个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
27
4
我正在使用 jks 签署 SOAP,从客户端获取证书和私钥并将消息发送到服务器。我在BODY处签名。到目前为止我没有任何问题。现在,当使用公钥验证服务器上的签名时,我收到以下错误:
[[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:Error reading SOAP message context: javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 512
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 512
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:574)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:265)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.avvillas.was.webServicesCoordinador.webServicesUtilities.ServerSOAPHandler.handleInboundMessage(ServerSOAPHandler.java:62)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.avvillas.was.webServicesCoordinador.webServicesUtilities.ServerSOAPHandler.handleMessage(ServerSOAPHandler.java:42)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.avvillas.was.webServicesCoordinador.webServicesUtilities.ServerSOAPHandler.handleMessage(ServerSOAPHandler.java:30)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:282)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:125)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.ServerSOAPHandlerTube.callHandlersOnRequest(ServerSOAPHandlerTube.java:123)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.HandlerTube.processRequest(HandlerTube.java:112)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:1121)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:1035)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:1004)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:862)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:404)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:706)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:260)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.server.WSHttpHandler.handleExchange(WSHttpHandler.java:98)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.server.WSHttpHandler.handle(WSHttpHandler.java:82)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:82)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:675)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:645)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$DefaultExecutor.execute(ServerImpl.java:158)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Dispatcher.handle(ServerImpl.java:431)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Dispatcher.run(ServerImpl.java:396)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at java.lang.Thread.run(Thread.java:748)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:Caused by: java.security.SignatureException: Signature length not correct: got 128 but was expecting 512
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at java.security.Signature$Delegate.engineVerify(Signature.java:1222)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at java.security.Signature.verify(Signature.java:655)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:195)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:572)
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:... 27 more
}
SOAP签名客户端
@Override
public boolean handleMessage(SOAPMessageContext smc) {
Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
SOAPMessage message = smc.getMessage();
if (outboundProperty) {
try {
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
Source source = soapPart.getContent();
Node root = null;
Document doc22 = null;
KEYSTORE_FILE += utils.getParamAutorizacionWS().get("KEYSTORE_SIGN");
KEYSTORE_INSTANCE = utils.getParamAutorizacionWS().get("KEYSTORE_INSTANCE_SIGN");
KEYSTORE_PWD = utils.getParamAutorizacionWS().get("KEYSTORE_PWD_SIGN");
KEYSTORE_ALIAS = utils.getParamAutorizacionWS().get("KEYSTORE_ALIAS_SIGN");
if (source instanceof DOMSource) {
root = ((DOMSource) source).getNode();
} else if (source instanceof SAXSource) {
InputSource inSource = ((SAXSource) source).getInputSource();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = null;
db = dbf.newDocumentBuilder();
doc22 = db.parse(inSource);
root = (Node) doc22.getDocumentElement();
}
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),
null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
// Load the KeyStore and get the signing key and certificate.
KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);
ks.load(new FileInputStream(KEYSTORE_FILE),
KEYSTORE_PWD.toCharArray());
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks
.getEntry(
KEYSTORE_ALIAS,
new KeyStore.PasswordProtection(KEYSTORE_PWD
.toCharArray()));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
// Create the KeyInfo containing the X509Data.
KeyInfoFactory kif2 = fac.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(cert.getSubjectX500Principal().getName());
x509Content.add(cert);
X509Data xd = kif2.newX509Data(x509Content);
KeyInfo ki = kif2.newKeyInfo(Collections.singletonList(xd));
Element body = (Element) root.getFirstChild().getChildNodes().item(1);
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), body);
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
message.saveChanges();
message.writeTo(System.out);
} catch (Exception ex) {
ex.printStackTrace();
}
}
return true;
}
SOAP验证签名
private void handleInboundMessage(SOAPMessageContext context) {
try {
SOAPMessage msg = context.getMessage();
SOAPPart sp = msg.getSOAPPart();
SOAPEnvelope document = sp.getEnvelope();
boolean validFlag = false;
Document doc = document.getOwnerDocument();
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("No XML Digital Signature Found, document is discarded");
}
PublicKey publicKey = new KryptoUtil().getStoredPublicKey(PUBLIC_KEY);
DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
validFlag = signature.validate(valContext);
context.put("SIGNATURE", validFlag);
} catch (Exception e) {
System.out.println("Error reading SOAP message context: " + e);
e.printStackTrace();
}
}
错误在这里:
validFlag = signature.validate(valContext);
发生什么事了?
