验证XML签名

时间:2017-10-30 11:12:55

标签: java xml security digital-signature

  1. 我有xml内容:
    2. <?xml version="1.0" encoding="UTF-8"?>
<XMLSignedData signedContent="U2lnbiBUaGlz">
    <XMLSignature>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod
                    Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="">
                    <Transforms>
                        <Transform
                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>AN1p3xo9/8c6RoiuzbbCf16FhlUfpPsTJjb4oREqnkculLee0puPV2qrnENrf8oulHMUg6soJ0dV6wUZy3FTvF3LmusoVU5OHRy8+mxL6nR5ahxhHsLZioB/W010CHoxwEqPF6KgxV9bhjI/rG0CsyJY8GXrcenCIyuWDMTiqac=
            </SignatureValue>
            <KeyInfo>
                <X509Data>
                    <X509Certificate>MIIDbzCCAlegAwIBAgIEQHkn6TANBgkqhkiG9w0BAQUFADAtMQwwCgYDVQQKEwNuaHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdTdWJDQTAyMB4XDTA4MTExNDA5NDMwNFoXDTEzMTExNDEwMTMwNFowNjEMMAoGA1UECgwDbmhzMQ8wDQYDVQQLDAZQZW9wbGUxFTATBgNVBAMMDDk4ODc1MTIxNDU0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmEYjHl19lEol+FwnHX+kfa0GLEeSwZ5fNJyTIjXuQH80NNkjwXCfuo/9jQ+LhFtKlIReY4w8kzx7YXHVoPV5FZbJIVD6G0apuMasQfZhFIeSiwhG356s9PjY7rwBJYqLhv0yntmx0QPkiWmM4PtkCfGbdkYDV9He01QSOJgAP20CAwEAAaOCARAwggEMMAsGA1UdDwQEAwIHgDArBgNVHRAEJDAigA8yMDA4MTExNDA5NDMwNFqBDzIwMTMxMTE0MTAxMzA0WjAYBgNVHSAEETAPMA0GCyqGOgCJe2UAAwEBMFAGA1UdHwRJMEcwRaBDoEGkPzA9MQwwCgYDVQQKEwNuaHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdTdWJDQTAyMQ4wDAYDVQQDEwVDUkwyMzAfBgNVHSMEGDAWgBS2iUARkWoyThKHTCG1PQk3x8tFejAdBgNVHQ4EFgQUSZbDG3AhjxRjIgrP0HVp8pH0cywwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAkTkQiz2qC1+S8oSpS4EZBhd9bXJkNhAppdD6yzabTCsLVLtorYO+uJdVKcO2DHGeJw80CfTb8MlviWIP1HJItW0jZRoOTA8Zxkq84pdwrFd1aDuxN4c48yuj0sUd29e7QmHs/7fsjSeVOVrg1FGTJo1dpmqPh/wRY8T20wZapq28GVd/irifO1eflcVK2WAiB+vmsfWqfWxmVI2wS0H41aL4tQsorWF3ZM7wsVJPzK8yG79yEKZi30al0r8sE0COtE3MkxZU6ib8O9jQ1BHhr3xfxUT1Iq2h+SNWLuXs52ib7H+bg8jOTe5D47ZkU+/kF+A9kal0elcfaGImrsuy2g==
                    </X509Certificate>
                </X509Data>
            </KeyInfo>
        </Signature>
    </XMLSignature>
</XMLSignedData>
    1. 我用代码验证签名:
      2. public boolean verify(String xml) throws Exception {
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);
    Document doc = convertStringToDocument(xml);
    NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS,
                "Signature");
    if (nl.getLength() == 0) {
          throw new Exception("Cannot find Signature element");
    }
    boolean kq = true;
    for (int x = 0; x < nl.getLength(); x++) {
          DOMValidateContext valContext = new DOMValidateContext(
                      new X509KeySelector(), nl.item(0));
          valContext.setProperty("javax.xml.crypto.dsig.cacheReference",
                      Boolean.TRUE);
          // Unmarshal the XMLSignature.
          XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
          XMLSignature signature = fac.unmarshalXMLSignature(valContext);
          // Validate the XMLSignature.
          boolean coreValidity = signature.validate(valContext);
          // Check core validation status.
          if (coreValidity == false) {
                kq = false;
                break;
          }
    }
    return kq;
}
      1. 但我收到例外:
        2.   

        javax.xml.crypto.dsig.XMLSignatureException:   java.security.SignatureException:签名编码错误   org.jcp.xml.dsig.internal.dom.DOMXMLSignature $ DOMSignatureValue.validate(DOMXMLSignature.java:547)     在   org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:253)     在com.stb.utility.SignatureUtil.verify(SignatureUtil.java:214)at   com.stb.business.ProcessCustomerBO.execute(ProcessCustomerBO.java:62)     在   com.stb.business.ProcessCustomerBO.main(ProcessCustomerBO.java:118)         引起:java.security.SignatureException:签名编码错误   sun.security.rsa.RSASignature.engineVerify(RSASignature.java:208)at at   java.security.Signature $ Delegate.engineVerify(Signature.java:1172)at   java.security.Signature.verify(Signature.java:623)at   org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:248)     在   org.jcp.xml.dsig.internal.dom.DOMXMLSignature $ DOMSignatureValue.validate(DOMXMLSignature.java:544)     ......还有4个          引发者:java.io.IOException:sun.security.util.DerInputStream.getSequence(DerInputStream.java:297)中的序列标记错误     在   sun.security.rsa.RSASignature.decodeSignature(RSASignature.java:233)     at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:197)     ......还有8个

        请帮帮我 感谢

0 个答案:

没有答案
相关问题
最新问题