问题描述
我需要用 XAdES-BES 封装的 xml 文件签名。问题是签名似乎无效。
环顾四周,我找到了我正在使用这个测试用例的代码:
import org.apache.commons.io.FileUtils;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import systems.software.red.cedi5.aidaSignature.AidaSignatureService;
import xades4j.algorithms.EnvelopedSignatureTransform;
import xades4j.production.DataObjectReference;
import xades4j.production.SignedDataObjects;
import xades4j.production.XadesBesSigningProfile;
import xades4j.production.XadesSigner;
import xades4j.properties.DataObjectDesc;
import xades4j.providers.KeyingDataProvider;
import xades4j.providers.impl.FileSystemKeyStoreKeyingDataProvider;
import xades4j.providers.impl.KeyStoreKeyingDataProvider;
import xades4j.utils.DOMHelper;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import java.io.File;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.List;
public class TestSignature {
public class FirstCertificateSelector implements KeyStoreKeyingDataProvider.SigningCertSelector
{
@Override
public X509Certificate selectCertificate(
List<X509Certificate> availableCertificates)
{
return availableCertificates.get(0);
}
}
public class DirectPasswordProvider implements KeyStoreKeyingDataProvider.KeyStorePasswordProvider,KeyStoreKeyingDataProvider.KeyEntryPasswordProvider
{
private char[] password;
public DirectPasswordProvider(String password)
{
this.password = password.tochararray();
}
@Override
public char[] getpassword()
{
return password;
}
@Override
public char[] getpassword(String entryAlias,X509Certificate entryCert)
{
return password;
}
}
@Test
public void signBes(String resourceName,String outputPath,String keystorePath,String keystorePwd) throws Exception {
try (InputStream DocumentIs = TestSignature.class.getResourceAsstream(resourceName)) {
Document doc = DocumentBuilderFactory
.newInstance()
.newDocumentBuilder()
.parse(DocumentIs);
Element elem = doc.getDocumentElement();
DOMHelper.useIdAsXmlId(elem);
KeyingDataProvider kdp = new FileSystemKeyStoreKeyingDataProvider(
"pkcs12",keystorePath,new FirstCertificateSelector(),new DirectPasswordProvider(keystorePwd),true);
DataObjectDesc obj = new DataObjectReference("")//"#" + elem.getAttribute("Id"))
.withTransform(new EnvelopedSignatureTransform());
SignedDataObjects dataObjs = new SignedDataObjects().withSignedDataObject(obj);
XadesSigner signer = new XadesBesSigningProfile(kdp).newSigner();
signer.sign(dataObjs,elem);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(new File(outputPath));
transformer.transform(source,result);
}
}
@Test
public void testSign_8D4U0506_M000010_xml() throws Exception {
signBes("/sample.xml","/tmp/sample-signed.xml","/home/foo/signature.p12","mypwd");
}
}
/tmp/sample-signed.xml 似乎无效。
我还尝试在此处验证签名文件: http://tools.chilkat.io/xmlDsigVerify.cshtml,但结果是:
Signature is Invalid
Number of Reference Digests = 2
Reference 1 digest is valid.
Reference 2 digest is invalid because the computed digest differs from the digest in the XML.
我需要使用 XAdES-BES enveloped 签署 xml 文件,但我不知道如何继续。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)