Android的 - 验证XML签名 [英] Android - verify the signature of XML

问题描述

我已经（与RSA和X509标签由纯Java）在网络上签名的XML文档，我已经实现XML拉解析器 - 之前我解析从我的XML文档中特定的URL的一些信息，我需要验证，如果这个文件是正确的。你知道如何检查XML签名？

I have signed XML document (by pure Java with RSA and X509 tags) on the web and I have implemented XML pull parser - before I parse some information from my XML document to specific URL, I need to verify this document if it is the right one. Do you know how to check XML signature?

感谢

编辑：

我的XML文件看起来像如下：

my XML file looks like follows:

 <?xml version="1.0" encoding="UTF-8" standalone="no" ?> 
  <application id="1">
  <appversion>1.0</appversion> 
  <obligatory>yes</obligatory> 
  <update>http://www.xyz.....</update> 
  <check>http://www.xyz.....</check> 
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /> 
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
      <ds:Reference URI="#1">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
        <ds:DigestValue>fuv...</ds:DigestValue> 
    </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>PC0+4uO4...</ds:SignatureValue> 
  <ds:KeyInfo>
  <ds:KeyValue>
    <ds:RSAKeyValue>
      <ds:Modulus>gEs/Fn2Gd5evwhlUgoS3...</ds:Modulus> 
      <ds:Exponent>AQAB</ds:Exponent> 
    </ds:RSAKeyValue>
  </ds:KeyValue>
  <ds:X509Data>
    <ds:X509IssuerSerial>
      <ds:X509IssuerName>CN=abc abc,OU=abcs,O=abc,L=abc,ST=abc,C=abc</ds:X509IssuerName> 
      <ds:X509SerialNumber>123456...</ds:X509SerialNumber> 
    </ds:X509IssuerSerial>
    <ds:X509SubjectName>CN=abc abc,OU=abcs,O=abc,L=abc,ST=abc,C=abc</ds:X509SubjectName> 
    <ds:X509Certificate>MIIDhzCCAm+gAwIBAgI...</ds:X509Certificate> 
  </ds:X509Data>
  </ds:KeyInfo>
 </ds:Signature>

推荐答案

在J2EE的Java你可以使用的javax.xml.crypto 这里详述

In J2EE Java you would use javax.xml.crypto as detailed here

http://java.sun.com/developer/technicalArticles/xml/dig_signature_api /

不过这些都不是标准的Andr​​oid软件包的一部分。

However these are not part of the standard Android package.

它的可能的是工作管理的数量，以使自己的包，你需要源的位。

It may be a manageable amount of work to make your own package of the bits of the source you need.

<一个href=\"http://google.com/$c$csearch/p?hl=en#-WpwJU0UKqQ/src/share/classes/javax/xml/crypto/dom/DOMCryptoContext.java&d=5\" rel=\"nofollow\">http://google.com/$c$csearch/p?hl=en#-WpwJU0UKqQ/src/share/classes/javax/xml/crypto/dom/DOMCryptoContext.java&d=5

这篇关于Android的 - 验证XML签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！