unsupported SignatureMethod algorithm, but the algorithm is listed as available Service by BC-Provider

问题

to keep it short, my problem is as follows:

I add the BC-Provider at the beginning of my function:

Security.addProvider(new BouncyCastleProvider());

when i List all Services

BouncyCastleProvider().getServices();

the List contains "RIPEMD160WITHECDSA"

on the last line of this codesnippet:

XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(pubkeys[i], sigElement);
valContext.setURIDereferencer(new FileDereferencer(
                              factory.getURIDereferencer(), new File("D:\\eclipseworkspace\\pathtoxml.xml")));
javax.xml.crypto.dsig.XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext);

i get an Exception with the Message:

unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160

What does that mean? what is the difference between RIPEMD160WITHECDSA und the Algorithm specified by this URL? Or is the url just not mapped to this Algorithmname?

Here is the stacktrace:

javax.xml.crypto.MarshalException: unsupported SignatureMethod algorithm: http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
    at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(Unknown Source)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(Unknown Source)
    at com.mobile.xmlsignature.XMLSigChecker.verify(XMLSigChecker.java:122)
    at com.mobile.xmlsignature.mainclass.main(mainclass.java:13)

回答1:

It looks like ecdsa-ripemd160 is not one of the default signature methods registered with DOMSignatureMethod.

According to XMLSignatureFactory.newSignatureMethod() you can probably register ecdsa-ripemd160 using something like this:

xmlFact.newSignatureMethod(
    "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160", 
     MyECDSARipemd160Provider());

You will have to roll your own MyECDSARipemd160Provider() class to implement the SignatureMethodParameterSpec and it will need to identify your algorithm. I have not tried this and I suspect it might take some trial and error. I don't know if there is a BC class that does this for you. I would assume the getAlgorithm() call to this class should return "RIPEMD160WITHECDSA".

来源：https://stackoverflow.com/questions/11984025/unsupported-signaturemethod-algorithm-but-the-algorithm-is-listed-as-available