https://github.com/luisgoncalves/xades4j/wiki/DefiningKeyingData中,可以说存储在智能卡中的密钥和证书可用于对XML文档进行签名。在代码示例中提到了本机库:

KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
               "path/to/native/lib",
               "name",
               new FirstCertificateSelector(),
               null, null, false);


但是,在本机库中应该是dll还是Java jar,该库应导出哪些功能?我尝试从我所在国家/地区的数字签名软件包的发行版中使用库pkcs11wrapper-1.2.18.jar和pkcs11wrapper.dll,但抛出了异常:

Exception in thread "main" java.security.ProviderException: java.lang.reflect.InvocationTargetException
    at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.createPkcs11Provider(PKCS11KeyStoreKeyingDataProvider.java:211)
    at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.access$100(PKCS11KeyStoreKeyingDataProvider.java:52)
    at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider$1.getBuilder(PKCS11KeyStoreKeyingDataProvider.java:118)
    at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:175)
    at xades4j.providers.impl.KeyStoreKeyingDataProvider.getSigningCertificateChain(KeyStoreKeyingDataProvider.java:189)
    at xades4j.production.SignerBES.sign(SignerBES.java:151)
    at xades4j.production.SignerBES.sign(SignerBES.java:122)
    ...
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider.createPkcs11Provider(PKCS11KeyStoreKeyingDataProvider.java:198)
    ... 8 more
Caused by: java.security.ProviderException: Error parsing configuration
    at sun.security.pkcs11.Config.getConfig(Config.java:88)
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
    ... 13 more
Caused by: sun.security.pkcs11.ConfigurationException: Unexpected value Token['('], line 2
    at sun.security.pkcs11.Config.excToken(Config.java:375)
    at sun.security.pkcs11.Config.parseLine(Config.java:595)
    at sun.security.pkcs11.Config.parseLibrary(Config.java:666)
    at sun.security.pkcs11.Config.parse(Config.java:398)
    at sun.security.pkcs11.Config.<init>(Config.java:220)
    at sun.security.pkcs11.Config.getConfig(Config.java:84)
    ... 15 more


当我提供空路径或不存在的库文件的路径时,也会生成类似的异常跟踪。

从Xades4J使用本机应该在本机库中有什么?该本机库是否应支持某些普遍接受的接口。也许Xades4J仅适用于西班牙政府发行的智能卡?

最佳答案

那是来自卡提供商的驱动程序。
要使用智能卡,您需要安装一些软件。该软件(通常)具有一些不错的界面,但它也安装了驱动程序(dll用于Windows,Unix用于)。


For portuguese cards
For belgian cards


回到xades4j:

因此,“ path / to / native / lib”是正确的...

在xades4j中,请参见测试类:

static protected String PTCC_PKCS11_LIB_PATH = "C:\\Windows\\System32\\pteidpkcs11.dll";


in this class它用于here

顺便说一句,对于爱沙尼亚语卡see this,不是xades4j,而是有趣的是:

signatureToken = new PKCS11SignatureToken("/usr/local/lib/opensc-pkcs11.so", "22975".toCharArray(), 2);


另请参见:Signing a PDF with an eID using PKCS#11 and iText

07-24 20:20