无法使用证书 java 验证签名值
我有肥皂网络服务。为了验证消息,我们使用带证书的签名。
当我收到消息并使用客户端证书验证它时,它就通过了。 然后我使用此代码通过我们的私钥证书签署数据
signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
byte[] dataToSign = someXMLNodeString.getBytes();
PrivateKey privateKey = SignatureUtil.getPrivateKeyForCertificate(
"JKS", "keystorefile", "keystorepass".toCharArray(),
"keydomain", "keydomainpass".toCharArray());
signatureValue = SignatureUtil.sign(dataToSign, signature, privateKey);
public static PrivateKey getPrivateKeyForCertificate(
String keyStoreAlgorithm, String keyStoreName, char[] keystorePass,
String alias, char[] keyPassword) {
KeyStore ks = null;
try {
ks = KeyStore.getInstance(keyStoreAlgorithm);
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
}
FileInputStream ksfis = null;
try {
ksfis = new FileInputStream(keyStoreName);
} catch (FileNotFoundException e) {
e.printStackTrace();
return null;
}
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
try {
ks.load(ksbufin, keystorePass);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
} catch (CertificateException e) {
e.printStackTrace();
return null;
} catch (IOException e) {
e.printStackTrace();
return null;
} finally {
if(null != ksbufin) {
try {
ksbufin.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
PrivateKey priv = null;
try {
priv = (PrivateKey) ks.getKey(alias, keyPassword);
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
return null;
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
return priv;
}
public static byte[] sign(byte[] data, Signature signature, PrivateKey privateKey) throws InvalidKeyException, SignatureException {
//Create a Signature object and initialize it with the private key
signature.initSign(privateKey);
// Update and sign the data
signature.update(data);
//Now that all the data to be signed has been read in,
//generate a signature for it
return signature.sign();
}
但是当客户端通过我给定的证书验证我的签名时,它会失败。 我用这些命令生成了我的证书
keytool -genkey -alias keydomain -keysize 1024 -keyalg RSA -keystore keystorefile
keytool -export -alias keydomain -sigalg SHA1withRSA -keystore .keystorefile -file keydomain.cer -rfc
I have soap webservice. To validate messages we use signature with certificate.
When I get message and validate it with client certificate it pass.
Then I sign data by our private key certificate with this code
signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
byte[] dataToSign = someXMLNodeString.getBytes();
PrivateKey privateKey = SignatureUtil.getPrivateKeyForCertificate(
"JKS", "keystorefile", "keystorepass".toCharArray(),
"keydomain", "keydomainpass".toCharArray());
signatureValue = SignatureUtil.sign(dataToSign, signature, privateKey);
public static PrivateKey getPrivateKeyForCertificate(
String keyStoreAlgorithm, String keyStoreName, char[] keystorePass,
String alias, char[] keyPassword) {
KeyStore ks = null;
try {
ks = KeyStore.getInstance(keyStoreAlgorithm);
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
}
FileInputStream ksfis = null;
try {
ksfis = new FileInputStream(keyStoreName);
} catch (FileNotFoundException e) {
e.printStackTrace();
return null;
}
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
try {
ks.load(ksbufin, keystorePass);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
} catch (CertificateException e) {
e.printStackTrace();
return null;
} catch (IOException e) {
e.printStackTrace();
return null;
} finally {
if(null != ksbufin) {
try {
ksbufin.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
PrivateKey priv = null;
try {
priv = (PrivateKey) ks.getKey(alias, keyPassword);
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
return null;
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
return priv;
}
public static byte[] sign(byte[] data, Signature signature, PrivateKey privateKey) throws InvalidKeyException, SignatureException {
//Create a Signature object and initialize it with the private key
signature.initSign(privateKey);
// Update and sign the data
signature.update(data);
//Now that all the data to be signed has been read in,
//generate a signature for it
return signature.sign();
}
But when client validate my signature by my given certificate, it fails.
I generated my certificate with these commands
keytool -genkey -alias keydomain -keysize 1024 -keyalg RSA -keystore keystorefile
keytool -export -alias keydomain -sigalg SHA1withRSA -keystore .keystorefile -file keydomain.cer -rfc
试试这个。我在 Java 1.6 中遇到了类似的问题,我用这种方法解决了它。
如果您使用标准 JDK 1.6,并且希望提供程序正常工作,则必须下载 Sun JCE 的不受限制的策略文件。
策略文件可以在 JDK 下载的同一位置找到。
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy -6-oth-JPR@CDS-CDS_Developer
或者
您可以简单地复制(覆盖)这两个文件
1:local_policy.jar
2:US_export_policy.jar
进入目录:--> JAVA_HOME\jre\lib\安全\
Try this one. I had similar problem with Java 1.6 and I solved it this way.
If you are using standard JDK 1.6 you must download the unrestricted policy files for the Sun JCE if you want the provider to work properly.
The policy files can be found at the same place as the JDK download.
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer
OR
You can simply copy (overwrite) these two files
1: local_policy.jar
2: US_export_policy.jar
into directory:--> JAVA_HOME\jre\lib\security\