无法使用证书 java 验证签名值

发布于 10-31 11:10 字数 2679 浏览 4 评论 0原文

我有肥皂网络服务。为了验证消息,我们使用带证书的签名。

当我收到消息并使用客户端证书验证它时,它就通过了。 然后我使用此代码通过我们的私钥证书签署数据

signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
byte[] dataToSign = someXMLNodeString.getBytes();
PrivateKey privateKey = SignatureUtil.getPrivateKeyForCertificate(
"JKS", "keystorefile", "keystorepass".toCharArray(),
"keydomain", "keydomainpass".toCharArray());
signatureValue = SignatureUtil.sign(dataToSign, signature, privateKey);

public static PrivateKey getPrivateKeyForCertificate(
        String keyStoreAlgorithm, String keyStoreName, char[] keystorePass,
        String alias, char[] keyPassword) {
    KeyStore ks = null;
    try {
        ks = KeyStore.getInstance(keyStoreAlgorithm);
    } catch (KeyStoreException e) {
        e.printStackTrace();
        return null;
    }
    FileInputStream ksfis = null;
    try {
        ksfis = new FileInputStream(keyStoreName);
    } catch (FileNotFoundException e) {
        e.printStackTrace();
        return null;
    } 
    BufferedInputStream ksbufin = new BufferedInputStream(ksfis);  

    try {
        ks.load(ksbufin, keystorePass);
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
        return null;
    } catch (CertificateException e) {
        e.printStackTrace();
        return null;
    } catch (IOException e) {
        e.printStackTrace();
        return null;
    } finally {
        if(null != ksbufin) {
            try {
                ksbufin.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
    PrivateKey priv = null;
    try {
        priv = (PrivateKey) ks.getKey(alias, keyPassword);
    } catch (UnrecoverableKeyException e) {
        e.printStackTrace();
        return null;
    } catch (KeyStoreException e) {
        e.printStackTrace();
        return null;
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
        return null;
    }
    return priv;
}

public static byte[] sign(byte[] data, Signature signature, PrivateKey privateKey) throws InvalidKeyException, SignatureException {
    //Create a Signature object and initialize it with the private key
    signature.initSign(privateKey);
    // Update and sign the data
    signature.update(data);

    //Now that all the data to be signed has been read in, 
    //generate a signature for it
    return signature.sign();
}

但是当客户端通过我给定的证书验证我的签名时,它会失败。 我用这些命令生成了我的证书

keytool -genkey -alias keydomain -keysize 1024 -keyalg RSA -keystore keystorefile

keytool -export -alias keydomain -sigalg SHA1withRSA -keystore .keystorefile -file keydomain.cer -rfc

I have soap webservice. To validate messages we use signature with certificate.

When I get message and validate it with client certificate it pass.
Then I sign data by our private key certificate with this code

signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
byte[] dataToSign = someXMLNodeString.getBytes();
PrivateKey privateKey = SignatureUtil.getPrivateKeyForCertificate(
"JKS", "keystorefile", "keystorepass".toCharArray(),
"keydomain", "keydomainpass".toCharArray());
signatureValue = SignatureUtil.sign(dataToSign, signature, privateKey);

public static PrivateKey getPrivateKeyForCertificate(
        String keyStoreAlgorithm, String keyStoreName, char[] keystorePass,
        String alias, char[] keyPassword) {
    KeyStore ks = null;
    try {
        ks = KeyStore.getInstance(keyStoreAlgorithm);
    } catch (KeyStoreException e) {
        e.printStackTrace();
        return null;
    }
    FileInputStream ksfis = null;
    try {
        ksfis = new FileInputStream(keyStoreName);
    } catch (FileNotFoundException e) {
        e.printStackTrace();
        return null;
    } 
    BufferedInputStream ksbufin = new BufferedInputStream(ksfis);  

    try {
        ks.load(ksbufin, keystorePass);
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
        return null;
    } catch (CertificateException e) {
        e.printStackTrace();
        return null;
    } catch (IOException e) {
        e.printStackTrace();
        return null;
    } finally {
        if(null != ksbufin) {
            try {
                ksbufin.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
    PrivateKey priv = null;
    try {
        priv = (PrivateKey) ks.getKey(alias, keyPassword);
    } catch (UnrecoverableKeyException e) {
        e.printStackTrace();
        return null;
    } catch (KeyStoreException e) {
        e.printStackTrace();
        return null;
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
        return null;
    }
    return priv;
}

public static byte[] sign(byte[] data, Signature signature, PrivateKey privateKey) throws InvalidKeyException, SignatureException {
    //Create a Signature object and initialize it with the private key
    signature.initSign(privateKey);
    // Update and sign the data
    signature.update(data);

    //Now that all the data to be signed has been read in, 
    //generate a signature for it
    return signature.sign();
}

But when client validate my signature by my given certificate, it fails.
I generated my certificate with these commands

keytool -genkey -alias keydomain -keysize 1024 -keyalg RSA -keystore keystorefile

keytool -export -alias keydomain -sigalg SHA1withRSA -keystore .keystorefile -file keydomain.cer -rfc

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

瑾夏年华2024-11-07 11:10:21

试试这个。我在 Java 1.6 中遇到了类似的问题,我用这种方法解决了它。

如果您使用标准 JDK 1.6,并且希望提供程序正常工作,则必须下载 Sun JCE 的不受限制的策略文件。

策略文件可以在 JDK 下载的同一位置找到。

https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy -6-oth-JPR@CDS-CDS_Developer

或者

您可以简单地复制(覆盖)这两个文件
1:local_policy.jar
2:US_export_policy.jar

进入目录:--> JAVA_HOME\jre\lib\安全\

Try this one. I had similar problem with Java 1.6 and I solved it this way.

If you are using standard JDK 1.6 you must download the unrestricted policy files for the Sun JCE if you want the provider to work properly.

The policy files can be found at the same place as the JDK download.

https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer

OR

You can simply copy (overwrite) these two files
1: local_policy.jar
2: US_export_policy.jar

into directory:--> JAVA_HOME\jre\lib\security\

回眸一笑2024-11-07 11:10:21

发现问题;这是这一行

byte[] dataToSign = someXMLNodeString.getBytes();

这是从字符串对象获取 byte[] 的错误方法。
您需要流式传输该字符串并从中获取字节。

Found problem; it was this line

byte[] dataToSign = someXMLNodeString.getBytes();

This was wrong method to get byte[] from string object.
You need to stream this string and get bytes from it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文