1. 首頁
  2. 問答
  3. XAdES-BES聯署無法解決參考錯誤

XAdES-BES聯署無法解決參考錯誤

2014-04-01 45 views
0

我對XAdES-BES實施了驗證,並且在測試了除反簽名之外的所有工作之後。同樣的錯誤不僅發生在使用xades4j簽名的文件上,而且也使用其他軟件發生,因此它與我的簽名實現中的任何錯誤都沒有關係。我想知道我是否應該實施額外的ResourceResolver?我爲一些私人條目here添加了一個會員簽名文件作爲「REMOVED」的附件。XAdES-BES聯署無法解決參考錯誤

以下是驗證碼。 certDataList是包含String中文檔的所有證書的列表,getCert將返回List。 DummyCertificateValidationProvider返回帶有先前構建的x509certs列表的ValidationData。

public boolean verify(final File file) { 
     if (!Dictionaries.valid()) { 
      return true; 
     } 
     certList = null; 
     try { 

      final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
      dbf.setNamespaceAware(true); 
      final DocumentBuilder db = dbf.newDocumentBuilder(); 

      final Document doc = db.parse(file); 
      doc.getDocumentElement().normalize(); 

      final NodeList nList = doc.getElementsByTagName("ds:Signature"); 
      Element elem = null; 
      for (int temp = 0; temp < nList.getLength(); temp++) { 
       final Node nNode = nList.item(temp); 
       if (nNode.getNodeType() == Node.ELEMENT_NODE) { 
        elem = (Element) nNode; 
       } 
      } 
      final NodeList nList2 = doc.getElementsByTagName("ds:X509Certificate"); 
      final List<String> certDataList = new ArrayList<String>(); 
      for (int temp = 0; temp < nList2.getLength(); temp++) { 
       final Node nNode = nList2.item(temp); 
       certDataList.add(nNode.getTextContent()); 
      } 
      certList = getCert(certDataList); 

      final CertificateValidationProvider certValidator = new DummyCertificateValidationProvider(certList); 

      final XadesVerificationProfile p = new XadesVerificationProfile(certValidator); 
      final XadesVerifier v = p.newVerifier(); 
      final SignatureSpecificVerificationOptions opts = new SignatureSpecificVerificationOptions(); 

      // for relative document paths 
      final String baseUri = "file:///" + file.getParentFile().getAbsolutePath().replace("\\", "/") + "/"; 
      LOGGER.debug("baseUri:" + baseUri); 
      opts.useBaseUri(baseUri); 
      v.verify(elem, opts); 
      return true; 
     } catch (final IllegalArgumentException | XAdES4jException | CertificateException | IOException | ParserConfigurationException | SAXException e) { 
      LOGGER.error("XML not validated!", e); 
     } 

     return false; 
}

這裏是堆棧跟蹤:

21:31:48,203 DEBUG ResourceResolver:158 - I was asked to create a ResourceResolver and got 0 
21:31:48,203 DEBUG ResourceResolver:101 - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver 
21:31:48,204 DEBUG ResolverFragment:137 - State I can resolve reference: "#xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue" 
21:31:48,204 ERROR SignComponent:658 - XML not validated! 

xades4j.XAdES4jXMLSigException: Error verifying the signature 
    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:284) 
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:188) 
    at com.signapplet.sign.SignComponent.verify(SignComponent.java:655) 
... 

Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue has no XMLSignatureInput 
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue 
Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue 
    at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:414) 
    at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259) 
    at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724) 
    at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:656) 
    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:277) 
    ... 39 more 
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-5de7b1d0-be70-4dde-b746-3f4d4d6de39f-sigvalue

編輯: 當我嘗試驗證提供xades4j單元測試document.signed.bes.cs文件發生同樣的錯誤。 XML。

Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue has no XMLSignatureInput 
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue 
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID xmldsig-281967d1-74f8-482c-8222-ed58dbd1909b-sigvalue

來源

2014-04-01 Waldemar Masilunas

+0

一切看起來正確的簽名。有對計數器簽名的測試。我看到的唯一區別是,在測試中,根簽名元素的Id屬性被設置爲該元素的XML ID。但我認爲這不會影響參考解析。和ResolverFragment聲明它可以解決參考... – lgoncalves

+0

我剛剛檢查了document.signed.bes.cs.xml(在xades4j測試資源中)的驗證,我也有同樣的錯誤。它看起來像我必須在代碼驗證中丟失一些東西。我在我的問題結尾添加了來自document.signed.bes.cs.xml驗證的stacktrace。 –

回答

1

問題在於ds:Signature。在櫃檯簽名中,您將擁有多個ds:Signature條目。在我的驗證方法我用for循環:

for (int temp = 0; temp < nList.getLength(); temp++) { 
     final Node nNode = nList.item(temp); 
     if (nNode.getNodeType() == Node.ELEMENT_NODE) { 
      elem = (Element) nNode; 
     } 
    }

正如你所看到的,有當元素被發現,所以我結束了最後一個DS沒有中斷:簽名,不是第一個,這樣所有先前的簽名可能不被發現。

來源

2014-04-05 11:41:16

相關問題

 相關問題