Java 生成不带名称空间前缀的x509证书android(ds:)
我正在生成带有xml签名的X509证书。成功地生成了xml数字签名Java 生成不带名称空间前缀的x509证书android(ds:),java,android,apache,xml-signature,Java,Android,Apache,Xml Signature,我正在生成带有xml签名的X509证书。成功地生成了xml数字签名 public class DigitalSigner { private static final String KEY_STORE_TYPE = "PKCS12"; String alias; KeyStore ks; PrivateKey privateKey; public DigitalSigner(String keyStoreFile, char[] keyStorePas
public class DigitalSigner {
private static final String KEY_STORE_TYPE = "PKCS12";
String alias;
KeyStore ks;
PrivateKey privateKey;
public DigitalSigner(String keyStoreFile, char[] keyStorePassword, String alias, Context context) {
this.alias = alias;
try {
this.ks = KeyStore.getInstance(KEY_STORE_TYPE);
this.ks.load(context.getAssets().open(keyStoreFile), keyStorePassword);
this.privateKey = (PrivateKey) this.ks.getKey(alias, keyStorePassword);
} catch (Exception e) {
Log.e("eror","erro");
e.printStackTrace();
}
}
public String signXML(String xmlDocument) {
Security.addProvider(new BouncyCastleProvider());
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(false);
Document signedDocument = sign(dbf.newDocumentBuilder().parse(new InputSource(new StringReader(xmlDocument))));
StringWriter stringWriter = new StringWriter();
TransformerFactory.newInstance().newTransformer().transform(new DOMSource(signedDocument), new StreamResult(stringWriter));
return stringWriter.getBuffer().toString();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("Error while digitally signing the XML document", e);
}
}
private Document sign(Document xmlDoc) throws Exception {
X509Certificate x509Cert = (X509Certificate) this.ks.getCertificate(this.alias);
XMLSignature signature = new XMLSignature(xmlDoc, StringUtils.EMPTY, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
xmlDoc.getDocumentElement().appendChild(signature.getElement());
Transforms transforms = new Transforms(xmlDoc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
signature.addDocument(StringUtils.EMPTY, transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
X509Data x509Data = new X509Data(xmlDoc);
signature.getKeyInfo().add(x509Data);
x509Data.addSubjectName(x509Cert.getSubjectX500Principal().getName());
x509Data.addCertificate(x509Cert);
signature.sign(this.privateKey);
return xmlDoc;
}
static {
Init.init();
// try {
// ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#","");
// } catch (XMLSecurityException e) {
// e.printStackTrace();
// }
}
我正在使用这段代码生成我的xml签名
public class DigitalSigner {
private static final String KEY_STORE_TYPE = "PKCS12";
String alias;
KeyStore ks;
PrivateKey privateKey;
public DigitalSigner(String keyStoreFile, char[] keyStorePassword, String alias, Context context) {
this.alias = alias;
try {
this.ks = KeyStore.getInstance(KEY_STORE_TYPE);
this.ks.load(context.getAssets().open(keyStoreFile), keyStorePassword);
this.privateKey = (PrivateKey) this.ks.getKey(alias, keyStorePassword);
} catch (Exception e) {
Log.e("eror","erro");
e.printStackTrace();
}
}
public String signXML(String xmlDocument) {
Security.addProvider(new BouncyCastleProvider());
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(false);
Document signedDocument = sign(dbf.newDocumentBuilder().parse(new InputSource(new StringReader(xmlDocument))));
StringWriter stringWriter = new StringWriter();
TransformerFactory.newInstance().newTransformer().transform(new DOMSource(signedDocument), new StreamResult(stringWriter));
return stringWriter.getBuffer().toString();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("Error while digitally signing the XML document", e);
}
}
private Document sign(Document xmlDoc) throws Exception {
X509Certificate x509Cert = (X509Certificate) this.ks.getCertificate(this.alias);
XMLSignature signature = new XMLSignature(xmlDoc, StringUtils.EMPTY, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
xmlDoc.getDocumentElement().appendChild(signature.getElement());
Transforms transforms = new Transforms(xmlDoc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
