我正在进行的一个项目在尝试使用BouncyCastle创建数字签名时遇到了问题。
这是我正在运行的代码:
Statement stmt_cert = conn.createStatement();
ResultSet rs_cert= stmt_cert.executeQuery("select c.ca, c.privk from certs c where num_tab="+stat_cert);
rs_cert.next();
castr = rs_cert.getString("ca") + "n";
strPriv = rs_cert.getString("privk") + "n" ;
rs_cert.close();
stmt_cert.close();
byte[] encKey = castr.getBytes();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(encKey));
PEMReader pr = new PEMReader(new StringReader(strPriv));
Object obj = pr.readObject();
KeyPair kp = (KeyPair) obj;
PrivateKey privateKey = kp.getPrivate();
Certificate[] chain =new Certificate[]{caCert};
byte[] plainText = digest.getBytes("UTF8");
CertStore certs =null;
ArrayList certList = new ArrayList();
try{
for ( int i = 0; i < chain.length;i++)
{
result += chain[i];
certList.add(chain[i]);
}
certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
}
catch(Exception exc){
result += "Problem with keystore access: " + exc.toString() ;
InsErr_log.Insert_error(1000,"Error when generate Signature of Statements",result);
return result;
}
// --- Use Bouncy Castle provider to create CSM/PKCS#7 signed message ---
try{
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
signGen.addSigner(privateKey, (X509Certificate)caCert, CMSSignedDataGenerator.DIGEST_SHA1);
signGen.addCertificatesAndCRLs(certs);
CMSProcessable content = new CMSProcessableByteArray(plainText);
CMSSignedData signedData = signGen.generate(content,"BC");
byte[] signeddata = signedData.getEncoded();
result += "Created signed message: " + signeddata.length + " bytes" ;
result += new String(signeddata,"UTF8");
}
catch(Exception ex){
result = "Couldn't generate CMS signed messagen" + ex.toString() ;
}
问题来自这行代码:
certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
这是一个错误:
密钥存储访问问题:java.security.NoSuchAlgorithmException:构造实现时出错(算法:集合,提供程序:BC,分类:org.bouncycastle.jce.product.CertStoreCollectionSpi)
我是一个新手,所以请耐心等待,任何信息都将不胜感激!
我自己解决了这个问题!事实证明,当我部署bcmail-jdk14-146.jar和bcprov-jdk114-146.jar时,有一个旧版本的jce-jdk13-131.jar必须删除,之后一切都正常了,我成功地放置了签名!
然而,我无法使用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar组合进行验证!它只在bcmail-jdk13-131.jar和jce-jdk13-131.jar组合中得到验证。
我使用以下代码,请注意代码中的注释:
public static boolean verify (byte[] bytes, byte[] bytessig, long userID, int stat_sign) throws Exception
{
boolean result = false;
boolean bcert = false;
boolean bsign=false;
try {
CMSSignedData s;
ByteArrayInputStream bIn = new ByteArrayInputStream(bytessig);
ASN1InputStream aIn = new ASN1InputStream(bIn);
s = new CMSSignedData(new CMSProcessableByteArray(bytes),ContentInfo.getInstance(aIn.readObject()));
//CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
//Im not using the above line but if I uncomment it with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar
//cert is correctly filled with
//the public key of the signer however verification fails with
//message-digest attribute value does not match calculated value
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(c);
CertStore certs = CertStore.getInstance("Collection", ccsp, "BC");
Iterator it = c.iterator();
if (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certs.getCertificates(signer.getSID());
//This is the point where Empty Collection is returned in 1.4
Iterator certIt = certCollection.iterator();
X509Certificate cert = (X509Certificate)certIt.next();
//with bcmail-jdk14-146.jar and bcprov-jdk14-146.jar cert is empty
//and throws : java.util.NoSuchElementException on (X509Certificate)certIt.next();
//while in bcmail-jdk13-131.jar and jce-jdk13-131.jar it verifies correctly
bsign=signer.verify(cert, "BC");
}
return bsign;
}
catch( Exception e) {
e.printStackTrace();
return false;
}
}
我希望我能理解,如果你能帮助我用bcmail-jdk14-146.jar和bcprov-jdk14-146.jar验证消息,我将不胜感激,因为上面的签名代码使用这些库来签名消息!
附言:我发现其他人也有同样的问题http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14124014可能是环境配置问题?