Java 无法验证签名(cmssigneddata)bouncycastle
当我想验证使用BouncyCastle制作的签名时,我不会进入Java 无法验证签名(cmssigneddata)bouncycastle,java,store,bouncycastle,sign,verify,Java,Store,Bouncycastle,Sign,Verify,当我想验证使用BouncyCastle制作的签名时,我不会进入verifySignature方法的第二个循环。store.getMatches()返回一个空数组 public static CMSSignedData sign() throws Exception { byte[] file = fileChooser(); store = KeyStore.getInstance(storeType); FileInputStream in = new FileInpu
verifySignature
方法的第二个循环。store.getMatches()
返回一个空数组
public static CMSSignedData sign() throws Exception {
byte[] file = fileChooser();
store = KeyStore.getInstance(storeType);
FileInputStream in = new FileInputStream(new File(storePathKey));
store.load(in, storePassword);
in.close();
Key priv = store.getKey("Subject", storePassword);
System.out.println(priv.toString() + "priv string");
X509Certificate cert = (X509Certificate) store.geCertificate("Subject");
ContentSigner signer = new JcaContentSignerBuilder(sigAlgo).build((RSAPrivateKey) priv);
CMSTypedData data = new CMSProcessableByteArray(file);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
.build(signer, cert));
CMSSignedData sigData = gen.generate(data, true);
return sigData;
}
public static void verifySig(CMSSignedData sigData) throws Exception {
Store store = sigData.getCertificates();
SignerInformationStore signers = sigData.getSignerInfos();
System.out.println(store.toString() + "store");
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
System.out.println("enter while loop1");
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = store.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
System.out.println(store.getMatches(null) + "collection of certs");
while (certIt.hasNext()) {
System.out.println("enter while loop2");
X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) {
System.out.println("verified correct");
} else {
System.out.println("not verified");
}
}
}
}
sign()
方法中是否缺少某些内容 您需要将证书添加到org.bouncycastle.util.CollectionStore
,并将此存储添加到签名中
我正在使用BouncyCastle 1.56:
import org.bouncycastle.cert.X509CertificateHolder;
导入org.bouncycastle.util.CollectionStore;
//在gen.addSignerInfoGenerator(…)后面添加这些行
//证书是您的X509证书
X509CertificateHolder持有人=新的X509CertificateHolder(cert.getEncoded());
CollectionStore certStore=新的CollectionStore(Collections.singletonList(holder));
gen.addCertificates(certStore);//将存储添加到签名中
要添加多个证书时,CollectionStore
非常有用。如果只想添加一个,还可以执行以下操作:
X509CertificateHolder持有人=新的X509CertificateHolder(cert.getEncoded());
一般证书(持有人);
我得到的输出:
输入while loop1
[org.bouncycastle.cert。X509CertificateHolder@5bc807a8]证书的收集
边输入边循环2
验证正确