堆栈内存溢出
  简体   繁体   English

Apache Santuario和Java XML数字签名API之间的XML签名不同

[英]Different XML signature between Apache Santuario and Java XML Digital Signature API

 原文  2018-10-26 13:08:41       java/ xml/ apache/ digital-signature/ xml-signature

问题描述

I did two implementations that should do the same thing: sign a XML file with a given X509 certificate. 我做了两个应该做同样事情的实现:用给定的X509证书对XML文件签名。

  • The first one I did with the native Java XML Digital Signature API (from javax.xml.crypto.dsi). 我使用本地Java XML数字签名API(来自javax.xml.crypto.dsi)进行了第一个操作。
  • The second one I have implemented in Kotlin (my objective is to run it in Android), using the Apache Santuario XML Security version 2.0.3. 我在Kotlin中使用Apache Santuario XML Security版本2.0.3实现了第二个目标(我的目标是在Android中运行它)。

What happened is that, for exactly the same XML file to be signed, it generates different values for SignatureValue. 发生的事情是,对于要签名的完全相同的XML文件,它为SignatureValue生成了不同的值。 But all the other properties of the XML are exactly the same: 但XML的所有其他属性完全相同:

  • The DigestValue are the same, which evidences that the files are identical. DigestValue相同,这表明文件相同。
  • The KeyInfo/X509Data/X509Certificate are equals, so the certificate is for sure the same. KeyInfo / X509Data / X509Certificate相等,因此证书肯定相同。
  • The CanonicalizationMethod, SignatureMethod, DigestMethod and Transform algorithms are exactly the same. CanonicalizationMethod,SignatureMethod,DigestMethod和Transform算法完全相同。

I tried even for small XML (eg only a <x/> tag), but the SignatureValue never matches. 我甚至尝试了小的XML(例如,仅<x />标记),但SignatureValue从未匹配。

Is there any case that all the data from the <Signature> tag matches, except for the SignatureValue? 除SignatureValue之外,是否有所有<Signature>标记中的所有数据都匹配的情况?

1 个解决方案

解决方案1
 0  2018-11-05 19:29:45

I've found the solution. 我找到了解决方案。 It happened because Apache Santuario adds line break in the signature tag. 发生这种情况是因为Apache Santuario在签名标签中添加了换行符。 So that the <SignedInfo> tag have different contents if comparing between the one generated by Apache and the one generated from Java XML signature. 因此,如果将Apache生成的签名和Java XML签名生成的签名进行比较,则<SignedInfo>标记的内容将有所不同。

To fix that, I have put the following line of code before signing. 为了解决这个问题,我在签名之前已放置了以下代码。 

System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true")

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 XML数字签名Java - XML Digital Signature Java 无法使用 Apache Santuario 1.4.6 验证 XML 签名 - Unable to verify XML Signature using Apache Santuario 1.4.6 XML数字签名验证 - XML Digital Signature validation Apache Santuario签名元素位置 - Apache Santuario signature element location 使用Java XML数字签名API的xml签名的摘要值错误 - Wrong digest value for xml signatures using Java XML Digital Signature API 如何使用Apache Santuario验证SAML EntitiesDescriptor签名 - How to validate SAML EntitiesDescriptor Signature with Apache Santuario 为大型XML文件生成数字XML签名 - Generate digital XML signature for large XML file Java - 使用ECDSA创建XML数字签名(椭圆曲线) - Java - Create XML Digital Signature using ECDSA (Elliptic Curve) Java使用公用密钥验证xml数字签名 - Java Verify xml digital signature using public key 如何在Java中将数字签名包含到xml文件中? - How to do Enveloping digital signature to a xml file in java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM