1

我已经用java 8签署了一个XML文档没有问题,直到我升级到Java 8u121版本,代码是:

    String xml_entrada = "D:\\CeslySoft\\Ivap_facturador\\CPE\\FirmaXML\\Schema-20480510144-RC-20170327-0001.xml";
    String xml_salida  = "D:\\CeslySoft\\Ivap_facturador\\CPE\\FirmaXML\\20480510144-RC-20170327-0001.xml";
    String certi_digital = "D:\\CeslySoft\\Ivap_facturador\\Certificados\\molchiclayo1.jks";        
    String clave = "9ghi0nmbR0ft";
    String alias = "1"; 
    String tipodoc = "09";      

    int indice = (tipodoc.equals("09")? 0: 1);      
    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
    Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1,null),
            Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),
            null,null);     
    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, 
            (C14NMethodParameterSpec) null), 
            fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
            Collections.singletonList(ref));

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(certi_digital), clave.toCharArray());
    KeyStore.PrivateKeyEntry keyEntry 
        = (KeyStore.PrivateKeyEntry) ks.getEntry(alias, new KeyStore.PasswordProtection(clave.toCharArray()));

    X509Certificate cert = (X509Certificate) keyEntry.getCertificate();

    KeyInfoFactory kif = fac.getKeyInfoFactory();
    List<Object> x509content = new ArrayList<>();
    x509content.add(cert.getSubjectX500Principal().getName());
    x509content.add(cert);      
    X509Data xd = kif.newX509Data(x509content);
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);        
    //Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(xml_entrada));
    InputSource is = new InputSource(new InputStreamReader(new FileInputStream(xml_entrada), "ISO-8859-1"));
    Document doc = dbf.newDocumentBuilder().parse(is);

    Node nodePadre = doc.getElementsByTagName("ext:ExtensionContent").item(indice);     
    nodePadre.getNodeValue();
    DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), nodePadre);

    XMLSignature signature = fac.newXMLSignature(si, ki, null, "SignatureSP", null);
    signature.sign(dsc);

    OutputStream os = new FileOutputStream(xml_salida);
    TransformerFactory tf = TransformerFactory.newInstance();
    Transformer trans = tf.newTransformer();
    trans.setOutputProperty(OutputKeys.ENCODING, "ISO-8859-1");

    trans.transform(new DOMSource(doc), new StreamResult(os));      

错误在代码行中:

   signature.sign(dsc)

错误是:

javax.xml.crypto.XMLSignatureException: java.security.InvalidKeyException: Invalid RSA private key

……

对于 Java 8u121 之前的版本,不会出现任何错误。

4

1 回答 1

0

这是由于在 JDK 8u121 ( http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html )中进行的修复而导致的错误“添加到 DER 编码解析代码的更多检查更多检查是添加到 DER 编码解析代码以捕获各种编码错误。此外,包含构造的不定长度编码的签名现在将在解析期间导致 IOException。请注意,使用 JDK 默认提供程序生成的签名不受此更改的影响。JDK-8168714 (不公开)“

JDK-8175251 ( https://bugs.openjdk.java.net/browse/JDK-8175251 )已经修复了这个问题,它将在下一次 JDK 更新中提供。JDK 8u152 中已经存在该修复程序,可以从https://jdk8.java.net/download.html下载其早期访问版本

于 2017-04-04T08:43:46.017 回答