添加c14n独占变换时,Xml签名无效

时间:2012-05-21 05:02:37

标签: java xml transform xml-signature

这是我生成xml签名的代码:

DOMSignContext dsc = new DOMSignContext
  (prk, xmldoc.getDocumentElement());

XMLSignatureFactory fac = 
  XMLSignatureFactory.getInstance("DOM");   

  DigestMethod digestMethod = 
      fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
  C14NMethodParameterSpec spec = null;
  CanonicalizationMethod cm = fac.newCanonicalizationMethod(
      "http://www.w3.org/2001/10/xml-exc-c14n#",spec);
  SignatureMethod sm = fac.newSignatureMethod( 
      "http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
  ArrayList transformList = new ArrayList();
  TransformParameterSpec transformSpec = null;
  Transform envTransform =   fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
  Transform exc14nTransform = fac.newTransform(
      "http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec);
transformList.add(exc14nTransform); 
transformList.add(envTransform);

 Reference ref = fac.newReference("",digestMethod,transformList,null,null);
 ArrayList refList = new ArrayList();
 refList.add(ref);
 SignedInfo si =fac.newSignedInfo(cm,sm,refList);

这会将引用验证视为false,并将核心有效性视为false。但是,当我删除envTrasnform变量fac.new Transform("http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec)并使用以下代码执行时:

DOMSignContext dsc = new DOMSignContext
  (prk, xmldoc.getDocumentElement());

XMLSignatureFactory fac = 
  XMLSignatureFactory.getInstance("DOM");   

  DigestMethod digestMethod = 
      fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
  C14NMethodParameterSpec spec = null;
  CanonicalizationMethod cm = fac.newCanonicalizationMethod(
      "http://www.w3.org/2001/10/xml-exc-c14n#",spec);
  SignatureMethod sm = fac.newSignatureMethod( 
      "http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
  ArrayList transformList = new ArrayList();
  TransformParameterSpec transformSpec = null;
  Transform envTransform = fac.newTransform(
      "http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
 transformList.add(envTransform);
 Reference ref = fac.newReference("",digestMethod,transformList,null,null);
 ArrayList refList = new ArrayList();
 refList.add(ref);
 SignedInfo si =fac.newSignedInfo(cm,sm,refList);

这使核心有效性和参考有效性成为现实。为什么会这样呢?我得到了这个代码形式this链接(创建包络签名部分的代码片段2)。

1 个答案:

答案 0 :(得分:6)

实际上,c14n变换应该在包络签名变换之后执行。在提取要签名的文档之后,它应该是规范化的(文档当前也包含签名元素。因此必须在规范化要签名的实际部分之前将其分开)。订单应该是这样的: 

transformList.add(envTransform);
 transformList.add(exc14nTransform);
相关问题
最新问题