XML 在 jdk 中使用 SHA256ECDSA 签名 7 - 这可能吗?
XML Signing with SHA256ECDSA in jdk 7 - Is it possible?
我一直在尝试使用 SHA256ECDSA 对 XML 文档进行签名,我使用 jdk 8 成功了。但是,相同的代码在 jdk 7 中不起作用。
任何人都可以告诉我应该更改我的代码以使其在 jdk7 中工作,或者指出替代解决方案(例如使用其他库)吗?
代码如下:
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
SignedInfo si = null;
try {
Reference ref = fac.newReference("", fac.newDigestMethod(
DigestMethod.SHA256, null), Collections.singletonList(fac
.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null);
// Create the SignedInfo.
si = fac.newSignedInfo(
fac.newCanonicalizationMethod(
CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
null), Collections.singletonList(ref));
...
// Instantiate the document to be signed.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = null;
try {
doc = dbf.newDocumentBuilder().parse(
new FileInputStream(PATH_TO_INPUT_XML));
...
// Create a DOMSignContext and specify the RSA PrivateKey and
// location of the resulting XMLSignature's parent element.
String keyPath = PATH_TO_PRIVATE_KEY;
File privKeyFile = new File(keyPath);
BufferedInputStream bis = null;
byte[] privateKeyBytesDecoded = null;
try {
bis = new BufferedInputStream(new FileInputStream(privKeyFile));
byte[] privKeyBytes = new byte[(int) privKeyFile.length()];
bis.read(privKeyBytes);
privateKeyBytesDecoded = Base64.decodeBase64(privKeyBytes);
bis.close();
...
KeyFactory keyFactory = null;
PrivateKey privateKey = null;
KeySpec ks = new PKCS8EncodedKeySpec(privateKeyBytesDecoded);
try {
keyFactory = KeyFactory.getInstance("EC");
privateKey = keyFactory.generatePrivate(ks);
...
DOMSignContext dsc = new DOMSignContext(privateKey,
doc.getDocumentElement());
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate, and sign the enveloped signature.
try {
signature.sign(dsc);
...
我得到以下异常 运行 jkd 7 中的这段代码:
java.security.NoSuchAlgorithmException: unsupported algorithm
at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newSignatureMethod(DOMXMLSignatureFactory.java:231)
the line is:
fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
null), Collections.singletonList(ref));
如有任何帮助,我们将不胜感激。谢谢你。
何塞。
您可以使用 Apache Santuario。您需要更改的唯一行是 XMLSignatureFactory:
的实例化
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
其中 XMLDSigRI 是 org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI。
我一直在尝试使用 SHA256ECDSA 对 XML 文档进行签名,我使用 jdk 8 成功了。但是,相同的代码在 jdk 7 中不起作用。 任何人都可以告诉我应该更改我的代码以使其在 jdk7 中工作,或者指出替代解决方案(例如使用其他库)吗?
代码如下:
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
SignedInfo si = null;
try {
Reference ref = fac.newReference("", fac.newDigestMethod(
DigestMethod.SHA256, null), Collections.singletonList(fac
.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null);
// Create the SignedInfo.
si = fac.newSignedInfo(
fac.newCanonicalizationMethod(
CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
null), Collections.singletonList(ref));
...
// Instantiate the document to be signed.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = null;
try {
doc = dbf.newDocumentBuilder().parse(
new FileInputStream(PATH_TO_INPUT_XML));
...
// Create a DOMSignContext and specify the RSA PrivateKey and
// location of the resulting XMLSignature's parent element.
String keyPath = PATH_TO_PRIVATE_KEY;
File privKeyFile = new File(keyPath);
BufferedInputStream bis = null;
byte[] privateKeyBytesDecoded = null;
try {
bis = new BufferedInputStream(new FileInputStream(privKeyFile));
byte[] privKeyBytes = new byte[(int) privKeyFile.length()];
bis.read(privKeyBytes);
privateKeyBytesDecoded = Base64.decodeBase64(privKeyBytes);
bis.close();
...
KeyFactory keyFactory = null;
PrivateKey privateKey = null;
KeySpec ks = new PKCS8EncodedKeySpec(privateKeyBytesDecoded);
try {
keyFactory = KeyFactory.getInstance("EC");
privateKey = keyFactory.generatePrivate(ks);
...
DOMSignContext dsc = new DOMSignContext(privateKey,
doc.getDocumentElement());
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate, and sign the enveloped signature.
try {
signature.sign(dsc);
...
我得到以下异常 运行 jkd 7 中的这段代码:
java.security.NoSuchAlgorithmException: unsupported algorithm at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newSignatureMethod(DOMXMLSignatureFactory.java:231)
the line is: fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", null), Collections.singletonList(ref));
如有任何帮助,我们将不胜感激。谢谢你。 何塞。
您可以使用 Apache Santuario。您需要更改的唯一行是 XMLSignatureFactory:
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
其中 XMLDSigRI 是 org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI。