使用
javax.xml.crypto.dsig,如何在不指定公钥的情况下解组和验证
XMLSignature?公钥似乎是在签名的xml中,但我无法找到一种方法来获取它.
DOMValidateContext valContext = new DOMValidateContext(key,signatureNode); XMLSignature signature = fac.unmarshalXMLSignature(valContext); boolean coreValidity = signature.validate(valContext);
据我所知,有必要将KeySelector而不是Key传递给DOMValidateContext.但是,我无法弄清楚如何实现KeySelector.
这是我发现的关于如何实现KeySelector的唯一示例:
http://download.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
不幸的是它不起作用.在该实现中,它执行以下操作但总是失败,因为没有keyvalue元素(看起来它们是org.jcp.xml.dsig.internal.dom.DOMX509Data元素而不是keyvalue元素,它们无法通过他们的关键).
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
XMLStructure xs = (XMLStructure) list.get(i);
if(xs instanceof keyvalue) {
PublicKey pk = null;
try {
pk = ((keyvalue) xs).getPublicKey();
} catch (KeyException ke) {
throw new KeySelectorException(ke);
}
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(),pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
}
}
}
throw new KeySelectorException("No keyvalue element found!");
