Question

我需要使用java.security包验证带有封装的xml-dsig签名的文档。加载后我解组文档并根据xsd - http://www.w3.org/2000/09/xmldsig#

包含签名对象

然后：

@Service
public class XmlSignatureCheckerImpl implements XmlSignatureChecker {
    private static final String ENCRYPTION_ALGORITHM = "RSA";

    private static final String HASH_ENCRYPTION_ALGORITHM = "SHA1withRSA";

    @Override
    @Nullable
    public PublicKey getPublicKey(byte[] exp, byte[] mod) {
        BigInteger modulus = new BigInteger(1, mod);
        BigInteger exponent = new BigInteger(1, exp);
        RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent);

        KeyFactory fact;
        try {
            fact = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
            return fact.generatePublic(rsaPubKey);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
        return null;
    }

    @Override
    @Nullable
    public Boolean verify(byte[] message, byte[] signature, PublicKey publicKey) {
        final Signature sig;
        try {
            sig = Signature.getInstance(HASH_ENCRYPTION_ALGORITHM);
            sig.initVerify(publicKey);
            sig.update(message);
            boolean verify = sig.verify(Base64.encodeBase64Chunked(signature));
            return verify;
        } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
            e.printStackTrace();
        }
        return null;
    }
}

调用getPublicKey并验证，结果我得到签名长度不匹配，如果我没有编码签名我没有不匹配，但验证也是错误的，但我使用完全有效的测试数据。放弃寻找错误，帮助我。请。文件编码为UFT-8。

Answer 1

您看过官方文档吗？似乎使用标志工厂更方便http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html

另外，我发现这些例子有用https://www.java-tips.org/java-ee-tips-100042/158-xml-digital-signature-api/1473-using-the-java-xml-digital-signature-api.html

如何使用java.security验证xmldsig签名

1 个答案: