0

我为 XAdES-BES 实施了验证,在测试之后,除了会签之外,现在一切正常。同样的错误不仅发生在使用 xades4j 签名的文件上,而且使用其他软件也发生,因此它与我的副署实施中的任何错误无关。我想知道我是否应该实施额外的 ResourceResolver?我在此处为一些私人条目添加了一个带有“已删除”的附签文件作为附件。

下面是验证代码。certDataList 是一个列表,其中包含来自 String 文档的所有证书,getCert 将返回 List。DummyCertificateValidationProvider 返回 ValidationData 以及之前构建的 x509certs 列表。

    public boolean verify(final File file) {
        if (!Dictionaries.valid()) {
            return true;
        }
        certList = null;
        try {

            final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true);
            final DocumentBuilder db = dbf.newDocumentBuilder();

            final Document doc = db.parse(file);
            doc.getDocumentElement().normalize();

            final NodeList nList = doc.getElementsByTagName("ds:Signature");
            Element elem = null;
            for (int temp = 0; temp < nList.getLength(); temp++) {
                final Node nNode = nList.item(temp);
                if (nNode.getNodeType() == Node.ELEMENT_NODE) {
                    elem = (Element) nNode;
                }
            }
            final NodeList nList2 = doc.getElementsByTagName("ds:X509Certificate");
            final List<String> certDataList = new ArrayList<String>();
            for (int temp = 0; temp < nList2.getLength(); temp++) {
                final Node nNode = nList2.item(temp);
                certDataList.add(nNode.getTextContent());
            }
            certList = getCert(certDataList);

            final CertificateValidationProvider certValidator = new DummyCertificateValidationProvider(certList);

            final XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
            final XadesVerifier v = p.newVerifier();
            final SignatureSpecificVerificationOptions opts = new SignatureSpecificVerificationOptions();

            // for relative document paths
            final String baseUri = "file:///" + file.getParentFile().getAbsolutePath().replace("\\", "/") + "/";
            LOGGER.debug("baseUri:" + baseUri);
            opts.useBaseUri(baseUri);
            v.verify(elem, opts);
            return true;
        } catch (final IllegalArgumentException | XAdES4jException | CertificateException | IOException | ParserConfigurationException | SAXException e) {
            LOGGER.error("XML not validated!", e);
        }

        return false;
}

这是堆栈跟踪:

21:31:48,203 DEBUG ResourceResolver:158 - I was asked to create a ResourceResolver and got 0 
21:31:48,203 DEBUG ResourceResolver:101 - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver 
21:31:48,204 DEBUG ResolverFragment:137 - State I can resolve reference: "#xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue" 
21:31:48,204 ERROR SignComponent:658 - XML not validated!

xades4j.XAdES4jXMLSigException: Error verifying the signature
    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:284)
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:188)
    at com.signapplet.sign.SignComponent.verify(SignComponent.java:655)
...

Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue
Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue
    at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:414)
    at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
    at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
    at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:656)
    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:277)
    ... 39 more
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue

编辑: 当我尝试验证随 xades4j 单元测试 document.signed.bes.cs.xml 提供的文件时,会发生同样的错误。

Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue
4

1 回答 1

0

问题出在 ds:Signature 上。在会签中,您将有多个 ds:Signature 条目。在我的验证方法中,我使用了 for 循环:

    for (int temp = 0; temp < nList.getLength(); temp++) {
        final Node nNode = nList.item(temp);
        if (nNode.getNodeType() == Node.ELEMENT_NODE) {
            elem = (Element) nNode;
        }
    }

如您所见,找到元素时没有中断,因此我最终得到了最后一个 ds:Signature,而不是第一个,因此无法找到所有以前的签名。

于 2014-04-05T11:41:16.510 回答