当前位置: 首页 > 工具软件 > xml-utilities > 使用案例 >

java xml验证_java实现xml的签名和验证

华涵意
2023-12-01

//签名函数

public static Element SignEnveloped

(final String strTagNameOfElementsToSign,

final Element elemParent,

final String strReferenceIdentifier,

final PrivateKey privateKey,

final PublicKey publicKey,

final String constants)

throws Exception

{

org.apache.xml.security.Init.init();

String strSignatureAlgorithm = org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;

String strSignatureCanonicalizationAlgorithm = org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;

String strReferenceCanonicalizationAlgorithm = org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;

String strReferenceDigestAlgorithm = org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1;

if (null == strTagNameOfElementsToSign)

{

throw new Exception("Sign Failed: Invalid Parameter: TagNameOfElementsToSign is null");

}

if (null == elemParent)

{

throw new Exception("Sign Failed: Invalid Parameter: Parent is null");

}

// if (null == strReferenceIdentifier)

// {

// throw new Exception("Sign Failed: Invalid Parameter: ReferenceIdentifier is null");

// }

if (null == privateKey)

{

throw new Exception("Sign Failed: Invalid Parameter: PrivateKey is null");

}

if (null == publicKey)

{

throw new Exception("Sign Failed: Invalid Parameter: PublicKey is null");

}

if (null == constants)

{

throw new Exception("Sign Failed: Invalid Parameter: Constants is null");

}

org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("ds");

org.w3c.dom.Element domParent = elemParent;

final org.w3c.dom.Document domDocument = domParent.getOwnerDocument();

final org.w3c.dom.NodeList nlToSigns = domParent.getElementsByTagName

(strTagNameOfElementsToSign);

if (null == nlToSigns)

{

final String strErrorMessage = "org.w3c.dom.Element.getElementsByTagNameNS unexpectedly returned null";

// XMLSecurityApacheExtension.log.error

// (strErrorMessage);

throw new Exception("Sign Failed: " + strErrorMessage);

}

if (1 != nlToSigns.getLength())

{

final String strErrorMessage = "org.w3c.dom.Element.getElementsByTagNameNS unexpectedly returned "

+ nlToSigns.getLength()

+ " nodes";

// XMLSecurityApacheExtension.log.error

// (strErrorMessage);

throw new Exception("Sign Failed: " + strErrorMessage);

}

final org.w3c.dom.Element domToSign = (Element)nlToSigns.item(0);

final org.apache.xml.security.signature.XMLSignature signature = new org.apache.xml.security.signature.XMLSignature

(domDocument,

"",

strSignatureAlgorithm,

strSignatureCanonicalizationAlgorithm);

domToSign.appendChild(signature.getElement());

final org.apache.xml.security.signature.SignedInfo signedInfo = signature.getSignedInfo();

final IDResolver resolver = new IDResolver

(domDocument);

signedInfo.addResourceResolver(resolver);

final org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms

(domDocument);

transforms.addTransform

(org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE);

transforms.addTransform

(strReferenceCanonicalizationAlgorithm);

// signature.addDocument

// ("#" + strReferenceIdentifier,

// transforms,

// strReferenceDigestAlgorithm);

signature.addDocument

("#" + strReferenceIdentifier,

transforms,

strReferenceDigestAlgorithm);

signature.addKeyInfo

(publicKey);

signature.sign(privateKey);

final org.w3c.dom.Element elemSignature = signature.getElement();

return elemSignature;

// final org.w3c.dom.NodeList nodeListSignatureValue = elemSignature.getElementsByTagNameNS

// (constants,

// "SignatureValue");

// final org.w3c.dom.Element elemSignatureValue = (org.w3c.dom.Element)nodeListSignatureValue.item(0);

// org.eclipse.higgins.sts.utilities.XMLHelper.stripWhiteSpaceFromElement(elemSignatureValue);

// domParent = org.eclipse.higgins.sts.utilities.XMLHelper.reparseElement

// (domParent);

// org.eclipse.higgins.sts.api.IElement elemResult = new org.eclipse.higgins.sts.common.Element();

// elemResult.set(domParent);

// return elemResult;

// Document doc = elemSignatureValue.getOwnerDocument();

// Element sign = doc.getDocumentElement();

// return sign;

}

//验证函数

public static boolean VerifyEnveloped

(final Element elemSignedElement

)

throws Exception

{

org.apache.xml.security.Init.init();

if (null == elemSignedElement)

{

throw new Exception("Verify Failed: Invalid Parameter: SignedElement is null");

}

// if (null == constants)

// {

// throw new Exception("Verify Failed: Invalid Parameter: Constants is null");

// }

final org.w3c.dom.Element domSignedElement = (org.w3c.dom.Element)elemSignedElement;

final org.w3c.dom.Document domParent = domSignedElement.getOwnerDocument();

final Element elemContext = org.apache.xml.security.utils.XMLUtils.createDSctx

(domParent,

"ds",

org.apache.xml.security.utils.Constants.SignatureSpecNS);

final Element elemSignature = (Element) org.apache.xpath.XPathAPI.selectSingleNode

(domParent,

"//ds:Signature",

elemContext);

// final org.apache.xml.security.signature.XMLSignature signature = new org.apache.xml.security.signature.XMLSignature

// (elemSignature,

// null);

final org.apache.xml.security.signature.XMLSignature signature = new org.apache.xml.security.signature.XMLSignature

(elemSignedElement,

null);

signature.addResourceResolver(new IDResolver(domParent));

final org.apache.xml.security.keys.KeyInfo keyInfo = signature.getKeyInfo();

boolean bResult = false;

if (keyInfo != null)

{

if (keyInfo.containsX509Data())

{

System.out.println("Found a X509Data element in the KeyInfo");

}

final java.security.cert.X509Certificate cert = signature.getKeyInfo().getX509Certificate();

if (cert != null)

{

bResult = signature.checkSignatureValue(cert);

}

else

{

System.out.println("Did not find an X509Data element in the KeyInfo");

final PublicKey publicKey = keyInfo.getPublicKey();

if (publicKey != null)

{

bResult = signature.checkSignatureValue(publicKey);

}

else

{

System.out.println("Did not find a public key, so I can't check the signature");

}

}

}

else

{

System.out.println("Did not find a KeyInfo");

}

return bResult;

}

 类似资料: