3

情况是我必须检查数字签名:

String1 "A1005056807CE11EE2B4CE0025305725CFrCN=KED,OU=I0020266601,OU=SAPWebAS,O=SAPTrustCommunity,C=DE20130611102236" 通过 PKCS#7 签名并通过 HTTP-URL 发送给我。

我得到了 BASE64 中的签名内容(查看代码 String sc)。

现在我必须检查我稍后将在我的代码中复制的 String1 的哈希是否与签名内容中的相同。因此我必须使用我从证书中获得的公钥。

我有一个带有 X.509 证书的文件。我将此文件加载到 X509Certificate 实例中。我通过从 SAP 复制并粘贴字节来获取此文件 - 所以我不确定证书是否正确。但我可以将它加载到实例中 - 我已将此证书的输出放在下面。

现在,当我运行我的代码时,我得到“消息摘要属性值与计算值不匹配”。我不知道这些步骤是否正确,这条消息是否正确,还是我做错了什么!?

这是我的代码:

String sc = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw=";
byte[] secKey = Base64.decode(sc);


CMSSignedData s = new CMSSignedData(secKey);

SignerInformationStore signers = s.getSignerInfos();
Iterator<SignerInformation> it = signers.getSigners().iterator();

FileInputStream fis = new FileInputStream("c:\\sap.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<X509Certificate> c = (Collection<X509Certificate>)cf.generateCertificates(fis);
Iterator<X509Certificate> i = c.iterator();

while(it.hasNext()){
    SignerInformation signer = it.next();
    while (i.hasNext()) {
        X509Certificate cert = i.next();
        cert.checkValidity();
        cert.verify(cert.getPublicKey());           
        signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert));
    }
}

证书输出:

[
[
  Version: V1
  Subject: CN=KED, OU=I0020266601, OU=SAP Web AS, O=SAP Trust Community, C=DE
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  Sun DSA Public Key
    Parameters:DSA
    p:     ffd22469 8c53aa90 7585c3ee b65ffd9a cde5b230 53041af9 969e69c8 22093f5a
    477740c5 d398084f 3830ea33 8dbd8505 d6cce42b 135794b1 a971e670 f896eee2
    17acf3f8 48c67d35 434768d7 9c30567f abeb0d86 5674ef2b d391d530 26cbd9ba
    647414ba ff6e2f5b 9f468df7 3e266bd5 b330058d e64cfd69 75065322 11c43237
    q:     cd1ac6c7 d55ae243 cd5bbb0c 0f0789b4 233786b1
    g:     0945535b 061de39c 995832d2 03d3c2a0 c352cad9 2a524886 7c681962 ca94e5e3
    f23cc4c0 7891bc0d 0abc85fe 4f575334 b8e02d02 176d7534 ec7080c3 a46ccba3
    776a1b2f fa6f3586 e4e90e40 558e779a 6d90c9c0 c788592f 5d8ffe16 801e2c9e
    b3305ed3 c4035015 a246b7fc 2d2dda7f e6431fe3 d3b291fe 58082643 49d9bac1

  y:
    cab5984a d0254277 fd4aab43 799d8120 35f7725b 313b87a2 ca092c91 96236e44
    8ad7c157 d000395b 1ce37da2 a9c18113 c34067e8 c917752b 9604049d 70b92bb0
    6aa65d45 d5fde439 bbcbaa21 7520542a baac4e64 75fabc57 56a91856 178d8fc4
    6aa34d71 5a06b59f 6c89ae81 3571d4ce 89bbeb49 dedfc68c 4fa8a6d1 9aefcdcf

  Validity: [From: Sun Dec 02 14:32:56 CET 2012,
               To: Fri Jan 01 01:00:01 CET 2038]
  Issuer: CN=KED, OU=I0020266601, OU=SAP Web AS, O=SAP Trust Community, C=DE
  SerialNumber: [    20121202 133256]

]
  Algorithm: [SHA1withDSA]
  Signature:
0000: 30 2D 02 14 15 BE 80 34   1A 6F 02 F4 C8 5A 9A 6A  0-.....4.o...Z.j
0010: 3E 5A A8 66 C2 A2 AD 3C   02 15 00 C9 53 A6 D9 85  >Z.f...<....S...
0020: 3F 22 FB 12 5C E9 9D B7   77 29 03 62 81 EA 17     ?"..\...w).b...

]
4

1 回答 1

5

最后我得到了它的帮助:verifying detached signature with BC

    String toVerify = "A1005056807CE11EE2B4CE0025305725CFrCN%3DKED,OU%3DI0020266601,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE20130611102236";
    String signed = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw=";
    byte[] signedByte = Base64.decode(signed);

    Security.addProvider(new BouncyCastleProvider());

    CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(toVerify.getBytes()), signedByte);
    SignerInformationStore signers = s.getSignerInfos();
    SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next();

    FileInputStream fis = new FileInputStream("c:\\sap.cer");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate)cf.generateCertificates(fis).iterator().next();

    boolean result = signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert.getPublicKey())); 
    System.out.println("Verified: "+result);
于 2013-06-12T07:01:19.120 回答