无法解析证书: java.io.IOException:空输入X509Certificate
无法解析证书: java.io.IOException:空输入X509Certificate
提问于 2015-07-07 17:30:11
在解析签名时,我将得到下面的错误。有人知道为什么会出现错误吗?
请注意:
- 使用相同的证书,我签署了自己的XML并验证了它是否正常工作。这意味着证书没有问题。
- 客户端提供的签名文档无法验证。
错误:
Exception in thread "main" javax.xml.crypto.MarshalException: Cannot create X509Certificate
at org.jcp.xml.dsig.internal.dom.DOMX509Data.unmarshalX509Certificate(DOMX509Data.java:225)
at org.jcp.xml.dsig.internal.dom.DOMX509Data.<init>(DOMX509Data.java:116)
at org.jcp.xml.dsig.internal.dom.DOMKeyInfo.<init>(DOMKeyInfo.java:116)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:150)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:173)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:137)
at com.signing.ValidateSignedXML.main(ValidateSignedXML.java:126)
Caused by: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at org.jcp.xml.dsig.internal.dom.DOMX509Data.unmarshalX509Certificate(DOMX509Data.java:223)
... 6 more
Caused by: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:101)在这里添加代码以供参考
package com.signing;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class ValidateSignedXML {
/**
* @param args
* @throws Exception
*/
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
// TODO Auto-generated method stub
// Load the KeyStore and get the signing key and certificate.
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream("C:\\Program Files\\Java\\jre1.8.0_31\\bin\\newstore8.jks"), "changeit7".toCharArray());
KeyStore.PrivateKeyEntry keyEntry =
(KeyStore.PrivateKeyEntry) ks.getEntry
("newkey8", new KeyStore.PasswordProtection("changeit7".toCharArray()));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
//Load the signed document.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse
(new FileInputStream("C:\\src\\com\\signing\\signed.xml"));
// Find Signature element.
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}else{
/*System.out.println("---- Start of Print Tag ----\n");
for(int k=0;k<nl.getLength();k++){
printTags((Node)nl.item(k));
}
System.out.println("---- End of Print Tag ----\n");*/
}
// Create a DOMValidateContext and specify a KeySelector
// and document context.
DOMValidateContext valContext = new DOMValidateContext
(new X509KeySelector(), nl.item(0));
// Unmarshal the XMLSignature.
XMLSignature signatures = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature.
boolean coreValidity = signatures.validate(valContext);
System.out.println("Signature Validate :"+coreValidity);
// Check core validation status.
if (coreValidity == false) {
String validateError;
validateError = "Signature core validation status:false";
boolean sv = signatures.getSignatureValue().validate(valContext);
validateError = validateError + " | Signature validation status:" + sv;
if (sv == false || true) {
validateError = validateError + " | References: ";
// Check the validation status of each Reference.
Iterator g = signatures.getSignedInfo().getReferences().iterator();
for (int j = 0; g.hasNext(); j++) {
Reference r = (Reference) g.next();
boolean refValid = r.validate(valContext);
validateError = validateError + "{ref[" + r.getURI() + "] validity status: " + refValid + "}";
}
}
throw new Exception(validateError);
} else {
System.out.println("Signature passed core validation");
}
}
}回答 3
Stack Overflow用户
发布于 2016-05-11 06:36:11
这篇文章已经有一段时间了,但我来这里是为了寻找这个问题。在我的例子中,关键是证书位于case 64-String.getBytes[]中,而不是解码的- Base64-String.getBytes[]中。
希望它能帮助到某人:)
Stack Overflow用户
发布于 2015-07-20 15:08:09
在浏览了这么多博客之后,没有什么能起到这样的作用。最后,我们确认了客户端进行加密的方式,并使用了用于验证的相同的jars。我不知道这是否正确的答案,但可能会帮助那些努力解决这个问题的人。它可能会给你一些线索,如果不能解决上述错误后,经过许多网站。因此,尝试使用用于客户端加密的相同jars,并为您的公钥获取兼容的私钥并将其添加到pk12文件中。将pk12转换为jks,您也可以用于加密和验证,这解决了我们的问题。还有一些过程
#**Create PKCS12 keystore from private key and public certificate.**
openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12
#**Convert PKCS12 keystore into a JKS keystore**
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercer祝各位好运。
Stack Overflow用户
发布于 2019-12-19 17:23:45
错误可以简单到证书集中没有、BEGIN、和结束标记。
-----BEGIN CERTIFICATE-----
your cert data here
-----END CERTIFICATE-----页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/31275509
复制相关文章
相似问题
腾讯云开发者
