javax.xml.crypto.dsig.XMLSignatureException:java.security.SignatureException:签名长度不正确:得到了128,但预期是512

问题描述 投票:0回答:1

我正在用jks签名SOAP,以从客户端获取证书和私钥并将消息发送到服务器。我在BODY做签名。到目前为止,我还没有问题。现在,当使用公钥验证服务器上的签名时,出现以下错误:

        [[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:Error reading SOAP message context: javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 512 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 512 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:574) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:265) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.avvillas.was.webServicesCoordinador.webServicesUtilities.ServerSOAPHandler.handleInboundMessage(ServerSOAPHandler.java:62) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.avvillas.was.webServicesCoordinador.webServicesUtilities.ServerSOAPHandler.handleMessage(ServerSOAPHandler.java:42) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.avvillas.was.webServicesCoordinador.webServicesUtilities.ServerSOAPHandler.handleMessage(ServerSOAPHandler.java:30) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:282) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:125) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.ServerSOAPHandlerTube.callHandlersOnRequest(ServerSOAPHandlerTube.java:123) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.handler.HandlerTube.processRequest(HandlerTube.java:112) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:1121) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:1035) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:1004) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:862) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:404) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:706) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:260) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.server.WSHttpHandler.handleExchange(WSHttpHandler.java:98) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.xml.internal.ws.transport.http.server.WSHttpHandler.handle(WSHttpHandler.java:82) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:82) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:675) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:645) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$DefaultExecutor.execute(ServerImpl.java:158) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Dispatcher.handle(ServerImpl.java:431) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.net.httpserver.ServerImpl$Dispatcher.run(ServerImpl.java:396) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at java.lang.Thread.run(Thread.java:748) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:Caused by: java.security.SignatureException: Signature length not correct: got 128 but was expecting 512 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at java.security.Signature$Delegate.engineVerify(Signature.java:1222) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at java.security.Signature.verify(Signature.java:655) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:195) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:572) 
[linux-o58d]02Oct2019_15:27:01(Wed)CEST admin.sh:... 27 more

}

SOAP签名客户端

@Override
    public boolean handleMessage(SOAPMessageContext smc) {
        Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
        SOAPMessage message = smc.getMessage();
 if (outboundProperty) {
    try {
        SOAPPart soapPart = message.getSOAPPart();
        SOAPEnvelope soapEnvelope = soapPart.getEnvelope();

        Source source = soapPart.getContent();

        Node root = null;
        Document doc22 = null;

        KEYSTORE_FILE += utils.getParamAutorizacionWS().get("KEYSTORE_SIGN");
        KEYSTORE_INSTANCE = utils.getParamAutorizacionWS().get("KEYSTORE_INSTANCE_SIGN");
        KEYSTORE_PWD = utils.getParamAutorizacionWS().get("KEYSTORE_PWD_SIGN");
        KEYSTORE_ALIAS = utils.getParamAutorizacionWS().get("KEYSTORE_ALIAS_SIGN");

        if (source instanceof DOMSource) {
            root = ((DOMSource) source).getNode();
        } else if (source instanceof SAXSource) {
            InputSource inSource = ((SAXSource) source).getInputSource();
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true);
            DocumentBuilder db = null;

            db = dbf.newDocumentBuilder();

            doc22 = db.parse(inSource);
            root = (Node) doc22.getDocumentElement();
        }

        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),
                Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),
                null, null);

        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
                (C14NMethodParameterSpec) null),
                fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                Collections.singletonList(ref));

     // Load the KeyStore and get the signing key and certificate.
        KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);
        ks.load(new FileInputStream(KEYSTORE_FILE),
                KEYSTORE_PWD.toCharArray());
        KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks
                .getEntry(
                        KEYSTORE_ALIAS,
                        new KeyStore.PasswordProtection(KEYSTORE_PWD
                                .toCharArray()));
        X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
        // Create the KeyInfo containing the X509Data.
        KeyInfoFactory kif2 = fac.getKeyInfoFactory();
        List x509Content = new ArrayList();
        x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(cert);
        X509Data xd = kif2.newX509Data(x509Content);
        KeyInfo ki = kif2.newKeyInfo(Collections.singletonList(xd));

        Element body = (Element) root.getFirstChild().getChildNodes().item(1);
        DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), body);

        XMLSignature signature = fac.newXMLSignature(si, ki);

        signature.sign(dsc);
        message.saveChanges();

        message.writeTo(System.out);

    } catch (Exception ex) {
        ex.printStackTrace();
    }
}

return true;
}

SOAP验证签名

 private void handleInboundMessage(SOAPMessageContext context) {
        try {
            SOAPMessage msg = context.getMessage();
            SOAPPart sp = msg.getSOAPPart();
            SOAPEnvelope document = sp.getEnvelope();
            boolean validFlag = false;
            Document doc = document.getOwnerDocument();
            NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
            if (nl.getLength() == 0) {
                throw new Exception("No XML Digital Signature Found, document is discarded");
            }
            PublicKey publicKey = new KryptoUtil().getStoredPublicKey(PUBLIC_KEY);
            DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
            XMLSignature signature = fac.unmarshalXMLSignature(valContext);
            validFlag = signature.validate(valContext);

            context.put("SIGNATURE", validFlag);

    } catch (Exception e) {
        System.out.println("Error reading SOAP message context: " + e);
        e.printStackTrace();
    }

}

错误在这里:

validFlag = signature.validate(valContext);

发生了什么事?

谢谢。

java jax-ws xml-signature jks java-security
1个回答
0
投票

将客户端证书导入服务器的默认密钥库中。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.