xml-crypto在函数"验证签名"中抛出了一个错误,我不明白为什么:
Error: PEM_read_bio_PUBKEY failed
at Error (native)
at Verify.verify (crypto.js:311:23)
at RSASHA256.verifySignature (/home/git/backend/node_modules/xml-crypto/lib/signed-xml.js:137:24)
at SignedXml.validateSignatureValue (/home/git/backend/node_modules/xml-crypto/lib/signed-xml.js:273:20)
at SignedXml.checkSignature (/home/git/backend/node_modules/xml-crypto/lib/signed-xml.js:261:13)
at SAML.validateSignature (/home/git/backend/node_modules/passport-saml/lib/passport-saml/saml.js:498:14)
at /home/git/backend/node_modules/passport-saml/lib/passport-saml/saml.js:545:17
at _fulfilled (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:794:54)
at self.promiseDispatch.done (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:823:30)
at Promise.promise.promiseDispatch (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:756:13)
at /home/git/backend/node_modules/passport-saml/node_modules/q/q.js:516:49
at flush (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:110:17)
at _combinedTickCallback (internal/process/next_tick.js:67:7)
at process._tickDomainCallback (internal/process/next_tick.js:122:9)
我使用以下代码snipet(来自生产的参数)重现了错误:
var crypto = require("crypto");
var verifySignature = function(str, key, signatureValue) {
var verifier = crypto.createVerify("RSA-SHA256");
verifier.update(str);
var res = verifier.verify(key, signatureValue, 'base64');
return res
};
var str = '<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#_55ead485-2e18-4a0d-996e-8c1e42ffa49c"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>nj39d54JP9LU4xUgqUa5uzJ7W/xzDAzXadgUy37Yunk=</ds:DigestValue></ds:Reference></ds:SignedInfo>';
var key = '-----BEGIN CERTIFICATE-----n' +
'MxXh1Tdvj9Wx5VOV4WVunP81al6yvYwRph5F1CPgKRA=n' +
'-----END CERTIFICATE-----n';
var signatureValue = 'QhszIs1jyIQ/b+4kuAxoKNqmU2zk1Gwlzdc0N4V54pkrv+gPwautZMLZEcQCFq9Qt6Xb5oKZHA43OwQfy0kBO1Fy88XlpDu9D5o23pzddZh3x9p0OSjTLA6ycSUYftCKPoTRtIq1AJ9QcmahISPPWA89Vp5hpw2gwuyQsZYXVep8PZJFdlXf+jh35KJq0WOH+4UVRWHoYU5THHE9H7rKqlXzEma+jb78KWF/aNltRFS2yW0UT3bsYE0CKiJp/MokNB51IztwZYqueGBD2A2IcFF+PAq4cnwSzqIZ5sXCVWUSm6lQupyxA67nIA/asJ//WbYozCePSQKFaBNVJEz1Pg==';
verifySignature(str, key, signatureValue);
知道如何解决它吗?
事实证明,标识提供者提供的证书不正确。固定。