Xades4j verification - Cannot create a null:null f

2019-09-07 12:14发布

问题:

Im trying to write program which should verify XML sign using xades4j library.

I have something like this:

public static void verify() throws Exception
         {
        FileSystemDirectoryCertStore certStore = new     FileSystemDirectoryCertStore("C:\\(...)");
        KeyStore trustAnchors = KeyStore.getInstance("jks");
        trustAnchors.load(null);
        CertificateValidationProvider certValidator = new PKIXCertificateValidationProvider(trustAnchors, false, certStore.getStore());

        XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
        XadesVerifier v = p.newVerifier();

        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        DocumentBuilder builder = factory.newDocumentBuilder();     
        String  pathToXmlFile = "C:\\(..)\\TEST20140709_04.xml";

        Document docSource = builder.parse(new FileInputStream(pathToXmlFile));
        docSource.getDocumentElement();

        //Element sigElem = (Element)factory.newDocumentBuilder().parse(new FileInputStream(pathToXmlFile));
        Element sigElem =  docSource.getDocumentElement();
        SignatureSpecificVerificationOptions ssvo = new SignatureSpecificVerificationOptions();
        ssvo.useBaseUri("http://www.ietf.org/rfc/");

        XAdESVerificationResult r = v.verify(sigElem, ssvo);


System.out.println(r.getSignatureForm());
System.out.println(r.getSignatureAlgorithmUri());
System.out.println(r.getSignedDataObjects().size());
System.out.println(r.getQualifyingProperties().all().size());
    }

I receive this exception:

Exception in thread "main" xades4j.xml.unmarshalling.UnmarshalException: Bad XML signature
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:123)
    at bankconnect2.xades.Signer.verify(Signer.java:392)
    at bankconnect2.BankConnect2.main(BankConnect2.java:591)
 Caused by: org.apache.xml.security.exceptions.XMLSecurityException: **Cannot create a null:null from a http://www.w3.org/2000/09/xmldsig#:Signature element**
at org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(ElementProxy.java:249)
at org.apache.xml.security.utils.ElementProxy.<init>(ElementProxy.java:97)
at org.apache.xml.security.utils.SignatureElementProxy.<init>(SignatureElementProxy.java:58)
at org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:341)
at org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:326)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:120)

Size of trustAnchors is 0 - shouldn't be > 0? Can you point me where I go wrong?

回答1:

I've noted 2 things:

  • DocumentBuilderFactory should be namespace aware.
  • You aren't loading anything into the trust anchors keystore. You probably want to load it from a file.

If the unmarshalling exception is still present, there's probably an error on the signature XML.