public void finalMethod(String originalXmlFilePath,String destnSignedXmlFilePath)
throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidAlgorithmParameterException, CertificateException, FileNotFoundException, IOException, SAXException, ParserConfigurationException, MarshalException, XMLSignatureException, TransformerException {
// Create a DOM XMLSignatureFactory that will be used to
// generate the enveloped signature.
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a Reference to the enveloped document (in this case,
// you are signing the whole document, so a URI of "" signifies
// that, and also specify the SHA1 digest algorithm and
// the ENVELOPED Transform.
Reference ref = fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform
(Transform.ENVELOPED, (TransformParameterSpec) null)),
null, null);
// Create the SignedInfo.
SignedInfo si = fac.newSignedInfo
(fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(new FileInputStream("C:/Users/prakhar.s/Downloads/JAVA DIGITAL/New folder (2)/TestDigCertificate/TestCertForLOBA.pfx"),"1234".toCharArray());
Enumeration e = p12.aliases();
String alias = (String) e.nextElement();
System.out.println("Cert alias:" + alias);
//Key privateKey = p12.getKey(alias, "1234".toCharArray());
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) p12.getEntry(alias, new KeyStore.PasswordProtection("1234".toCharArray()));
//Certificate cert = keyEntry.getCertificate();
// Load the KeyStore and get the signing key and certificate.
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
// Create the KeyInfo containing the X509Data.
KeyInfoFactory kif = fac.getKeyInfoFactory();
ArrayList x509Content = new ArrayList();
//x509Content.add(cert.getSubjectX500Principal().getName());
String dn = cert.getIssuerDN().toString();
BigInteger sn = cert.getSerialNumber();
BigInteger bigsn2 = new BigInteger (1, sn.toByteArray());
System.out.println("new bigint (decimal): " + bigsn2);
System.out.println("new bigint (hex): " + bigsn2.toString(16));
X509IssuerSerial xd1 = kif.newX509IssuerSerial(dn, bigsn2);
x509Content.add(xd1);
x509Content.add(cert);
X509Data xd = kif.newX509Data(x509Content);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
// Instantiate the document to be signed.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse
(new FileInputStream(originalXmlFilePath));
// Create a DOMSignContext and specify the RSA PrivateKey and
// location of the resulting XMLSignature's parent element.
DOMSignContext dsc = new DOMSignContext
(keyEntry.getPrivateKey(), doc.getDocumentElement());
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate, and sign the enveloped signature.
signature.sign(dsc);
storeSignedDoc(doc, destnSignedXmlFilePath);
}
上面是我用来在Java中签名xml文件的方法。以下是已在.net
中签名的示例xml <?xml version="1.0"?>
-<BharatKoshPayment Version="1.0" DepartmentCode="020">
-<Submit>
-<OrderBatch merchantBatchCode="e178eb86ce3dfa4b3f6a" Transactions="1" TotalAmount="1">
-<Order OrderCode="e178eb86ce3dfa4b3f6a" InstallationId="10011">
-<CartDetails>
<Description/>
<Amount value="1" exponent="0" CurrencyCode="INR"/>
<OrderContent>725</OrderContent>
<PaymentTypeId>294</PaymentTypeId>
<PAOCode>027973</PAOCode>
<DDOCode>227987</DDOCode>
</CartDetails>
-<PaymentMethodMask>
<Include Code="Online"/>
</PaymentMethodMask>
-<Shopper>
<ShopperEmailAddress>prachiebooks@gmail.com</ShopperEmailAddress>
</Shopper>
-<ShippingAddress>
-<Address>
<FirstName>PRACHI INDIA Pvt.Ltd.</FirstName>
<LastName/>
<Address1>INDER LOK DELHI-110035</Address1>
