Closed y12studio closed 10 years ago
目前進度
簽名可取出但是驗證部份失敗
Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMReference.validate(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source)
at org.blackbananacoin.premature.HelloOdfSign.main(HelloOdfSign.java:101)
Caused by: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(Unknown Source)
at org.blackbananacoin.premature.HelloOdfSign$ODFURIDereferencer.dereference(HelloOdfSign.java:53)
... 4 more
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(Unknown Source)
... 6 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(Unknown Source)
at org.blackbananacoin.premature.HelloOdfSign$ODFURIDereferencer.dereference(HelloOdfSign.java:53)
at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMReference.validate(Unknown Source)
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source)
at org.blackbananacoin.premature.HelloOdfSign.main(HelloOdfSign.java:101)
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(Unknown Source)
安裝 HiCOS Client v2.1.9 windows 7 64bit
http://moica.nat.gov.tw/html/download_1.htm
插入自然人憑證,開啟 OpenDocument hello_world.odt - 檔案 - 數位簽章 - 簽署文件 - 內政部憑證管理中心發行有效期 - 檢視憑證(延遲/不需 PIN code) - 確定(出現PIN code)- 文件已簽名。
[
Version: V3
Subject: SERIALNUMBER=1111111111111111, CN=YOURNAME, C=TW
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 2958292186325449...
public exponent: 65537
Validity: [From: Fri May 25 09:33:48 CST 2012,
To: Thu May 25 09:33:48 CST 2017]
Issuer: OU=內政部憑證管理中心, O=行政院, C=TW
SerialNumber: [ 00f0008e 0080007c fc00c70 12121221]
Certificate Extensions: 8
[1]: ObjectId: 2.5.29.9 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 00 2C 10 2A 30 10 06 07 30 36 36 01 34 32 31 31 .,xxxxxxxxxxx.1
0010: 00 06 18 60 86 70 01 04 03 81 51 30 11 36 37 60 ...`.xx.dxx.xxxx
0020: 80 76 11 64 02 03 30 06 0C 04 ID HE RE L4 .xxxxx.4444
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://moica.nat.gov.tw/repository/Certs/IssuedToThisCA.p7b
,
accessMethod: ocsp
accessLocation: URIName: http://moica.nat.gov.tw/cgi-bin/OCSP/ocsp_server.exe
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B6 20 ....
]
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://moica.nat.gov.tw/repository/MOICA/CRL/complete.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.886.101.0.3.3]
[] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: youremail@email.xxx
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 93 08....
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 87 41 ....
....
00F0: F6 B0 ....
]
move to bkbc-tool project
用 OpenDocument 簽名功能取回。
雅技資訊日誌: 利用自然人憑證對檔案簽章
odfdom/pkg/signature/DocumentSignatureManager.java
signserver/signserver/modules at master · pruiz/signserver
[Apache-SVN] Index of /incubator/odf/trunk/validator/src/main/java/org/odftoolkit/odfvalidator
[ODFTOOLKIT-67] Add support for digital signature creation / verification - ASF JIRA
signserver/signserver/modules/SignServer-Lib-ODFDOM/src/main/java/org/odftoolkit/odfdom/pkg/signature