在https://github.com/luisgoncalves/xades4j/wiki/DefiningKeyingData中,可以说存储在智能卡中的密钥和证书可用于对XML文档进行签名。在代码示例中提到了本机库:
KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
"path/to/native/lib",
"name",
new FirstCertificateSelector(),
null, null, false);
但是,在本机库中应该是dll还是Java jar,该库应导出哪些功能?我尝试从我所在国家/地区的数字签名软件包的发行版中使用库pkcs11wrapper-1.2.18.jar和pkcs11wrapper.dll,但抛出了异常:
Exception in thread "main" java.security.ProviderException: java.lang.reflect.InvocationTargetException
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.createPkcs11Provider(PKCS11KeyStoreKeyingDataProvider.java:211)
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.access$100(PKCS11KeyStoreKeyingDataProvider.java:52)
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider$1.getBuilder(PKCS11KeyStoreKeyingDataProvider.java:118)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:175)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.getSigningCertificateChain(KeyStoreKeyingDataProvider.java:189)
at xades4j.production.SignerBES.sign(SignerBES.java:151)
at xades4j.production.SignerBES.sign(SignerBES.java:122)
...
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.createPkcs11Provider(PKCS11KeyStoreKeyingDataProvider.java:198)
... 8 more
Caused by: java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:88)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
... 13 more
Caused by: sun.security.pkcs11.ConfigurationException: Unexpected value Token['('], line 2
at sun.security.pkcs11.Config.excToken(Config.java:375)
at sun.security.pkcs11.Config.parseLine(Config.java:595)
at sun.security.pkcs11.Config.parseLibrary(Config.java:666)
at sun.security.pkcs11.Config.parse(Config.java:398)
at sun.security.pkcs11.Config.<init>(Config.java:220)
at sun.security.pkcs11.Config.getConfig(Config.java:84)
... 15 more
当我提供空路径或不存在的库文件的路径时,也会生成类似的异常跟踪。
从Xades4J使用本机应该在本机库中有什么?该本机库是否应支持某些普遍接受的接口。也许Xades4J仅适用于西班牙政府发行的智能卡?
最佳答案
那是来自卡提供商的驱动程序。
要使用智能卡,您需要安装一些软件。该软件(通常)具有一些不错的界面,但它也安装了驱动程序(dll用于Windows,Unix用于)。
For portuguese cards
For belgian cards
回到xades4j:
因此,“ path / to / native / lib”是正确的...
在xades4j中,请参见测试类:
static protected String PTCC_PKCS11_LIB_PATH = "C:\\Windows\\System32\\pteidpkcs11.dll";
in this class它用于here
顺便说一句,对于爱沙尼亚语卡see this,不是xades4j,而是有趣的是:
signatureToken = new PKCS11SignatureToken("/usr/local/lib/opensc-pkcs11.so", "22975".toCharArray(), 2);
另请参见:Signing a PDF with an eID using PKCS#11 and iText