我正在尝试验证特定消息是否使用来自我自己的信任锚识别的实体证书的有效签名进行签名。我正在这样做:
public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception
{
CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = signedData.getSignerInfos();
Iterator it = signers.getSigners().iterator();
if (it.hasNext()){
SignerInformation signer = (SignerInformation)it.next();
X509CertSelector signerConstraints = signer.getSID();
PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs);
return signer.verify(result.getPublicKey(), "BC");
}
return false;
}
但是这一行给了我一个编译错误:
X509CertSelector signerConstraints = signer.getSID();
因为它无法从 SignerId 转换为 X509CertSelector。我尝试使用显式转换:
X509CertSelector signerConstraints = (CertSelector) signer.getSID();
和:
X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();
没有结果。我怎样才能做到这一点?谢谢
PS:请注意,这段代码是从 David Hook 的“Beginning Cryptography with Java”中提取的,但它不能编译。