Java 向CMS签名数据添加证书
我目前正在使用java Bouncy Castle库来创建CMS签名数据(或PKCS7签名数据)。但是,我似乎一直在添加证书(即使证书签名者已正确添加) 我检查了数据的正确签名,但它没有响应我的SCEP服务器的需求。我使用的代码来自EJBCA,但似乎没有向PKCS7签名数据添加证书 当我使用Java 向CMS签名数据添加证书,java,openssl,bouncycastle,pkcs#7,Java,Openssl,Bouncycastle,Pkcs#7,我目前正在使用java Bouncy Castle库来创建CMS签名数据(或PKCS7签名数据)。但是,我似乎一直在添加证书(即使证书签名者已正确添加) 我检查了数据的正确签名,但它没有响应我的SCEP服务器的需求。我使用的代码来自EJBCA,但似乎没有向PKCS7签名数据添加证书 当我使用opensslcms工具解析签名数据时,我看到“certificates”字段为“EMPTY”。此外,当我尝试使用openssl pkcs7[…]-print_certs打印证书时,我一无所获 以下是我如何使
opensslcms
工具解析签名数据时,我看到“certificates”字段为“EMPTY”。此外,当我尝试使用openssl pkcs7[…]-print_certs
打印证书时,我一无所获
以下是我如何使用Bouncy Castle对数据进行签名(代码很多,但足以重现问题):
字节数组结果是DER格式的PKCS7签名数据。。。但没有添加任何证书
我错过什么了吗?谢谢你的帮助 cmssignedatagenerator gen1必须显式添加证书,我不知道这一点 这可以通过以下方式实现:
- 将证书添加到
的X509Certificates
列表中李>
- 将
转换为列表
JcaX509CertificateHolder的
李>集合
- 将此集合添加到
的JcaX509CertificateHolder
李>CollectionStore
- 将存储添加到
cmssignedatagenerator
- 将
CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator();
List<X509Certificate> certificates = new ArrayList<>();
// I chose to add the CA certificate
certificates.add((X509Certificate) this.caCertificate);
// In this case, this is a certificate that I need to add
if (this.certificate != null)
certificates.add((X509Certificate) this.certificate);
// This is the recipient certificate
if (this.recipientCert != null)
certificates.add((X509Certificate) this.recipientCert);
Collection<JcaX509CertificateHolder> x509CertificateHolder = new ArrayList<>();
// Of course, we need to handle the exceptions...
for (X509Certificate certificate : certificates) {
x509CertificateHolder.add(new JcaX509CertificateHolder(certificate));
}
CollectionStore<JcaX509CertificateHolder> store = new CollectionStore<>(x509CertificateHolder);
// The final stage.
gen1.addCertificates(store);
cmssignedatagenerator gen1=新的cmssignedatagenerator();
列表证书=新的ArrayList();
//我选择添加CA证书
证书。添加((X509Certificate)此.caCertificate);
//在本例中,这是我需要添加的证书
if(this.certificate!=null)
添加((X509Certificate)此.certificate);
//这是收件人证书
if(this.recipientCert!=null)
证书。添加((X509Certificate)this.recipientCert);
集合x509CertificateHolder=new ArrayList();
//当然,我们需要处理异常。。。
对于(X509证书:证书){
x509CertificateHolder.add(新的JcaX509CertificateHolder(证书));
}
CollectionStore=新的CollectionStore(x509CertificateHolder);
//最后阶段。
gen1.添加证书(存储);
希望这对将来的任何人都有帮助。您好,我尝试了上述解决方案,但遗憾的是,最终的数字签名中没有证书。您是否验证了您的数字签名中是否存在证书?您好,很抱歉回复太晚。不幸的是,我再也无法访问源代码了,但我仍然可以尝试帮助您。我确实记得在生成数字签名(
csmsignedatagenerator
)后获得了证书(this.certificate
)。我没有添加CA,因此它不存在。您是否确保将您的证书添加到证书
列表中?
CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator();
// I add ALL of my attributes here
// Once they're added...
Certificate caCert = this.caCertificate;
try {
String provider = BouncyCastleProvider.PROVIDER_NAME;
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithmName).
setProvider(provider).
build(signerKey);
JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().
setProvider(provider);
JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(calculatorProviderBuilder.build());
builder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(attributes)));
gen1.addSignerInfoGenerator(builder.build(contentSigner, (X509Certificate) ca));
} catch (Handle all exceptions) {}
// Create the signed data
CMSSignedData sd = gen1.generate(msg, true);
byte[] results = sd.getEncoded();
CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator();
List<X509Certificate> certificates = new ArrayList<>();
// I chose to add the CA certificate
certificates.add((X509Certificate) this.caCertificate);
// In this case, this is a certificate that I need to add
if (this.certificate != null)
certificates.add((X509Certificate) this.certificate);
// This is the recipient certificate
if (this.recipientCert != null)
certificates.add((X509Certificate) this.recipientCert);
Collection<JcaX509CertificateHolder> x509CertificateHolder = new ArrayList<>();
// Of course, we need to handle the exceptions...
for (X509Certificate certificate : certificates) {
x509CertificateHolder.add(new JcaX509CertificateHolder(certificate));
}
CollectionStore<JcaX509CertificateHolder> store = new CollectionStore<>(x509CertificateHolder);
// The final stage.
gen1.addCertificates(store);