将数字签名添加到XML文档中-错误错误UID

Question

我正在尝试xml文件的数字签名。此代码正在运行异步。

ExecutorService executor = Executors.newFixedThreadPool(10);

当代码运行一段时间后，输出异常：

javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Bad UID.

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.sign(DOMSignatureMethod.java:345)
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:405)
at com.chubb.util.XMLSignerUtil.signXMLContent(XMLSignerUtil.java:173)
at com.chubb.util.XMLSignerUtil.signFile(XMLSignerUtil.java:187)
at com.chubb.face.INVPanelXml$SignWorker.signContract(INVPanelXml.java:396)
at com.chubb.face.INVPanelXml$SignWorker.run(INVPanelXml.java:362)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:830)

原因: java.security.SignatureException:坏UID。

at jdk.crypto.mscapi/sun.security.mscapi.CSignature.signHash(Native Method)
at jdk.crypto.mscapi/sun.security.mscapi.CSignature$RSA.engineSign(CSignature.java:220)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1403)
at java.base/java.security.Signature.sign(Signature.java:712)
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.sign(DOMSignatureMethod.java:343)
... 8 more

java.security.SignatureException:坏UID。

at jdk.crypto.mscapi/sun.security.mscapi.CSignature.signHash(Native Method)
at jdk.crypto.mscapi/sun.security.mscapi.CSignature$RSA.engineSign(CSignature.java:220)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1403)
at java.base/java.security.Signature.sign(Signature.java:712)
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.sign(DOMSignatureMethod.java:343)
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:405)
at com.chubb.util.XMLSignerUtil.signXMLContent(XMLSignerUtil.java:173)
at com.chubb.util.XMLSignerUtil.signFile(XMLSignerUtil.java:187)
at com.chubb.face.INVPanelXml$SignWorker.signContract(INVPanelXml.java:396)
at com.chubb.face.INVPanelXml$SignWorker.run(INVPanelXml.java:362)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:830)

Answer 1

这取决于配置和签名类型是否可以进行并行签名。例如，您需要确保创建的所有签名都使用不同的XML标识符。否则，验证器提取验证信息时就会出现模糊性，并且会产生损坏的签名。此外，对于封装或分离签名类型，不支持并行签名，因为签名是在XML文档的根级别上创建的。此外，在执行信封签名时，需要确保使用的XPath表达式仅将当前签名排除在XML范围之外，因此不应使用创建并行签名。

您能够正确地创建单个签名吗？如果答案是肯定的，那么您选择的签名类型很可能不支持并行签名，或者在某些步骤上存在配置问题。