我正在尝试验证文件的完整性" test.zip"使用分离的XAdES签名" test.zip.xades"使用xades4j库。我知道更简单的方法是使用md5,但我需要使用XAdES。我不想验证CA链等,只是验证文件的完整性。可能吗? 我有以下代码:
public static void main(String[] args) throws Exception {
System.out.println("verifyDetachedC");
FileInputStream fis = new FileInputStream("cacerts");
KeyStore trustAnchors = KeyStore.getInstance("jks");
trustAnchors.load(fis,"changeit".toCharArray());
fis.close();
CertificateValidationProvider certValidator = new CertificateValidationProviderImpl();
XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
p.acceptUnknownProperties(true);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
FileInputStream isXades = new FileInputStream("test.zip.xades");
Document doc = db.parse(isXades);
Element signatureNode = getSigElement(doc);
FileInputStream is = new FileInputStream("test.zip");
SignatureSpecificVerificationOptions options = new SignatureSpecificVerificationOptions().useDataForAnonymousReference(is);
XAdESVerificationResult res = verifier.verify(signatureNode, options);
is.close();
}
class CertificateValidationProviderImpl implements CertificateValidationProvider {
@Override
public ValidationData validate(X509CertSelector certSelector,
Date validationDate,
Collection<X509Certificate> otherCerts)
throws CertificateValidationException, UnexpectedJCAException {
return new ValidationData((List<X509Certificate>) otherCerts);
}
}
我收到&#34;签名ID-39XXXX&#34;的签名值无效。我不确定代码是否正常工作,但签名错误或代码无效。 签名具有签名ID =&#34; ID-39XXXX,参考URI = test.zip(相对)和ds:X509Certificate。
答案 0 :(得分:0)
错误表示签名值存在问题,但参考摘要正常。
如果您引用的是相对URI,则它不是匿名引用,这意味着您不需要useDataForAnonymousReference(is)。除此之外,代码似乎很好。您确定原始签名是否生成良好?