[英]Error signing file pkcs#7 and bouncycastle java
I'm getting the following error when trying to sign a file. 尝试对文件签名时出现以下错误。
Exception in thread "main" org.bouncycastle.operator.OperatorCreationException: exception on setup: java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider SunPKCS11-eToken at org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder$1.get(Unknown Source) at org.bouncycastle.cms.SignerInfoGenerator.(Unknown Source) at org.bouncycastle.cms.SignerInfoGenerator.(Unknown Source) at org.bouncycastle.cms.SignerInfoGeneratorBuilder.createGenerator(Unknown Source) at org.bouncycastle.cms.SignerInfoGeneratorBuilder.build(Unknown Source) at org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.build(Unknown Source) at org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.build(Unknown Source) at testapp.Testapp.setUpProvider(Testapp.java:111) at testapp.Testapp.main(Testapp.java:74) Caused by: java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider SunPKCS11-eToken at sun.security.jca.GetInstance.getService(GetInstance 线程“主”中的异常org.bouncycastle.operator.OperatorCreationException:设置异常:java.security.NoSuchAlgorithmException:无此类算法:org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder $ 1中提供程序SunPKCS11-eToken的1.3.14.3.2.26。在org.bouncycastle.cms.SignerInfoGenerator上获取(未知源)。在org.bouncycastle.cms.SignerInfoGenerator处获取(未知源)。在org.bouncycastle.cms.SignerInfoGeneratorBuilder.createGenerator(未知源)处在org.bouncycastle.cms.SignerInfoGenerator。位于org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.build(未知源)的cms.SignerInfoGeneratorBuilder.build(未知源),位于testapp.Testapp.setUpProvider(Testapp。 java:111)在testapp.Testapp.main(Testapp.java:74)造成原因:java.security.NoSuchAlgorithmException:无此类算法:sun.security.jca.GetInstance.getService上提供程序SunPKCS11-eToken的1.3.14.3.2.26 (GetInstance .java:83) at sun.security.jca.GetInstance.getInstance(GetInstance.java:202) at java.security.Security.getImpl(Security.java:688) at java.security.MessageDigest.getInstance(MessageDigest.java:233) at org.bouncycastle.jcajce.ProviderJcaJceHelper.createDigest(Unknown Source) at org.bouncycastle.operator.jcajce.OperatorHelper.createDigest(Unknown Source) ... 9 more Java Result: 1
.java:83),位于sun.security.jca.GetInstance.getInstance(GetInstance.java:202),位于java.security.Security.getImpl(Security.java:688),位于java.security.MessageDigest.getInstance(MessageDigest.java: 233),位于org.bouncycastle.operator.jcajce.OperatorHelper.createDigest(Unknown Source)的org.bouncycastle.jcajce.ProviderJcaJceHelper.createDigest(Unknown Source)...另外9个Java结果:1
Here is the code: 这是代码:
InputStream cnfStream = new ByteArrayInputStream(pkcs11config.getBytes());
Provider p = new sun.security.pkcs11.SunPKCS11(cnfStream);
Security.addProvider(p);
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, PASSWORD);
byte[] signedData = sign(data, ks, p);
public static byte[] sign(byte[] data, KeyStore ks, Provider p) throws Exception {
String alias = ks.aliases().nextElement();
List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableByteArray(data); //Data to sign
X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
certList.add(cert); //Adding the X509 Certificate
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
//Initializing the the BC's Signer
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(p).build((PrivateKey)ks.getKey(alias, PASSWORD));
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(p).build())
.build(sha1Signer, cert));
//adding the certificate
gen.addCertificates(certs);
//Getting the signed data
CMSSignedData sigData = gen.generate(msg, false);
return sigData.getEncoded();
}
Any idea? 任何想法?
Thanks in advance 提前致谢
Ok, I ended up solving this on my own.Here is the working code: 好的,我最终自己解决了这个问题,这是工作代码:
private void findProvider() {
String driver;
byte[] pkcs11config;
for (int i = indiceDrivers; i < largoDrivers; i++) {
driver = DRIVERS[i];
File f = new File(REPO + driver);
if (!f.exists()) {
continue;
}
pkcs11config = String
.format("name = eToken\n library = %s%s", REPO, driver)
.getBytes();
try {
InputStream cnfStream = new ByteArrayInputStream(pkcs11config);
provider = new sun.security.pkcs11.SunPKCS11(cnfStream);
keyStore = KeyStore.getInstance("PKCS11", this.provider);
Security.addProvider(provider);
keyStore.load(null, password);
System.out.println("OK: " + driver);
break;
} catch (Exception e) {
//Solo con fines de prueba
System.out.println("ERROR: " + driver);
}
}
if (provider == null) {
throw new RuntimeException("Los drivers del token no estan instalados.");
} else if (provider != null && keyStore == null) {
throw new RuntimeException("El token no esta conectado.");
}
}
public void sign(File input, File output) throws Exception {
String alias = keyStore.aliases().nextElement();
List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableFile(input);
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
certList.add(cert);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(provider).build((PrivateKey) keyStore.getKey(alias, password));
Security.addProvider(new BouncyCastleProvider());
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(sha1Signer, cert));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(msg, true);
FileOutputStream fileOuputStream = new FileOutputStream(output);
fileOuputStream.write(sigData.getEncoded());
fileOuputStream.flush();
fileOuputStream.close();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.