无法验证签名 (cmssigneddata) bouncycastle

【问题标题】:Cannot verify signature (cmssigneddata) bouncycastle无法验证签名 (cmssigneddata) bouncycastle
【发布时间】:2017-10-15 03:42:44
【问题描述】:

当我想验证我使用 BouncyCastle 制作的签名时,我不会进入 verifySignature 方法的第二个 while 循环。 store.getMatches() 返回一个空数组。

public static CMSSignedData sign() throws Exception {
    byte[] file = fileChooser();
    store = KeyStore.getInstance(storeType);
    FileInputStream in = new FileInputStream(new File(storePathKey));
    store.load(in, storePassword);
    in.close();

    Key priv = store.getKey("Subject", storePassword);
    System.out.println(priv.toString() + "priv string");
    X509Certificate cert = (X509Certificate) store.geCertificate("Subject");
    ContentSigner signer = new JcaContentSignerBuilder(sigAlgo).build((RSAPrivateKey) priv);

    CMSTypedData data = new CMSProcessableByteArray(file);
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
        .build(signer, cert));
    CMSSignedData sigData = gen.generate(data, true);

    return sigData;
}

public static void verifySig(CMSSignedData sigData) throws Exception {
    Store store = sigData.getCertificates();
    SignerInformationStore signers = sigData.getSignerInfos();
    System.out.println(store.toString() + "store");
    Collection c = signers.getSigners();
    Iterator it = c.iterator();

    while (it.hasNext()) {
        System.out.println("enter while loop1");
        SignerInformation signer = (SignerInformation) it.next();

        Collection certCollection = store.getMatches(signer.getSID());
        Iterator certIt = certCollection.iterator();
        System.out.println(store.getMatches(null) + "collection of certs");

        while (certIt.hasNext()) {
            System.out.println("enter while loop2");
            X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
            X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);

            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) {
                System.out.println("verified correct");
            } else {
                System.out.println("not verified");
            }
        }
    }
}

我在sign() 方法中遗漏了什么吗?

【问题讨论】:

    标签: java store bouncycastle sign verify


    【解决方案1】:

    您需要将证书添加到org.bouncycastle.util.CollectionStore,并将此存储添加到签名中。

    我正在使用 BouncyCastle 1.56

    import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.util.CollectionStore;

// add these lines after gen.addSignerInfoGenerator(...)

// cert is your X509Certificate
X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
CollectionStore<X509CertificateHolder> certStore = new CollectionStore<>(Collections.singletonList(holder));
gen.addCertificates(certStore); // add the store to the signature

    当您想要添加多个证书时,CollectionStore 很有用。如果你只想添加一个,你也可以这样做:

    X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
gen.addCertificate(holder);

    我得到的输出:

    enter while loop1
[org.bouncycastle.cert.X509CertificateHolder@5bc807a8]collection of certs
enter while loop2
verified correct

    【讨论】:

      猜你喜欢
      • 2012-11-11
      • 2017-06-29
      • 1970-01-01
      • 2013-05-15
      • 1970-01-01
      • 1970-01-01
      • 2011-11-27
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode