我正在使用Android Studio制作xades-bes类型签名。我使用的库不是xades4j。我国政府提供了另一个图书馆jor java,我正在使用它。我正在尝试签署XML文件。
我的 / raw 目录中的xades签名有一个XML文件(不是测试文件):
<?xml version="1.0" encoding="utf-8"?>
<xmlsignature_config xmlns="http://uekae.tubitak.gov.tr/xml/signature#">
<locale language="tr" country="TR"/>
<http>
<proxy-host></proxy-host>
<proxy-port></proxy-port>
<proxy-username></proxy-username>
<proxy-password></proxy-password>
<basic-authentication-username></basic-authentication-username>
<basic-authentication-password></basic-authentication-password>
<connection-timeout-in-milliseconds>2000</connection-timeout-in-milliseconds>
</http>
<!--
IdResolver, DOMResolver, HttpResolver, XPointerResolver, FileResolver;
-->
<resolvers>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.IdResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.DOMResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.HttpResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.XPointerResolver"/>
<resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.FileResolver"/>
</resolvers>
<timestamp-server>
<host>http://tzd.kamusm.gov.tr</host>
<digest-alg>SHA-256</digest-alg>
<!-- leave below settings blank, if not ESYA Timestamp Server! -->
<!-- for test timestamp account mail to bilgi@kamusm.gov.tr -->
<userid>user_id</userid>
<password>password</password>
</timestamp-server>
<algorithms>
<digest-method>http://www.w3.org/2001/04/xmlenc#sha256</digest-method>
</algorithms>
<validation>
<grace-period-in-seconds>0</grace-period-in-seconds>
<!-- how old revocation data should be accepted? -->
<last-revocation-period-in-seconds>17280000</last-revocation-period-in-seconds>
<!-- compare resolved policy with the one at policy uri, if indicated -->
<check-policy-uri>false</check-policy-uri>
<!-- loosening below 2 settings will cause warnings instead of validation failure -->
<!-- referenced validation data must be used for cert validation is set true -->
<force-strict-reference-use>true</force-strict-reference-use>
<!-- validation data must be published after creation ifs set true, requires grace period for signers -->
<use-validation-data-published-after-creation>false</use-validation-data-published-after-creation>
<validate-certificate-before-signing>false</validate-certificate-before-signing>
<!-- if there is a signing time in the signature, decide if you want to trust -->
<trust-signing-time>false</trust-signing-time>
<validators>
<!--
valid profile types are XMLDSig, XAdES_BES, XAdES_EPES, XAdES_T,
XAdES_C, XAdES_X, XAdES_X_L and XAdES_A
-->
<profile type="XMLDSig">
</profile>
<profile type="XAdES_BES" inherit-validators-from="XMLDSig">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AllDataObjectsTimeStampValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.DataObjectFormatValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.IndividualDataObjectsTimeStampValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SigningCertificateValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SigningTimeValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.TurkishESigProfileAttributeValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.TurkishESigProfileValidator"/>
</profile>
<profile type="XAdES_EPES" inherit-validators-from="XAdES_BES" >
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SignaturePolicyValidator"/>
</profile>
<profile type="XAdES_T" inherit-validators-from="XAdES_EPES">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SignatureTimeStampValidator"/>
</profile>
<profile type="XAdES_C" inherit-validators-from="XAdES_T">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.CompleteCertificateRefsValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.CompleteRevocationRefsValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttributeCertificateRefsValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttributeRevocationRefsValidator"/>
</profile>
<profile type="XAdES_X" inherit-validators-from="XAdES_C">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.SigAndRefsTimestampValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.RefsOnlyTimestampValidator"/>
</profile>
<profile type="XAdES_X_L" inherit-validators-from="XAdES_X">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.CertificateValuesValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.RevocationValuesValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttrAuthoritiesCertValuesValidator"/>
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.AttributeRevocationValuesValidator"/>
</profile>
<profile type="XAdES_A" inherit-validators-from="XAdES_X_L">
<validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator.ArchiveTimestampValidator"/>
<!--validator class="tr.gov.tubitak.uekae.esya.api.xmlsignature.validator."/-->
</profile>
</validators>
</validation>
<parameters>
<!-- should referenced validation data be written to signature dir, or
certvalidation is configured to write that data to somewhere
eg local cert store? -->
<write-referencedvalidationdata-to-file-on-upgrade value="false"/>
</parameters>
</xmlsignature_config>
在我的mainActivity类中,我的代码相关部分是:
String sourceFilePath = filePathView.getText().toString();
if (sourceFilePath.isEmpty()) {
exc = new Exception("No File Selected.");
return null;
}
mAPDUSmartCard.login(pwdText);
Pair<CardTerminal, ECertificate> selection = certListAdapter.getSelection();
ECertificate signCert = selection.second;
BaseSigner signer = mAPDUSmartCard.getSigner(signCert.asX509Certificate(), Algorithms.SIGNATURE_RSA_SHA256);
Resources res1 = getResources();
Config conf = new Config ( res1.openRawResource(R.raw.xmlsignature_config));
Context context = new Context();
context.setConfig(conf);
XMLSignature signature = new XMLSignature(context);
signature.addDocument( sourceFilePath, "application/xml", false); // This part's first parameter can be the reason of error.
signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);
signature.addKeyInfo(signCert);
signature.sign(signer);
signature.write(new FileOutputStream(sourceFilePath + ".xsig"));
该计划正在运作。但是,当我选择文件并单击“签名”按钮时:
1 - 我正在接受引用错误,在日志中它表示uri找不到 sourceFilePath 变量的路径,这是要签名的文件的路径。 它还给出了带错误的Reference id。 当我给出一个空字符串(“”)而不是sourceFilePath变量时,程序说该文件已经签名(我不明白如何在没有给出 addDocument 方法的参数的情况下进行签名。无论如何,由于未找到引用错误,已签名文件的验证程序无法验证该文件。
2 - 同样在我的xml文件中 xmlns =“http://uekae.tubitak.gov.tr/xml/signature# 行会出现错误”Uri is没有注册“。我已经完成了我在这里找到的但是问题没有解决。这种情况可能是我面临错误的原因吗?
我已经在这个问题上工作了好几天,但仍然找不到任何解决方案。