<Address2/>
<PostalCode>110035</PostalCode>
<City>West Delhi</City>
<StateRegion>New Delhi</StateRegion>
<State>New Delhi</State>
<CountryCode>India</CountryCode>
<MobileNumber>7042112623</MobileNumber>
</Address>
</ShippingAddress>
-<BillingAddress>
-<Address>
<FirstName>PRACHI INDIA Pvt.Ltd.</FirstName>
<LastName/>
<Address1>INDER LOK DELHI-110035</Address1>
<Address2/>
<PostalCode>110035</PostalCode>
<City>West Delhi</City>
<StateRegion>New Delhi</StateRegion>
<State>New Delhi</State>
<CountryCode>India</CountryCode>
<MobileNumber>7042112623</MobileNumber>
</Address>
</BillingAddress>
<StatementNarrative>Publication Divisions Payment </StatementNarrative>
</Order>
</OrderBatch>
</Submit>
-<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-<Reference URI="">
-<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>QnaBNlOrLTHe9UMU2dyAJZ1DXFI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>QCBsnlKP1udt1eAtdk1b1VxP/bq4wnKpnEblvbSGPk4lJKNkC+TjfUbYdKSDtypLdCIldQox/x3jCmNJZVxRqtPlSYyeC/xOlrbA2ya5svGtH9fw7+wkHyzcGPtjoJKGhHTrfTDbMVMNxCe6Ph+OZEZuTm8LLWAzl9UcMEeZAUk=</SignatureValue>
-<KeyInfo>
-<X509Data>
-<X509IssuerSerial>
<X509IssuerName>CN=TestCertForLOBA</X509IssuerName>
<X509SerialNumber>180518423413430116130326665604242149948</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MIICFTCCAYKgAwIBAgIQh86VbnKj77tMYlZ5PHkSPDAJBgUrDgMCHQUAMBoxGDAWBgNVBAMTD1Rlc3RDZXJ0Rm9yTE9CQTAeFw0xNTEyMzExODMwMDBaFw0xNzAzMzAxODMwMDBaMBoxGDAWBgNVBAMTD1Rlc3RDZXJ0Rm9yTE9CQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqH1D3ycqoUs1N/+pr+xCXtrAhwJWf4XHXM/tNtvuJ/BLfwH8C4kji9TfZz/4PLvF/j5DJO22Pmv2iPYeKGWmrq0y7b8O++3zTcgO800/gFdM8GztW1E+FUwRq5A7D0UXlxUs7ePib0K4zWOyYOMlf28NYzFD5/qTnYBYjymfHkcCAwEAAaNkMGIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwSwYDVR0BBEQwQoAQ3Nw37mdOlicLkYm1Kw9DTqEcMBoxGDAWBgNVBAMTD1Rlc3RDZXJ0Rm9yTE9CQYIQh86VbnKj77tMYlZ5PHkSPDAJBgUrDgMCHQUAA4GBAGwurrSEfqVIGnsTyXF5TRbdqEbsSazoFhTWlLLMupPAc2Xmvp5lmMH76TYG/Zsx9wsZK5cjP/GNBvKLXPtfkElQHFztHotoU29Y9QqNIx5xBX02CJpuDeWm27OjPI39JbgfPBNFyoRIZIBNcQP2tUXd8JYh/FxXOj/xhfY2OlKp</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</BharatKoshPayment>
下面是我生成的Java签名xml。
<?xml version="1.0" encoding="UTF-8"?>
-<BharatKoshPayment Version="1.0" DepartmentCode="020">
-<Submit>
-<OrderBatch merchantBatchCode="e178eb86ce3dda4b3f6a" Transactions="1" TotalAmount="1">
-<Order OrderCode="e178eb86ce3dda4b3f6a" InstallationId="10011">
-<CartDetails>
<Description/>
<Amount value="1" exponent="0" CurrencyCode="INR"/>
<OrderContent>725</OrderContent>
<PaymentTypeId>294</PaymentTypeId>
<PAOCode>027973</PAOCode>
<DDOCode>227987</DDOCode>
</CartDetails>
-<PaymentMethodMask>
<Include Code="Online"/>
</PaymentMethodMask>
-<Shopper>
<ShopperEmailAddress>prachiebooks@gmail.com</ShopperEmailAddress>
</Shopper>
-<ShippingAddress>
-<Address>
<FirstName>PRACHI INDIA Pvt.Ltd.</FirstName>
<LastName/>
<Address1>INDER LOK DELHI-110035</Address1>
<Address2/>
<PostalCode>110035</PostalCode>
<City>West Delhi</City>
<StateRegion>New Delhi</StateRegion>
<State>New Delhi</State>
<CountryCode>India</CountryCode>
<MobileNumber>7042112623</MobileNumber>
</Address>
</ShippingAddress>
-<BillingAddress>
-<Address>
<FirstName>PRACHI INDIA Pvt.Ltd.</FirstName>
<LastName/>
<Address1>INDER LOK DELHI-110035</Address1>
<Address2/>
<PostalCode>110035</PostalCode>
<City>West Delhi</City>
<StateRegion>New Delhi</StateRegion>
<State>New Delhi</State>
<CountryCode>India</CountryCode>
<MobileNumber>7042112623</MobileNumber>
</Address>
</BillingAddress>
