0

如果我更改文件中的某些内容并添加多个签名,我尝试验证签名。我收到这样的错误:

xades4j.verification.ReferenceValueException: Reference '' cannot be validated
at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:306)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:188)
at XAdESSignature.verifyBes(XAdESSignature.java:227)
at XAdESSignature.signWithoutIDEnveloped(XAdESSignature.java:127)
at XAdESSignature.main(XAdESSignature.java:75)

这是我的代码:

验证签名

        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setNamespaceAware(true);
        DocumentBuilder builder = factory.newDocumentBuilder();
        Document doc = builder.parse(new InputSource(new FileReader("F:/keystore/example_signed.xml")));
        DOMHelper.useIdAsXmlId(doc.getDocumentElement());

        NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE);
        new FileSystemDirectoryCertStore("F:/keystore/");
        KeyStore ks;
        try (FileInputStream fis = new FileInputStream("F:/keystore/xml_encrypt.p12")) {
            ks = KeyStore.getInstance("jks");
            ks.load(fis, "password".toCharArray());
            Enumeration<String> aliases = ks.aliases();
            while (aliases.hasMoreElements()) {
                aliases.nextElement();
            }
        }

        CertificateValidationProvider provider = new PKIXCertificateValidationProvider(
                ks, false);
        XadesVerificationProfile profile = new XadesVerificationProfile(provider);
        Element sigElem = (Element) nl.item(0);
        //XAdESVerificationResult r = profile.newVerifier().verify(sigElem, null);

        XadesVerifier verifier = profile.newVerifier();

        XAdESVerificationResult r = verifier.verify(sigElem, null); // error on this line

///////////////// 获取文档 /////////////////

        File fXmlFile = new File(path);
        DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
        dbFactory.setNamespaceAware(true);
        DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
        Document doc = dBuilder.parse(fXmlFile);
        doc.getDocumentElement().normalize();

///////////////////输出文档///////////////

// Prepare the output file
    File outFile = new File(outputPath);
    outFile.getParentFile().mkdirs();
    outFile.createNewFile();
    FileOutputStream fos = new FileOutputStream(outFile);

    StreamResult result = new StreamResult(fos);

    // Write the DOM document to the file
    Transformer xformer = TransformerFactory.newInstance().newTransformer();
    xformer.transform(source, result);

    fos.close();

///////////////// 签署文件/////////////////

     Element elementToSign = sourceDoc.getDocumentElement();

     String refUri;
     if (elementToSign.hasAttribute("Id")) {
         refUri = '#' + elementToSign.getAttribute("Id");
     } else {
         if (elementToSign.getParentNode().getNodeType() != Node.DOCUMENT_NODE) {
            throw new IllegalArgumentException("Element without Id must be the document root");
        }
        refUri = "";
    }

    DataObjectDesc dataObjRef = new DataObjectReference(refUri)
            .withTransform(new EnvelopedSignatureTransform())
            .withCommitmentType(CommitmentTypeProperty.proofOfApproval());
    SignedDataObjects obj = new SignedDataObjects(dataObjRef);//.withCommitmentType(AllDataObjsCommitmentTypeProperty.proofOfOrigin());
    signer.sign(obj, signatureParent);

