使用 xml 中的公钥进行 javax.xml.crypto.dsig 验证
使用 javax.xml.crypto.dsig,如何在不指定公钥的情况下解组和验证 XMLSignature?公钥似乎位于已签名的 xml 中,但我无法找到获取它的方法。
DOMValidateContext valContext = new DOMValidateContext(key,signatureNode);
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean coreValidity = signature.validate(valContext);
据我所知,有必要将 KeySelector 而不是 Key 传递给 DOMValidateContext。但是,我不知道如何实现 KeySelector。
这是我发现的关于如何实现 KeySelector 的唯一示例: http://download.oracle.com/javase /6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
不幸的是它不起作用。在该实现中,它执行以下操作,但总是失败,因为没有 KeyValue 元素(看起来它们不是 KeyValue 元素,而是 org.jcp.xml.dsig.internal.dom.DOMX509Data 元素,无法获取他们的钥匙)。
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
XMLStructure xs = (XMLStructure) list.get(i);
if(xs instanceof KeyValue) {
PublicKey pk = null;
try {
pk = ((KeyValue) xs).getPublicKey();
} catch (KeyException ke) {
throw new KeySelectorException(ke);
}
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
}
}
}
throw new KeySelectorException("No KeyValue element found!");
那么,有办法做到这一点吗?我希望能够验证 xml 文件的签名,而无需拥有公钥。我只想从 xml 中获取公钥。
Using javax.xml.crypto.dsig, how do I unmarshal and validate an XMLSignature without specifying the public key? The public key appears to be in the signed xml, but I can't figure out a way to get it.
DOMValidateContext valContext = new DOMValidateContext(key,signatureNode);
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean coreValidity = signature.validate(valContext);
As far as I can tell it's necessary to pass a KeySelector instead of a Key to the DOMValidateContext. However, I can't figure out how to implement a KeySelector.
Here is the only example I've found about how to implement a KeySelector:
http://download.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
Unfortunately it doesn't work. In that implementation it does the following but always fails because there are no KeyValue elements (it appears that instead of KeyValue elements they are org.jcp.xml.dsig.internal.dom.DOMX509Data elements which don't have a way to ge the key from them).
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
XMLStructure xs = (XMLStructure) list.get(i);
if(xs instanceof KeyValue) {
PublicKey pk = null;
try {
pk = ((KeyValue) xs).getPublicKey();
} catch (KeyException ke) {
throw new KeySelectorException(ke);
}
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
}
}
}
throw new KeySelectorException("No KeyValue element found!");
So, is there a way to do this? I want to be able to validate the signature of an xml file without having to have the public key. I just want to get the public key from the xml.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
扩展 if () 条件来检查 xs 是否是 KeyValue 的实例,以检查 X509Data 的实例,如下所示:
Extend the if () condition you have checking to see if xs is an instance of KeyValue to also check instance of X509Data as follows:
只需将 xmldsig.jar 包含到您的构建路径中,然后检查您的 JDK 是否为 1.5,您必须将其添加到构建路径中
对于 1.6,它们已内置,因此无需添加以供参考
http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/
just include xmldsig.jar to your build path and check the JDK of yours for 1.5 you have to add to your build path
for 1.6 they have inbuilt in it so no need to add for reference
http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/