我正在尝试在SAML断言的subjectConfirmationData中呈现我的RSAKeyValue的副本。我是Base64编码的KeyInfo-KeyValue-RSAKeyValue-Modulus文本与java xmlsignature创建的用于声明断言的KeyInfo中的值不匹配。
断言签名(this.rsaPubKey的类型为RSAPublicKey):
// now we can sign it
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create the DOMSignContext by specifying the signing informations: Private Key, Node to be signed, Where to insert the Signature.
DOMSignContext dsc = new DOMSignContext(privateKey, assertionRoot, subject);
dsc.setDefaultNamespacePrefix("ds");
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(this.rsaPubKey);
这就是我试图在subjectConfirmationData中创建KeyInfo的方式:
// - ds:KeyInfo
Element keyInfo = securityDoc.createElementNS("http://www.w3.org/2000/09/xmldsig#","ds:KeyInfo");
subjectConfirmationData.appendChild(keyInfo);
// - keyvalue
Element keyValue = securityDoc.createElementNS("http://www.w3.org/2000/09/xmldsig#","ds:KeyValue");
keyInfo.appendChild(keyValue);
// - RSAKeyValue
Element rsaKeyValue = securityDoc.createElementNS("http://www.w3.org/2000/09/xmldsig#","ds:RSAKeyValue");
keyValue.appendChild(rsaKeyValue);
// - modulus
Element modulusKey = securityDoc.createElementNS("http://www.w3.org/2000/09/xmldsig#","ds:Modulus");
modulusKey.setTextContent(Base64.getEncoder().encodeToString(rsaPubKey.getModulus().toByteArray()));
// exponent
Element exponentKey = securityDoc.createElementNS("http://www.w3.org/2000/09/xmldsig#","ds:Exponent");
exponentKey.setTextContent(Base64.getEncoder().encodeToString(rsaPubKey.getPublicExponent().toByteArray()));
rsaKeyValue.appendChild(exponentKey);
使用此方法,元素中的结果值甚至不紧密匹配。我在Base64处理中缺少什么?