如何在 Java 中移动已签名 XML 中的签名节点

How to move signature node in signed XML in Java

我有这个XML的例子。我需要的是用 Java 签署 xml。问题是我将 'Signature' 节点放在了错误的位置..

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:fu="http://www.fu.gov.si/" xmlns:xd="http://www.w3.org/2000/09/xmldsig#">
<soapenv:Body>
    <fu:BusinessPremiseRequest Id="data">
        <fu:Header>
            <fu:MessageID>20DF8D44-ABBE-76BA-E053-AA02010AEA8E</fu:MessageID>
            <fu:DateTime>2015-09-24T12:07:28</fu:DateTime>
        </fu:Header>
        <fu:BusinessPremise>
            <fu:TaxNumber>99999862</fu:TaxNumber>
            <fu:BusinessPremiseID>P001</fu:BusinessPremiseID>
            <fu:BPIdentifier>
                <fu:RealEstateBP>
                    <fu:PropertyID>
                        <fu:CadastralNumber>2606</fu:CadastralNumber>
                        <fu:BuildingNumber>6967</fu:BuildingNumber>
                        <fu:BuildingSectionNumber>1</fu:BuildingSectionNumber>
                    </fu:PropertyID>
                    <fu:Address>
                        <fu:Street>TEST</fu:Street>
                        <fu:HouseNumber>7</fu:HouseNumber>
                        <fu:HouseNumberAdditional>C</fu:HouseNumberAdditional>
                        <fu:Community>KOPER</fu:Community>
                        <fu:City>KOPER</fu:City>
                        <fu:PostalCode>6000</fu:PostalCode>
                    </fu:Address>
                </fu:RealEstateBP>
            </fu:BPIdentifier>
            <fu:ValidityDate>2010-09-24</fu:ValidityDate>
            <fu:SoftwareSupplier>
                <fu:TaxNumber>10031685</fu:TaxNumber>
            </fu:SoftwareSupplier>
            <fu:SpecialNotes>Primer prijave poslovnega prostora</fu:SpecialNotes>
        </fu:BusinessPremise>
    </fu:BusinessPremiseRequest>
</soapenv:Body>

现在我想用我在 Java 中的私钥签署 xml。

XPathFactory factory = XPathFactory.newInstance();
        List transforms = null;

        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        Reference ref = fac.newReference(
                "#data",
                fac.newDigestMethod(DigestMethod.SHA256, null),
                transforms,
                null,
                null
        );

        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
                (C14NMethodParameterSpec) null),
                fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null),
                Collections.singletonList(ref));

        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);

        Document doc = (Document) dbf.newDocumentBuilder().parse(new ByteArrayInputStream(xml.getBytes()));


        KeyStore p12 = KeyStore.getInstance("pkcs12");
        p12.load(new FileInputStream("c:/cert/furspeter.pfx"), "PWD".toCharArray());


        Enumeration e = p12.aliases();
        String alias = (String) e.nextElement();
        System.out.println("Alias certifikata:" + alias);
        Key privateKey = p12.getKey(alias, "PWD".toCharArray());

        KeyStore.PrivateKeyEntry keyEntry
                = (KeyStore.PrivateKeyEntry) p12.getEntry(alias, new KeyStore.PasswordProtection("PWD".toCharArray()));

        X509Certificate cert = (X509Certificate) keyEntry.getCertificate();

        KeyInfoFactory kif = fac.getKeyInfoFactory();

        System.out.println(cert.getSerialNumber());

        X509IssuerSerial x509IssuerSerial = kif.newX509IssuerSerial(cert.getSubjectX500Principal().getName(), cert.getSerialNumber());

        List x509Content = new ArrayList();
        System.out.println("ime: " + cert.getSubjectX500Principal().getName());
        x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(x509IssuerSerial);

        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
        DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
        XMLSignature signature = fac.newXMLSignature(si, ki);
        signature.sign(dsc);

        OutputStream os = new FileOutputStream("c:/SignedXml.xml");
        TransformerFactory tf = TransformerFactory.newInstance();
        Transformer trans = tf.newTransformer();
        trans.transform(new DOMSource(doc), new StreamResult(os));

我想要的是在 'fu:BusinessPremiseRequst' 节点中获取 'Signature' 节点。

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"     xmlns:fu="http://www.fu.gov.si/" xmlns:xd="http://www.w3.org/2000/09/xmldsig#">
<soapenv:Body>
<fu:BusinessPremiseRequest Id="data">
<fu:Header>...</fu:Header>
<fu:BusinessPremise>...</fu:BusinessPremise>
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">...</Signature>
</fu:BusinessPremiseRequest>
</soapenv:Body>

在我的例子中,我得到的节点位置错误(下面的示例)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:fu="http://www.fu.gov.si/" xmlns:xd="http://www.w3.org/2000/09/xmldsig#">
<soapenv:Body>
<fu:BusinessPremiseRequest Id="data">
 ....
</fu:BusinessPremiseRequest>
</soapenv:Body>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">..</Signature>
</soapenv:Envelope>

我在 Java 示例中做错了什么?或者如何将节点移动到里面?

你的错误可能在这里:DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement()); 您告诉 DOMSignContext Signature 应该附加到主文档元素。

如果你想在 fu:BusinessPremiseRequest 中使用它,你应该首先获取该节点,并将其作为参数传递给 new DOMSignContext() 构造函数。