Certificate 构造实现时获取错误(算法:集合,提供程序:BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi)
我在一个项目中遇到了一个问题,当时我正在使用BouncyCastle创建数字签名 以下是我正在运行的代码:Certificate 构造实现时获取错误(算法:集合,提供程序:BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi),certificate,bouncycastle,signature,Certificate,Bouncycastle,Signature,我在一个项目中遇到了一个问题,当时我正在使用BouncyCastle创建数字签名 以下是我正在运行的代码: Statement stmt_cert = conn.createStatement(); ResultSet rs_cert= stmt_cert.executeQuery("select c.ca, c.privk from certs c where num_tab="+stat_cert); rs_cert.next(); castr = rs_cert.getString("
Statement stmt_cert = conn.createStatement();
ResultSet rs_cert= stmt_cert.executeQuery("select c.ca, c.privk from certs c where num_tab="+stat_cert);
rs_cert.next();
castr = rs_cert.getString("ca") + "\n";
strPriv = rs_cert.getString("privk") + "\n" ;
rs_cert.close();
stmt_cert.close();
byte[] encKey = castr.getBytes();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(encKey));
PEMReader pr = new PEMReader(new StringReader(strPriv));
Object obj = pr.readObject();
KeyPair kp = (KeyPair) obj;
PrivateKey privateKey = kp.getPrivate();
Certificate[] chain =new Certificate[]{caCert};
byte[] plainText = digest.getBytes("UTF8");
CertStore certs =null;
ArrayList certList = new ArrayList();
try{
for ( int i = 0; i < chain.length;i++)
{
result += chain[i];
certList.add(chain[i]);
}
certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
}
catch(Exception exc){
result += "Problem with keystore access: " + exc.toString() ;
InsErr_log.Insert_error(1000,"Error when generate Signature of Statements",result);
return result;
}
// --- Use Bouncy Castle provider to create CSM/PKCS#7 signed message ---
try{
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
signGen.addSigner(privateKey, (X509Certificate)caCert, CMSSignedDataGenerator.DIGEST_SHA1);
signGen.addCertificatesAndCRLs(certs);
CMSProcessable content = new CMSProcessableByteArray(plainText);
CMSSignedData signedData = signGen.generate(content,"BC");
byte[] signeddata = signedData.getEncoded();
result += "Created signed message: " + signeddata.length + " bytes" ;
result += new String(signeddata,"UTF8");
}
catch(Exception ex){
result = "Couldn't generate CMS signed message\n" + ex.toString() ;
}
下面是错误:
密钥库访问问题:java.security.NoSuchAlgorithmException:
构造实现时出错(算法:集合,提供程序:
BC,类:org.bouncycastle.jce.provider.CertStoreCollectionSpi)
我是一个新手,所以请容忍我,任何信息将高度赞赏 我自己解决了这个问题!事实证明,当我部署bcmail-jdk14-146.jar和bcprov-jdk14-146.jar时,有一个旧版本的jce-jdk13-131.jar必须被删除,在这之后,一切都正常了,我成功地放置了签名 但是,我无法使用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar组合验证它! 它只能通过bcmail-jdk13-131.jar和jce-jdk13-131.jar组合进行验证 我使用以下代码,请注意代码中的注释:
public static boolean verify (byte[] bytes, byte[] bytessig, long userID, int stat_sign) throws Exception
{
boolean result = false;
boolean bcert = false;
boolean bsign=false;
try {
CMSSignedData s;
ByteArrayInputStream bIn = new ByteArrayInputStream(bytessig);
ASN1InputStream aIn = new ASN1InputStream(bIn);
s = new CMSSignedData(new CMSProcessableByteArray(bytes),ContentInfo.getInstance(aIn.readObject()));
//CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
//Im not using the above line but if I uncomment it with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar
//cert is correctly filled with
//the public key of the signer however verification fails with
//message-digest attribute value does not match calculated value
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(c);
CertStore certs = CertStore.getInstance("Collection", ccsp, "BC");
Iterator it = c.iterator();
if (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certs.getCertificates(signer.getSID());
//This is the point where Empty Collection is returned in 1.4
Iterator certIt = certCollection.iterator();
X509Certificate cert = (X509Certificate)certIt.next();
//with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar cert is empty
//and throws : java.util.NoSuchElementException on (X509Certificate)certIt.next();
//while in bcmail-jdk13-131.jar and jce-jdk13-131.jar it verifies correctly
bsign=signer.verify(cert, "BC");
}
return bsign;
}
catch( Exception e) {
e.printStackTrace();
return false;
}
}
如果您能帮助我用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar验证消息,我希望我的想法有道理,并且非常感谢,因为上面的签名代码使用这些库来签名消息
PS:我在这里发现其他人也有同样的问题
可能是环境配置问题吧?我自己解决了这个问题!事实证明,当我部署bcmail-jdk14-146.jar和bcprov-jdk14-146.jar时,有一个旧版本的jce-jdk13-131.jar必须被删除,在这之后,一切都正常了,我成功地放置了签名 但是,我无法使用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar组合验证它! 它只能通过bcmail-jdk13-131.jar和jce-jdk13-131.jar组合进行验证 我使用以下代码,请注意代码中的注释:
public static boolean verify (byte[] bytes, byte[] bytessig, long userID, int stat_sign) throws Exception
{
boolean result = false;
boolean bcert = false;
boolean bsign=false;
try {
CMSSignedData s;
ByteArrayInputStream bIn = new ByteArrayInputStream(bytessig);
ASN1InputStream aIn = new ASN1InputStream(bIn);
s = new CMSSignedData(new CMSProcessableByteArray(bytes),ContentInfo.getInstance(aIn.readObject()));
//CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
//Im not using the above line but if I uncomment it with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar
//cert is correctly filled with
//the public key of the signer however verification fails with
//message-digest attribute value does not match calculated value
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(c);
CertStore certs = CertStore.getInstance("Collection", ccsp, "BC");
Iterator it = c.iterator();
if (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certs.getCertificates(signer.getSID());
//This is the point where Empty Collection is returned in 1.4
Iterator certIt = certCollection.iterator();
X509Certificate cert = (X509Certificate)certIt.next();
//with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar cert is empty
//and throws : java.util.NoSuchElementException on (X509Certificate)certIt.next();
//while in bcmail-jdk13-131.jar and jce-jdk13-131.jar it verifies correctly
bsign=signer.verify(cert, "BC");
}
return bsign;
}
catch( Exception e) {
e.printStackTrace();
return false;
}
}
如果您能帮助我用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar验证消息,我希望我的想法有道理,并且非常感谢,因为上面的签名代码使用这些库来签名消息
PS:我在这里发现其他人也有同样的问题
可能是环境配置问题?通过取消注释并使用以下行使其正常工作:CertStore certs=s.getCertificatesAndCRLs(“Collection”,“BC”);而不是:CertStore certs=CertStore.getInstance(“Collection”,ccsp,“BC”);这表明这种方法虽然不受欢迎,但至少它是有效的!通过取消注释并使用以下行使其工作:CertStore certs=s.getCertificatesAndCRLs(“集合”,“BC”);而不是:CertStore certs=CertStore.getInstance(“Collection”,ccsp,“BC”);这表明这种方法虽然不受欢迎,但至少它是有效的!