我需要用封装的 XAdES-BES 对 xml 文件进行签名。问题是签名似乎无效。
环顾四周,我发现了我正在使用这个测试用例的代码:
import org.apache.commons.io.FileUtils;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import systems.software.red.cedi5.aidaSignature.AidaSignatureService;
import xades4j.algorithms.EnvelopedSignatureTransform;
import xades4j.production.DataObjectReference;
import xades4j.production.SignedDataObjects;
import xades4j.production.XadesBesSigningProfile;
import xades4j.production.XadesSigner;
import xades4j.properties.DataObjectDesc;
import xades4j.providers.KeyingDataProvider;
import xades4j.providers.impl.FileSystemKeyStoreKeyingDataProvider;
import xades4j.providers.impl.KeyStoreKeyingDataProvider;
import xades4j.utils.DOMHelper;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import java.io.File;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.List;
public class TestSignature {
public class FirstCertificateSelector implements KeyStoreKeyingDataProvider.SigningCertSelector
{
@Override
public X509Certificate selectCertificate(
List<X509Certificate> availableCertificates)
{
return availableCertificates.get(0);
}
}
public class DirectPasswordProvider implements KeyStoreKeyingDataProvider.KeyStorePasswordProvider,
KeyStoreKeyingDataProvider.KeyEntryPasswordProvider
{
private char[] password;
public DirectPasswordProvider(String password)
{
this.password = password.toCharArray();
}
@Override
public char[] getPassword()
{
return password;
}
@Override
public char[] getPassword(String entryAlias, X509Certificate entryCert)
{
return password;
}
}
@Test
public void signBes(String resourceName, String outputPath, String keystorePath, String keystorePwd) throws Exception {
try (InputStream DocumentIs = TestSignature.class.getResourceAsStream(resourceName)) {
Document doc = DocumentBuilderFactory
.newInstance()
.newDocumentBuilder()
.parse(DocumentIs);
Element elem = doc.getDocumentElement();
DOMHelper.useIdAsXmlId(elem);
KeyingDataProvider kdp = new FileSystemKeyStoreKeyingDataProvider(
"pkcs12",
keystorePath,
new FirstCertificateSelector(),
new DirectPasswordProvider(keystorePwd),
new DirectPasswordProvider(keystorePwd),
true);
DataObjectDesc obj = new DataObjectReference("")//"#" + elem.getAttribute("Id"))
.withTransform(new EnvelopedSignatureTransform());
SignedDataObjects dataObjs = new SignedDataObjects().withSignedDataObject(obj);
XadesSigner signer = new XadesBesSigningProfile(kdp).newSigner();
signer.sign(dataObjs, elem);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(new File(outputPath));
transformer.transform(source, result);
}
}
@Test
public void testSign_8D4U0506_M000010_xml() throws Exception {
signBes("/sample.xml" , "/tmp/sample-signed.xml",
"/home/foo/signature.p12",
"mypwd");
}
}
/tmp/sample-signed.xml似乎无效。
我还尝试在此处验证签名文件: http://tools.chilkat.io/xmlDsigVerify.cshtml,但结果是:
Signature is Invalid
Number of Reference Digests = 2
Reference 1 digest is valid.
Reference 2 digest is invalid because the computed digest differs from the digest in the XML.
我需要签署 xml 文件,XAdES-BES enveloped但我不知道如何继续。