充气城堡分离签名改api

Question

在我看来，Bouncy castle 已更改 API，以下代码在 1.52 中不再可用：

  /**
   * SignatureInterface implementation. Creates detached signature of stream
   * using SHA-256.
   * 
   * @param content
   *          original content stream to sign
   * @throws SignatureException
   *           in case of signature error
   * @throws IOException
   *           in case of I/O error
   * @return signed byte content
   */
  @Override
  public byte[] sign(final InputStream content) throws SignatureException,
      IOException {
    try {

      CMSProcessableInputStream input = new CMSProcessableInputStream(content);
      List<Certificate> certList = Arrays.asList(keystore
          .getCertificateChain(alias));
      CertStore certStore = CertStore.getInstance("Collection",
          new CollectionCertStoreParameters(certList), provider);

      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();      
      gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
          (X509Certificate) keystore.getCertificate(alias),
          CMSSignedGenerator.DIGEST_SHA256);
      gen.addCertificatesAndCRLs(certStore);

      return gen.generate(input, false, provider).getEncoded();
    } catch (Exception e) {
      throw new SignatureException(
          "Problem while preparing signature. Wrong certificate or alias.");
    }
  }

有人知道如何在新 API 中实现相同的行为吗？我在移植指南中没有找到任何相关信息。

已编辑（添加变量定义）：

 /**
   * Size of the read buffer for signing.
   */
  private static final int BUFSIZE = 8192;

  /**
   * Stored instance of BC.
   */
  private BouncyCastleProvider provider;

  /**
   * PKCS#12 key store.
   */
  private KeyStore keystore;

  /**
   * Alias for certificate to sign.
   */
  private String alias;

  /**
   * Password to private key.
   */
  private char[] pin;

Answer 1

我已经能够将代码更改为以下，这似乎适用于我的 1.51 版（1.52 版在 OSGi 下有错误）：

 public byte[] sign(final InputStream content) throws SignatureException,
      IOException {
    try {
      CMSTypedData input = new CMSProcessableByteArray(
          IOUtils.toByteArray(content));
      List<Certificate> certList = Arrays.asList(keystore
          .getCertificateChain(alias));
      Store certs = new JcaCertStore(certList);
      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
      ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
          .setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
      gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
          new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
          .build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
      gen.addCertificates(certs);
      return gen.generate(input, false).getEncoded();
    } catch (Exception e) {
      throw new SignatureException(
          "Problem while preparing signature. Wrong certificate or alias.");
    }
  }