Obtention d'un certificat de XMLSignature en Java

Question

Je tente d'extraire le certificat de XMLSignature, d'obtenir le CRL DistributionPoint et de vérifier s'il est valide.

J'ai un document numérique et le nom de fichier signature, et voilà comment je me XML Signature:

ZipFile zipFile = new ZipFile(dataFactory.getDataReader().getFileAdoc(adocFileName)); 
ZipEntry entry = zipFile.getEntry(signatureFileName); 
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
dbf.setNamespaceAware(true); 
Document doc = dbf.newDocumentBuilder().parse(zipFile.getInputStream(entry)); 
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); 
if (nl.getLength() == 0) 
{ 
    throw new Exception("Cannot find Signature element"); 
} 
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 
DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(), nl.item(0)); 
ZipFileURIDereferencer dereferencer = new ZipFileURIDereferencer(zipFile); 
valContext.setURIDereferencer(dereferencer); 

XMLSignature signature = fac.unmarshalXMLSignature(valContext); 

Maintenant, comment puis-je obtenir le certificat ou X509Certificate?

J'ai essayé d'obtenir < X509Certificate> partie:

NodeList sertificateNodeList = doc.getElementsByTagName("X509Certificate"); 
if (sertificateNodeList.getLength() == 0) { 
    throw new Exception("Cannot find X509Certificate element"); 
} 
String certPart = sertificateNodeList.item(0).getFirstChild().getNodeValue(); 
System.out.println(certPart); 
InputStream is = new ByteArrayInputStream(certPart.getBytes()); 

CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
Certificate cert = cf.generateCertificate(is); 

Mais cela me donne:

java.security.cert.CertificateParsingException: invalid DER-encoded certificate data

Peut-être que j'ai juste besoin de coder en quelque sorte que InputStream est?

Le signature.xml contient:

<X509Certificate> 
MIIKVTCCCT2gAwIBAgIOY7W3f/J6VnsAAQAInYYwDQYJKoZIhvcNAQEFBQAwgbsxCzAJBgNVBAYT 
AkxUMUAwPgYDVQQKEzdHeXZlbnRvanUgcmVnaXN0cm8gdGFybnliYSBwcmllIExSIFZSTSAtIGku 
... 
FWxieiI3KtGsVPYZ1/C7QHLv0SRMaCm/+qHuPSWh+L5YIcjBxQbD4bU2Q9soW7QshkRNRJOWSonK 
Rw/cD4gWZDPte3V42qj6SZazsjDrGTFaGBg3 
</X509Certificate> 

Merci!

Answer 1

J'ai réussi à obtenir une sorte de certificat (X509CertImpl) et vérifier sa validité, en utilisant un code que j'ai trouvé en ligne:

XMLSignature signature = fac.unmarshalXMLSignature(valContext); 
KeyInfo keyInfo = signature.getKeyInfo(); 

Iterator iter = keyInfo.getContent().iterator(); 
X509CertImpl certImpl = null; 
while (iter.hasNext()) { 
    XMLStructure kiType = (XMLStructure) iter.next(); 
    if (kiType instanceof X509Data) { 
     X509Data xd = (X509Data) kiType; 
     Object[] entries = xd.getContent().toArray(); 
     X509CRL crl = null; 
     for (int i = 0; (i < entries.length); i++) { 
      if (entries[i] instanceof X509CRL) { 
       crl = (X509CRL) entries[i]; 
      } 
      if (entries[i] instanceof X509CertImpl) { 
       certImpl = (X509CertImpl) entries[i]; 
       try { 
        certImpl.checkValidity(signDate); 
       } catch (CertificateExpiredException expiredEx) { 
        System.out.println("CERTIFICATE EXPIRED!"); 
        return 1; 
       } catch (CertificateNotYetValidException notYetValidEx) { 
        System.out.println("CERTIFICATE NOT VALID YET!"); 
        return 0; 
       } 
       System.out.println("CERTIFICATE IS VALID!");       
      } 
     } 
    } 
} 

Answer 2

InputStream is = new ByteArrayInputStream(**unbase64**(certPart)); 

salut Brutus, juste unbase64 la valeur X509Certificate