it seems to me, that Bouncy castle has changed API and the following code is not work anymore in 1.52:
/**
* SignatureInterface implementation. Creates detached signature of stream
* using SHA-256.
*
* @param content
* original content stream to sign
* @throws SignatureException
* in case of signature error
* @throws IOException
* in case of I/O error
* @return signed byte content
*/
@Override
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSProcessableInputStream input = new CMSProcessableInputStream(content);
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), provider);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
(X509Certificate) keystore.getCertificate(alias),
CMSSignedGenerator.DIGEST_SHA256);
gen.addCertificatesAndCRLs(certStore);
return gen.generate(input, false, provider).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
Does anybody know how to achieve the same behaviour in the new API ? I have not found any relevant information in porting guide.
EDITED (added variables definition):
/**
* Size of the read buffer for signing.
*/
private static final int BUFSIZE = 8192;
/**
* Stored instance of BC.
*/
private BouncyCastleProvider provider;
/**
* PKCS#12 key store.
*/
private KeyStore keystore;
/**
* Alias for certificate to sign.
*/
private String alias;
/**
* Password to private key.
*/
private char[] pin;
I have been able to change code to the following, which seems to work for me with version 1.51 (version 1.52 is buggy under OSGi):
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSTypedData input = new CMSProcessableByteArray(
IOUtils.toByteArray(content));
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
.setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
gen.addCertificates(certs);
return gen.generate(input, false).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.