Java XML签名值不匹配问题
我有一个XML签名值不匹配错误的问题。完整场景Java XML签名值不匹配问题,java,xml,cryptography,x509certificate,xml-signature,Java,Xml,Cryptography,X509certificate,Xml Signature,我有一个XML签名值不匹配错误的问题。完整场景 我用OpenSSL生成了一个1024位的私有密钥 我使用该私钥生成了CSR并将其发送给VISA,他们已使用根CA证书签署了文档,并以.pem格式向我发送了一份签名证书 我使用以下java代码对XML文档进行签名 当我将数据发送回VISA时,他们验证签名值并发送不匹配错误 XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.fo
- 我用OpenSSL生成了一个1024位的私有密钥
- 我使用该私钥生成了CSR并将其发送给VISA,他们已使用根CA证书签署了文档,并以.pem格式向我发送了一份签名证书
- 我使用以下java代码对XML文档进行签名
XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());
DigestMethod digestMethod = factory.newDigestMethod(DigestMethod.SHA1, null);
factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
Reference reference = factory.newReference("#" + paresId, digestMethod, null, null,null);
CanonicalizationMethod canonicalizationMethod = factory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
SignatureMethod signatureMethod = factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
SignedInfo signedInfo = factory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair keyPair = kpg.generateKeyPair();
KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();
KeyStore keyStore = KeyStore.getInstance("JKS"); //PKC#7
keyStore.load(new FileInputStream(keystorePath), "dell12345".toCharArray());
KeyStore.PrivateKeyEntry keyEntry =
(KeyStore.PrivateKeyEntry) keyStore.getEntry("deskey", new KeyStore.PasswordProtection("dell12345".toCharArray()));
//PrivateKey m_objRequestSigningKey = (PrivateKey) obj_keyStore.getKey(str_alias, "password".toCharArray());
KeyStore.TrustedCertificateEntry rootEntry = (KeyStore.TrustedCertificateEntry) keyStore.getEntry("root", null);
X509Certificate rootCertificate = (X509Certificate) rootEntry.getTrustedCertificate();
KeyStore.TrustedCertificateEntry intermediateEntry = (KeyStore.TrustedCertificateEntry) keyStore.getEntry("intermediate", null);
X509Certificate intermediateCertificate = (X509Certificate) intermediateEntry.getTrustedCertificate();
KeyStore.TrustedCertificateEntry signEntry = (KeyStore.TrustedCertificateEntry) keyStore.getEntry("sign", null);
X509Certificate sigingCertificate = (X509Certificate) signEntry.getTrustedCertificate();
List<X509Certificate> x509 = new ArrayList<X509Certificate>();
x509.add(rootCertificate );
x509.add(intermediateCertificate );
x509.add(sigingCertificate );
X509Data x509Data = keyInfoFactory.newX509Data(x509);
List<X509Data> items = new ArrayList<X509Data>();
items.add(x509Data);
KeyInfo keyInfo = keyInfoFactory.newKeyInfo(items);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(IOUtils.toInputStream(inputXml));
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo);
signature.sign(dsc);
XMLSignatureFactory factory=XMLSignatureFactory.getInstance(“DOM”,(提供者)类.forName(提供者名称).newInstance());
DigestMethod=factory.newDigestMethod(DigestMethod.SHA1,null);
工厂.newTransform(Transform.ENVELOPED,(TransformParameterSpec)null);
Reference=factory.newReference(“#”+paresId,digestMethod,null,null,null);
CanonicalizationMethod CanonicalizationMethod=factory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec)null);
SignatureMethod SignatureMethod=factory.newSignatureMethod(SignatureMethod.RSA_SHA1,null);
SignedInfo SignedInfo=factory.newSignedInfo(规范化方法,signatureMethod,Collections.singletonList(参考));
KeyPairGenerator kpg=KeyPairGenerator.getInstance(“RSA”);
初始化(512);
KeyPair KeyPair=kpg.generateKeyPair();
KeyInfoFactory KeyInfoFactory=factory.getKeyInfoFactory();
KeyStore KeyStore=KeyStore.getInstance(“JKS”)//PKC#7
load(新文件输入流(keystorePath),“dell12345.tocharray());
KeyStore.PrivateKeyEntry密钥入口=
(KeyStore.PrivateKeyEntry)KeyStore.getEntry(“deskey”,新的KeyStore.PasswordProtection(“dell12345.toCharArray());
//PrivateKey m_objRequestSigningKey=(PrivateKey)obj_keyStore.getKey(str_别名,“password.tocharray());
KeyStore.TrustedCertificateEntry rootEntry=(KeyStore.TrustedCertificateEntry)KeyStore.getEntry(“根”,null);
X509Certificate rootCertificate=(X509Certificate)rootEntry.getTrustedCertificate();
KeyStore.TrustedCertificateEntry intermediateEntry=(KeyStore.TrustedCertificateEntry)KeyStore.getEntry(“intermediate”,null);
X509Certificate intermediateCertificate=(X509Certificate)intermediateEntry.getTrustedCertificate();
KeyStore.TrustedCertificateEntry signEntry=(KeyStore.TrustedCertificateEntry)KeyStore.getEntry(“sign”,null);
X509Certificate sigingCertificate=(X509Certificate)signEntry.getTrustedCertificate();
列表x509=新的ArrayList();
x509.添加(根证书);
x509.增加(中间认证);
x509.添加(签名证书);
X509Data X509Data=keyInfoFactory.newX509Data(x509);
列表项=新建ArrayList();
添加(X509数据);
KeyInfo KeyInfo=keyInfoFactory.newKeyInfo(项目);
DocumentBuilderFactory dbf=DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc=dbf.newDocumentBuilder().parse(IOUtils.toInputStream(inputXml));
DOMSignContext dsc=新的DOMSignContext(keyEntry.getPrivateKey(),doc.getDocumentElement());
XMLSignature signature=factory.newXMLSignature(signedInfo,keyInfo);
签名。签名(dsc);
即使我正确地提到了规范化方法,我也不知道他们为什么会给出错误
KeyPairGeneratorKeyPair