添加 c14n 独占转换后,Xml 签名无效
-
12-12-2019 - |
题
这是我生成 xml 签名的代码:
DOMSignContext dsc = new DOMSignContext
(prk, xmldoc.getDocumentElement());
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM");
DigestMethod digestMethod =
fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
C14NMethodParameterSpec spec = null;
CanonicalizationMethod cm = fac.newCanonicalizationMethod(
"http://www.w3.org/2001/10/xml-exc-c14n#",spec);
SignatureMethod sm = fac.newSignatureMethod(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
ArrayList transformList = new ArrayList();
TransformParameterSpec transformSpec = null;
Transform envTransform = fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
Transform exc14nTransform = fac.newTransform(
"http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec);
transformList.add(exc14nTransform);
transformList.add(envTransform);
Reference ref = fac.newReference("",digestMethod,transformList,null,null);
ArrayList refList = new ArrayList();
refList.add(ref);
SignedInfo si =fac.newSignedInfo(cm,sm,refList);
这使得参考验证为假,并且核心有效性为假。但是当我删除 envTrasnform
变量即 fac.new Transform("http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec)
并使用以下代码执行:
DOMSignContext dsc = new DOMSignContext
(prk, xmldoc.getDocumentElement());
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM");
DigestMethod digestMethod =
fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
C14NMethodParameterSpec spec = null;
CanonicalizationMethod cm = fac.newCanonicalizationMethod(
"http://www.w3.org/2001/10/xml-exc-c14n#",spec);
SignatureMethod sm = fac.newSignatureMethod(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
ArrayList transformList = new ArrayList();
TransformParameterSpec transformSpec = null;
Transform envTransform = fac.newTransform(
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
transformList.add(envTransform);
Reference ref = fac.newReference("",digestMethod,transformList,null,null);
ArrayList refList = new ArrayList();
refList.add(ref);
SignedInfo si =fac.newSignedInfo(cm,sm,refList);
这使得核心效度和参考效度为真。为什么会出现这种情况。我得到了这个代码表格 这 链接(创建封装签名部分中的代码片段2)。
解决方案
实际上,c14n 变换应该在封装签名变换之后执行。提取要签名的文档后应对其进行规范化(该文档当前也包含签名元素。因此,在规范化要签名的实际部分之前必须将其分开)。顺序应该是这样的:
transformList.add(envTransform);
transformList.add(exc14nTransform);
不隶属于 StackOverflow