我试图使用java signature类验证XML上的签名,但它总是返回false。XML由SAML服务返回。
这是我的代码:
public static boolean test() throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
String rawCert = "MIIE4zCCA8ugAwIBAgIFAIunqocwDQYJKoZIhvcNAQELBQAwfjEYMBYGCSqGSIb3DQEJARMJaXRAYW1hLnB0MQswCQYDVQQGEwJQVDEPMA0GA1UEBxMGTGlzYm9hMQwwCgYDVQQKEwNBTUExCzAJBgNVBAsTAklUMSkwJwYDVQQDEyBzYW1sLnByZXByb2QuYXV0ZW50aWNhY2FvLmdvdi5wdDAeFw0yMjAyMDIxNTIyMzFaFw0yNjA0MjIxNTIyMzFaMIGmMQswCQYDVQQLEwJJVDE5MDcGA1UEChMwQUdFTkNJQSBQQVJBIEEgTU9ERVJOSVpBQ0FPIEFETUlOSVNUUkFUSVZBLCBJLlAuMQ8wDQYDVQQHEwZMaXNib24xDzANBgNVBAgTBkxpc2JvbjELMAkGA1UEBhMCUFQxLTArBgNVBAMTJGlkcC5zYW1sLnByZXByb2QuYXV0ZW50aWNhY2FvLmdvdi5wdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYNe0uVeWxQenErd8CndyBJakERq+ZfFLGhIiCIG03Kk3P7ZXacKcj7KQk6h6xNDRccrgJjERMb0jhQPxNc1YfGs9gugYJjMVqdyhbPrOLw1gC6jOuZYCFKqpK3KvNLt5uFL+svJrlbCme04InkJGI+tWpMn18FZCNabgvr96MPdEx1UkiUd8/LvfNwrvdIcRzjncS8rDNN/aoN+LOrMBciWup9IfclcTQu21QnJu5bW1m6a5RarB+2VExGhBuO05V9Hlu1GgR+ISOT93OxW8w8Y297FJcbOtGn1DS+BmEP4nXw1Z5tLp1TglLJqJyjPUbQH/RTHdEwwghE7t2LriUCAwEAAaOCAT0wggE5MIGiBgNVHSMEgZowgZeAFIqEGWsGURditfEV0gDuoBPL+ns5oXekdTBzMRgwFgYJKoZIhvcNAQkBEwlpdEBhbWEucHQxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDDAKBgNVBAoTA0FNQTELMAkGA1UECxMCSVQxHjAcBgNVBAMTFUF1dGVudGljYWNhby5Hb3YgUmFpeoIGAWHCrFBGMB0GA1UdDgQWBBQPx8QxxuPf/9Rahh21vZWGYa9+wDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAvBgNVHREEKDAmgiRpZHAuc2FtbC5wcmVwcm9kLmF1dGVudGljYWNhby5nb3YucHQwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwEgYKKwYBBAGC9DQBAQQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEA1T3ZLmK9ZdITIUjy0EzGF8+art8NoESs4JCNmzSKcuEqWZpWIWoMmo5mhsCwgKo4DmtL42rFqDbYghJYCaq/ENZ+6dgRJmnZNTJqT2bqa5F4kQM4yNMZfjBwF1qRWUMF/mRay5rQVOe81zqmUCNguiGCWFAnTtxTED6HmO+/ci60fuW6BcU06HI8hmB8km/wwYfQe8gsQ9X/7INHe5XWZ1ZqT3X+yz6sNiWiKIk18b2VJ+Ml7ZMZr202YU5i8VjKCzTEA7e/2eEWLVZMIvKRm+FHNbKqpcmVxysGa9kDanv1id4CIv+u7H4WBMu3Dsi1GdI1WpFxuIQcblZfgM8odw==";
byte [] decoded = Base64.getDecoder().decode(rawCert);
Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
PublicKey publicKey = cert.getPublicKey();
String sigValue = "muuNQW0vr/YE31Mjls4UCBZLlavnsAHp3EarT2p5NLYIU6C32Zb0jeQ/c+zvK5CsNG/ld836R78Ji4NFJiuWEPvSIqB7MKeoqpNolmOZdVbu6ZRRJLCa/awwLizfbPAWv+JQkT+aZX6pkVgS71q1LsF3NtAgIqOdJyBHtBFoFvuTRKZx7JmDwRttPtSL8lRMO3v+h0LyTIPNB0KFGfCuzrfUFOR3RrzZauiWOjJChN1uhKaF4M1ivnCxaSFVol7vctaPkNJgyORgh7UZjqXOA2WA3SaIbKaf6L3MJfCKvLZiHB49OvWTIEOKF5wOlRat5oL5RiqW6/imH4cZakVkWQ==";
