XAdES封装签名的java模板
时间: 2023-10-17 21:06:27 浏览: 38
以下是XAdES封装签名的Java模板:
```java
// 导入所需的包
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
// XAdES封装签名方法
public class XAdES {
public static void sign(String inputFilePath, String outputFilePath, String keystorePath, String keystorePassword) throws Exception {
// 加载KeyStore
KeyStore keyStore = KeyStore.getInstance("JKS");
FileInputStream keyStoreStream = new FileInputStream(keystorePath);
keyStore.load(keyStoreStream, keystorePassword.toCharArray());
// 获取私钥和证书
String alias = keyStore.aliases().nextElement();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, keystorePassword.toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
// 创建XML文档对象
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.parse(new FileInputStream(inputFilePath));
// 创建XML签名工厂
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
// 创建XML签名上下文
DOMSignContext sigContext = new DOMSignContext(privateKey, doc.getDocumentElement());
// 创建XML签名
List<Transform> transforms = new ArrayList<Transform>();
transforms.add(sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
transforms.add(sigFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null));
DigestMethod digestMethod = sigFactory.newDigestMethod(DigestMethod.SHA256, null);
Reference reference = sigFactory.newReference("", digestMethod, transforms, null, null);
SignedInfo signedInfo = sigFactory.newSignedInfo(sigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA256, null), Collections.singletonList(reference));
KeyInfoFactory keyInfoFactory = sigFactory.getKeyInfoFactory();
X509Data x509Data = keyInfoFactory.newX509Data(Collections.singletonList(cert));
KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data));
XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo);
// 签名XML文档
signature.sign(sigContext);
// 保存签名后的XML文档
FileOutputStream outputStream = new FileOutputStream(outputFilePath);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
transformer.transform(new DOMSource(doc), new StreamResult(outputStream));
}
}
```
使用方法:
```java
XAdES.sign("input.xml", "output.xml", "keystore.jks", "password");
```
其中,`input.xml`是待签名的XML文件,`output.xml`是签名后的XML文件,`keystore.jks`是存储私钥和证书的KeyStore文件,`password`是KeyStore的密码。