/////////////////////////////////////////////////////////////////////

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-11726720-b544-4fa5-92fb-2564ef07d286">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="xmldsig-11726720-b544-4fa5-92fb-2564ef07d286-ref0" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>A5Z3NT1vAgPSy7sPwdDvvJDo0+723yrmcrl1tJD3aQc=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-11726720-b544-4fa5-92fb-2564ef07d286-signedprops">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>05y3i/p7/JmDAFQatD2EmClNNAvMBSVXBkEnYPS/zYA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-11726720-b544-4fa5-92fb-2564ef07d286-sigvalue">
CMC5c43tlxky4Nxme0szAl0yfywF+EQ9KOenOPoKAokoo3/RrcNsyglhPWl5FHmUr/2TV8hYqjHs
39yIYcs508FBFZ9IYFDLciEpssm+zfB9XDc36quhHbMZ+2iF0XtR0qpAGXucSJFu1s1WW0fyn+UM
epxvKcr/d9AeM2sIZzYhqp7xAw4jFfRJwaoS31VsZFOA5QWwRjp0k7Ew+CuhzWuVADWfDb8VsfbV
lTafjS/Ck0l43OfmG8LjzjsrIMaTyUN8aaTvuGSYamQs2peuXOnjCZRD/E/jmOcjLW9QR8UYBItt
RXIzUknywGXqQfUwoAQdJd/gMavwf/XBEPrcAw==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDezCCAmOgAwIBAgIEVhg1GDANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJVUzEQMA4GA1UE
CBMHQmFuZ2tvazEQMA4GA1UEBxMHQmFuZ2tvazEaMBgGA1UEChMRVGhhaXRpemVucyBDbyBMdGQx
CzAJBgNVBAsTAklUMRIwEAYDVQQDEwlTa3l0aXplbnMwHhcNMTcwNjE2MDQzNTQyWhcNMTgwNjEx
MDQzNTQyWjBuMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQmFuZ2tvazEQMA4GA1UEBxMHQmFuZ2tv
azEaMBgGA1UEChMRVGhhaXRpemVucyBDbyBMdGQxCzAJBgNVBAsTAklUMRIwEAYDVQQDEwlTa3l0
aXplbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOQfTbec5Rfj8OcJzY8dalGgjj
zyVCmsEYN9etGJAT4JX0sqqv5W7Jd1t4biyiSwI/2RVS3OhRh2XRoUD24mvT5N8YNF5TmtJDEg6T
oj1RPfLER8MleHUj8qIB8NhBUwetT7BSb3GsxZBjbYX5RhBEorY2AsD3lpUAwXdH8cLLMqRHef0Y
esqwAensxcOVvkUJYFOw+ktnzPcMDjmR4SujCwqm+i0A18iDR8oZzS4iPiEHq/kF7NJoYlzLc3XU
vL1TBJgZJrZKNsdfvxUztbAk3M0Z43pmalbxerPPGlWzVqg0B3kkpR4H9eM671UNbdS7pSOdKvQ0
aAEa63+P1qwjAgMBAAGjITAfMB0GA1UdDgQWBBTj60GUpJy35/k/ezlKFEwHeDqH4jANBgkqhkiG
9w0BAQsFAAOCAQEAF/5Y8pldXPkyKGChcVc42lxRRlxN0ZfSrJAbChzeIQZN8ZL2Bnd7irfflEYy
ph3gdw6ae7WQlTOedTCklBButXyg6rKBb84GiG4pnu8SWhIQrKU0FSm5nSYWJ7J+DPFqf06MRVEO
G4gaNoeH25Kmgnx94JJyQ/4PZbR2FR96E+ep0UfDhuZaL8T9Mw4uc0qMUC/FT6HSEL4kxrJV5R86
0kXfB3DZyR50qQTShEzAmlUfnv/b2dOHgNVJlnkXf8sFFRvpXY3WjYkoTQy2u/1rt3e1b4jQwFWg
q/b/aTBoy1bBr2Sto1p8I1dFnykBy1ki3XcY2b9pueWFiaLCG0wT7Q==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
....

</ds:Signature>

我是新手 xades4j。预先感谢。

4

1 回答 1

1

似乎您有一个Reference带有空 URI 的元素。对于这种 URI,获取签名数据对象内容的方式是“应用程序特定的”。在 xades4j 中,您可以使用SignatureSpecificVerificationOptions

编辑:“特定于应用程序”的方式实际上是用于省略 URI 属性的引用,并且签名中最多可以有一个。拥有一个空引用意味着该引用涵盖了整个XML 资源。根据您添加附加签名的方式,参考验证的实际输入可能会更改并且可能会失败。

您能说明您是如何创建 XML 文档的吗?

于 2017-06-19T13:22:24.227 回答