我必須簽名,然後簽名一些xml簽名。這是我的代碼:計數器簽名無效(xades4j)
private String singXadesEnveloped(String mode, Document document, Certificate[] certificateChain, PrivateKey signingKey, String mimeType, String encoding)
throws XAdES4jException, ClassCastException, UnsupportedEncodingException, ClassNotFoundException,
InstantiationException, IllegalAccessException {
try {
DataObjectDesc desc = null;
KeyingDataProvider kp = new StaticKeyingDataProvider(certificateChain, signingKey);
BasicSignatureOptionsProvider bop=new BasicSignatureOptionsProvider() {
public boolean signSigningCertificate() {
// TODO Auto-generated method stub
return false;
}
public boolean includeSigningCertificate() {
// TODO Auto-generated method stub
return true;
}
public boolean includePublicKey() {
// TODO Auto-generated method stub
return true;
}
};
//System.out.println("bop.includePublic="+bop.includePublicKey());
XadesSigningProfile sp = new XadesBesSigningProfile(kp).withTimeStampTokenProvider(CertumFreeTimeStampProvider.class).withBasicSignatureOptionsProvider(bop);
XadesSigner signer = sp.newSigner();
desc = new DataObjectReference("")
.withDataObjectFormat(new DataObjectFormatProperty(mimeType, encoding))
.withTransform(new EnvelopedSignatureTransform());
SignedDataObjects dataObjects = new SignedDataObjects(desc)
.withCommitmentType(AllDataObjsCommitmentTypeProperty.proofOfOrigin());
Element el = document.getDocumentElement();
//System.out.println("element="+el.getNodeName());
XadesSignatureResult sign = signer.sign(dataObjects, el);
String signed_xml = serializeDocument(document);
//System.out.println("\n\nPodpisany xml:\n"+signed_xml+"\n\n");
XadesSignatureFormatExtender extender = new XadesFormatExtenderProfile().getFormatExtender();
Element sigElem = sign.getSignature().getElement();
//System.out.println("\n\nTag do podpisu:"+sigElem.getNodeName()+"\n\n");
XMLSignature sig = new XMLSignature(sigElem, sigElem.getOwnerDocument().getBaseURI());
XadesSigningProfile profile = new XadesBesSigningProfile(kp).withTimeStampTokenProvider(CertumFreeTimeStampProvider.class).withBasicSignatureOptionsProvider(bop);
final XadesSigner counterSigner = profile.newSigner();
// .withTransform(new ExclusiveCanonicalXMLWithoutComments());
//System.out.println("\n\nNode sygnatury: "+sig.getElement().getNodeName()+"\n\n");
Collection<UnsignedSignatureProperty> usp = new ArrayList(1);
usp.add(new CounterSignatureProperty(counterSigner));
extender.enrichSignature(sig, new UnsignedProperties(usp));
} catch (XMLSignatureException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (XMLSecurityException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
/*-----------------------------------------------------*/
//alternatywny sposób realizowania podpisu
//new Enveloped(signer).sign(document.getDocumentElement());
DOMSource domSource = new DOMSource(document);
StringWriter writer = new StringWriter();
StreamResult result = new StreamResult(writer);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer;
try {
transformer = tf.newTransformer();
transformer.transform(domSource, result);
} catch (TransformerConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (TransformerException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//System.out.println("\n\nsignXades signed before serializedocument: \n\n" + writer.toString());
//return serializeDocument(signed_document);
return writer.toString();
}
它簽署我的XML並添加計數器簽名。 不幸的是,當我驗證我的XML,簽名非常好,但計數器簽名不是(簽名的摘要與文件數據的摘要不相等)。
我的代碼有什麼問題?這是XML簽名具有與反簽名:
Signed and countersigned xml file
該代碼似乎是正確的。您能否提供驗證簽名所需的證書以及包含的TS令牌,以便我可以嘗試重現問題? – lgoncalves 2014-09-02 21:21:21
我在外部程序中驗證我簽名的XML,所以我真的不知道我應該發給你什麼(羞恥我......)。如果它可以幫助,這是鏈接到您可以下載程序的頁面(它也會在系統中安裝一些證書)。 [第一或頁面上第二個鏈接] [1] [1]:http://sigillum.pl/pliki_do_pobrania.html 我能得到怎樣 「TS包括令牌」 送他們到你? – Tomi 2014-09-03 05:46:28
我只需要證書頒發機構證書來驗證簽名。也許他們是公開的? – lgoncalves 2014-09-03 15:12:04