search

y12studio / bkbc-premature

bkbc premature project
Apache License 2.0
0 stars 0 forks source link

自然人憑證簽名測試 #1

Closed y12studio closed 10 years ago

y12studio commented 10 years ago

用 OpenDocument 簽名功能取回。

雅技資訊日誌: 利用自然人憑證對檔案簽章

odfdom/pkg/signature/DocumentSignatureManager.java

signserver/signserver/modules at master · pruiz/signserver

[Apache-SVN] Index of /incubator/odf/trunk/validator/src/main/java/org/odftoolkit/odfvalidator

[ODFTOOLKIT-67] Add support for digital signature creation / verification - ASF JIRA

signserver/signserver/modules/SignServer-Lib-ODFDOM/src/main/java/org/odftoolkit/odfdom/pkg/signature

y12studio commented 10 years ago

目前進度

簽名可取出但是驗證部份失敗

Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
    at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMReference.validate(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source)
    at org.blackbananacoin.premature.HelloOdfSign.main(HelloOdfSign.java:101)
Caused by: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
    at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(Unknown Source)
    at org.blackbananacoin.premature.HelloOdfSign$ODFURIDereferencer.dereference(HelloOdfSign.java:53)
    ... 4 more
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
    at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(Unknown Source)
    ... 6 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
    at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(Unknown Source)
    at org.blackbananacoin.premature.HelloOdfSign$ODFURIDereferencer.dereference(HelloOdfSign.java:53)
    at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMReference.validate(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source)
    at org.blackbananacoin.premature.HelloOdfSign.main(HelloOdfSign.java:101)
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI mimetype and Base null
    at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(Unknown Source)
y12studio commented 10 years ago

安裝 HiCOS Client v2.1.9 windows 7 64bit

http://moica.nat.gov.tw/html/download_1.htm

插入自然人憑證,開啟 OpenDocument hello_world.odt - 檔案 - 數位簽章 - 簽署文件 - 內政部憑證管理中心發行有效期 - 檢視憑證(延遲/不需 PIN code) - 確定(出現PIN code)- 文件已簽名。

[
  Version: V3
  Subject: SERIALNUMBER=1111111111111111, CN=YOURNAME, C=TW
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 2958292186325449...
  public exponent: 65537
  Validity: [From: Fri May 25 09:33:48 CST 2012,
               To: Thu May 25 09:33:48 CST 2017]
  Issuer: OU=內政部憑證管理中心, O=行政院, C=TW
  SerialNumber: [    00f0008e 0080007c fc00c70 12121221]

Certificate Extensions: 8
[1]: ObjectId: 2.5.29.9 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 00 2C 10 2A 30 10 06 07   30 36 36 01 34 32 31 31  .,xxxxxxxxxxx.1
0010: 00 06 18 60 86 70 01 04   03 81 51 30 11 36 37 60  ...`.xx.dxx.xxxx
0020: 80 76 11 64 02 03 30 06   0C 04 ID HE RE L4        .xxxxx.4444

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://moica.nat.gov.tw/repository/Certs/IssuedToThisCA.p7b
, 
   accessMethod: ocsp
   accessLocation: URIName: http://moica.nat.gov.tw/cgi-bin/OCSP/ocsp_server.exe
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B6 20 ....
]
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://moica.nat.gov.tw/repository/MOICA/CRL/complete.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.886.101.0.3.3]
[]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
]

[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: youremail@email.xxx
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 93 08....
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 87 41 ....
....
00F0: F6 B0 ....

]
y12studio commented 10 years ago

ref https://github.com/y12studio/BlackBananaCoin/issues/27

y12studio commented 10 years ago

move to bkbc-tool project