Bouncy castle detached signature changed api
Question
it seems to me, that Bouncy castle has changed API and the following code is not work anymore in 1.52:
/**
* SignatureInterface implementation. Creates detached signature of stream
* using SHA-256.
*
* @param content
* original content stream to sign
* @throws SignatureException
* in case of signature error
* @throws IOException
* in case of I/O error
* @return signed byte content
*/
@Override
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSProcessableInputStream input = new CMSProcessableInputStream(content);
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), provider);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
(X509Certificate) keystore.getCertificate(alias),
CMSSignedGenerator.DIGEST_SHA256);
gen.addCertificatesAndCRLs(certStore);
return gen.generate(input, false, provider).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
Does anybody know how to achieve the same behaviour in the new API ? I have not found any relevant information in porting guide.
EDITED (added variables definition):
/**
* Size of the read buffer for signing.
*/
private static final int BUFSIZE = 8192;
/**
* Stored instance of BC.
*/
private BouncyCastleProvider provider;
/**
* PKCS#12 key store.
*/
private KeyStore keystore;
/**
* Alias for certificate to sign.
*/
private String alias;
/**
* Password to private key.
*/
private char[] pin;
1 answers
solution1
1 ACCPTED 2015-03-24 12:00:48
I have been able to change code to the following, which seems to work for me with version 1.51 (version 1.52 is buggy under OSGi):
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSTypedData input = new CMSProcessableByteArray(
IOUtils.toByteArray(content));
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
.setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
gen.addCertificates(certs);
return gen.generate(input, false).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Bouncy Castle : Detached Enveloped Signature Changes at Every Run
Verify a signature with bouncy castle
Detached signature in CMSSignedData verifies using Bouncy Castle but NOT using java.security.Signature
Is Bouncy Castle API Thread Safe?
Java security with Bouncy Castle API
Bouncy Castle DSA with SHA1 signature verification
Bouncy Castle as provider v/s Bouncy Castle API
OCB mode in Bouncy Castle Lightweight API
CTR mode of operation in the Bouncy Castle lightweight API?
Can the Bouncy Castle cryptography API be used in Android?
Related Tags