【发布时间】:2011-05-19 03:46:24
【问题描述】:
我正在尝试从 XMLSignature 中获取证书,获取它的 CRL DistributionPoint 并验证它是否有效。
我有一个数字文档和签名文件名,这就是我获得 XMLSignature 的方式:
ZipFile zipFile = new ZipFile(dataFactory.getDataReader().getFileAdoc(adocFileName));
ZipEntry entry = zipFile.getEntry(signatureFileName);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(zipFile.getInputStream(entry));
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0)
{
throw new Exception("Cannot find Signature element");
}
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(), nl.item(0));
ZipFileURIDereferencer dereferencer = new ZipFileURIDereferencer(zipFile);
valContext.setURIDereferencer(dereferencer);
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
现在,我如何获得证书或 X509Certificate?
我已尝试获取
NodeList sertificateNodeList = doc.getElementsByTagName("X509Certificate");
if (sertificateNodeList.getLength() == 0) {
throw new Exception("Cannot find X509Certificate element");
}
String certPart = sertificateNodeList.item(0).getFirstChild().getNodeValue();
System.out.println(certPart);
InputStream is = new ByteArrayInputStream(certPart.getBytes());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(is);
但这给了我:
java.security.cert.CertificateParsingException: 无效的 DER 编码证书数据
也许我只需要以某种方式对 InputStream 进行编码?
signature.xml 包含:
<X509Certificate>
MIIKVTCCCT2gAwIBAgIOY7W3f/J6VnsAAQAInYYwDQYJKoZIhvcNAQEFBQAwgbsxCzAJBgNVBAYT
AkxUMUAwPgYDVQQKEzdHeXZlbnRvanUgcmVnaXN0cm8gdGFybnliYSBwcmllIExSIFZSTSAtIGku
...
FWxieiI3KtGsVPYZ1/C7QHLv0SRMaCm/+qHuPSWh+L5YIcjBxQbD4bU2Q9soW7QshkRNRJOWSonK
Rw/cD4gWZDPte3V42qj6SZazsjDrGTFaGBg3
</X509Certificate>
谢谢!
【问题讨论】:
标签: java certificate digital-signature x509certificate