如何使用java.security验证xmldsig签名?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (1)
  • 关注 (0)
  • 查看 (99)

有以下代码:

@Service
public class XmlSignatureCheckerImpl implements XmlSignatureChecker {
    private static final String ENCRYPTION_ALGORITHM = "RSA";

    private static final String HASH_ENCRYPTION_ALGORITHM = "SHA1withRSA";

    @Override
    @Nullable
    public PublicKey getPublicKey(byte[] exp, byte[] mod) {
        BigInteger modulus = new BigInteger(1, mod);
        BigInteger exponent = new BigInteger(1, exp);
        RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent);

        KeyFactory fact;
        try {
            fact = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
            return fact.generatePublic(rsaPubKey);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
        return null;
    }

    @Override
    @Nullable
    public Boolean verify(byte[] message, byte[] signature, PublicKey publicKey) {
        final Signature sig;
        try {
            sig = Signature.getInstance(HASH_ENCRYPTION_ALGORITHM);
            sig.initVerify(publicKey);
            sig.update(message);
            boolean verify = sig.verify(Base64.encodeBase64Chunked(signature));
            return verify;
        } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
            e.printStackTrace();
        }
        return null;
    }
}

调用getPublicKey并验证,结果是签名长度不匹配,该怎样解决啊?

提问于
用户回答回答于

扫码关注云+社区

领取腾讯云代金券

年度创作总结 领取年终奖励