错误签署文件 pkcs#7 和 bouncycastle java

【问题标题】:Error signing file pkcs#7 and bouncycastle java错误签署文件 pkcs#7 和 bouncycastle java
【发布时间】:2015-09-10 19:21:39
【问题描述】:

我在尝试签署文件时遇到以下错误。

线程“主”org.bouncycastle.operator.OperatorCreationException 中的异常:设置异常:java.security.NoSuchAlgorithmException:没有这样的算法:提供者 SunPKCS11-eToken 的 1.3.14.3.2.26 在 org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder$1.get(未知来源) 在 org.bouncycastle.cms.SignerInfoGenerator.(未知来源) 在 org.bouncycastle.cms.SignerInfoGenerator.(未知来源) 在 org.bouncycastle.cms.SignerInfoGeneratorBuilder.createGenerator(未知来源) 在 org.bouncycastle.cms.SignerInfoGeneratorBuilder.build(未知来源) 在 org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.build(未知来源) 在 org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.build(未知来源) 在 testapp.Testapp.setUpProvider(Testapp.java:111) 在 testapp.Testapp.main(Testapp.java:74) 引起:java.security.NoSuchAlgorithmException:没有这样的算法:1.3.14.3.2.26 for provider SunPKCS11-eToken 在 sun.security.jca.GetInstance.getService(GetInstance.java:83) 在 sun.security.jca.GetInstance.getInstance(GetInstance.java:202) 在 java.security.Security.getImpl(Security.java:688) 在 java.security.MessageDigest.getInstance(MessageDigest.java:233) 在 org.bouncycastle.jcajce.ProviderJcaJceHelper.createDigest(未知来源) 在 org.bouncycastle.operator.jcajce.OperatorHelper.createDigest(未知来源) ... 9 更多 Java 结果:1

代码如下:

    InputStream cnfStream = new ByteArrayInputStream(pkcs11config.getBytes());
    Provider p = new sun.security.pkcs11.SunPKCS11(cnfStream);
    Security.addProvider(p);
    KeyStore ks = KeyStore.getInstance("PKCS11", p);
    ks.load(null, PASSWORD);
    byte[] signedData = sign(data, ks, p);

public static byte[] sign(byte[] data, KeyStore ks, Provider p) throws Exception {

    String alias = ks.aliases().nextElement();

    List certList = new ArrayList();
    CMSTypedData msg = new CMSProcessableByteArray(data); //Data to sign

    X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
    certList.add(cert); //Adding the X509 Certificate

    Store certs = new JcaCertStore(certList);

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    //Initializing the the BC's Signer
    ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(p).build((PrivateKey)ks.getKey(alias, PASSWORD));

    gen.addSignerInfoGenerator(
            new JcaSignerInfoGeneratorBuilder(
            new JcaDigestCalculatorProviderBuilder().setProvider(p).build())
            .build(sha1Signer, cert));
    //adding the certificate
    gen.addCertificates(certs);
    //Getting the signed data
    CMSSignedData sigData = gen.generate(msg, false);
    return sigData.getEncoded();
}

有什么想法吗?

提前致谢

【问题讨论】:

    标签: java bouncycastle pkcs#7 pkcs#11


    【解决方案1】:

    好的,我最终自己解决了这个问题。这是工作代码:

        private void findProvider() {
        String driver;
        byte[] pkcs11config;
        for (int i = indiceDrivers; i < largoDrivers; i++) {
            driver = DRIVERS[i];
            File f = new File(REPO + driver);
            if (!f.exists()) {
                continue;
            }
            pkcs11config = String
                    .format("name = eToken\n library = %s%s", REPO, driver)
                    .getBytes();
            try {
                InputStream cnfStream = new ByteArrayInputStream(pkcs11config);
                provider = new sun.security.pkcs11.SunPKCS11(cnfStream);
                keyStore = KeyStore.getInstance("PKCS11", this.provider);
                Security.addProvider(provider);
                keyStore.load(null, password);
                System.out.println("OK: " + driver);
                break;
            } catch (Exception e) {
                //Solo con fines de prueba
                System.out.println("ERROR: " + driver);
            }
        }
        if (provider == null) {
            throw new RuntimeException("Los drivers del token no estan instalados.");
        } else if (provider != null && keyStore == null) {
            throw new RuntimeException("El token no esta conectado.");
        }
    }

 public void sign(File input, File output) throws Exception {
        String alias = keyStore.aliases().nextElement();
        List certList = new ArrayList();
        CMSTypedData msg = new CMSProcessableFile(input);
        X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
        certList.add(cert);
        Store certs = new JcaCertStore(certList);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(provider).build((PrivateKey) keyStore.getKey(alias, password));
        Security.addProvider(new BouncyCastleProvider());
        gen.addSignerInfoGenerator(
                new JcaSignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
                .build(sha1Signer, cert));
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(msg, true);

        FileOutputStream fileOuputStream = new FileOutputStream(output);
        fileOuputStream.write(sigData.getEncoded());
        fileOuputStream.flush();
        fileOuputStream.close();
    }

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-03-16
      • 1970-01-01
      • 1970-01-01
      • 2014-10-12
      • 1970-01-01
      • 1970-01-01
      • 2020-07-29
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode