Fatal编程技术网
  • certificate/
  • Certificate 构造实现时获取错误(算法:集合,提供程序:BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi)

Certificate 构造实现时获取错误(算法:集合,提供程序:BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi)

certificate

Certificate 构造实现时获取错误(算法:集合,提供程序:BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi),certificate,bouncycastle,signature,Certificate,Bouncycastle,Signature,我在一个项目中遇到了一个问题,当时我正在使用BouncyCastle创建数字签名 以下是我正在运行的代码: Statement stmt_cert = conn.createStatement(); ResultSet rs_cert= stmt_cert.executeQuery("select c.ca, c.privk from certs c where num_tab="+stat_cert); rs_cert.next(); castr = rs_cert.getString("

我在一个项目中遇到了一个问题,当时我正在使用BouncyCastle创建数字签名

以下是我正在运行的代码:

Statement stmt_cert = conn.createStatement();
ResultSet rs_cert= stmt_cert.executeQuery("select c.ca, c.privk  from certs c  where num_tab="+stat_cert);
rs_cert.next();
castr = rs_cert.getString("ca") + "\n";
strPriv = rs_cert.getString("privk") + "\n" ;
rs_cert.close();      
stmt_cert.close();
 byte[] encKey = castr.getBytes();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
 X509Certificate caCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(encKey));

 PEMReader pr = new PEMReader(new StringReader(strPriv));
 Object obj = pr.readObject();
 KeyPair kp = (KeyPair) obj;
 PrivateKey privateKey = kp.getPrivate();
 Certificate[] chain =new Certificate[]{caCert};


    byte[] plainText = digest.getBytes("UTF8");


  CertStore certs =null;
  ArrayList certList = new ArrayList();

  try{
    for ( int i = 0; i < chain.length;i++)
    {     
        result += chain[i];
        certList.add(chain[i]);      
    }
    certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");


  }
  catch(Exception exc){
   result  += "Problem with keystore access: " + exc.toString() ;
   InsErr_log.Insert_error(1000,"Error when generate Signature of Statements",result);     
   return result;
   }

  // --- Use Bouncy Castle provider to create CSM/PKCS#7 signed message ---
   try{
    CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
    signGen.addSigner(privateKey, (X509Certificate)caCert, CMSSignedDataGenerator.DIGEST_SHA1);
    signGen.addCertificatesAndCRLs(certs);
    CMSProcessable content = new CMSProcessableByteArray(plainText);

    CMSSignedData signedData = signGen.generate(content,"BC");
    byte[] signeddata = signedData.getEncoded();
    result  += "Created signed message: " + signeddata.length + " bytes" ;
    result  += new String(signeddata,"UTF8");
   }
   catch(Exception ex){
    result = "Couldn't generate CMS signed message\n" + ex.toString() ;
   }
下面是错误:

密钥库访问问题:java.security.NoSuchAlgorithmException: 构造实现时出错(算法:集合,提供程序: BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi)

我是一个新手,所以请容忍我,任何信息将高度赞赏

我自己解决了这个问题!事实证明,当我部署bcmail-jdk14-146.jar和bcprov-jdk14-146.jar时,有一个旧版本的jce-jdk13-131.jar必须被删除,在这之后,一切都正常了,我成功地放置了签名

但是,我无法使用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar组合验证它! 它只能通过bcmail-jdk13-131.jar和jce-jdk13-131.jar组合进行验证

我使用以下代码,请注意代码中的注释:

  public static boolean verify (byte[] bytes, byte[] bytessig, long userID, int stat_sign) throws Exception 
  {
  boolean result = false;
  boolean bcert = false;
  boolean bsign=false;

    try {

        CMSSignedData s;
        ByteArrayInputStream bIn = new ByteArrayInputStream(bytessig);
        ASN1InputStream      aIn = new ASN1InputStream(bIn);
        s = new CMSSignedData(new CMSProcessableByteArray(bytes),ContentInfo.getInstance(aIn.readObject()));
        //CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
        //Im not using the above line but if I uncomment it with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar 
        //cert is correctly filled with 
        //the public key of the signer however verification fails with 
        //message-digest attribute value does not match calculated value

