Question

我正在使用xml签名生成X509证书。它成功生成了xml数字签名。

我正在使用此代码生成我的xml签名。

public class DigitalSigner {

    private static final String KEY_STORE_TYPE = "PKCS12";
    String alias;
    KeyStore ks;
    PrivateKey privateKey;

    public DigitalSigner(String keyStoreFile, char[] keyStorePassword, String alias, Context context) {
        this.alias = alias;
        try {
            this.ks = KeyStore.getInstance(KEY_STORE_TYPE);
            this.ks.load(context.getAssets().open(keyStoreFile), keyStorePassword);
            this.privateKey = (PrivateKey) this.ks.getKey(alias, keyStorePassword);
               } catch (Exception e) {
            Log.e("eror","erro");
            e.printStackTrace();
        }
    }

    public String signXML(String xmlDocument) {

        Security.addProvider(new BouncyCastleProvider());
        try {
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(false);
            Document signedDocument = sign(dbf.newDocumentBuilder().parse(new InputSource(new StringReader(xmlDocument))));
            StringWriter stringWriter = new StringWriter();
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(signedDocument), new StreamResult(stringWriter));
            return stringWriter.getBuffer().toString();
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("Error while digitally signing the XML document", e);
        }
    }

    private Document sign(Document xmlDoc) throws Exception {
        X509Certificate x509Cert = (X509Certificate) this.ks.getCertificate(this.alias);
        XMLSignature signature = new XMLSignature(xmlDoc, StringUtils.EMPTY, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
        xmlDoc.getDocumentElement().appendChild(signature.getElement());
        Transforms transforms = new Transforms(xmlDoc);
        transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
        signature.addDocument(StringUtils.EMPTY, transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
        X509Data x509Data = new X509Data(xmlDoc);
        signature.getKeyInfo().add(x509Data);
        x509Data.addSubjectName(x509Cert.getSubjectX500Principal().getName());
        x509Data.addCertificate(x509Cert);
        signature.sign(this.privateKey);
        return xmlDoc;
    }



    static {

        Init.init();
//        try {
//            ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#","");
//        } catch (XMLSecurityException e) {
//            e.printStackTrace();
//        }
    }

