{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 女痞 的问题《Xades4j verification - Cannot create a null:null f》','https://www.manongdao.com/q-1097788.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Im trying to write program which should verify XML sign using xades4j library.
I have something like this:
public static void verify() throws Exception
{
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("C:\\(...)");
KeyStore trustAnchors = KeyStore.getInstance("jks");
trustAnchors.load(null);
CertificateValidationProvider certValidator = new PKIXCertificateValidationProvider(trustAnchors, false, certStore.getStore());
XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
XadesVerifier v = p.newVerifier();
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
String pathToXmlFile = "C:\\(..)\\TEST20140709_04.xml";
Document docSource = builder.parse(new FileInputStream(pathToXmlFile));
docSource.getDocumentElement();
//Element sigElem = (Element)factory.newDocumentBuilder().parse(new FileInputStream(pathToXmlFile));
Element sigElem = docSource.getDocumentElement();
SignatureSpecificVerificationOptions ssvo = new SignatureSpecificVerificationOptions();
ssvo.useBaseUri("http://www.ietf.org/rfc/");
XAdESVerificationResult r = v.verify(sigElem, ssvo);
System.out.println(r.getSignatureForm());
System.out.println(r.getSignatureAlgorithmUri());
System.out.println(r.getSignedDataObjects().size());
System.out.println(r.getQualifyingProperties().all().size());
}
I receive this exception:
Exception in thread "main" xades4j.xml.unmarshalling.UnmarshalException: Bad XML signature
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:123)
at bankconnect2.xades.Signer.verify(Signer.java:392)
at bankconnect2.BankConnect2.main(BankConnect2.java:591)
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: **Cannot create a null:null from a http://www.w3.org/2000/09/xmldsig#:Signature element**
at org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(ElementProxy.java:249)
at org.apache.xml.security.utils.ElementProxy.<init>(ElementProxy.java:97)
at org.apache.xml.security.utils.SignatureElementProxy.<init>(SignatureElementProxy.java:58)
at org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:341)
at org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:326)
at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:120)
Size of trustAnchors is 0 - shouldn't be > 0? Can you point me where I go wrong?
I've noted 2 things:
DocumentBuilderFactoryshould be namespace aware.If the unmarshalling exception is still present, there's probably an error on the signature XML.