Fatal编程技术网
  • java/
  • Java 从PFX获取签名和认证路径

Java 从PFX获取签名和认证路径

java certificate

Java 从PFX获取签名和认证路径,java,certificate,digital-signature,pfx,Java,Certificate,Digital Signature,Pfx,我有一个SOAP消息,比如 <soapenv:Envelope xmlns:soapenv = "http://schemas.xmlsoap.org/soap/envelope/" xmlns:v = "http://www.something.com"> <soapenv:Header/> <soapenv:Body> <v:Auth> <v:userID>xx

我有一个SOAP消息,比如

<soapenv:Envelope
    xmlns:soapenv = "http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:v = "http://www.something.com">
    <soapenv:Header/>
    <soapenv:Body>
        <v:Auth>
            <v:userID>xxxxxxxxxx</v:userID>
            <v:password>xxxxxxxxxx</v:password>
            <v:certChain>xxxxxxxxxx</v:certChain>
            <v:signature>xxxxxxxxxx</v:signature>
        </v:Auth>
    </soapenv:Body>
</soapenv:Envelope>
下面是一段代码,我使用它获取签名、摘要值和证书链。但是当我填充这些值并提交SOAP消息时,我得到一个数字签名无效错误。但我核实了签名是否有效

提取详细信息的代码:

我面临从pfx文件获取认证路径和签名的问题。你能分享获取它们的代码吗,我有下面的代码来获取它们。当我使用通过下面代码获得的签名和认证路径时,我总是得到无效的数字签名

public void getCertificateDetails(){
    String aliasName="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; // not posted here

    try{ 

         char[] passwd = KEY_STORE_PASSWORD.toCharArray();          

         keyStore = KeyStore.getInstance("PKCS12","SunJSSE");


         FileInputStream fis = new FileInputStream("path to pfx file");
         keyStore.load(fis, passwd);

         fis.close();

         Enumeration aliases;


         Certificate[] cc =  keyStore.getCertificateChain(aliasName);
         X509Certificate certificate1 = (X509Certificate) cc[0];

         System.out.println("signo algo:"+certificate1.getSigAlgName()); // get the value as SHA256withRSA

         PrivateKey pKey = (PrivateKey)keyStore.getKey("xxxxxxxxxxxxxxxxxxxxxxxxx", passwd);



         keyStore.getCertificate(aliasName);
         X509Certificate[] result = new X509Certificate[2];

         X509Certificate certificate2 = (X509Certificate)keyStore.getCertificate(aliasName);
         byte[] sig = certificate2.getSignature();



         certChain=keyStore.getCertificateChain(aliasName);
         algorithm=keyStore.getKey(aliasName, passwd).getAlgorithm();
         certificate=keyStore.getCertificate(aliasName);

         System.out.println("public key:"+certificate.getPublicKey().getEncoded());
         PrivateKey myPrivateKey = (PrivateKey)keyStore.getKey(aliasName, passwd);
         xCert = (X509Certificate)certificate;


         keyStore.getCertificate(aliasName).verify( keyStore.getCertificate( aliasName ).getPublicKey());

         x509Content.add(xCert.getSubjectX500Principal().getName());
         x509Content.add(xCert);
    } 
    catch(Exception ex)
    {
        ex.printStackTrace();
    }

 }

 // Get certificate chain
 public Certificate[] getCertificateChain()
 {
     return certChain;
 }

 public String getAlgorithm()
 {

     return algorithm;
 }
 public Certificate getCertificate()
 {
     return certificate;
 }
 public signature getX509Signature()
 {

     return xCert.getSignature();
 }
}

用于对摘要值进行十六进制化的代码

  public String hexify (byte bytes[]) 
  {

      char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', 
            '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

      StringBuffer buf = new StringBuffer(bytes.length * 2);

      for (int i = 0; i < bytes.length; ++i) {
          buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
          buf.append(hexDigits[bytes[i] & 0x0f]);
      }

      return buf.toString();
  }

  public String hexify (byte bytes[]) 
  {

      char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', 
            '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

      StringBuffer buf = new StringBuffer(bytes.length * 2);

      for (int i = 0; i < bytes.length; ++i) {
          buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
          buf.append(hexDigits[bytes[i] & 0x0f]);
      }

      return buf.toString();
  }

public String getThumbPrint(X509Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException 
{
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    byte[] der = cert.getSignature();

    md.update(der);


    byte[] digest = md.digest();

    digest=md.digest(digest);


    return hexify(digest);

}