我的问题是我的签名带有命名空间前缀，我不想生成一个。

这是我的签名：

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
         <ds:Reference URI="">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>JkpIdQiiPQ2KmSHyWf4ORCBGdgY=</ds:DigestValue>
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>GkHLBqX4RUVM0JMMHxtqN93JAY/celqAlxoQ211a4IPY2dtNL668v6iZa4u870JcVz9cBYpHdHBaLb08u1clt81Wq52IymjwMXA0wSPl027CZIh+x9FPTEsoYOfaxsIn0MZsjZI8hKRNXlU5tXDDDErtW3QEQbKu2AEZTRq7rn1ocX69nj+Lv2GfFNYBlHvRPg2Z20NcARb9a4ZmOObk5C3rgU+p4GKpv0PLTmq1JSM75ftiFQ/8B7vQzEYSy0M2coTyME4pv51sdCJHIXykiv/pi0T+86RBP1VSzJ8oLUUYrGOF+4FmpoFX6pPfvbs6DiFrd4BWvsjH1YOddClWKA==</ds:SignatureValue>
      <ds:KeyInfo>
         <ds:X509Data>
            <ds:X509SubjectName>CN= CORPORATION NAME 2,2.5.4.51=#13455355524154204d4148414e41474152205345564120534144414e20474f524448414e4441532043484f4b484157414c41204d415247204d55474c4953415241205355524154,STREET=STREET NAME,ST=STATE NAME,2.5.4.17=#1306333935303033,OU=MY OU NAME,O=O NAME,C=IN</ds:X509SubjectName>
            <ds:X509Certificate>MIIGAjCCBOqgAwIBAgIEAL7cWTANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCSU4xKjAoBgNVBAoTIWVNdWRocmEgQ29uc3VtZXIgU2VydmljZXMgTGltaXRlZDEdMBsGA1UECxMUQ2VydGlmeWluZyBBdXRob3JpdHkxOTA3BgNVBAMTMGUtTXVkaHJhIFN1YiBDQSBDbGFzcyAyIGZvciBEb2N1bWVudCBTaWduZXIgMjAxNDAeFw0xNjA1MzAwNTEwMjBaFw0xODA1MzAwNTEwMjBaMIHvMQswCQYDVQQGEwJJTjEkMCIGA1UEChMbU1VSQVQgTVVOSUNJUEFMIENPUlBPUkFUSU9OMQwwCgYDVQQLEwNTTUMxDzANBgNVBBETBjM5NTAwMzEQMA4GA1UECBMHR1VKQVJBVDEOMAwGA1UECRMFU1VSQVQxTjBMBgNVBDMTRVNVUkFUIE1BSEFOQUdBUiBTRVZBIFNBREFOIEdPUkRIQU5EQVMgQ0hPS0hBV0FMQSBNQVJHIE1VR0xJU0FSQSBTVVJBVDEpMCcGA1UEAxMgRFMgU1VSQVQgTVVOSUNJUEFMIENPUlBPUkFUSU9OIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxH9XWyjgKgWwfaHT9woa3Ow6caW+HAU/YSWyBSoum4r6D9FVcUKaRfrHCfThNcOpt8NEtRYAu+8hZ2bdEMl6LxLpn0ddK7m8tM0ImE+Id7T7/A8xQSMtQ6IOH76lZM3FX0x5mShoMTQIB8nmJGb5HFZUqbdwoFOxk8pH7UwccVLcjwpydNy8Da1k/yM5YlxKdw0dTS7QLgL10sF9Y99OF/PdLiFG7xQju3IBSHvcSY497yPZWz26inBTj7F5mUFQqmaYWzNCXH+MWh1ss4uh4Q/qlD5AEM6gUPB70usE2Y+lKHhMmwKqukxsboS3m5B1Ofb0hZ/E/c6+3D9uY/M+3AgMBAAGjggH+MIIB+jATBgNVHSMEDDAKgAhNpkTIpuIACDAdBgNVHQ4EFgQUfSOdeLbEWkncEi6PzudYM4fUvjwwDgYDVR0PAQH/BAQDAgbAMCEGA1UdEQQaMBiBFmRtY0BzdXJhdG11bmljaXBhbC5vcmcwgdIGA1UdIASByjCBxzAtBgZggmRkAgIwIzAhBggrBgEFBQcCAjAVGhNDbGFzcyAyIENlcnRpZmljYXRlMEQGBmCCZGQKATA6MDgGCCsGAQUFBwICMCwaKk9yZ2FuaXNhdGlvbmFsIERvY3VtZW50IFNpZ25lciBDZXJ0aWZpY2F0ZTBQBgdggmRkAQgCMEUwQwYIKwYBBQUHAgEWN2h0dHA6Ly93d3cuZS1tdWRocmEuY29tL3JlcG9zaXRvcnkvY3BzL2UtTXVkaHJhX0NQUy5wZGYwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5lLW11ZGhyYS5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly93d3cuZS1tdWRocmEuY29tL3JlcG9zaXRvcnkvY2FjZXJ0cy9kb2NjbDIuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93d3cuZS1tdWRocmEuY29tL3JlcG9zaXRvcnkvY3Jscy9kb2NjbDIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQDay9gz+g6ud25d4VEcMZS+gBz/ZZlt8x6M92cs02uNZGwHZBDfylclkHlth4oH2dvoWsRBDR6a+VmGilvkZlD1u3Z0L6FmwY9/NXjXkgBFJENW/5YDsHO4T3ChlOJPwteN+4kCRIDd5jafimDAzjG637FYnFk/tsTexLSUFViLBh1khm+iyRnu85/t2bkdIyoA+U3ITbPAo3KbRV8DidXRG1acYwHbwaslH1JCx7xnMpggJmqZd54eZCxbJ7MKI5gqxbg/85kizBvAbfROdSycY4t07/XmzYyyLSOzHA6vHGw/A3/NFx/IX9C6JitUhvzL72gQz4LktFwRuq++cNa1</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>

正如您所看到的，它中包含名称空间前缀ds:。我想在没有这个名称空间前缀的情况下生成它。

使用加密可以，但Android不支持以下JAVA包：

javax.xml.crypto.dom http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dom/package-summary.html
javax.xml.crypto.dsig中http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/package-summary.html
javax.xml.crypto.dsig.dom http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/dom/package-summary.html
javax.xml.crypto.dsig.keyinfo http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/keyinfo/package-summary.html
javax.xml.crypto.dsig.spec中http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/spec/package-summary.html

在Android中有没有其他方法可以做到这一点？

我还尝试使用此代码从命名空间中删除前缀，并且我能够生成不带前缀ds的xml签名，但仍然是“无效签名”：

static {

            Init.init();
           try {
                 ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#","");
            } catch (XMLSecurityException e) {
                e.printStackTrace();
            }
        }

Answer 1

您需要将 dbf.setNamespaceAware（false）; 替换为 dbf.setNamespaceAware（true）; 。

无需声明 Security.addProvider（new BouncyCastleProvider（））; ，请删除它。

并确保声明

static {

        Init.init();
       try {
             ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#","");
        } catch (XMLSecurityException e) {
            e.printStackTrace();
        }
    }

生成没有名称空间前缀android（ds :)的x509证书

1 个答案: