无法使用证书java验证签名值
[英]Can not verify signature value with certificate java
问题描述
I have soap webservice.
我有肥皂网络服务。 To validate messages we use signature with certificate.为了验证消息,我们使用带证书的签名。
When I get message and validate it with client certificate it pass.当我收到消息并使用客户端证书对其进行验证时,它会通过。 Then I sign data by our private key certificate with this code然后我使用此代码通过我们的私钥证书对数据进行签名
signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
byte[] dataToSign = someXMLNodeString.getBytes();
PrivateKey privateKey = SignatureUtil.getPrivateKeyForCertificate(
"JKS", "keystorefile", "keystorepass".toCharArray(),
"keydomain", "keydomainpass".toCharArray());
signatureValue = SignatureUtil.sign(dataToSign, signature, privateKey);
public static PrivateKey getPrivateKeyForCertificate(
String keyStoreAlgorithm, String keyStoreName, char[] keystorePass,
String alias, char[] keyPassword) {
KeyStore ks = null;
try {
ks = KeyStore.getInstance(keyStoreAlgorithm);
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
}
FileInputStream ksfis = null;
try {
ksfis = new FileInputStream(keyStoreName);
} catch (FileNotFoundException e) {
e.printStackTrace();
return null;
}
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
try {
ks.load(ksbufin, keystorePass);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
} catch (CertificateException e) {
e.printStackTrace();
return null;
} catch (IOException e) {
e.printStackTrace();
return null;
} finally {
if(null != ksbufin) {
try {
ksbufin.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
PrivateKey priv = null;
try {
priv = (PrivateKey) ks.getKey(alias, keyPassword);
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
return null;
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
return priv;
}
public static byte[] sign(byte[] data, Signature signature, PrivateKey privateKey) throws InvalidKeyException, SignatureException {
//Create a Signature object and initialize it with the private key
signature.initSign(privateKey);
// Update and sign the data
signature.update(data);
//Now that all the data to be signed has been read in,
//generate a signature for it
return signature.sign();
}
But when client validate my signature by my given certificate, it fails.但是当客户端通过我给定的证书验证我的签名时,它失败了。 I generated my certificate with these commands我用这些命令生成了我的证书
keytool -genkey -alias keydomain -keysize 1024 -keyalg RSA -keystore keystorefile
keytool -export -alias keydomain -sigalg SHA1withRSA -keystore .keystorefile -file keydomain.cer -rfc
2 个解决方案
解决方案1
0 2011-04-08 12:12:34
Try this one.试试这个。 I had similar problem with Java 1.6 and I solved it this way.我在 Java 1.6 上遇到了类似的问题,我是这样解决的。
If you are using standard JDK 1.6 you must download the unrestricted policy files for the Sun JCE if you want the provider to work properly.如果您使用标准 JDK 1.6,您必须为 Sun JCE 下载不受限制的策略文件,如果您希望提供程序正常工作。
The policy files can be found at the same place as the JDK download.可以在 JDK 下载所在的位置找到策略文件。
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer
OR或者
You can simply copy (overwrite) these two files 1: local_policy.jar 2: US_export_policy.jar您可以简单地复制(覆盖)这两个文件 1:local_policy.jar 2:US_export_policy.jar
into directory:--> JAVA_HOME\\jre\\lib\\security\\进入目录:--> JAVA_HOME\\jre\\lib\\security\\
解决方案2
0 2011-04-17 09:54:12
Found problem;发现问题; it was this line这是这条线
byte[] dataToSign = someXMLNodeString.getBytes();
This was wrong method to get byte[] from string object.这是从字符串对象中获取 byte[] 的错误方法。 You need to stream this string and get bytes from it.您需要流式传输此字符串并从中获取字节。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.