unsupported SignatureMethod algorithm, but the algorithm is listed as available Service by BC-Provider

我是研究僧i 提交于 2021-02-08 05:34:32

问题


to keep it short, my problem is as follows:

I add the BC-Provider at the beginning of my function:

Security.addProvider(new BouncyCastleProvider());

when i List all Services

BouncyCastleProvider().getServices();

the List contains "RIPEMD160WITHECDSA"

on the last line of this codesnippet:

XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(pubkeys[i], sigElement);
valContext.setURIDereferencer(new FileDereferencer(
                              factory.getURIDereferencer(), new File("D:\\eclipseworkspace\\pathtoxml.xml")));
javax.xml.crypto.dsig.XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext);

i get an Exception with the Message:

unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160

What does that mean? what is the difference between RIPEMD160WITHECDSA und the Algorithm specified by this URL? Or is the url just not mapped to this Algorithmname?

Here is the stacktrace:

javax.xml.crypto.MarshalException: unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
    at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(Unknown Source)
    at com.mobile.xmlsignature.XMLSigChecker.verify(XMLSigChecker.java:122)
    at com.mobile.xmlsignature.mainclass.main(mainclass.java:13)

回答1:


It looks like ecdsa-ripemd160 is not one of the default signature methods registered with DOMSignatureMethod.

According to XMLSignatureFactory.newSignatureMethod() you can probably register ecdsa-ripemd160 using something like this:

xmlFact.newSignatureMethod(
    "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160", 
     MyECDSARipemd160Provider());

You will have to roll your own MyECDSARipemd160Provider() class to implement the SignatureMethodParameterSpec and it will need to identify your algorithm. I have not tried this and I suspect it might take some trial and error. I don't know if there is a BC class that does this for you. I would assume the getAlgorithm() call to this class should return "RIPEMD160WITHECDSA".



来源:https://stackoverflow.com/questions/11984025/unsupported-signaturemethod-algorithm-but-the-algorithm-is-listed-as-available

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!