我需要签署一个xml文档。我有私钥的路径和证书的路径。我看到的示例都是从密钥库中获取的,但是我不想将它们放入密钥库中。
调用是这样的:
buildSignatureBlock(privateKeyPath,certificatePath);
我的代码正在soap标头中创建一个签名块,如下所示:
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>4om2CA8VG4...</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
但我需要它看起来更像这样:
<KeyInfo>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>E=mari...</X509IssuerName>
<X509SerialNumber>00 eb 8e 89 7c .. .. .. ..</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MIIC3jCCAke...</X509Certificate>
</X509Data>
</KeyInfo>
这是产生它的代码:
private void buildSignatureBlock(String privateKeyPath, String publicKeyPath) {
BufferedReader br;
XMLSignature signature = null;
try {
br = new BufferedReader(new FileReader(privateKeyPath));
Security.addProvider(new BouncyCastleProvider());
PEMParser pp = new PEMParser(br);
PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject();
KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);
pp.close();
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), securityNode);
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a Reference to the enveloped document (in this case,
// you are signing the whole document, so a URI of "" signifies
// that, and also specify the SHA1 digest algorithm and
// the ENVELOPED Transform.
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null);
//create the SignedInfo object, which is the object that is actually signed
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
//create the optional KeyInfo object, which contains info that enables the recipient
//to find the key needed to validate the signature.
KeyInfoFactory kif = fac.getKeyInfoFactory();
//use the KeyInfoFactory to create the KeyValue object and add it to a KeyInfo object
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
//Finally, we create the XMLSignature object
signature = fac.newXMLSignature(si, ki);
//generate the signature
signature.sign(dsc);
//The resulting document now contains a signature,
//which has been inserted as the last child element of the root element.
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (MarshalException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (XMLSignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
如何修改它以产生正确的签名块?
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。