        SignerInformationStore  signers = s.getSignerInfos();
        Collection              c = signers.getSigners();
        CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(c);
        CertStore certs = CertStore.getInstance("Collection", ccsp, "BC");

        Iterator                it = c.iterator();
        if (it.hasNext())
        {
            SignerInformation   signer = (SignerInformation)it.next();
            Collection          certCollection = certs.getCertificates(signer.getSID());
            //This is the point where Empty Collection is returned in 1.4
            Iterator            certIt = certCollection.iterator();

            X509Certificate     cert = (X509Certificate)certIt.next();
            //with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar cert is empty
            //and throws : java.util.NoSuchElementException on (X509Certificate)certIt.next();
            //while in bcmail-jdk13-131.jar and jce-jdk13-131.jar it verifies correctly

            bsign=signer.verify(cert, "BC");
        }
                    return bsign;
    }
    catch( Exception e) {
      e.printStackTrace();
      return false;
    }
  }
如果您能帮助我用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar验证消息,我希望我的想法有道理,并且非常感谢,因为上面的签名代码使用这些库来签名消息

PS:我在这里发现其他人也有同样的问题
可能是环境配置问题吧?

我自己解决了这个问题!事实证明,当我部署bcmail-jdk14-146.jar和bcprov-jdk14-146.jar时,有一个旧版本的jce-jdk13-131.jar必须被删除,在这之后,一切都正常了,我成功地放置了签名

但是,我无法使用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar组合验证它! 它只能通过bcmail-jdk13-131.jar和jce-jdk13-131.jar组合进行验证

我使用以下代码,请注意代码中的注释:

  public static boolean verify (byte[] bytes, byte[] bytessig, long userID, int stat_sign) throws Exception 
  {
  boolean result = false;
  boolean bcert = false;
  boolean bsign=false;

    try {

        CMSSignedData s;
        ByteArrayInputStream bIn = new ByteArrayInputStream(bytessig);
        ASN1InputStream      aIn = new ASN1InputStream(bIn);
        s = new CMSSignedData(new CMSProcessableByteArray(bytes),ContentInfo.getInstance(aIn.readObject()));
        //CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
        //Im not using the above line but if I uncomment it with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar 
        //cert is correctly filled with 
        //the public key of the signer however verification fails with 
        //message-digest attribute value does not match calculated value

        SignerInformationStore  signers = s.getSignerInfos();
        Collection              c = signers.getSigners();
        CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(c);
        CertStore certs = CertStore.getInstance("Collection", ccsp, "BC");

        Iterator                it = c.iterator();
        if (it.hasNext())
        {
            SignerInformation   signer = (SignerInformation)it.next();
            Collection          certCollection = certs.getCertificates(signer.getSID());
            //This is the point where Empty Collection is returned in 1.4
            Iterator            certIt = certCollection.iterator();

            X509Certificate     cert = (X509Certificate)certIt.next();
            //with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar cert is empty
            //and throws : java.util.NoSuchElementException on (X509Certificate)certIt.next();
            //while in bcmail-jdk13-131.jar and jce-jdk13-131.jar it verifies correctly

            bsign=signer.verify(cert, "BC");
        }
                    return bsign;
    }
    catch( Exception e) {
      e.printStackTrace();
      return false;
    }
  }
如果您能帮助我用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar验证消息,我希望我的想法有道理,并且非常感谢,因为上面的签名代码使用这些库来签名消息

PS:我在这里发现其他人也有同样的问题
可能是环境配置问题?

通过取消注释并使用以下行使其正常工作:CertStore certs=s.getCertificatesAndCRLs(“Collection”,“BC”);而不是:CertStore certs=CertStore.getInstance(“Collection”,ccsp,“BC”);这表明这种方法虽然不受欢迎,但至少它是有效的!通过取消注释并使用以下行使其工作:CertStore certs=s.getCertificatesAndCRLs(“集合”,“BC”);而不是:CertStore certs=CertStore.getInstance(“Collection”,ccsp,“BC”);这表明这种方法虽然不受欢迎,但至少它是有效的!