我不知道如何将 X509IssuerName 和 X509IssuerSerialNumber 从我的证书添加到我的签名 xml 中。
我使用的是 Java 1.6。
这是我的代码:
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(new FileInputStream("c:/cert/mycert.p12"),"PASSWORD".toCharArray());
Enumeration e = p12.aliases();
String alias = (String) e.nextElement();
System.out.println("Cert alias:" + alias);
Key privateKey = p12.getKey(alias, "PASSWORD".toCharArray());
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) p12.getEntry(alias, new KeyStore.PasswordProtection("PASSWORD".toCharArray()));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
KeyInfoFactory kif = fac.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(cert.getSubjectX500Principal().getName());
X509Data xd = kif.newX509Data(x509Content);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
我必须向 x509Content
列表添加什么才能在我的 X509Data 节点中获得类似的内容?
<X509IssuerSerial>
<X509IssuerName>CN=Tax CA Test,O=state-institutions,C=SI</X509IssuerName>
<X509SerialNumber>4723074879886330622</X509SerialNumber>
</X509IssuerSerial>
我从这里得到了源代码: http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
如果我尝试运行
cert.getSerialNumber();
会产生异常 java.lang.ClassCastException: content[1] 不是有效的 X509Data 类型
最佳答案
final List<Object> x509Content = new ArrayList<Object>();
final X509IssuerSerial issuer = kifactory.newX509IssuerSerial(x509ce.getIssuerX500Principal().getName(),x509ce.getSerialNumber());
x509Content.add(issuer);
关于java xml 符号添加 X509IssuerSerial(名称和编号),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32757004/