Boa tarde.
Acho q mtos aqui devem ter passado apuros pra assinar essa NFs-e. O “fale conosco” deles é tosco e não estou conseguindo assinar com o que encontrei na internet.
Hoje estou fazendo assim:
- pra gerar a chave privada a partir de um certificado A1:
[code] KeyStore ks = KeyStore.getInstance(“PKCS12”);
ks.load(new FileInputStream(localPFX), senha.toCharArray());
Enumeration aliasesEnum = ks.aliases();
String alias = "";
while (aliasesEnum.hasMoreElements()) {
alias = (String) aliasesEnum.nextElement();
if (ks.isKeyEntry(alias)) {
break;
}
}
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(alias,
new KeyStore.PasswordProtection(senha.toCharArray()));[/code]
- Pra gerar as assinaturas:
[code]try {
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(“DOM”);
Reference ref = fac.newReference(referencia.isEmpty() ? "" : ("#" + referencia),
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)),
null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
KeyInfoFactory kif = fac.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(cert);
X509Data xd = kif.newX509Data(x509Content);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
StringWriter fos = new StringWriter();
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(fos));
return doc;
} catch (TransformerException ex) {
Logger.getLogger(Signature2.class.getName()).log(Level.SEVERE, null, ex);
} catch (MarshalException ex) {
Logger.getLogger(Signature2.class.getName()).log(Level.SEVERE, null, ex);
} catch (XMLSignatureException ex) {
Logger.getLogger(Signature2.class.getName()).log(Level.SEVERE, null, ex);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(Signature2.class.getName()).log(Level.SEVERE, null, ex);
} catch (InvalidAlgorithmParameterException ex) {
Logger.getLogger(Signature2.class.getName()).log(Level.SEVERE, null, ex);
}[/code]
Este metodo me retorna o xml assinado com as seguintes tags:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#20609680SSSSS00000000000520110929TNN00000000020000000000000001000000000100017668792848">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Fwp+SMuwalFeUHPWEB2FZ6bIOIE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>fndRp6Mp4RnClRBoD2ox0GwXQtArIR6l/75DA6O/0kOMKzqZuQAEl8j6LyzMo4eqTxiXMa2JepiW
2wW04TNH9c289LPa5YWMAk4jni4sC3kYqku9rzC5rGwB+X88HC/vagqttNry87/B5yAgl56erzWc
cOsUasfNy9U+cdFz4D8=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIGITCCBQmgAwIBAgIIDQjZz8Fd7ecwDQYJKoZIhvcNAQEFBQAwTDELMAkGA1UEBhMCQlIxEzAR
BgNVBAoTCklDUC1CcmFzaWwxKDAmBgNVBAMTH1NFUkFTQSBDZXJ0aWZpY2Fkb3JhIERpZ2l0YWwg
djEwHhcNMTEwNzEyMTU0ODA0WhcNMTIwNzExMTU0ODA0WjCB5jELMAkGA1UEBhMCQlIxEzARBgNV
BAoTCklDUC1CcmFzaWwxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRgwFgYDVQQLEw8wMDAwMDEwMDE5
NjkyNDcxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0gQlJBTkNPKTEUMBIGA1UE
CxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0gQlJBTkNP
KTEkMCIGA1UEAxMbSFlVTkRBSSBDQU9BIERPIEJSQVNJTCBMVERBMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDHC81tgSAB9O0dn47nn1T6Ub0eWgsJ0mLp7NsuQWopYBLIgP2RYninT0CfJLnS
pKTPY3sKkRGTJEGYcPy5PHHtfaierGqNjhv0Zl+11zyhK18jUvwVD6OnUr8dOEXsPvJJ6WBGC9K2
kgnIHhuq676eXCqzs/7VIhk4gXIWOVzdJQIDAQABo4IC7jCCAuowDgYDVR0PAQH/BAQDAgXgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBS3YKhb+bKmrgDtdOvVSsmW
aGb1XDCBsQYDVR0RBIGpMIGmgRZWSVRPUkVEU09OQENBT0EuQ09NLkJSoD4GBWBMAQMEoDUTMzAz
MTAxOTcwMjYxMjEzMjY4NjcwMDAwMDAwMDAwMDAwMDAwMDAxNDM0ODIzOVNTUCBTUKAYBgVgTAED
AqAPEw1FTE9JIENBUk5FSVJPoBkGBWBMAQMDoBATDjAzNTE4NzMyMDAwMTY2oBcGBWBMAQMHoA4T
DDAwMDAwMDAwMDAwMDBXBgNVHSAEUDBOMEwGBmBMAQIBBjBCMEAGCCsGAQUFBwIBFjRodHRwOi8v
d3d3LmNlcnRpZmljYWRvZGlnaXRhbC5jb20uYnIvcmVwb3NpdG9yaW8vZHBjMIHwBgNVHR8Egegw
geUwSaBHoEWGQ2h0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jp
by9sY3Ivc2VyYXNhY2R2MS5jcmwwQ6BBoD+GPWh0dHA6Ly9sY3IuY2VydGlmaWNhZG9zLmNvbS5i
ci9yZXBvc2l0b3Jpby9sY3Ivc2VyYXNhY2R2MS5jcmwwU6BRoE+GTWh0dHA6Ly9yZXBvc2l0b3Jp
by5pY3BicmFzaWwuZ292LmJyL2xjci9TZXJhc2EvcmVwb3NpdG9yaW8vbGNyL3NlcmFzYWNkdjEu
Y3JsMIGXBggrBgEFBQcBAQSBijCBhzBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5jZXJ0aWZpY2Fk
b2RpZ2l0YWwuY29tLmJyL2NhZGVpYXMvc2VyYXNhY2R2MS5wN2IwPAYIKwYBBQUHMAGGMGh0dHA6
Ly9vY3NwLmNlcnRpZmljYWRvZGlnaXRhbC5jb20uYnIvc2VyYXNhY2R2MTANBgkqhkiG9w0BAQUF
AAOCAQEASgPEtRJZX2SKFvxZiWMxT5s2+Xn/h8GP0g5wDGbwOL41k4w4SAw7OO9opVzo4faLjei8
DydumeI9AY1pTDW/W+InPgOI/zmLM+5n9tmPybzZftHZL2EUUpxnUcRBhy8hf2qbnHsP0pevGtXr
kCpLJfSTKXJ26W0Hs9GkQYL4NYlaIfHaKb+97irMellSBfTrZZAOopNZHFPmftNUzy47U7ajDGon
DSyNzwZYbe8MarDNyqsttb+3KJMCi1EzFXrGJZABJ/Xm6xFwjuhRlTKS7CCVzMLjv7QlmrylwZFK
FsyA2LkMmce5Ii/Qaj6ZqgAqHsG/oZS/uA3EoH0y8zmXtw==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
A NFs-e de SP deve ter todas as RPS assinadas (tag ) esta assinatura deve obedecer o seguinte criterio:
Com base no trecho da mensagem XML apresentada, montamos a seguinte string de caracteres: “31000000OL03 00000000000120070103TNN00000000205000000000000050000002658100013167474254” Note que o valor dos serviços (R$ 20.500,00) foi transformado em 2050000, o valor de deduções (R$ 5.000,00) foi transformado em 500000. Também foi acrescentado à série do RPS um espaço em branco à direita para preencher as 5 posições. 2º - Converta a cadeia de caracteres ASCII para bytes. 3º - Gere o HASH (array de bytes) utilizando SHA1. 4º - Assine o HASH (array de bytes) utilizando RSA-SHA1.
Alem das RPS o arquivo XML todo deve ser assinado.
Bom, como estou fazendo hoje:
-
Assinatura RPS: gero a string com os valores que eles pedem, apos fazer isto insiro uma tag no xml com este valor e mando assinar o xml passando a string como referencia. O retorno não é o esperado, trato o xml pegando o valor contido na tag jogo dentro de uma tag e elimino o elemento do documento.
-
Assinatura do documento: mando assinar passando todo o xml, e sem passar uma referencia.
O erro que o web service do governo me retorna é:
<?xml version="1.0" encoding="UTF-8"?><RetornoEnvioLoteRPS xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.prefeitura.sp.gov.br/nfe"><Cabecalho Versao="1" xmlns=""><Sucesso>false</Sucesso></Cabecalho><Erro xmlns=""><Codigo>1057</Codigo><Descricao>Rejeição: Assinatura difere do calculado.</Descricao></Erro></RetornoEnvioLoteRPS>Alguem, por favor, sabe o que eu posso estar fazendo de errado ?
Obrigado.