[英]Bouncy castle detached signature changed api
在我看來,Bouncy城堡更改了API,並且以下代碼在1.52中不再起作用:
/**
* SignatureInterface implementation. Creates detached signature of stream
* using SHA-256.
*
* @param content
* original content stream to sign
* @throws SignatureException
* in case of signature error
* @throws IOException
* in case of I/O error
* @return signed byte content
*/
@Override
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSProcessableInputStream input = new CMSProcessableInputStream(content);
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), provider);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
(X509Certificate) keystore.getCertificate(alias),
CMSSignedGenerator.DIGEST_SHA256);
gen.addCertificatesAndCRLs(certStore);
return gen.generate(input, false, provider).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
有人知道如何在新的API中實現相同的行為嗎? 我沒有在移植指南中找到任何相關信息。
編輯(添加變量定義):
/**
* Size of the read buffer for signing.
*/
private static final int BUFSIZE = 8192;
/**
* Stored instance of BC.
*/
private BouncyCastleProvider provider;
/**
* PKCS#12 key store.
*/
private KeyStore keystore;
/**
* Alias for certificate to sign.
*/
private String alias;
/**
* Password to private key.
*/
private char[] pin;
我已經能夠將代碼更改為以下代碼,這似乎對我來說適用於1.51版本(在OSGi下1.52版存在錯誤):
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSTypedData input = new CMSProcessableByteArray(
IOUtils.toByteArray(content));
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
.setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
gen.addCertificates(certs);
return gen.generate(input, false).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.