Java 从PFX获取签名和认证路径
我有一个SOAP消息,比如Java 从PFX获取签名和认证路径,java,certificate,digital-signature,pfx,Java,Certificate,Digital Signature,Pfx,我有一个SOAP消息,比如 <soapenv:Envelope xmlns:soapenv = "http://schemas.xmlsoap.org/soap/envelope/" xmlns:v = "http://www.something.com"> <soapenv:Header/> <soapenv:Body> <v:Auth> <v:userID>xx
<soapenv:Envelope
xmlns:soapenv = "http://schemas.xmlsoap.org/soap/envelope/"
xmlns:v = "http://www.something.com">
<soapenv:Header/>
<soapenv:Body>
<v:Auth>
<v:userID>xxxxxxxxxx</v:userID>
<v:password>xxxxxxxxxx</v:password>
<v:certChain>xxxxxxxxxx</v:certChain>
<v:signature>xxxxxxxxxx</v:signature>
</v:Auth>
</soapenv:Body>
</soapenv:Envelope>
下面是一段代码,我使用它获取签名、摘要值和证书链。但是当我填充这些值并提交SOAP消息时,我得到一个数字签名无效错误。但我核实了签名是否有效
提取详细信息的代码:
我面临从pfx文件获取认证路径和签名的问题。你能分享获取它们的代码吗,我有下面的代码来获取它们。当我使用通过下面代码获得的签名和认证路径时,我总是得到无效的数字签名
public void getCertificateDetails(){
String aliasName="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; // not posted here
try{
char[] passwd = KEY_STORE_PASSWORD.toCharArray();
keyStore = KeyStore.getInstance("PKCS12","SunJSSE");
FileInputStream fis = new FileInputStream("path to pfx file");
keyStore.load(fis, passwd);
fis.close();
Enumeration aliases;
Certificate[] cc = keyStore.getCertificateChain(aliasName);
X509Certificate certificate1 = (X509Certificate) cc[0];
System.out.println("signo algo:"+certificate1.getSigAlgName()); // get the value as SHA256withRSA
PrivateKey pKey = (PrivateKey)keyStore.getKey("xxxxxxxxxxxxxxxxxxxxxxxxx", passwd);
keyStore.getCertificate(aliasName);
X509Certificate[] result = new X509Certificate[2];
X509Certificate certificate2 = (X509Certificate)keyStore.getCertificate(aliasName);
byte[] sig = certificate2.getSignature();
certChain=keyStore.getCertificateChain(aliasName);
algorithm=keyStore.getKey(aliasName, passwd).getAlgorithm();
certificate=keyStore.getCertificate(aliasName);
System.out.println("public key:"+certificate.getPublicKey().getEncoded());
PrivateKey myPrivateKey = (PrivateKey)keyStore.getKey(aliasName, passwd);
xCert = (X509Certificate)certificate;
keyStore.getCertificate(aliasName).verify( keyStore.getCertificate( aliasName ).getPublicKey());
x509Content.add(xCert.getSubjectX500Principal().getName());
x509Content.add(xCert);
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
// Get certificate chain
public Certificate[] getCertificateChain()
{
return certChain;
}
public String getAlgorithm()
{
return algorithm;
}
public Certificate getCertificate()
{
return certificate;
}
public signature getX509Signature()
{
return xCert.getSignature();
}
}
用于对摘要值进行十六进制化的代码
public String hexify (byte bytes[])
{
char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
StringBuffer buf = new StringBuffer(bytes.length * 2);
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f]);
}
return buf.toString();
}
public String hexify (byte bytes[])
{
char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
StringBuffer buf = new StringBuffer(bytes.length * 2);
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f]);
}
return buf.toString();
}
public String getThumbPrint(X509Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException
{
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] der = cert.getSignature();
md.update(der);
byte[] digest = md.digest();
digest=md.digest(digest);
return hexify(digest);
}