Question

我一直在尝试使用SHA256ECDSA签署XML文档，并且我成功使用了jdk 8.但是，相同的代码在jdk 7中不起作用。任何人都可以告诉我在代码中应该改变什么以使其在jdk7中工作，或者指向另一种解决方案（例如使用其他库）？

以下是代码：

XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        SignedInfo si = null;
        try {
            Reference ref = fac.newReference("", fac.newDigestMethod(
                    DigestMethod.SHA256, null), Collections.singletonList(fac
                    .newTransform(Transform.ENVELOPED,
                            (TransformParameterSpec) null)), null, null);
            // Create the SignedInfo.
            si = fac.newSignedInfo(
                    fac.newCanonicalizationMethod(
                            CanonicalizationMethod.EXCLUSIVE,
                            (C14NMethodParameterSpec) null),
                    fac.newSignatureMethod(
                            "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
                            null), Collections.singletonList(ref));

                            ...

        // Instantiate the document to be signed.
        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);
        Document doc = null;
        try {
            doc = dbf.newDocumentBuilder().parse(
                    new FileInputStream(PATH_TO_INPUT_XML));                            

                    ...

        // Create a DOMSignContext and specify the RSA PrivateKey and
        // location of the resulting XMLSignature's parent element.
        String keyPath = PATH_TO_PRIVATE_KEY;
        File privKeyFile = new File(keyPath);
        BufferedInputStream bis = null;
        byte[] privateKeyBytesDecoded = null;
        try {
            bis = new BufferedInputStream(new FileInputStream(privKeyFile));
            byte[] privKeyBytes = new byte[(int) privKeyFile.length()];
            bis.read(privKeyBytes);
            privateKeyBytesDecoded = Base64.decodeBase64(privKeyBytes);
            bis.close();

            ...

        KeyFactory keyFactory = null;
        PrivateKey privateKey = null;
        KeySpec ks = new PKCS8EncodedKeySpec(privateKeyBytesDecoded);
        try {
            keyFactory = KeyFactory.getInstance("EC");
            privateKey = keyFactory.generatePrivate(ks);

            ...


        DOMSignContext dsc = new DOMSignContext(privateKey,
                doc.getDocumentElement());

        // Create the XMLSignature, but don't sign it yet.
        XMLSignature signature = fac.newXMLSignature(si, ki);                   

        // Marshal, generate, and sign the enveloped signature.
        try {
            signature.sign(dsc);
            ...

我在jkd 7中运行此代码时遇到以下异常：

java.security.NoSuchAlgorithmException：不支持的算法       在org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newSignatureMethod（DOMXMLSignatureFactory.java:231）

该行是：   fac.newSignatureMethod（ “http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256”，                               null），Collections.singletonList（ref））;

任何帮助将不胜感激。谢谢。何塞。

Answer 1

您可以使用Apache Santuario。您需要更改的唯一行是XMLSignatureFactory：

的实例化

XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

XMLDSigRI为org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI。

在jdk 7中使用SHA256ECDSA进行XML签名 - 是否可能？

1 个答案: