小贝子编程

时间戳令牌验证 Java Bouncycastle



我使用BouncyCastle来验证签名并从".p7m"文件(原始内容,签名者等(中提取信息。

现在我需要验证并从同一".p7m"文件中的时间戳中提取信息。

如何验证时间戳令牌?我编写了此代码,该代码适用于签名,但它不验证时间戳。我将"cert"变量传递给build((方法来验证签名和TimeStampToken。对于签名没问题,但对于时间戳,它不起作用:(

我错在哪里?提前谢谢。

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Security;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Store;
public class Launcher3 {
    public static void main(String[] args) throws Exception {
        File myFile=new File("D:\fdr\bouncycastle\New Text Document.txt.p7m");
        byte[] bytesArray = readContentIntoByteArray(myFile);
        FileOutputStream fos = new FileOutputStream("D:\fdr\bouncycastle\New Text Document.txt");
        byte[] bytesArrayOriginalFile=getData(bytesArray);
        fos.write(bytesArrayOriginalFile);
        fos.close();
        verifySign(bytesArray);
    }
    static public void verifySign(byte[] signedData) throws Exception {
          Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
          CMSSignedDataParser     sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signedData);
          sp.getSignedContent().drain();
          Store                   certStore = sp.getCertificates();
          SignerInformationStore  signers = sp.getSignerInfos();
          Collection              c = signers.getSigners();
          Iterator                it = c.iterator();
          while (it.hasNext())
          {
              SignerInformation   signer = (SignerInformation)it.next();
              Collection          certCollection = certStore.getMatches(signer.getSID());
              Iterator        certIt = certCollection.iterator();
              X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
              System.out.println("info 1: "+cert.getIssuer());
              System.out.println("info 2: "+cert.getSubject());
              System.out.println("date from: "+cert.getNotBefore());
              System.out.println("date to: "+cert.getNotAfter());
              System.out.println("Serial n. "+cert.getSerialNumber());
              System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
              // --------------------------------------------------------------------------------------------------------------------^
              // LOOK AT HERE: it works!
              AttributeTable       attrs = signer.getUnsignedAttributes();
              Attribute            att = attrs.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); 
              ASN1Encodable        dob = att.getAttrValues().getObjectAt(0);
              byte[] encodedTsp = dob.toASN1Primitive().getEncoded();
              TimeStampToken result = null;
              if(encodedTsp!=null) {
                  CMSSignedData cms = new CMSSignedData(encodedTsp);
                  result = new TimeStampToken(cms);
                System.out.println("timestamp: "+result.getTimeStampInfo().getGenTime());
                System.out.println("serial n. "+result.getTimeStampInfo().getSerialNumber());
                System.out.println("tsa: "+result.getTimeStampInfo().getTsa());
                System.out.println("policy: "+result.getTimeStampInfo().getPolicy());
                result.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
                // ------------------------------------------------------------------------------^
                // LOOK AT HERE: it doesn't work!
                } 
          }
    }
    static public byte[] getData(final byte[] p7bytes) throws CMSException, IOException  {
        CMSSignedData signedData = new CMSSignedData(p7bytes);
        CMSProcessable signedContent = signedData.getSignedContent();
        return (byte[])signedContent.getContent();
       }
        private static byte[] readContentIntoByteArray(File file)
       {
          FileInputStream fileInputStream = null;
          byte[] bFile = new byte[(int) file.length()];
          try
          {
             fileInputStream = new FileInputStream(file);
             fileInputStream.read(bFile);
             fileInputStream.close();
          }
          catch (Exception e)
          {
             e.printStackTrace();
          }
          return bFile;
       }
}

我自己解决了(我很高兴(。我需要以这种方式找到时间戳令牌的证书:

Store storeTt = result.getCertificates();
Collection collTt = storeTt.getMatches(result.getSID());
Iterator certIt2 = collTt.iterator();
X509CertificateHolder cert2 = (X509CertificateHolder)certIt2.next();
System.out.println("timestamp's verify: "+result.isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert2)));
result.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert2));

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium