0

如何验证Xades4j会签 xml 文档的使用库。验证时出现以下错误Xades4j

xades4j.verification.CounterSignatureSigValueRefException:属性“CounterSignature”的验证失败:计数器签名未引用 xades4j.verification.CounterSignatureVerifier.verify(CounterSignatureVerifier.java:75) 处 xades4j.verification.CounterSignatureVerifier 处的会签签名的 SignatureValue 元素。 verify(CounterSignatureVerifier.java:37) at xades4j.verification.GenericDOMDataVerifier.verify(GenericDOMDataVerifier.java:65) at xades4j.verification.GenericDOMDataVerifier.verify(GenericDOMDataVerifier.java:30) at xades4j.verification.QualifyingPropertiesVerifierImpl.verifyProperties(QualifyingPropertiesVerifierImpl.java :59) 在 xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:187) 在 com.fit.einvoice.ingcountersigner.service。xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:92) 在 com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation.verifySignature(XadesVerifyOperation.java:87) 在 com.fit.einvoice.ingcountersigner.service.xades.XadesVerifyOperation。验证签名(XadesVerifyOperation.java:64)

我的验证功能:

static void checkSigned(File file) {
     InputStream inputStream = null;
     try {
         inputStream = new FileInputStream(file);
         XadesVerifyOperation verifyOperation = new XadesVerifyOperation();
         ArrayList<XadesVerificationResults> results = verifyOperation.verifySignature(inputStream);
            System.out.println("results size: " + results.size());
            for (XadesVerificationResults result : results) {
                System.out.println(result.SigningCertificate.getIssuerDN());
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                inputStream.close();
            } catch (IOException ex) {
            }
      }
 }

编辑:

我的会签功能:

public void CounterSign() throws TransformerFactoryConfigurationError, Exception {
        Document doc = SignatureServicesBase.getDocument(_inputStream);
        Element sigElem = (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE).item(0);

        System.out.println(sigElem.getNodeName());

        org.apache.xml.security.Init.init();
        XMLSignature xmlSig = new XMLSignature(sigElem, doc.getBaseURI());

         //Create counter signer
        XadesBesSigningProfile signingProfile = new XadesBesSigningProfile(new Pkcs11KeyingDataProvider(_certInfo));
        signingProfile.withAlgorithmsProvider(Sha1AlgProvider.class);
        signingProfile.withBasicSignatureOptionsProvider(new MyBasicSignatureOptionsProvider(true, true, false));
        final XadesSigner counterSigner = signingProfile.newSigner();

        //Extend with counter signature
        XadesFormatExtenderProfile extenderProfile = new XadesFormatExtenderProfile();
        XadesSignatureFormatExtender extender = extenderProfile.getFormatExtender();
        List unsignedProps = Arrays.asList(new CounterSignatureProperty(counterSigner));
        extender.enrichSignature(xmlSig, new UnsignedProperties(unsignedProps));

        SignatureServicesBase.outputDocument(doc, _outStream);

        if (!_isStream) {
            _inputStream.close();
            _outStream.close();
        }
    }
4

1 回答 1

0

我不确定我是否完全理解你的问题。如果您询问如何验证反签名属性,它已经作为“主”签名验证的一部分完成。请注意:

  • 相同XadesVerifier的用于主签名和副签名。
  • 如果验证成功,则将 type 的属性CounterSignatureProperty添加到结果中。

  • 您可以通过主签名的验证结果访问该属性

    XAdESVerificationResult res = ...;
CounterSignatureProperty p =  res.getPropertiesFilter().getOfType(CounterSignatureProperty.class);

编辑:

该消息说明了一切:计数器签名可能无效。根据定义,会签必须包括对会签SignatureValue元素的引用。

您可以在原始 XML 文档中查找 CounterSignature 元素并将其发布到此处吗?

于 2013-12-10T20:50:42.390 回答