0

现在我正在使用数字签名进行编程,并且在生成签名时遇到了问题。我先添加了 KeyValue,然后添加了 X509Data,但标签只是先附加。我有一个创建signinfo的代码:

private KeyInfo createKeyInfo(PublicKey publicKey, X509Certificate x509Certificate) throws KeyException {
    KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();
    KeyInfo keyInfo = null;
    KeyValue keyValue = null;
    List items = null;
    //Just with public key
    if(publicKey != null){
        keyValue = keyInfoFactory.newKeyValue(publicKey);
        keyInfo = keyInfoFactory.newKeyInfo(singletonList(keyValue));
    }

    if(x509Certificate != null){
        List x509list = new ArrayList();

        x509list.add(x509Certificate.getSubjectX500Principal().getName());
        x509list.add(x509Certificate);
        X509Data x509Data = keyInfoFactory.newX509Data(x509list);
        items = new ArrayList();

        items.add(x509Data);
        if(keyValue != null){
            items.add(keyValue);
        }
        keyInfo = keyInfoFactory.newKeyInfo(items);
    }

    return keyInfo;
}

结果是:

<KeyInfo>
          <X509Data>
            <X509SubjectName>name</X509SubjectName>
            <X509Certificate>
              base 64 encode
            </X509Certificate>
          </X509Data>
          <KeyValue>
            <RSAKeyValue>
              <Modulus>
               base 64 encode key
              </Modulus>
              <Exponent>AQAB</Exponent>
            </RSAKeyValue>
          </KeyValue>
        </KeyInfo>

我想要的结果是:

<KeyInfo>
          <KeyValue>
            <RSAKeyValue>
              <Modulus>
                base 64 encode
              </Modulus>
              <Exponent>AQAB</Exponent>
            </RSAKeyValue>
          </KeyValue>
          <X509Data>
            <X509SubjectName>Name</X509SubjectName>
            <X509Certificate>
              base 64 endcode
            </X509Certificate>
          </X509Data>
        </KeyInfo>

谁能帮我。太感谢了!

4

2 回答 2

0

在智利,内部税务服务也有同样的问题。当 KeyValue 在 x509 证书之后时验证失败。尽管根据 XSD 它不应该有顺序,但可以使用另一个列表实现来解决,使用有序列表。

你需要改变

List x509list = new ArrayList();

LinkedList x509list = new LinkedList();

并在添加元素时反转顺序

 if(keyValue != null){
       items.add(keyValue);
 }
 items.add(x509Data);
于 2018-04-20T15:12:44.913 回答
0

您不应该考虑 和 之间的<X509Data>顺序<KeyValue>。XSD 稳定它们可以以任何顺序出现

https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd#

<element name="KeyInfo" type="ds:KeyInfoType"/>
<complexType name="KeyInfoType" mixed="true">
   <choice maxOccurs="unbounded">
      <element ref="ds:KeyName"/>
      <element ref="ds:KeyValue"/>
      <element ref="ds:RetrievalMethod"/>
      <element ref="ds:X509Data"/>
      <element ref="ds:PGPData"/>
      <element ref="ds:SPKIData"/>
      <element ref="ds:MgmtData"/>
      <any processContents="lax" namespace="##other"/>
      <!--  (1,1) elements from (0,unbounded) namespaces  -->
    </choice>
    <attribute name="Id" type="ID" use="optional"/>
</complexType>
于 2017-10-02T11:49:02.163 回答