Pkcs7 生成代码
@SuppressWarnings({ "unchecked", "rawtypes" })
public static byte[] createDetachedSignature() throws NoSuchAlgorithmException, NoSuchProviderException, DSCException, InvalidKeyException, SignatureException, CertificateEncodingException, OperatorCreationException, CMSException, IOException{
//byte[] contentToSign = generateHash("Test".getBytes(Charset.forName("UTF-8"))).getBytes();
//System.out.println("Original Content :: "+new String(contentToSign));
DSCUtil.initKeyStore();
DSCertificate dscCert = DSCUtil.findBySerialNumber(new BigInteger("1396617567"));
PrivateKey privKey = dscCert.getPrivateKey();
Signature signature = Signature.getInstance("SHA256WithRSA");
signature.initSign(privKey);
signature.update("Test".getBytes(Charset.forName("UTF-8")));
//X509Certificate cert = dscCert.getCertificate();
// List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
//certList.add(cert);
Store certs = new JcaCertStore(Arrays.asList(dscCert.getCertChain()));
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").build(privKey);
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
.build(sha1Signer, dscCert.getCertificate()));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(msg, true);
//BASE64Encoder encoder = new BASE64Encoder();
String signedContent = Base64.encodeBase64String((byte[]) sigData.getSignedContent().getContent());
System.out.println("Signed content: " + signedContent + "\n");
String envelopedData = Base64.encodeBase64String(sigData.getEncoded());
System.out.println("Enveloped data: " + envelopedData);
return envelopedData.getBytes();
}
验证码
@SuppressWarnings({ "deprecation", "rawtypes" })
public static boolean verifyTextwithPKCS7(String input, byte[] pkcs7Resp) throws NoSuchAlgorithmException, NoSuchProviderException {
boolean result = false;
if (pkcs7Resp.length <= 0) {
return result;
}
//String hash = generateHash(input.getBytes(Charset.forName("UTF-8")));
try {
CMSSignedData cms = new CMSSignedData(new CMSProcessableByteArray(input.getBytes()),
pkcs7Resp);
System.out.println(new String((byte[]) cms.getSignedContent().getContent()));
CertStore certStore = cms.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = cms.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certStore.getCertificates(signer.getSID());
Iterator certIt = certCollection.iterator();
X509Certificate cert = (X509Certificate) certIt.next();
result = signer.verify(cert, "BC");
System.out.println(new String(signer.getContentDigest()));
}
} catch (Exception e) {
e.printStackTrace();
result = false;
}
return result;
}
请告诉我生成 PKCS#7 或验证过程中的任何问题。
如果我的过程是错误的,那么请用一些代码片段向我建议正确的机制。