我需要在JAVA中对我的
XML消息进行数字签名:
生成的XML签名应具有以下格式:
生成的XML签名应具有以下格式:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <DigestValue>DsP5NLca+plhp9tZvGwykfb2whQYt3CQ5sbsVd9Q9aE=</DigestValue> </Reference> </SignedInfo> <SignatureValue> LrfE0po3YPvVxB/m77iBWWiR07Ghiuhuj7tO2C2LKqZK2cLrAiidt+3tjbJ3m16quCFxfh7bmjRtJsGi7a3HKtK qY4auqrjNB62AtYrxvm+7Qd/cRacom4e3M9uF9JD1zTfoGun9w4WDfDrDaoZ+ZwUgNtf6sTYO5Ctcj5sYcD0= </SignatureValue> <KeyInfo> <KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName> </KeyInfo> </Signature>
任何人都可以提供一些代码帮助?
编辑:
我想出了这段代码:
private static Document sign(Document doc) throws InstantiationException,IllegalAccessException,ClassNotFoundException,NoSuchAlgorithmException,InvalidAlgorithmParameterException,KeyException,MarshalException,XMLSignatureException,FileNotFoundException,TransformerException {
String providerName = System.getProperty("jsr105Provider","org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
Reference ref = fac.newReference("",fac.newDigestMethod(DigestMethod.SHA256,null));
// Create the SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec) null),fac.newSignatureMethod(SignatureMethod.RSA_SHA1,null),Collections.singletonList(ref));
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(),doc.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si,ki);
signature.sign(dsc);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc),new StreamResult(new FileOutputStream("mySignedFile")));
return doc;
}
但问题是我得到了:
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
并不是 :
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
这是解决方案:
我在这个链接上找到它
http://mail-archives.apache.org/mod_mbox/santuario-dev/200907.mbox/%3C4A704241.9060806@sun.com%3E
问题是RSA-SHA256算法:
这是结果代码:
private static Document sign(Document doc) throws InstantiationException,(Provider) Class.forName(providerName).newInstance());
DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA256,null);
Transform transform = fac.newTransform(ENVELOPED,(TransformParameterSpec) null);
Reference reference = fac.newReference("",digestMethod,singletonList(transform),null,null);
SignatureMethod signatureMethod = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",null);
CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(EXCLUSIVE,(C14NMethodParameterSpec) null);
// Create the SignedInfo
SignedInfo si = fac.newSignedInfo(canonicalizationMethod,signatureMethod,singletonList(reference));
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
KeyPair kp = kpg.generateKeyPair();
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
// Create a KeyInfo and add the KeyValue to it
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(),ki);
signature.sign(dsc);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
// output the resulting document
OutputStream os;
os = new FileOutputStream("xmlOut.xml");
trans.transform(new DOMSource(doc),new StreamResult(os));
return doc;
}
