在 https://github.com/luisgoncalves/xades4j/wiki/DefiningKeyingData据说,存储在智能卡中的 key 和证书可用于签署 XML 文档。代码示例中提到了 native 库:
KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
"path/to/native/lib",
"name",
new FirstCertificateSelector(),
null, null, false);
但是这个原生库中应该有什么,是dll还是Java jar,库应该导出哪些函数?我尝试使用我国数字签名包发行版中的库 pkcs11wrapper-1.2.18.jar 和 pkcs11wrapper.dll,但抛出了异常:
Exception in thread "main" java.security.ProviderException: java.lang.reflect.InvocationTargetException
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.createPkcs11Provider(PKCS11KeyStoreKeyingDataProvider.java:211)
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.access$100(PKCS11KeyStoreKeyingDataProvider.java:52)
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider$1.getBuilder(PKCS11KeyStoreKeyingDataProvider.java:118)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:175)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.getSigningCertificateChain(KeyStoreKeyingDataProvider.java:189)
at xades4j.production.SignerBES.sign(SignerBES.java:151)
at xades4j.production.SignerBES.sign(SignerBES.java:122)
...
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.createPkcs11Provider(PKCS11KeyStoreKeyingDataProvider.java:198)
... 8 more
Caused by: java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:88)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
... 13 more
Caused by: sun.security.pkcs11.ConfigurationException: Unexpected value Token['('], line 2
at sun.security.pkcs11.Config.excToken(Config.java:375)
at sun.security.pkcs11.Config.parseLine(Config.java:595)
at sun.security.pkcs11.Config.parseLibrary(Config.java:666)
at sun.security.pkcs11.Config.parse(Config.java:398)
at sun.security.pkcs11.Config.<init>(Config.java:220)
at sun.security.pkcs11.Config.getConfig(Config.java:84)
... 15 more
当我提供空路径或不存在的库文件的路径时,也会生成类似的异常跟踪。
native 库中应该有什么才能从 Xades4J 使用它?这个 native 库是否应该支持一些普遍接受的接口(interface)。也许 Xades4J 仅适用于西类牙政府发行的智能卡?
最佳答案
这是来自卡提供商的驱动程序。 要使用智能卡,您需要安装一些软件。该软件(通常)有一些不错的界面,但它也安装驱动程序(dll 适用于 Windows,因此适用于 unix)。
返回 xades4j:
所以,“path/to/native/lib”是正确的......
在xades4j中,查看测试类:
static protected String PTCC_PKCS11_LIB_PATH = "C:\\Windows\\System32\\pteidpkcs11.dll";
顺便说一句,不是xades4j,但有趣的是,对于爱沙尼亚卡,see this :
signatureToken = new PKCS11SignatureToken("/usr/local/lib/opensc-pkcs11.so", "22975".toCharArray(), 2);
关于java - Xades4J 兼容 PKCS11 native 库中应该包含什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40763677/