我有.cer
這是由他人簽名。從那我使用下面的工具創建私鑰文件.jks
。從密鑰庫獲得私鑰
keytool -importcert -file aaa.cer -keystore aaa.jks -alias abcd
輸出:
Owner: CN=Sample, [email protected], C=IN, OU=Director, O=ABCDEF
Issuer: C=IN, O=ABCDEF, CN=Owner
Serial number: 1
Valid from: Fri Feb 20 17:11:48 IST 2015 until: Mon Feb 19 17:11:48 IST 2018
Certificate fingerprints:
MD5: 59:9A:1C:FA:F7:F3:45:CA:06:1D:FA:AA:13:B7:68:1C
SHA1: 3B:4E:4B:5A:57:9E:DC:D6:3E:3C:EB:18:91:60:B6:EA:9D:FB:6E:DA
SHA256: 37:04:49:08:0A:2E:1D:5D:58:51:0E:69:C3:85:5C:45:55:F0:D9:6B:27:EE:99:6B:E7:08:B7:4A:EA:E0:83:EC
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
相同的證書,我需要簽名XML的,我寫了下面的代碼,
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document inputDocument = dbf.newDocumentBuilder().parse(new InputSource(new StringReader(xmlDoc)));
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("../cer/aaa.jks"), "xxxxxxx".toCharArray());
KeyStore.PrivateKeyEntry keyEntry =(KeyStore.PrivateKeyEntry) ks.getEntry("abcd", new KeyStore.PasswordProtection("xxxxxxx".toCharArray()));
X509Certificate x509Cert = (X509Certificate) keyEntry.getCertificate();
X509Certificate x509Cert = (X509Certificate) keyEntry.getCertificate();
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(MEC_TYPE);
Reference ref = fac.newReference(WHOLE_DOC_URI, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null)), null, null);
SignedInfo sInfo = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),Collections.singletonList(ref));
KeyInfo kInfo = getKeyInfo(x509Cert, fac);
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),inputDocument.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(sInfo,kInfo);
signature.sign(dsc);
Node node = dsc.getParent();
Document signedDocument = node.getOwnerDocument();
StringWriter stringWriter = new StringWriter();
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(signedDocument), new StreamResult(stringWriter));
return stringWriter.getBuffer().toString();
但是我卻越來越在行6號異常。
堆棧跟蹤:
java.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)
at java.security.KeyStore.getEntry(Unknown Source)
請幫助如何解決這個問題謝謝。
請勿在此處發佈輸出圖片。複製並粘貼*文本。*很簡單。否則,你會浪費別人的帶寬;減少易讀性;消除進一步的co py/paste;並且通常會減少你回答的機會。 – EJP 2015-02-11 07:53:18