3

我需要使用 java.security 包验证带有封装 xml-dsig 签名的文档。加载后,我根据 xsd 解组文档并具有签名对象 - http://www.w3.org/2000/09/xmldsig#

然后:

@Service
public class XmlSignatureCheckerImpl implements XmlSignatureChecker {
    private static final String ENCRYPTION_ALGORITHM = "RSA";

    private static final String HASH_ENCRYPTION_ALGORITHM = "SHA1withRSA";

    @Override
    @Nullable
    public PublicKey getPublicKey(byte[] exp, byte[] mod) {
        BigInteger modulus = new BigInteger(1, mod);
        BigInteger exponent = new BigInteger(1, exp);
        RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent);

        KeyFactory fact;
        try {
            fact = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
            return fact.generatePublic(rsaPubKey);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
        return null;
    }

    @Override
    @Nullable
    public Boolean verify(byte[] message, byte[] signature, PublicKey publicKey) {
        final Signature sig;
        try {
            sig = Signature.getInstance(HASH_ENCRYPTION_ALGORITHM);
            sig.initVerify(publicKey);
            sig.update(message);
            boolean verify = sig.verify(Base64.encodeBase64Chunked(signature));
            return verify;
        } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
            e.printStackTrace();
        }
        return null;
    }
}

调用getPublicKey并验证,结果我得到签名长度不匹配,如果我没有编码签名我没有不匹配,但验证也是错误的,但我使用完全有效的测试数据。放弃寻找错误,帮助我。请。文件编码为 UFT-8。

4

1 回答 1

1

你看过官方文档吗?似乎与标志工厂合作更方便http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html

另外,如果有帮助,我已经找到了这些示例https://www.java-tips.org/java-ee-tips-100042/158-xml-digital-signature-api/1473-using-the-java -xml-数字签名-api.html

于 2018-06-08T21:25:27.100 回答