XML签名值不匹配问题

时间:2014-07-02 09:57:06

标签: java xml cryptography x509certificate xml-signature

我遇到XML签名值不匹配错误的问题。完整场景

  • 我使用OpenSSL生成了一个私有的1024位密钥。
  • 我使用该私钥生成了CSR并将其发送到VISA,他们使用根CA证书签署了该文档,并以.pem格式向我发送了签名证书。
  • 我使用以下java代码对XML文档进行签名。

当我将数据发送回VISA时,他们会验证签名值并发送不匹配错误。

XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());

DigestMethod digestMethod = factory.newDigestMethod(DigestMethod.SHA1, null);
factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);

Reference reference = factory.newReference("#" + paresId, digestMethod, null, null,null);
CanonicalizationMethod canonicalizationMethod = factory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
SignatureMethod signatureMethod = factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
SignedInfo signedInfo = factory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair keyPair = kpg.generateKeyPair();
KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();

KeyStore keyStore = KeyStore.getInstance("JKS"); //PKC#7
keyStore.load(new FileInputStream(keystorePath), "dell12345".toCharArray());

KeyStore.PrivateKeyEntry keyEntry =
    (KeyStore.PrivateKeyEntry) keyStore.getEntry("deskey", new KeyStore.PasswordProtection("dell12345".toCharArray()));

//PrivateKey m_objRequestSigningKey = (PrivateKey) obj_keyStore.getKey(str_alias, "password".toCharArray());


KeyStore.TrustedCertificateEntry rootEntry = (KeyStore.TrustedCertificateEntry) keyStore.getEntry("root", null);
X509Certificate rootCertificate = (X509Certificate) rootEntry.getTrustedCertificate();

KeyStore.TrustedCertificateEntry intermediateEntry = (KeyStore.TrustedCertificateEntry) keyStore.getEntry("intermediate", null);
X509Certificate intermediateCertificate = (X509Certificate) intermediateEntry.getTrustedCertificate();

KeyStore.TrustedCertificateEntry signEntry = (KeyStore.TrustedCertificateEntry) keyStore.getEntry("sign", null);
X509Certificate sigingCertificate = (X509Certificate) signEntry.getTrustedCertificate(); 

List<X509Certificate> x509 = new ArrayList<X509Certificate>();
x509.add(rootCertificate );
x509.add(intermediateCertificate );
x509.add(sigingCertificate );

X509Data x509Data = keyInfoFactory.newX509Data(x509);

List<X509Data> items = new ArrayList<X509Data>();
items.add(x509Data);


KeyInfo keyInfo = keyInfoFactory.newKeyInfo(items);

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc =    dbf.newDocumentBuilder().parse(IOUtils.toInputStream(inputXml));

DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());

XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo);
signature.sign(dsc);

1 个答案:

答案 0 :(得分:1)

抱歉,很长一段时间后,我将回答5年前发布的问题。

实际上,问题基本上出在XML格式上,我从XML中删除了下一行并回车符,然后发回Visa,然后我的签名正确匹配。

即使我正确地提到了CanonicalizationMethod,我也不知道为什么他们会给出错误。

相关问题
最新问题