3
我們希望創建一個驗證「XADES」簽名的Java Web應用程序,此應用程序應該包含兩個文件:原始文件和他的分離簽名。使用XADES4j驗證XADES簽名
我正在使用XADES4j庫,這是一個偉大的項目。使用XADES4j有沒有驗證簽名而不驗證URI文件引用的方法?因爲xml簽名中給定的參考File無法訪問。
供參考驗證:我正在尋找比較從給定的orignal文件計算的摘要值和從簽名文件中提取的digestValue。
這裏是例外
Exception in thread "main" xades4j.XAdES4jXMLSigException: Error verifying the signature
at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:285)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:188)
at com.wct.VerifyXades.main(VerifyXades.java:33)
Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI file:/D:/workspace/xades4j-487d7a9bb9e5/data_to_sign/test.txt has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: D:\workspace\xades4j-487d7a9bb9e5\data_to_sign\test.txt (Le fichier spécifié est introuvable)
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: D:\workspace\xades4j-487d7a9bb9e5\data_to_sign\test.txt (Le fichier spécifié est introuvable)
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: D:\workspace\xades4j-487d7a9bb9e5\data_to_sign\test.txt (Le fichier spécifié est introuvable)
Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: D:\workspace\xades4j-487d7a9bb9e5\data_to_sign\test.txt (Le fichier spécifié est introuvable)
Original Exception was java.io.FileNotFoundException: D:\workspace\xades4j-487d7a9bb9e5\data_to_sign\test.txt (Le fichier spécifié est introuvable)
at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:412)
at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:256)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:764)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:696)
at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:278)
... 2 more
這裏是源代碼,我使用驗證的XAdES簽名:
package com.wct;
import java.io.FileInputStream;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import xades4j.providers.CertificateValidationException;
import xades4j.providers.CertificateValidationProvider;
import xades4j.providers.ValidationData;
import xades4j.verification.UnexpectedJCAException;
import xades4j.verification.XAdESVerificationResult;
import xades4j.verification.XadesVerificationProfile;
import xades4j.verification.XadesVerifier;
public class VerifyXades {
public static void main(String[] args) throws Exception {
CertificateValidationProvider certValidator = new CertificateValidationProviderImpl();
XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
p.acceptUnknownProperties(true);
XadesVerifier v = p.newVerifier();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.parse(new FileInputStream("data_signed/detachedTestSignature.xml"));
XAdESVerificationResult vr = v.verify(doc.getDocumentElement(), null);
}
}
class CertificateValidationProviderImpl implements CertificateValidationProvider {
@Override
public ValidationData validate(X509CertSelector certSelector,
Date validationDate, Collection<X509Certificate> otherCerts)
throws CertificateValidationException, UnexpectedJCAException {
return new ValidationData((List<X509Certificate>) otherCerts);
}
}
我在簽署新的/驗證的發展,我還沒有很好的經驗。請幫助
預先感謝您的幫助
在我們的案例中,我們無法更改簽名生產。實際上我們的程序應該採用分離的簽名和原始文件。我正在尋找使用「ResourceResolver」,但不幸的是,「XadesVerifier」總是從分離的簽名中檢查文件的uri。這裏是用於實例化「ResourceResolver」的源代碼ResourceResolver resolver = ResourceResolver.getInstance(doc.createAttribute(「URI」),「file:/ D:/workspace/xades4j-487d7a9bb9e5/data_to_sign/test11.txt」,false ); options.useResourceResolver(resolver);' – Khalilos 2014-12-09 15:42:24
我不明白你的代碼。它試圖獲得現有的解析器。我建議使用具有忽略實際URI的邏輯的自定義解析器。實際上您需要實施ResourceResolverSpi並將其傳遞給ResourceResolver。你可以看看ResolverLocalFilesystem的實現。 – lgoncalves 2014-12-09 15:59:21