XML Digital Signature Java

前端 未结 3 1635
醉话见心
醉话见心 2021-02-06 03:42

i need to digital sign my XML messages in JAVA: The resulting XML signature should have the following format:



        
相关标签:
3条回答
  • 2021-02-06 04:34

    You got <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>, because that's what you asked for: fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null). As you figured out and https://blogs.oracle.com/mullan/entry/using_stronger_xml_signature_algorithms states, fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", (SignatureMethodParameterSpec) null) will get you <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />.

    0 讨论(0)
  • 2021-02-06 04:37

    Here is the solution:

    i find it on this link http://mail-archives.apache.org/mod_mbox/santuario-dev/200907.mbox/%3C4A704241.9060806@sun.com%3E the problem was RSA-SHA256 Algorithm :

    here is the resulting code :

    private static Document sign(Document doc) throws InstantiationException, IllegalAccessException, ClassNotFoundException,
                NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException,
                FileNotFoundException, TransformerException {
    
            String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
    
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());
    
            DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA256, null);
            Transform transform = fac.newTransform(ENVELOPED, (TransformParameterSpec) null);
            Reference reference = fac.newReference("", digestMethod, singletonList(transform), null, null);
            SignatureMethod signatureMethod = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
            CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(EXCLUSIVE, (C14NMethodParameterSpec) null);
    
            // Create the SignedInfo
            SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethod, singletonList(reference));
    
    
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(2048);
    
            KeyPair kp = kpg.generateKeyPair();
    
            KeyInfoFactory kif = fac.getKeyInfoFactory();
            KeyValue kv = kif.newKeyValue(kp.getPublic());
    
            // Create a KeyInfo and add the KeyValue to it
            KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
            DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
    
            XMLSignature signature = fac.newXMLSignature(si, ki);
            signature.sign(dsc);
    
            TransformerFactory tf = TransformerFactory.newInstance();
            Transformer trans = tf.newTransformer();
    
            // output the resulting document
            OutputStream os;
    
            os = new FileOutputStream("xmlOut.xml");
    
            trans.transform(new DOMSource(doc), new StreamResult(os));
            return doc;
    
        }
    
    0 讨论(0)
  • 2021-02-06 04:38

    These are standard XML-Signatures. See the W3 Documentation on "XML-Signature Syntax and Processing" for the specification how this can be done. A quick search on google lead to this howto written by Oracle on the integration of XML Signatures in Java: XML Digital Signature API. If you have any further problems, please shows us what you have tried.

    0 讨论(0)
提交回复
热议问题