我想生成数字签名,但被告知我需要在生成之前先规范化 SignedInfo 节点。我坚持如何首先规范化节点,想知道是否可以基于以下代码:
byte [] xmlstringbytes=null;
xmlstringbytes= XMLStringWithNoSignature.getBytes("UTF-8");
final List<Object> listkey= new LinkedList<Object> ();
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
//digest
DigestMethod digestMethodObj = fac.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", null);
//canon
CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null);
//signature
SignatureMethod signatureMethodObj = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
//transform
Transform transform1 = fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-
signature", (TransformParameterSpec) null);
Transform transform2 = fac.newTransform("http://www.w3.org/2006/12/xml-c14n11", (TransformParameterSpec) null);
List<Transform> transformList = new ArrayList<Transform>();
transformList.add(transform1);
transformList.add(transform2);
//reference
Reference ref = (Reference) fac.newReference("", digestMethodObj, transformList, null, null);
List<Reference> referenceList = Collections.singletonList(ref);
//keyinfo
final KeyInfo keyInfo = keyInfoFactory.newKeyInfo (listkey);
//signedinfo
SignedInfo signedInfo = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj,
referenceList);
Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(xmlstringbytes));
DOMSignContext dsc = new DOMSignContext(Key, doc.getDocumentElement());
//generate signature, will need to canonicalize signedInfo first before executing below
command
XMLSignature xmlSignature = fac.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(dsc);
提前感谢您的投入。