byte[] sigBytes = Base64.getDecoder().decode(sigValue);
String signatureType = "SHA1withRSA";
String content ="PFJlc3BvbnNlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJfZTg1ZDgwYmItMGI1My00Y2MzLTgzYTEtOTQ4OWU4ZTA4NzA5IiBJblJlc3BvbnNlVG89Il9jMzg1ZjVkMi1kNWI4LTQ1YzItODJmZS1kODcwMGMzODQ0Y2QiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIyLTAzLTA3VDExOjI3OjQ2Ljg3NTUwMjdaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2xvY2FsaG9zdDo4MDgwL3dlYi9ndWVzdC9jbWQ/cF9wX2lkPUNNRExvZ2luJmFtcDtwX3BfbGlmZWN5Y2xlPTEmYW1wO3BfcF9zdGF0ZT1ub3JtYWwmYW1wO3BfcF9tb2RlPXZpZXcmYW1wO19DTURMb2dpbl9qYXZheC5wb3J0bGV0LmFjdGlvbj1hY3Rpb25Mb2dpblNBTUxSZXNwb25zZSZhbXA7X0NNRExvZ2luX2Zyb21Mb2dpblBhZ2U9eWVzJmFtcDtwX2F1dGg9Rnl3ZERRcHoiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj4NCiAgPElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9hdXRlbnRpY2FjYW8uY2FydGFvZGVjaWRhZGFvLnB0PC9Jc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIiAvPjxSZWZlcmVuY2UgVVJJPSIjX2U4NWQ4MGJiLTBiNTMtNGNjMy04M2ExLTk0ODllOGUwODcwOSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz48RGlnZXN0VmFsdWU+amRQQTJpRnhOQXA3dnpXNlF6TkJVakhkM2s4PTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5ZTlVGUExuWWhRV2gvT3BwdzV6bUoreGNjZTZxTjd3VjJlT0ZtbW8rQUZNTVVJR01LbHVCdE9kOGVIS1BGbVIveEdaVUdIdkkveU9BRVVXdDhjNytDdkxrSjRvK1BhYVZ1K1k0YW82Snhoby8wV3M4c1ZUM3Z0dUYyMk44MTJyZ0ZISHh1RFhKWVVLMHlEN2FqRGhFUjJueGJSckxmVlY3Zk5ZOU1oWERnY2tmL0RheE95cEQ0QXg1WnJnMkp4cDgwZTJRa29QOXlXMkpjSUs4bkczTEFBTzRKWThBa3FHMnZ1TWJPYk5kV2gzS1R3VnMvV2pEN3hpVUdRY01ScXFDZ0xaTER1MS92YmJaQ2xObk5UejBnRUNDWGVXaXV2RVpieFlCRWs1STArOW56cW9DaWVlTjNFdFhLclJ0MkdTN080bVl3VmN4dVRkZHJmTDJ6dE9vYUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJRTR6Q0NBOHVnQXdJQkFnSUZBSXVucW9jd0RRWUpLb1pJaHZjTkFRRUxCUUF3ZmpFWU1CWUdDU3FHU0liM0RRRUpBUk1KYVhSQVlXMWhMbkIwTVFzd0NRWURWUVFHRXdKUVZERVBNQTBHQTFVRUJ4TUdUR2x6WW05aE1Rd3dDZ1lEVlFRS0V3TkJUVUV4Q3pBSkJnTlZCQXNUQWtsVU1Ta3dKd1lEVlFRREV5QnpZVzFzTG5CeVpYQnliMlF1WVhWMFpXNTBhV05oWTJGdkxtZHZkaTV3ZERBZUZ3MHlNakF5TURJeE5USXlNekZhRncweU5qQTBNakl4TlRJeU16RmFNSUdtTVFzd0NRWURWUVFMRXdKSlZERTVNRGNHQTFVRUNoTXdRVWRGVGtOSlFTQlFRVkpCSUVFZ1RVOUVSVkpPU1ZwQlEwRlBJRUZFVFVsT1NWTlVVa0ZVU1ZaQkxDQkpMbEF1TVE4d0RRWURWUVFIRXdaTWFYTmliMjR4RHpBTkJnTlZCQWdUQmt4cGMySnZiakVMTUFrR0ExVUVCaE1DVUZReExUQXJCZ05WQkFNVEpHbGtjQzV6WVcxc0xuQnlaWEJ5YjJRdVlYVjBaVzUwYVdOaFkyRnZMbWR2ZGk1d2REQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxZTmUwdVZlV3hRZW5FcmQ4Q25keUJKYWtFUnErWmZGTEdoSWlDSUcwM0trM1A3WlhhY0tjajdLUWs2aDZ4TkRSY2NyZ0pqRVJNYjBqaFFQeE5jMVlmR3M5Z3VnWUpqTVZxZHloYlByT0x3MWdDNmpPdVpZQ0ZLcXBLM0t2Tkx0NXVGTCtzdkpybGJDbWUwNElua0pHSSt0V3BNbjE4RlpDTmFiZ3ZyOTZNUGRFeDFVa2lVZDgvTHZmTndydmRJY1J6am5jUzhyRE5OL2FvTitMT3JNQmNpV3VwOUlmY2xjVFF1MjFRbkp1NWJXMW02YTVSYXJCKzJWRXhHaEJ1TzA1VjlIbHUxR2dSK0lTT1Q5M094Vzh3OFkyOTdGSmNiT3RHbjFEUytCbUVQNG5YdzFaNXRMcDFUZ2xMSnFKeWpQVWJRSC9SVEhkRXd3Z2hFN3QyTHJpVUNBd0VBQWFPQ0FUMHdnZ0U1TUlHaUJnTlZIU01FZ1pvd2daZUFGSXFFR1dzR1VSZGl0ZkVWMGdEdW9CUEwrbnM1b1hla2RUQnpNUmd3RmdZSktvWklodmNOQVFrQkV3bHBkRUJoYldFdWNIUXhDekFKQmdOVkJBWVRBbEJVTVE4d0RRWURWUVFIRXdaTWFYTmliMkV4RERBS0JnTlZCQW9UQTBGTlFURUxNQWtHQTFVRUN4TUNTVlF4SGpBY0JnTlZCQU1URlVGMWRHVnVkR2xqWVdOaGJ5NUhiM1lnVW1GcGVvSUdBV0hDckZCR01CMEdBMVVkRGdRV0JCUVB4OFF4eHVQZi85UmFoaDIxdlpXR1lhOSt3REFKQmdOVkhSTUVBakFBTUFzR0ExVWREd1FFQXdJRjREQXZCZ05WSFJFRUtEQW1naVJwWkhBdWMyRnRiQzV3Y21Wd2NtOWtMbUYxZEdWdWRHbGpZV05oYnk1bmIzWXVjSFF3RmdZRFZSMGxBUUgvQkF3d0NnWUlLd1lCQlFVSEF3RXdFZ1lLS3dZQkJBR0M5RFFCQVFRRUF3SUNCREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBMVQzWkxtSzlaZElUSVVqeTBFekdGOCthcnQ4Tm9FU3M0SkNObXpTS2N1RXFXWnBXSVdvTW1vNW1oc0N3Z0tvNERtdEw0MnJGcURiWWdoSllDYXEvRU5aKzZkZ1JKbW5aTlRKcVQyYnFhNUY0a1FNNHlOTVpmakJ3RjFxUldVTUYvbVJheTVyUVZPZTgxenFtVUNOZ3VpR0NXRkFuVHR4VEVENkhtTysvY2k2MGZ1VzZCY1UwNkhJOGhtQjhrbS93d1lmUWU4Z3NROVgvN0lOSGU1WFdaMVpxVDNYK3l6NnNOaVdpS0lrMThiMlZKK01sN1pNWnIyMDJZVTVpOFZqS0N6VEVBN2UvMmVFV0xWWk1JdktSbStGSE5iS3FwY21WeHlzR2E5a0RhbnYxaWQ0Q0l2K3U3SDRXQk11M0RzaTFHZEkxV3BGeHVJUWNibFpmZ004b2R3PT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT4NCiAgPEV4dGVuc2lvbnM+DQogICAgPGZhOkZBQUFMZXZlbCB4bWxuczpmYT0iaHR0cDovL2F1dGVudGljYWNhby5jYXJ0YW9kZWNpZGFkYW8ucHQvYXRyaWJ1dG9zIj4zPC9mYTpGQUFBTGV2ZWw+DQogIDwvRXh0ZW5zaW9ucz4NCiAgPFN0YXR1cz4NCiAgICA8U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPg0KICA8L1N0YXR1cz4NCiAgPEFzc2VydGlvbiBWZXJzaW9uPSIyLjAiIElEPSJfMTYyZTI4YzItMzU1MC00MGViLTlhMmQtMDNjMmQ3YWFhOGRlIiBJc3N1ZUluc3RhbnQ9IjIwMjItMDMtMDdUMTE6Mjc6NDYuODc1NTAyN1oiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4NCiAgICA8SXNzdWVyPmh0dHBzOi8vYXV0ZW50aWNhY2FvLmNhcnRhb2RlY2lkYWRhby5wdDwvSXNzdWVyPg0KICAgIDxTdWJqZWN0Pg0KICAgICAgPE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZDwvTmFtZUlEPg0KICAgICAgPFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPFN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMi0wMy0wN1QxMTozMjo0NloiIFJlY2lwaWVudD0icWFwb3J0YWwuYXNjZW5kaS5wdCIgSW5SZXNwb25zZVRvPSJfYzM4NWY1ZDItZDViOC00NWMyLTgyZmUtZDg3MDBjMzg0NGNkIiBBZGRyZXNzPSJodHRwczovL2lnbm9yZS5tb3Jkb21vLmdvdi5wdCIgLz4NCiAgICAgIDwvU3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L1N1YmplY3Q+DQogICAgPENvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDIyLTAzLTA3VDExOjI3OjQ2WiIgTm90T25PckFmdGVyPSIyMDIyLTAzLTA3VDExOjMyOjQ2WiI+DQogICAgICA8QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPEF1ZGllbmNlPnFhcG9ydGFsLmFzY2VuZGkucHQ8L0F1ZGllbmNlPg0KICAgICAgPC9BdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgPE9uZVRpbWVVc2UgLz4NCiAgICA8L0NvbmRpdGlvbnM+DQogICAgPEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyMi0wMy0wN1QxMToyNzo0Ni44NzU1MDI3WiI+DQogICAgICA8QXV0aG5Db250ZXh0Pg0KICAgICAgICA8QXV0aG5Db250ZXh0RGVjbCB4c2k6dHlwZT0ieHNkOnN0cmluZyIgLz4NCiAgICAgIDwvQXV0aG5Db250ZXh0Pg0KICAgIDwvQXV0aG5TdGF0ZW1lbnQ+DQogICAgPEF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL2ludGVyb3AuZ292LnB0L01EQy9DaWRhZGFvL05vbWVDb21wbGV0byIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiIGQ0cDE6QXR0cmlidXRlU3RhdHVzPSJBdmFpbGFibGUiIHhtbG5zOmQ0cDE9Imh0dHA6Ly9hdXRlbnRpY2FjYW8uY2FydGFvZGVjaWRhZGFvLnB0L2F0cmlidXRvcyI+DQogICAgICAgIDxBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHNkOnN0cmluZyI+U8OpcmdpbyBGZXJuYW5kZXM8L0F0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9BdHRyaWJ1dGU+DQogICAgICA8QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9pbnRlcm9wLmdvdi5wdC9NREMvQ2lkYWRhby9OSUYiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIiBkNHAxOkF0dHJpYnV0ZVN0YXR1cz0iQXZhaWxhYmxlIiB4bWxuczpkNHAxPSJodHRwOi8vYXV0ZW50aWNhY2FvLmNhcnRhb2RlY2lkYWRhby5wdC9hdHJpYnV0b3MiPg0KICAgICAgICA8QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzZDpzdHJpbmciPjIxOTMxNjI1MjwvQXR0cmlidXRlVmFsdWU+DQogICAgICA8L0F0dHJpYnV0ZT4NCiAgICA8L0F0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9Bc3NlcnRpb24+DQo8L1Jlc3BvbnNlPg==";
byte[] contentBytes = Base64.getDecoder().decode(content);
Signature sig = Signature.getInstance(signatureType);
sig.initVerify(publicKey);
sig.update(contentBytes);
return sig.verify(sigBytes);
}
是我做错了什么,还是XML真的签名不好?我无法控制发送响应的服务器,显然一切都很好。
我不确定你从哪里得到的sigValue
XML签名验证使用XML中的信息进行验证,其中的signature值与您的值不匹配。
我使用了perl的XMLSig,并使用rawcert验证了XML,而内容则使用XML中的SignatureValue验证了XML