如何在Java中对XML文档片段进行数字签名
请参考下面的xml。我已被要求对文档片段进行数字签名,表示为:如何在Java中对XML文档片段进行数字签名,java,xml,fragment,digital-signature,Java,Xml,Fragment,Digital Signature,请参考下面的xml。我已被要求对文档片段进行数字签名,表示为: <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="XYZAssertion" IssueInstant="2014-12-09T18:56:16.636Z" Version="2.0"> XML: 粉刺评估 粉刺 用户的RRTPID sso:sp:Amplificity urn:oasis:name:tc:SAML:2.0:a
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="XYZAssertion" IssueInstant="2014-12-09T18:56:16.636Z" Version="2.0">
XML:
粉刺评估
粉刺
用户的RRTPID
sso:sp:Amplificity
urn:oasis:name:tc:SAML:2.0:ac:classes:未指定
Xq7+w0EUWGyM1dsJqKsIlV1hPO0=
VNPKL2VFJ62PLCGCDxVGHL1R8 NoreaeouHK0CktooSNJ2SZ9Q9N9A==
…
...
…/G>
...
DOMSignContext接受一个XML元素及其子元素,然后XMLSignature对其进行签名。因此,您不必使用doc.getDocumentElement()
而只需将其替换为您选择的XML元素即可。该元素及其子元素将被签名
请注意,我个人没有使用过API,但文档中指出了这一点。你试过了吗?是的,我试过了。我通过遍历DOM找到元素,然后将其传递给签名:
DOMSignContext dsc=new-DOMSignContext(privateKey,foundEle)
但生成的签名仍然显示:
。您并不是说如何创建SignedInfo(si)。要更改引用中的URI,需要使用fac.newReference(“XYZAssertion”,DigestMethod dm)
,然后使用fac.newSignedInfo(规范化方法cm,签名方法sm,列表引用)
。
<Reference URI="">
<Reference URI="#XYZAssertion">
// Instantiate the document to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(fileNameIn));
DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate (and sign) the enveloped signature
signature.sign(dsc);
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="XYZResponse" IssueInstant="2014-12-26T11:40:12.901-06:00" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">ComEdRRTPAssertion</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="XYZAssertion" IssueInstant="2014-12-09T18:56:16.636Z" Version="2.0">
<saml:Issuer>ComEdRRTP</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">user's RRTPID</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2014-12-26T17:40:12.901-06:00" Recipient="https://test.amplifinity.net/ee/sso/HandleSamlLoginResponse" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-12-26T11:40:12.901-06:00" NotOnOrAfter="2014-12-26T17:40:12.901-06:00">
<saml:AudienceRestriction>
<saml:Audience>sso:sp:amplifinity</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-12-26T11:40:12.901-06:00" SessionIndex="1">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>Xq7+w0EUWGyM1dsJqKsIlV1hPO0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>VNPKl2vfj62PLCgcDxvGHL1R8noreaeOuHK0cKcTOOsNJ2SZ9q9n9A==</SignatureValue>
<KeyInfo>
<KeyValue>
<DSAKeyValue>
<P>...</P>
<Q>...</Q>
<G>.../G>
<Y>...</Y>
</DSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</saml:Assertion>
</samlp:Response>