我使用http://www.bootply.com/106707签署xml文件:
public void firmar(String rutaAlXml, String rutaAlXmlFirmado, PrivateKey key, Provider p, Certificate[] chain, PublicKey llavePublica)
{
File fXmlFile = new File(rutaAlXml);
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
Document doc = dBuilder.parse(fXmlFile);
DOMSignContext dsc = new DOMSignContext(key, doc.getDocumentElement());
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
javax.xml.crypto.dsig.Reference ref = fac.newReference(
"",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(
fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)),
null, null);
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(llavePublica);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
OutputStream os = new FileOutputStream(rutaAlXmlFirmado);
TransformerFactory tf = TransformerFactory.newInstance();
javax.xml.transform.Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}
生成的xml文件有效,如下所示:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?><root>
<nombre>cesar</nombre>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="EMPRESA"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>digest goes here</DigestValue></Reference></SignedInfo><SignatureValue>signature goes here</SignatureValue><KeyInfo><X509Data><X509SubjectName>subject's goes here</X509SubjectName><X509Certificate>certificate goes here</X509Certificate></X509Data></KeyInfo></Signature></root>
当我尝试使用Xades4j验证我的xml文件时,我的问题就出现了。 following code:
XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
XadesVerifier verifier = p.newVerifier();
XAdESVerificationResult r = null;
SignatureSpecificVerificationOptions ssvo =
new SignatureSpecificVerificationOptions();
ssvo.useDataForAnonymousReference(xmlFile);
Element sigElem = (Element) nl.item(0); //Which contains the complete signature segment from the xml
r = verifier.verify(sigElem, ssvo); // this is the problematic line
当我尝试验证签名时,我得到以下异常:
Exception in thread "main" xades4j.verification.QualifyingPropertiesIncorporationException: SignedProperties reference not found
at xades4j.verification.SignatureUtils.processReferences(SignatureUtils.java:230)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:132)
at myCode.main(myCode.java:11)
Java Result: 1
我I'm using the code in this link这是因为Reference标记中没有Type属性。
我在互联网上搜索,但我无法找到如何在Reference标记中放置有效的Type属性。我该怎么做才能验证我的xml文件?
答案 0 :(得分:0)
您的代码生成一个简单的XML-DSIG单一格式。 Xades4j适用于高级XML签名(XAdES),不能验证简单的XML-DSIG。
您提到的问题是指除了您的数据对象引用之外,应在XAdES上添加的特定Reference元素。此引用涵盖包含签名属性的签名的特定部分。
尽管如此,Type实际上是您传递给newReference call的空参数之一。