0

我正在尝试验证特定消息是否使用来自我自己的信任锚识别的实体证书的有效签名进行签名。我正在这样做:

public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception
{
    CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
    SignerInformationStore signers = signedData.getSignerInfos();
    Iterator it = signers.getSigners().iterator();

    if (it.hasNext()){
        SignerInformation signer = (SignerInformation)it.next();

        X509CertSelector signerConstraints = signer.getSID();

        PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs);

        return signer.verify(result.getPublicKey(), "BC");
    }
    return false;
}

但是这一行给了我一个编译错误:

X509CertSelector signerConstraints = signer.getSID();

因为它无法从 SignerId 转换为 X509CertSelector。我尝试使用显式转换:

X509CertSelector signerConstraints = (CertSelector) signer.getSID();

和:

X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();

没有结果。我怎样才能做到这一点?谢谢

PS:请注意,这段代码是从 David Hook 的“Beginning Cryptography with Java”中提取的,但它不能编译。

4

2 回答 2

1

我昨天解决了我自己的问题。我认为这与作为我项目的外部存档包含的 .jar 相关。现在,我正在使用这些:

bcprov-jdk16-145.jar
bcmail-jdk16-145.jar

代替:

bcprov-jdk15on-147.jar
bcmail-jdk15on-147.jar

也许旧版本不支持这种隐式转换。

编辑:大卫胡克在http://bouncy-castle.1462172.n4.nabble.com/Problem-with-SignerID-and-X509CertSelector-td4620461.html中的回答

使用 org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter - 不幸的是,“使用 Java 开始加密”中的代码现在已经过时了。我想我得把文字处理器拿出来了。

问候,

大卫

于 2012-05-10T08:44:29.677 回答
0

在 1.52 上使用 BouncyCastle bcmail-jdk15 我成功地做到了这一点:

X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector(info.getSID().getSubjectKeyIdentifier());
X509CertSelector certSelector = new JcaX509CertSelectorConverter().getCertSelector(x509CertificateHolderSelector);
@SuppressWarnings("unchecked")
Collection<X509Certificate> certCollection = (Collection<X509Certificate>) certs.getCertificates(certSelector);
于 2016-11-03T13:06:21.793 回答