Android的 - 验证XML签名 [英] Android - verify the signature of XML
问题描述
我已经(与RSA和X509标签由纯Java)在网络上签名的XML文档,我已经实现XML拉解析器 - 之前我解析从我的XML文档中特定的URL的一些信息,我需要验证,如果这个文件是正确的。你知道如何检查XML签名?
I have signed XML document (by pure Java with RSA and X509 tags) on the web and I have implemented XML pull parser - before I parse some information from my XML document to specific URL, I need to verify this document if it is the right one. Do you know how to check XML signature?
感谢
编辑:
我的XML文件看起来像如下:
my XML file looks like follows:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<application id="1">
<appversion>1.0</appversion>
<obligatory>yes</obligatory>
<update>http://www.xyz.....</update>
<check>http://www.xyz.....</check>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#1">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>fuv...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>PC0+4uO4...</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>gEs/Fn2Gd5evwhlUgoS3...</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=abc abc,OU=abcs,O=abc,L=abc,ST=abc,C=abc</ds:X509IssuerName>
<ds:X509SerialNumber>123456...</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509SubjectName>CN=abc abc,OU=abcs,O=abc,L=abc,ST=abc,C=abc</ds:X509SubjectName>
<ds:X509Certificate>MIIDhzCCAm+gAwIBAgI...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
推荐答案
在J2EE的Java你可以使用的javax.xml.crypto
这里详述
In J2EE Java you would use javax.xml.crypto
as detailed here
http://java.sun.com/developer/technicalArticles/xml/dig_signature_api /
不过这些都不是标准的Android软件包的一部分。
However these are not part of the standard Android package.
它的可能的是工作管理的数量,以使自己的包,你需要源的位。
It may be a manageable amount of work to make your own package of the bits of the source you need.
<一个href=\"http://google.com/$c$csearch/p?hl=en#-WpwJU0UKqQ/src/share/classes/javax/xml/crypto/dom/DOMCryptoContext.java&d=5\" rel=\"nofollow\">http://google.com/$c$csearch/p?hl=en#-WpwJU0UKqQ/src/share/classes/javax/xml/crypto/dom/DOMCryptoContext.java&d=5
这篇关于Android的 - 验证XML签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!