问题描述
我正在执行XML数字签名验证,但是不支持算法 SHA256WITHRSAANDMGF1 。
这是XML文件中的相关部分:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="cXMLSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1" />
<ds:Reference URI="#cXMLSignedInfo">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>dafdfadfdfaddfadfefdafdfdfadfdaf=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
在上述xml的第4行中,签名方法算法为:
<ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1" />
我尝试了以下操作:
BouncyCastleProvider bc = new BouncyCastleProvider();
Security.addProvider(bc);
//...
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
XMLSignature signature = fac.unmarshalXMLSignature(validateContext);
但是出现错误:
unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
所以我添加了新行,如下所示:
fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1",null);
但是它也失败了。
似乎我需要为 SHA256WITHRSAANDMGF1 算法实现接口 SignatureMethodParameterSpec ,但是我对这种实现并不熟悉。您对此实施有什么建议吗?还是例子呢?谢谢!
谢谢!
由我自己更新:
-
此验证可以由另一个库完成:https://santuario.apache.org/
-
这是示例代码:
// Configure for unsupported algorithm
BouncyCastleProvider bc = new BouncyCastleProvider();
Security.addProvider(bc);
org.apache.xml.security.Init.init();
// Load document
File f = new File("C:/Archive/test.xml");
InputStream inputStream = new FileInputStream("C:/Archive/test.xml");
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(inputStream);
// Public Key
NodeList x509certNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS,"X509Certificate");
String x509CertText = x509certNodeList.item(0).getTextContent();
byte[] x509CertBytes = Base64.getDecoder().decode(x509CertText.getBytes());
System.out.println("x509 Cert Text: " + x509CertText);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(new ByteArrayInputStream(x509CertBytes));
PublicKey publicKey = cert.getPublicKey();
System.out.println("x509 Cert Public-Key Algorithm: " + publicKey.getAlgorithm());
System.out.println("x509 Cert Public-Key Format: " + publicKey.getFormat());
// Signature Value
NodeList signValueNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS,"SignatureValue");
String sigValue = signValueNodeList.item(0).getTextContent();
System.out.println("SignatureValue: " + sigValue);
// Validate
NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS,"Signature");
Node signatureNode = signatureNodeList.item(0);
System.out.println("Signature Node Local Name: " + signatureNode.getLocalName());
System.out.println("f: " + f.toURI().toURL().toString());
org.apache.xml.security.signature.XMLSignature signature1 = new org.apache.xml.security.signature.XMLSignature(
(Element)signatureNode,f.toURI().toURL().toString()
);
boolean result = signature1.checkSignatureValue(publicKey);
System.out.println("result: " + result);
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)