<StatementNarrative>Publication Divisions Payment </StatementNarrative>
</Order>
</OrderBatch>
</Submit>
-<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-<Reference URI="">
-<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>2/bkZpFjH4VQZXSIfugosld9T9I=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>PVFjdC3dwhNUGa3GBKQTkcpUbdUkdNvzA3S3pLT9S0rNsyDAVcY2qW76+qaXn7aFkPBIyQlg2ikU qlizmo2WaAgZlMkBLcPdpp/wzXBUih10yyxgI9+ExuNZ3z1DqOoEZHVT6/IJlcz2iKyutSvl7a+1 P6dYO0ndT2j9izACbV0=</SignatureValue>
-<KeyInfo>
-<X509Data>
-<X509IssuerSerial>
<X509IssuerName>CN=TestCertForLOBA</X509IssuerName>
<X509SerialNumber>180518423413430116130326665604242149948</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MIICFTCCAYKgAwIBAgIQh86VbnKj77tMYlZ5PHkSPDAJBgUrDgMCHQUAMBoxGDAWBgNVBAMTD1Rl c3RDZXJ0Rm9yTE9CQTAeFw0xNTEyMzExODMwMDBaFw0xNzAzMzAxODMwMDBaMBoxGDAWBgNVBAMT D1Rlc3RDZXJ0Rm9yTE9CQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqH1D3ycqoUs1N/+p r+xCXtrAhwJWf4XHXM/tNtvuJ/BLfwH8C4kji9TfZz/4PLvF/j5DJO22Pmv2iPYeKGWmrq0y7b8O ++3zTcgO800/gFdM8GztW1E+FUwRq5A7D0UXlxUs7ePib0K4zWOyYOMlf28NYzFD5/qTnYBYjymf HkcCAwEAAaNkMGIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwSwYDVR0BBEQwQoAQ3Nw37mdOlicLkYm1 Kw9DTqEcMBoxGDAWBgNVBAMTD1Rlc3RDZXJ0Rm9yTE9CQYIQh86VbnKj77tMYlZ5PHkSPDAJBgUr DgMCHQUAA4GBAGwurrSEfqVIGnsTyXF5TRbdqEbsSazoFhTWlLLMupPAc2Xmvp5lmMH76TYG/Zsx 9wsZK5cjP/GNBvKLXPtfkElQHFztHotoU29Y9QqNIx5xBX02CJpuDeWm27OjPI39JbgfPBNFyoRI ZIBNcQP2tUXd8JYh/FxXOj/xhfY2OlKp</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</BharatKoshPayment>
我的问题是,我在java中得到了不匹配的摘要值。
我也有.net代码用于生成签名的xml
public XmlDocument signedFun(XmlDocument xmlDoc)
{
string CertificateKey = ConfigurationManager.AppSettings["CDSCOHealthKey"].ToString();
X509Store certificate = new X509Store(StoreLocation.CurrentUser);
if (ConfigurationManager.AppSettings["isLocalPdfSign"] != null && ConfigurationManager.AppSettings["isLocalPdfSign"].ToString() == "True")
{
certificate = new X509Store(StoreLocation.LocalMachine);
}
certificate.Open(OpenFlags.ReadOnly);
RSACryptoServiceProvider rsaKey = null;
X509Certificate2 certx = new X509Certificate2();
foreach (X509Certificate2 cert in certificate.Certificates)
{
if (cert.Subject.Contains(CertificateKey))
{
// retrieve private key
rsaKey = (RSACryptoServiceProvider)cert.PrivateKey;
certx = cert;
break;
}
}
if (rsaKey == null)
{
throw new Exception("Valid certificate was not found");
}
// Sign the XML document.
if (ConfigurationManager.AppSettings["IsNewsXMLSign"] == "True")
{
SignXml(xmlDoc, rsaKey, certx);
}
return xmlDoc;
}
public static void SignXml(XmlDocument xmlDoc, RSA Key, X509Certificate2 Cert)
{
// Check arguments.
if (xmlDoc == null)
throw new ArgumentException("xmlDoc");
if (Key == null)
throw new ArgumentException("Key");
// Create a SignedXml object.
System.Security.Cryptography.Xml.SignedXml signedXml = new System.Security.Cryptography.Xml.SignedXml(xmlDoc);
// SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// *** Create a KeyInfo structure
KeyInfo keyInfo = new KeyInfo();
// *** Specifically use the issuer and serial number for the data rather than the default
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(Cert.Issuer, Cert.GetSerialNumberString());
keyInfoData.AddCertificate(Cert);
keyInfo.AddClause(keyInfoData);
// *** provide the certficate info that gets embedded - note this is only
// *** for specific formatting of the message to provide the cert info
signedXml.KeyInfo = keyInfo;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
任何人都有解决方案吗?