDiviyrfSveTW1 bk36YQBrKbUQ7aXrvawVtLH4oXHWF2mkZDyAqCk5OBr70VVkP9tS7gx/peafgqw8kpE8cFOk+eIu KXCUKw7NM3L1AneyoLTo8XwFfieOjHp03C330+e0jvkh/KUASfaS4sc6IQKnxxfbTcPNB/jA1mk1 Woaf49UlQ3koJ59ZThO3IerdD/3Shzv1MifKKIIjUohW+EdTGnM+FLsGSWKd+c+0fE1qDn9JI1zM twGqRC+rcsg6WOZ1YM487Rqc/4HJf+NJErkJDEFBC01BRlEVoo/NPj0Dl7lpxwcQRBUhGXVJe4ym 9M2e3jdIdsJtLwc7WjM=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></request>I've tried everything already, but I never get a valid signature.
Any suggestion is welcome.
Thanks in advance.
Virginia Ferrer 6Hi... did you fix that?¿ I have de same problem.... I don't know how can get a correct signature.