注册
登录
数字签名
使用StAX验证数字签名
返回
使用StAX验证数字签名
作者:
無口君
发布时间:
2025-01-17 12:29:36 (1月前)
转自:
<div class =“excerpt”> 我如何验证 <span class =“result-highlight”> 数字 </跨度> <span class =“result-highlight”> 签名 </跨度> 使用Java StAX API在XML上。我已经知道如何使用DOM进行验证。我有一个非常大的XML文件,我需要一种方法来验证 <span class =“result-highlight”> 签名 </跨度> 使用StAX。请帮忙... </DIV>
收藏
举报
2 条回复
0#
回复此人
纾潆锦袖迷子
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 我找到了这个 <a href="https://coheigea.blogspot.ie/2014/03/apache-santuario-xml-security-for-java.html" rel="nofollow noreferrer"> 博客文章 </A> ,它指向一些演示StAX实现的代码: </p> <BLOCKQUOTE> <P> 了解如何配置新的基于StAX的入站XML签名 功能,看看“ <a href =“https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-signature/src/test/java/org/apache/coheigea/santuario/xmlsignature/SignatureUtils.java #L201“rel =”nofollow noreferrer“> verifyUsingStAX </A> “使用的方法 试验。与签名创建一样,有必要创建一个 XMLSecurityProperties Object,并告诉它要执行什么“Action”。 此外,除非完整,否则必须调用以下方法 签名密钥包含在Signature KeyInfo中: </p> <UL> <LI> properties.setSignatureVerificationKey(Key) - 用于验证的密钥 签名。 </LI> </UL> </BLOCKQUOTE> <P> <a href =“https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-signature/src/test/java/org/apache/coheigea/santuario/xmlsignature/SignatureUtils.java #L201“rel =”nofollow noreferrer“> https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-signature/src/test/java/org/apache/coheigea/santuario/xmlsignature/SignatureUtils.java#L201 </A> </p> <pre> <code> /** * Verify the document using the StAX API of Apache Santuario - XML Security for Java. */ public static void verifyUsingStAX( InputStream inputStream, List<QName> namesToSign, X509Certificate cert ) throws Exception { // Set up the Configuration XMLSecurityProperties properties = new XMLSecurityProperties(); List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>(); actions.add(XMLSecurityConstants.SIGNATURE); properties.setActions(actions); properties.setSignatureVerificationKey(cert.getPublicKey()); InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties); XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(inputStream); TestSecurityEventListener eventListener = new TestSecurityEventListener(); XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, eventListener); while (securityStreamReader.hasNext()) { securityStreamReader.next(); } xmlStreamReader.close(); inputStream.close(); // Check that what we were expecting to be signed was actually signed List<SignedElementSecurityEvent> signedElementEvents = eventListener.getSecurityEvents(SecurityEventConstants.SignedElement); Assert.assertNotNull(signedElementEvents); for (QName nameToSign : namesToSign) { boolean found = false; for (SignedElementSecurityEvent signedElement : signedElementEvents) { if (signedElement.isSigned() && nameToSign.equals(getSignedQName(signedElement.getElementPath()))) { found = true; break; } } Assert.assertTrue(found); } // Check Signing cert X509TokenSecurityEvent tokenEvent = (X509TokenSecurityEvent)eventListener.getSecurityEvent(SecurityEventConstants.X509Token); Assert.assertNotNull(tokenEvent); Assert.assertTrue(tokenEvent.getSecurityToken() instanceof X509SecurityToken); X509SecurityToken x509SecurityToken = (X509SecurityToken)tokenEvent.getSecurityToken(); Assert.assertEquals(x509SecurityToken.getX509Certificates()[0], cert); } </code> </pre> </DIV>
编辑
登录
后才能参与评论
