不支持的SignatureMethod算法,但该算法被BC-Provider列为可用服务 [英] unsupported SignatureMethod algorithm, but the algorithm is listed as available Service by BC-Provider
问题描述
为了简短起见,我的问题如下:
to keep it short, my problem is as follows:
我在功能的开头添加了BC-Provider:
I add the BC-Provider at the beginning of my function:
Security.addProvider(new BouncyCastleProvider());
当我列出所有服务时
BouncyCastleProvider().getServices();
列表包含"RIPEMD160WITHECDSA"
the List contains "RIPEMD160WITHECDSA"
此代码段的最后一行:
XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(pubkeys[i], sigElement);
valContext.setURIDereferencer(new FileDereferencer(
factory.getURIDereferencer(), new File("D:\\eclipseworkspace\\pathtoxml.xml")));
javax.xml.crypto.dsig.XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext);
我收到消息异常:
不受支持的SignatureMethod算法: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
那是什么意思?RIPEMD160WITHECDSA和此URL指定的算法有什么区别?还是该URL仅未映射到该Algorithmname?
What does that mean? what is the difference between RIPEMD160WITHECDSA und the Algorithm specified by this URL? Or is the url just not mapped to this Algorithmname?
这是堆栈跟踪:
javax.xml.crypto.MarshalException: unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(Unknown Source)
at com.mobile.xmlsignature.XMLSigChecker.verify(XMLSigChecker.java:122)
at com.mobile.xmlsignature.mainclass.main(mainclass.java:13)
推荐答案
它看起来像 DOMSignatureMethod .
According to XMLSignatureFactory.newSignatureMethod() you can probably register ecdsa-ripemd160 using something like this:
xmlFact.newSignatureMethod(
"http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160",
MyECDSARipemd160Provider());
您将必须滚动自己的 MyECDSARipemd160Provider()类以实现 getAlgorithm()对该类的调用应返回"RIPEMD160WITHECDSA".
You will have to roll your own MyECDSARipemd160Provider() class to implement the SignatureMethodParameterSpec and it will need to identify your algorithm. I have not tried this and I suspect it might take some trial and error. I don't know if there is a BC class that does this for you. I would assume the getAlgorithm() call to this class should return "RIPEMD160WITHECDSA".
这篇关于不支持的SignatureMethod算法,但该算法被BC-Provider列为可用服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!