2

据我所知,这是第一次有人在 Java 中尝试这个,我觉得这很难相信。

我只是在尝试使用为我的 manifest.json 生成签名文件的 .pem、.p12 和 .cer 文件。这是我所拥有的,这给了我一个 InvalidKeyException 版本不匹配:(支持:00,解析:03

请参阅下面发生错误的代码中的注释。我已经查看了一些其他语言的示例,说明人们如何使用 openssl 执行此操作,但必须有一个 Java 等价物?

    File pemFile = new File("AWWdevCert.pem");
    File passCer = new File("pass.cer");
    File passP12 = new File("pass.p12"); 

    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    KeySpec ks = new PKCS8EncodedKeySpec(FileUtils.readFileToByteArray(passP12));
    PrivateKey privKey = keyFactory.generatePrivate(ks); // ERROR HERE


    CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
    InputStream in = new ByteArrayInputStream(FileUtils.readFileToByteArray(passCer));
    X509Certificate passCert = (X509Certificate)certFactory.generateCertificate(in); //don't know what to do with this

    File inputFile = new File("WebContent/WEB-INF/Lowes.raw/manifest.json"); 
    FileInputStream freader = null;
    int sizecontent = ((int) inputFile.length());
    byte[] contentbytes = new byte[sizecontent];
    freader = new FileInputStream(inputFile);
    System.out.println("\nContent Bytes: " + freader.read(contentbytes, 0, sizecontent));
    freader.close();

    Signature signature = Signature.getInstance("Sha1WithRSA");
    signature.initSign(privKey);
    signature.update(contentbytes);

    byte[] signedData = signature.sign();

    //create signature file
    File signatureFile = new File(passDirectory.getAbsolutePath()+File.separator+"signature");
4

2 回答 2

4

在 github 上检查这个jpasskit项目

于 2012-10-10T16:52:44.683 回答
0

您也可以仅使用本机 sun.security 包生成签名。这是 Scala 中的一个示例(可以很容易地为 Java 重写)

import java.security.cert.X509Certificate
import java.security.{MessageDigest, PrivateKey, Signature}
import java.util.Date

import sun.security.pkcs._
import sun.security.util.DerOutputStream
import sun.security.x509.{AlgorithmId, X500Name}

object PKPassSigner {
  def sign(
    signingCert: X509Certificate,
    privateKey: PrivateKey,
    intermediateCert: X509Certificate,
    dataToSing: Array[Byte]
  ): Array[Byte] = {
    val digestAlgorithmId = new AlgorithmId(AlgorithmId.SHA_oid)

    val md = MessageDigest.getInstance(digestAlgorithmId.getName)
    val attributes = new PKCS9Attributes(Array(
      new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date()),
      new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(dataToSign)),
      new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID)
    ))

    val signature = Signature.getInstance("Sha1WithRSA")
    signature.initSign(privateKey)
    signature.update(attributes.getDerEncoding)
    val signedData = signature.sign()

    val signerInfo = new SignerInfo(
      X500Name.asX500Name(signingCert.getIssuerX500Principal),
      signingCert.getSerialNumber,
      digestAlgorithmId,
      attributes,
      AlgorithmId.get(privateKey.getAlgorithm),
      signedData,
      null
    )

    val p7 = new PKCS7(
      Array(digestAlgorithmId),
      new ContentInfo(ContentInfo.DATA_OID, null),
      Array(signingCert, intermediateCert),
      Array(signerInfo)
    )

    val out = new DerOutputStream()
    p7.encodeSignedData(out)
    out.flush()
    val res = out.toByteArray
    out.close()
    res
  }
}
于 2018-07-20T13:41:30.807 回答