如何验证使用库Xades4j以获取计数器签名的xml文档。
在使用Xades4j验证时出现以下错误:
xades4j.verification.CounterSignatureSigValueRefException: 属性'CounterSignature'的验证失败:计数器 签名不引用的SignatureValue元素 签署签名 xades4j.verification.CounterSignatureVerifier.verify(CounterSignatureVerifier.java:75) 在 xades4j.verification.CounterSignatureVerifier.verify(CounterSignatureVerifier.java:37) 在 xades4j.verification.GenericDOMDataVerifier.verify(GenericDOMDataVerifier.java:65) 在 xades4j.verification.GenericDOMDataVerifier.verify(GenericDOMDataVerifier.java:30) 在 xades4j.verification.QualifyingPropertiesVerifierImpl.verifyProperties(QualifyingPropertiesVerifierImpl.java:59) 在 xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:187) 在 com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:92) 在 com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:87) 在 com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:64)
我的验证功能:
static void checkSigned(File file) {
InputStream inputStream = null;
try {
inputStream = new FileInputStream(file);
XadesVerifyOperation verifyOperation = new XadesVerifyOperation();
ArrayList<XadesVerificationResults> results = verifyOperation.verifySignature(inputStream);
System.out.println("results size: " + results.size());
for (XadesVerificationResults result : results) {
System.out.println(result.SigningCertificate.getIssuerDN());
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
inputStream.close();
} catch (IOException ex) {
}
}
}
编辑:
我的计数器签名功能:
public void CounterSign() throws TransformerFactoryConfigurationError, Exception {
Document doc = SignatureServicesBase.getDocument(_inputStream);
Element sigElem = (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE).item(0);
System.out.println(sigElem.getNodeName());
org.apache.xml.security.Init.init();
XMLSignature xmlSig = new XMLSignature(sigElem, doc.getBaseURI());
//Create counter signer
XadesBesSigningProfile signingProfile = new XadesBesSigningProfile(new Pkcs11KeyingDataProvider(_certInfo));
signingProfile.withAlgorithmsProvider(Sha1AlgProvider.class);
signingProfile.withBasicSignatureOptionsProvider(new MyBasicSignatureOptionsProvider(true, true, false));
final XadesSigner counterSigner = signingProfile.newSigner();
//Extend with counter signature
XadesFormatExtenderProfile extenderProfile = new XadesFormatExtenderProfile();
XadesSignatureFormatExtender extender = extenderProfile.getFormatExtender();
List unsignedProps = Arrays.asList(new CounterSignatureProperty(counterSigner));
extender.enrichSignature(xmlSig, new UnsignedProperties(unsignedProps));
SignatureServicesBase.outputDocument(doc, _outStream);
if (!_isStream) {
_inputStream.close();
_outStream.close();
}
}
答案 0 :(得分:1)
我不确定我完全理解你的问题。如果您要询问如何验证计数器签名属性,则它已作为“主”签名验证的一部分完成。请注意:
XadesVerifier。CounterSignatureProperty的属性添加到结果中。您可以访问主要签名
的属性through the verification resultXAdESVerificationResult res = ...;
CounterSignatureProperty p = res.getPropertiesFilter().getOfType(CounterSignatureProperty.class);
编辑:
消息说明了一切:计数器签名可能无效。根据定义,计数器签名必须包含对会签的SignatureValue元素的引用。
您可以在原始XML文档中查找CounterSignature元素并将其发布到此处吗?