0

我使用以下代码对 xml 文件进行签名:

public void firmar(String rutaAlXml, String rutaAlXmlFirmado, PrivateKey key, Provider p, Certificate[] chain, PublicKey llavePublica) 
{    
    File fXmlFile = new File(rutaAlXml);
    DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
    DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
    Document doc = dBuilder.parse(fXmlFile);    
    DOMSignContext dsc = new DOMSignContext(key, doc.getDocumentElement());

    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
    javax.xml.crypto.dsig.Reference ref = fac.newReference(
        "", 
        fac.newDigestMethod(DigestMethod.SHA1, null), 
        Collections.singletonList(
        fac.newTransform(Transform.ENVELOPED, 
        (TransformParameterSpec) null)), 
        null, null);

    SignedInfo si = fac.newSignedInfo(
                    fac.newCanonicalizationMethod(
                    CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, 
                    (C14NMethodParameterSpec) null), 
                    fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), 
                    Collections.singletonList(ref));

    KeyInfoFactory kif = fac.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(llavePublica);
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
    XMLSignature signature = fac.newXMLSignature(si, ki);

    signature.sign(dsc);    
    OutputStream os = new FileOutputStream(rutaAlXmlFirmado);

    TransformerFactory tf = TransformerFactory.newInstance();
    javax.xml.transform.Transformer trans = tf.newTransformer();
    trans.transform(new DOMSource(doc), new StreamResult(os));
}

生成的 xml 文件是有效的,如下所示:

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?><root>
<nombre>cesar</nombre>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="EMPRESA"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>digest goes here</DigestValue></Reference></SignedInfo><SignatureValue>signature goes here</SignatureValue><KeyInfo><X509Data><X509SubjectName>subject's goes here</X509SubjectName><X509Certificate>certificate goes here</X509Certificate></X509Data></KeyInfo></Signature></root>

当我尝试使用 Xades4j 验证我的 xml 文件时,就会出现我的问题。我正在使用此链接中的代码

XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
XadesVerifier verifier = p.newVerifier();
XAdESVerificationResult r = null;

SignatureSpecificVerificationOptions ssvo = 
new SignatureSpecificVerificationOptions();
ssvo.useDataForAnonymousReference(xmlFile);
Element sigElem = (Element) nl.item(0); //Which contains the complete signature segment from the xml       
r = verifier.verify(sigElem, ssvo); // this is the problematic line

当我尝试验证签名时,出现以下异常:

Exception in thread "main" xades4j.verification.QualifyingPropertiesIncorporationException: SignedProperties reference not found
    at xades4j.verification.SignatureUtils.processReferences(SignatureUtils.java:230)
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:132)
    at myCode.main(myCode.java:11)
Java Result: 1

在这里读到这是因为 Reference 标记中没有 Type 属性。

我在 Internet 上搜索,但找不到如何在 Reference 标记中放置有效的 Type 属性。如何执行此操作来验证我的 xml 文件?

4

1 回答 1

0

您的代码会生成一个简单的 XML-DSIG 签名。Xades4j 用于高级 XML 签名 (XAdES),不能验证简单的 XML-DSIG。

Reference您提到的问题是指除了您的数据对象引用之外,应该在 XAdES 上添加的特定元素。此参考涵盖了包含签名属性的签名的特定部分。

然而, Type 实际上是您传递给newReferencecall的空参数之一。

于 2015-08-06T20:31:24.817 回答