[英]Validate pkcs7 SignedData by Bouncy Castle in Java
我正在研究Java中C#SignedCms功能的實現。
我有一個pkcs7 SignedData (請參閱我的附件: https ://www.dropbox.com/s/yivani7dvh98wpa/SignedData.bin?dl =0 ),可以在C#中對其進行驗證:
//signed data is loaded from my attached file.
bool VerifyPKCS7(byte[] signedData)
{
try
{
SignedCms signedCms = new SignedCms();
signedCms.Decode(signedData);
signedCms.CheckSignature(true);
return true;
}
catch
{
}
return false;
}
但是無法使用Java中的Bouncy Castle庫(bcprov-jdk15on-153.jar,bcpkix-jdk15on-153.jar)進行驗證:
//encapSigData is loaded from my attached file.
CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), encapSigData);
sp.getSignedContent().drain();
Store certStore = sp.getCertificates();
SignerInformationStore signers = sp.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certStore.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
}
我在第一行代碼( CMSSignedDataParser
構造函數)中遇到了一個異常:
java.lang.ClassCastException: org.bouncycastle.asn1.DERSequenceParser cannot be cast to org.bouncycastle.asn1.ASN1OctetStringParser
at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown Source)
at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown Source)
at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown Source)
經過一些分析,我發現SignedData中contentInfo的內容是一個Sequence。 看起來bouncycastle不能接受Sequence作為內容 。
如何在Java中使用Bouncycastle驗證此SignedData ?
這里的問題是,與常規CMS消息不同,這實際上是PKCS7消息。 現在,對這些支持已添加到Bouncy Castle中的bcpkix API中。
您可以在最新的Beta版中找到它, 網址為http://www.bouncycastle.org/betas 154b12或更高版本。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.