XAdES-BES会签无法解决参考错误

时间:2014-04-01 20:10:13

标签: bouncycastle xades4j

我实施了对XAdES-BES的验证,并且在测试之后,除了反签名之外,现在一切正常。同样的错误不仅发生在使用xades4j签名的文件中,而且还发生在使​​用其他软件时,因此它与我的签名实现中的任何错误无关。我想知道是否应该实现额外的ResourceResolver?我为一些私人条目here添加了一个会签文件作为'REMOVED'的附件。

以下是验证码。 certDataList是一个列表,其中包含String中文档的所有证书,getCert将返回List。 DummyCertificateValidationProvider返回ValidationData,其中包含先前构造的x509certs的列表。

    public boolean verify(final File file) {
        if (!Dictionaries.valid()) {
            return true;
        }
        certList = null;
        try {

            final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true);
            final DocumentBuilder db = dbf.newDocumentBuilder();

            final Document doc = db.parse(file);
            doc.getDocumentElement().normalize();

            final NodeList nList = doc.getElementsByTagName("ds:Signature");
            Element elem = null;
            for (int temp = 0; temp < nList.getLength(); temp++) {
                final Node nNode = nList.item(temp);
                if (nNode.getNodeType() == Node.ELEMENT_NODE) {
                    elem = (Element) nNode;
                }
            }
            final NodeList nList2 = doc.getElementsByTagName("ds:X509Certificate");
            final List<String> certDataList = new ArrayList<String>();
            for (int temp = 0; temp < nList2.getLength(); temp++) {
                final Node nNode = nList2.item(temp);
                certDataList.add(nNode.getTextContent());
            }
            certList = getCert(certDataList);

            final CertificateValidationProvider certValidator = new DummyCertificateValidationProvider(certList);

            final XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
            final XadesVerifier v = p.newVerifier();
            final SignatureSpecificVerificationOptions opts = new SignatureSpecificVerificationOptions();

            // for relative document paths
            final String baseUri = "file:///" + file.getParentFile().getAbsolutePath().replace("\\", "/") + "/";
            LOGGER.debug("baseUri:" + baseUri);
            opts.useBaseUri(baseUri);
            v.verify(elem, opts);
            return true;
        } catch (final IllegalArgumentException | XAdES4jException | CertificateException | IOException | ParserConfigurationException | SAXException e) {
            LOGGER.error("XML not validated!", e);
        }

        return false;
}

这是stacktrace:

21:31:48,203 DEBUG ResourceResolver:158 - I was asked to create a ResourceResolver and got 0 
21:31:48,203 DEBUG ResourceResolver:101 - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver 
21:31:48,204 DEBUG ResolverFragment:137 - State I can resolve reference: "#xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue" 
21:31:48,204 ERROR SignComponent:658 - XML not validated!

xades4j.XAdES4jXMLSigException: Error verifying the signature
    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:284)
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:188)
    at com.signapplet.sign.SignComponent.verify(SignComponent.java:655)
...

Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue
Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue
    at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:414)
    at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
    at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
    at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:656)
    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:277)
    ... 39 more
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue

修改 当我尝试验证xades4j单元测试document.signed.bes.cs.xml提供的文件时,会发生同样的错误。 

Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue

1 个答案:

答案 0 :(得分:1)

问题出在ds:Signature上。在计数器签名中,您将拥有多个ds:Signature条目。在我的验证方法中,我使用了for循环:

    for (int temp = 0; temp < nList.getLength(); temp++) {
        final Node nNode = nList.item(temp);
        if (nNode.getNodeType() == Node.ELEMENT_NODE) {
            elem = (Element) nNode;
        }
    }

正如你所看到的,当找到元素时没有中断,所以我最后得到的是ds:Signature,而不是第一个,因此找不到所有以前的签名。

相关问题
最新问题