提问人:Enjo A 提问时间:4/3/2023 最后编辑:Enjo A 更新时间:4/3/2023 访问量:58
在生成数字签名之前,如何规范化 SignedInfo 节点?
How to canonicalize SignedInfo node before generating digital signature?
问:
我想生成数字签名,但被告知我需要在生成之前先规范化 SignedInfo 节点。我被困在如何首先规范化节点上,并想知道是否可以基于以下代码:
byte [] xmlstringbytes=null;
xmlstringbytes= XMLStringWithNoSignature.getBytes("UTF-8");
final List<Object> listkey= new LinkedList<Object> ();
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
//digest
DigestMethod digestMethodObj = fac.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", null);
//canon
CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null);
//signature
SignatureMethod signatureMethodObj = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
//transform
Transform transform1 = fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-
signature", (TransformParameterSpec) null);
Transform transform2 = fac.newTransform("http://www.w3.org/2006/12/xml-c14n11", (TransformParameterSpec) null);
List<Transform> transformList = new ArrayList<Transform>();
transformList.add(transform1);
transformList.add(transform2);
//reference
Reference ref = (Reference) fac.newReference("", digestMethodObj, transformList, null, null);
List<Reference> referenceList = Collections.singletonList(ref);
//keyinfo
final KeyInfo keyInfo = keyInfoFactory.newKeyInfo (listkey);
//signedinfo
SignedInfo signedInfo = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj,
referenceList);
Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(xmlstringbytes));
DOMSignContext dsc = new DOMSignContext(Key, doc.getDocumentElement());
//generate signature, will need to canonicalize signedInfo first before executing below
command
XMLSignature xmlSignature = fac.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(dsc);
提前感谢您的输入。
答: 暂无答案
评论