1

是否可以验证以下 XML 文档:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>DsP5NLca+plhp9tZvGwykfb2whQYt3CQ5sbsVd9Q9aE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
LrfE0po3YPvVxB/m77iBWWiR07Ghiuhuj7tO2C2LKqZK2cLrAiidt+3tjbJ3m16quCFxfh7bmjRtJsGi7a3HKtK
qY4auqrjNB62AtYrxvm+7Qd/cRacom4e3M9uF9JD1zTfoGun9w4WDfDrDaoZ+ZwUgNtf6sTYO5Ctcj5sYcD0=
</SignatureValue>
<KeyInfo>
<KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName>
</KeyInfo>
</Signature>

问题是当我运行我的代码时,出现此错误

Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source)
    at paket.XmlValidator.validate(XmlValidator.java:28)
    at paket.Test.main(Test.java:43)
Caused by: javax.xml.crypto.KeySelectorException: No KeyValue element found!
    at paket.KeyValueKeySelector.select(KeyValueKeySelector.java:47)
    ... 4 more
javax.xml.crypto.KeySelectorException: No KeyValue element found!
    at paket.KeyValueKeySelector.select(KeyValueKeySelector.java:47)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source)
    at paket.XmlValidator.validate(XmlValidator.java:28)
    at paket.Test.main(Test.java:43)

我已使用相同的代码成功验证了以下 XML:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>+uYi9GD7lNpk5+AZWjVylxm4PeKGXoFEalJPd44oMeg=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Ov9TJmROGakTblMO8F2otx3YsmzY1N7tUEuJVauqP4EgePUtYpfMdiv1fKdZreeLyri7WRIOrxiq
mEJEWCmpzVKZypJ293y4STmRw4rfUgFQeaatj2AmK2q5zDaE9jzl6+HtiRgDykZpgx7DWC8MHydK
P8wnEHyn2ozYdqL0VCjRfk95zcm0jMknWmytippXf1bqufkhlOLdS46VGyvYM8ZAc742MN3QX1+I
SvNs1a+FNrgQwb0NaYLzX2hWOtFNo2ZparQXynfQy1jj6JHBRvmldLjHiI4nwYgtfEZL6Fgh/H6c
PSnM/Sd6hoh1B6zjhbIViqfaLKLkds/Et6WNYw==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>xhbxdz2KP0/GwuoBuE2EfqoSUHj5nTZAC7c+UoUYtpqC8yRfe6BaFjdT/kWJNM8rZhJRawkh8qub
U4Iag0N1Cu8JNgOMXjeFJnVpa1HDijk9blQhLybGawh+TrC1v8D/9OGN5avkAjG/jpEFofOUpINp
Z2ThbhjgOzZV2kSa776nlwLhTLChf0iL5a78otVcDcuU8nmVkkhwFLbggbIRgdVFAk0bKFDYwWqw
kOmimDs2c7lLvu9n+X6IEFJLKt5YmKsBlhxx7LjvVih7vFc27+OtQpKw2EZjHPpmcP/qOEzESOCe
C8AHDrw3EWU5n1Bib8t8WteE5WPd2HbsJ86o3w==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>

这两个 XML 签名有什么区别,为什么它在第二个 XML 示例上而不是在第一个?

4

2 回答 2

1

KeyValueKeySelector 在这里对您没有帮助,因为该签名不包含 KeyValue。您必须扩展 KeySelector 并实现例如 KeyNameKeySelector,它将根据给定的 KeyName 在 KeyStore 中查找实际密钥。如果您在该密钥库中有该密钥,那么是的,您可以验证该签名。

这应该让你去:http: //jirablog.blogspot.no/2007/11/xml-signature-pouzit-nebo-ne.html

于 2013-11-24T22:49:36.057 回答
0

不同之处在于,在第一个 XML 中,您提供带有 KeyName 的 keyInfo

<KeyInfo>
<KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName>
</KeyInfo>

第二:

<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>xhbxdz2KP0/GwuoBuE2EfqoSUHj5nTZAC7c+UoUYtpqC8yRfe6BaFjdT/kWJNM8rZhJRawkh8qub
U4Iag0N1Cu8JNgOMXjeFJnVpa1HDijk9blQhLybGawh+TrC1v8D/9OGN5avkAjG/jpEFofOUpINp
Z2ThbhjgOzZV2kSa776nlwLhTLChf0iL5a78otVcDcuU8nmVkkhwFLbggbIRgdVFAk0bKFDYwWqw
kOmimDs2c7lLvu9n+X6IEFJLKt5YmKsBlhxx7LjvVih7vFc27+OtQpKw2EZjHPpmcP/qOEzESOCe
C8AHDrw3EWU5n1Bib8t8WteE5WPd2HbsJ86o3w==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
于 2012-09-25T09:35:16.000 回答