谢谢。
最佳答案
在服务器的默认 keystore 中导入客户端证书。
关于javax.xml.crypto.dsig.XMLSignatureException : java. security.SignatureException:签名长度不正确:得到128但期望512,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58205196/
27
4
0
我收到这个错误: java.lang.ClassCastException: org.apache.jcp.xml.dsig.internal.dom.DOMReference cannot be c
本文整理了Java中javax.xml.crypto.dsig.XMLObject类的一些代码示例,展示了XMLObject类的具体用法。这些代码示例主要来源于Github/Stackoverflow
我需要为 XML 文件添加时间戳。有什么解决办法吗?我可以制作数字签名并将其放入 XML-DSIG 结构中,但我需要使用时间戳来完成。主要是相同的过程。签名我自己做,时间戳做 TSA(时间戳权威)。
我正在使用 Java XML DSig api 对 XML 文档的一部分进行签名。我试图了解它是如何得出摘要值的。 我的文件是: bar 我的 xpath 表达式是: PurchaseOrder/fo
本文整理了Java中javax.xml.crypto.dsig.spec.XPathType类的一些代码示例,展示了XPathType类的具体用法。这些代码示例主要来源于Github/Stackove
本文整理了Java中javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec类的一些代码示例,展示了XPathFilter2ParameterSpec类
本文整理了Java中javax.xml.crypto.dsig.spec.XPathFilterParameterSpec类的一些代码示例,展示了XPathFilterParameterSpec类的具
本文整理了Java中javax.xml.crypto.dsig.XMLObject.getContent()方法的一些代码示例,展示了XMLObject.getContent()的具体用法。这些代码示
本文整理了Java中javax.xml.crypto.dsig.XMLObject.getId()方法的一些代码示例,展示了XMLObject.getId()的具体用法。这些代码示例主要来源于Gith
我尝试使用以下命令使用 P12 私钥对我的测试 xml 进行签名,但出现以下错误: xmlsec1 --sign --output tested.payload.xml --pkcs12 Sender
本文整理了Java中javax.xml.crypto.dsig.spec.XPathType.()方法的一些代码示例,展示了XPathType.()的具体用法。这些代码示例主要来源于Github/St
本文整理了Java中javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec.()方法的一些代码示例,展示了XPathFilter2ParameterS
本文整理了Java中javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec.getXPathList()方法的一些代码示例,展示了XPathFilte
本文整理了Java中javax.xml.crypto.dsig.spec.XPathFilterParameterSpec.()方法的一些代码示例,展示了XPathFilterParameterSpe
本文整理了Java中javax.xml.crypto.dsig.spec.XPathFilterParameterSpec.getXPath()方法的一些代码示例,展示了XPathFilterPara
我正在尝试实现一个java webservice客户端。 Soap 消息已签名(内部分离签名)。 我有一个有效消息的示例,该消息经验证已正确签名。 当我尝试我的代码时,消息未正确签名。尝试跟踪问题时,
使用 javax.xml.crypto.dsig,如何在不指定公钥的情况下解码和验证 XMLSignature?公钥似乎在签名的 xml 中,但我想不出获取它的方法。 DOMValidateConte
我正在开发一个 iPhone 应用程序,它以以下形式从 ASP.NET Web 服务检索 RSA 公钥: qdd0paiiBJ+xYaN4TKDdbEzrJJw9xlbRAltb5OPdegjL
我正在使用 SAML 身份验证机制来验证我的应用程序。我将 IDP 服务器用作 ADFS,将 SP 用作 JBoss EAP 7.1.4。我已经添加了与 IDP 和 sp 服务器相关的所有配置,但是在
我正在尝试使用封装签名和 javax.xml.crypto.dsig.* 类对 xml 文件进行签名。结果,我得到了具有正确签名内容但未定义命名空间的文件。如何添加 xmlns:ds="http://
我是一名优秀的程序员,十分优秀!