signature.addDocument(StringUtils.EMPTY, transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
X509Data x509Data = new X509Data(xmlDoc);
signature.getKeyInfo().add(x509Data);
x509Data.addSubjectName(x509Cert.getSubjectX500Principal().getName());
x509Data.addCertificate(x509Cert);
signature.sign(this.privateKey);
return xmlDoc;
}
static {
Init.init();
// try {
// ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#","");
// } catch (XMLSecurityException e) {
// e.printStackTrace();
// }
}
我的问题是我的签名带有名称空间前缀,我不想生成名称空间前缀
这是我的签名:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>JkpIdQiiPQ2KmSHyWf4ORCBGdgY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>GkHLBqX4RUVM0JMMHxtqN93JAY/celqAlxoQ211a4IPY2dtNL668v6iZa4u870JcVz9cBYpHdHBaLb08u1clt81Wq52IymjwMXA0wSPl027CZIh+x9FPTEsoYOfaxsIn0MZsjZI8hKRNXlU5tXDDDErtW3QEQbKu2AEZTRq7rn1ocX69nj+Lv2GfFNYBlHvRPg2Z20NcARb9a4ZmOObk5C3rgU+p4GKpv0PLTmq1JSM75ftiFQ/8B7vQzEYSy0M2coTyME4pv51sdCJHIXykiv/pi0T+86RBP1VSzJ8oLUUYrGOF+4FmpoFX6pPfvbs6DiFrd4BWvsjH1YOddClWKA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509SubjectName>CN= CORPORATION NAME 2,2.5.4.51=#13455355524154204d4148414e41474152205345564120534144414e20474f524448414e4441532043484f4b484157414c41204d415247204d55474c4953415241205355524154,STREET=STREET NAME,ST=STATE NAME,2.5.4.17=#1306333935303033,OU=MY OU NAME,O=O NAME,C=IN</ds:X509SubjectName>
<ds:X509Certificate>MIIGAjCCBOqgAwIBAgIEAL7cWTANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCSU4xKjAoBgNVBAoTIWVNdWRocmEgQ29uc3VtZXIgU2VydmljZXMgTGltaXRlZDEdMBsGA1UECxMUQ2VydGlmeWluZyBBdXRob3JpdHkxOTA3BgNVBAMTMGUtTXVkaHJhIFN1YiBDQSBDbGFzcyAyIGZvciBEb2N1bWVudCBTaWduZXIgMjAxNDAeFw0xNjA1MzAwNTEwMjBaFw0xODA1MzAwNTEwMjBaMIHvMQswCQYDVQQGEwJJTjEkMCIGA1UEChMbU1VSQVQgTVVOSUNJUEFMIENPUlBPUkFUSU9OMQwwCgYDVQQLEwNTTUMxDzANBgNVBBETBjM5NTAwMzEQMA4GA1UECBMHR1VKQVJBVDEOMAwGA1UECRMFU1VSQVQxTjBMBgNVBDMTRVNVUkFUIE1BSEFOQUdBUiBTRVZBIFNBREFOIEdPUkRIQU5EQVMgQ0hPS0hBV0FMQSBNQVJHIE1VR0xJU0FSQSBTVVJBVDEpMCcGA1UEAxMgRFMgU1VSQVQgTVVOSUNJUEFMIENPUlBPUkFUSU9OIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxH9XWyjgKgWwfaHT9woa3Ow6caW+HAU/YSWyBSoum4r6D9FVcUKaRfrHCfThNcOpt8NEtRYAu+8hZ2bdEMl6LxLpn0ddK7m8tM0ImE+Id7T7/A8xQSMtQ6IOH76lZM3FX0x5mShoMTQIB8nmJGb5HFZUqbdwoFOxk8pH7UwccVLcjwpydNy8Da1k/yM5YlxKdw0dTS7QLgL10sF9Y99OF/PdLiFG7xQju3IBSHvcSY497yPZWz26inBTj7F5mUFQqmaYWzNCXH+MWh1ss4uh4Q/qlD5AEM6gUPB70usE2Y+lKHhMmwKqukxsboS3m5B1Ofb0hZ/E/c6+3D9uY/M+3AgMBAAGjggH+MIIB+jATBgNVHSMEDDAKgAhNpkTIpuIACDAdBgNVHQ4EFgQUfSOdeLbEWkncEi6PzudYM4fUvjwwDgYDVR0PAQH/BAQDAgbAMCEGA1UdEQQaMBiBFmRtY0BzdXJhdG11bmljaXBhbC5vcmcwgdIGA1UdIASByjCBxzAtBgZggmRkAgIwIzAhBggrBgEFBQcCAjAVGhNDbGFzcyAyIENlcnRpZmljYXRlMEQGBmCCZGQKATA6MDgGCCsGAQUFBwICMCwaKk9yZ2FuaXNhdGlvbmFsIERvY3VtZW50IFNpZ25lciBDZXJ0aWZpY2F0ZTBQBgdggmRkAQgCMEUwQwYIKwYBBQUHAgEWN2h0dHA6Ly93d3cuZS1tdWRocmEuY29tL3JlcG9zaXRvcnkvY3BzL2UtTXVkaHJhX0NQUy5wZGYwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5lLW11ZGhyYS5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly93d3cuZS1tdWRocmEuY29tL3JlcG9zaXRvcnkvY2FjZXJ0cy9kb2NjbDIuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93d3cuZS1tdWRocmEuY29tL3JlcG9zaXRvcnkvY3Jscy9kb2NjbDIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQDay9gz+g6ud25d4VEcMZS+gBz/ZZlt8x6M92cs02uNZGwHZBDfylclkHlth4oH2dvoWsRBDR6a+VmGilvkZlD1u3Z0L6FmwY9/NXjXkgBFJENW/5YDsHO4T3ChlOJPwteN+4kCRIDd5jafimDAzjG637FYnFk/tsTexLSUFViLBh1khm+iyRnu85/t2bkdIyoA+U3ITbPAo3KbRV8DidXRG1acYwHbwaslH1JCx7xnMpggJmqZd54eZCxbJ7MKI5gqxbg/85kizBvAbfROdSycY4t07/XmzYyyLSOzHA6vHGw/A3/NFx/IX9C6JitUhvzL72gQz4LktFwRuq++cNa1</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
只需替换为dbf.setNamespaceAware(false)到dbf.setNamespaceAware(true) 无需声明Security.addProvider(新的BouncyCastleProvider()),因此请删除该选项 一定要申报
static {
Init.init();
try {
ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#","");
} catch (XMLSecurityException e) {
e.printStackTrace();
}
}
java 6版本32中的错误修复在某些情况下与命名空间相关。在Java版本31中,当我们对XML(信封)进行签名时,ds:被追加 7096834 xml saaj saaj在某些情况下没有为属性设置正确的命名空间前缀和命名空间URI
如果可以切换到其他版本,则开始使用Java 6版本32。前缀有什么问题,为什么要忽略它?服务器不接受前缀。这是第三方,我打电话给支持团队,他们希望使用apache santuario.ohk进行无前缀签名,我将调查“服务器不接受前缀”->服务器已损坏。