XML Digital Signature Java

Question

muszę cyfrowy podpisać moje komunikatów XML w Java: Powstały podpis XML powinien mieć następujący format:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> 
<Reference URI=""> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
<DigestValue>DsP5NLca+plhp9tZvGwykfb2whQYt3CQ5sbsVd9Q9aE=</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue> 
LrfE0po3YPvVxB/m77iBWWiR07Ghiuhuj7tO2C2LKqZK2cLrAiidt+3tjbJ3m16quCFxfh7bmjRtJsGi7a3HKtK 
qY4auqrjNB62AtYrxvm+7Qd/cRacom4e3M9uF9JD1zTfoGun9w4WDfDrDaoZ+ZwUgNtf6sTYO5Ctcj5sYcD0= 
</SignatureValue> 
<KeyInfo> 
<KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName> 
</KeyInfo> 
</Signature> 

ktoś może zapewnić jakąś pomoc z kodem ??

Edit:

wymyśliłem ten kod:

private static Document sign(Document doc) throws InstantiationException, IllegalAccessException, ClassNotFoundException, 
      NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, 
      FileNotFoundException, TransformerException { 

     String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); 

     XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); 

     Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA256, null)); 

     // Create the SignedInfo 
     SignedInfo si = fac.newSignedInfo(
       fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), 
       fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); 

     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 
     kpg.initialize(512); 
     KeyPair kp = kpg.generateKeyPair(); 

     KeyInfoFactory kif = fac.getKeyInfoFactory(); 
     KeyValue kv = kif.newKeyValue(kp.getPublic()); 

     KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); 

     DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 

     XMLSignature signature = fac.newXMLSignature(si, ki); 
     signature.sign(dsc); 

     TransformerFactory tf = TransformerFactory.newInstance(); 
     Transformer trans = tf.newTransformer(); 
     trans.transform(new DOMSource(doc), new StreamResult(new FileOutputStream("mySignedFile"))); 

     return doc; 
    } 

ale problem jest otrzymuję:

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 

i wolno:

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> 

Answer 1

Oto rozwiązanie:

go znaleźć na ten link http://mail-archives.apache.org/mod_mbox/santuario-dev/200907.mbox/%3C4A704241.9060806@sun.com%3E Problem polegał RSA-SHA256 Algorytm:

tutaj jest otrzymany kod:

private static Document sign(Document doc) throws InstantiationException, IllegalAccessException, ClassNotFoundException, 
      NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, 
      FileNotFoundException, TransformerException { 

     String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); 

     XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); 

     DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA256, null); 
     Transform transform = fac.newTransform(ENVELOPED, (TransformParameterSpec) null); 
     Reference reference = fac.newReference("", digestMethod, singletonList(transform), null, null); 
     SignatureMethod signatureMethod = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null); 
     CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(EXCLUSIVE, (C14NMethodParameterSpec) null); 

     // Create the SignedInfo 
     SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethod, singletonList(reference)); 


     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 
     kpg.initialize(2048); 

     KeyPair kp = kpg.generateKeyPair(); 

     KeyInfoFactory kif = fac.getKeyInfoFactory(); 
     KeyValue kv = kif.newKeyValue(kp.getPublic()); 

     // Create a KeyInfo and add the KeyValue to it 
     KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); 
     DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 

     XMLSignature signature = fac.newXMLSignature(si, ki); 
     signature.sign(dsc); 

     TransformerFactory tf = TransformerFactory.newInstance(); 
     Transformer trans = tf.newTransformer(); 

     // output the resulting document 
     OutputStream os; 

     os = new FileOutputStream("xmlOut.xml"); 

     trans.transform(new DOMSource(doc), new StreamResult(os)); 
     return doc; 

    } 

Answer 2

These są standardowym XML -Signatures. Zapoznaj się z numerem W3 Documentation on "XML-Signature Syntax and Processing", aby dowiedzieć się, jak to zrobić. Szybkie wyszukiwanie w google prowadzi do tego howto napisanego przez Oracle na temat integracji podpisów XML w Javie: XML Digital Signature API. Jeśli masz dalsze problemy, pokaż nam, co próbujesz.

Answer 3

Masz <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> , ponieważ o to prosiłeś: fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null). Jak się zorientowaliście, a stanie, fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", (SignatureMethodParameterSpec) null) dostaniecie <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />.