不支持的SignatureMethod算法，但该算法被BC-Provider列为可用服务 [英] unsupported SignatureMethod algorithm, but the algorithm is listed as available Service by BC-Provider

问题描述

为了简短起见，我的问题如下:

to keep it short, my problem is as follows:

我在功能的开头添加了BC-Provider:

I add the BC-Provider at the beginning of my function:

Security.addProvider(new BouncyCastleProvider());

当我列出所有服务时

BouncyCastleProvider().getServices();

列表包含"RIPEMD160WITHECDSA"

the List contains "RIPEMD160WITHECDSA"

此代码段的最后一行:

XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(pubkeys[i], sigElement);
valContext.setURIDereferencer(new FileDereferencer(
                              factory.getURIDereferencer(), new File("D:\\eclipseworkspace\\pathtoxml.xml")));
javax.xml.crypto.dsig.XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext);

我收到消息异常:

不受支持的SignatureMethod算法: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160

unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160

那是什么意思?RIPEMD160WITHECDSA和此URL指定的算法有什么区别?还是该URL仅未映射到该Algorithmname?

What does that mean? what is the difference between RIPEMD160WITHECDSA und the Algorithm specified by this URL? Or is the url just not mapped to this Algorithmname?

这是堆栈跟踪:

javax.xml.crypto.MarshalException: unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
    at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(Unknown Source)
    at com.mobile.xmlsignature.XMLSigChecker.verify(XMLSigChecker.java:122)
    at com.mobile.xmlsignature.mainclass.main(mainclass.java:13)

推荐答案

它看起来像根据

According to XMLSignatureFactory.newSignatureMethod() you can probably register ecdsa-ripemd160 using something like this:

xmlFact.newSignatureMethod(
    "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160", 
     MyECDSARipemd160Provider());

您将必须滚动自己的 MyECDSARipemd160Provider()类以实现 getAlgorithm()对该类的调用应返回"RIPEMD160WITHECDSA".

You will have to roll your own MyECDSARipemd160Provider() class to implement the SignatureMethodParameterSpec and it will need to identify your algorithm. I have not tried this and I suspect it might take some trial and error. I don't know if there is a BC class that does this for you. I would assume the getAlgorithm() call to this class should return "RIPEMD160WITHECDSA".

这篇关于不支持的SignatureMethod算法，但该算法被BC-Provider列为可用服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！