久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

使用 BouncyCastle 向 CMS 簽名添加簽名/認證屬性

Add signed/authenticated attributes to CMS signature using BouncyCastle (使用 BouncyCastle 向 CMS 簽名添加簽名/認證屬性)
本文介紹了使用 BouncyCastle 向 CMS 簽名添加簽名/認證屬性的處理方法,對大家解決問題具有一定的參考價值,需要的朋友們下面隨著小編來一起學習吧!

問題描述

我想使用 bouncycastle 生成一個簡單的 CMS 簽名.此代碼有效!

I want to generate a simple CMS signature using bouncycastle. This code works!

  Security.addProvider(new BouncyCastleProvider());
  String password = "123456";
  KeyStore ks = KeyStore.getInstance("PKCS12");
  ks.load(new FileInputStream("c:/cert_123456.p12"), password.toCharArray());
  String alias = (String)ks.aliases().nextElement();
  PrivateKey key = (PrivateKey)ks.getKey(alias, password.toCharArray());
  Certificate[] chain = ks.getCertificateChain(alias);

  CMSSignedDataGenerator generator = new CMSSignedDataGenerator();

  generator.addSigner(key, (X509Certificate)chain[0], CMSSignedDataGenerator.DIGEST_SHA1);
  ArrayList list = new ArrayList();
  for (int i = 0; i < chain.length; i++) {
       list.add(chain[i]);
  }
  CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), "BC");
  generator.addCertificatesAndCRLs(chainStore);
  CMSProcessable content = new CMSProcessableByteArray("test".getBytes());
  CMSSignedData signedData = generator.generate(content, false, "BC");

  byte[] pk = signedData.getEncoded();

但是,如何添加簽名屬性?
我想刪除默認簽名屬性并添加簽名策略標識符.

But, how to add signed attributes?
I want to remove default signed attributes and add signature-policy-identifier.

文章非常受歡迎.

推薦答案

首先,您似乎在使用在最新版本的 Bouncy Castle 中已棄用的構造.要添加經過身份驗證/簽名的 屬性,您必須將它們打包到 AttributeTable 簽名屬性被添加到簽名者中所以:

First of all you appear to be using constructs that are deprecated in the latest versions of Bouncy Castle. To add authenticated/signed attributes you have to package them into an AttributeTable Signed attributes are added to the signer like so:

ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
signedAttributes.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digestBytes))));
signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(signingDate))));

AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);

然后在 addSigner 方法之一中使用它.正如我在開始時已經提到的,這種方法已被棄用,我們鼓勵您使用生成器和生成器生成器.這是一個簡短的例子:

Then use it in one of the addSigner methods. As I already mentioned in the beginning this method is deprecated and you are encouraged to use Generators and Generator Builders. Here's a short example:

    /* Construct signed attributes */
    ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
    signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
    signedAttributes.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digestBytes))));
    signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(signingDate))));

    AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
    signedAttributesTable.toASN1EncodableVector();
    DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);

    /* Build the SignerInfo generator builder, that will build the generator... that will generate the SignerInformation... */
    SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build());
    signerInfoBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    JcaContentSignerBuilder contentSigner = new JcaContentSignerBuilder("SHA1withRSA");
    contentSigner.setProvider("BC");

    generator.addSignerInfoGenerator(signerInfoBuilder.build(contentSigner.build(this.signingKey), new X509CertificateHolder(this.signingCert.getEncoded())));

    ArrayList<X509CertificateHolder> signingChainHolder = new ArrayList<X509CertificateHolder>();
    Iterator i = this.signingChain.iterator();
    while (i.hasNext()) {
        X509CertificateObject cert = (X509CertificateObject)i.next();
        signingChainHolder.add(new X509CertificateHolder(cert.getEncoded()));
    }

    generator.addCertificates(new JcaCertStore(signingChainHolder));
    generator.generate(new CMSAbsentContent(), "BC").getEncoded();

它相當笨重,可能還不能工作(我正在編寫它,并在研究一些東西時偶然發現了你的問題),尤其是簽名日期部分,它可能必須是 new DERSet(新時間(新日期))(更新:它適用于DERUTCTime).

It's quite bulky and probably doesn't work yet (I'm in the process of writing it and stumbled upon your question while researching some stuff), especially the signingDate part, it probably has to be new DERSet(new Time(new Date)) (update: it works with DERUTCTime).

有點離題:我仍然無法理解 Signed 和 Authenticated 屬性之間的區別,Bouncy Castle 擁有 DefaultAuthenticatedAttributeTableGenerator、DefaultSignedAttributeTableGenerator 類,它們與 Signers 完美配合.兩者在簽名時間方面似乎存在一些細微差別,如果不存在,SignedAttributes 默認會添加簽名時間.RFC 提到了這兩種屬性類型,但我找不到任何確定的內容.

A bit of offtopic: I still can't get my head around the difference between Signed and Authenticated attributes, Bouncy Castle has got both DefaultAuthenticatedAttributeTableGenerator, DefaultSignedAttributeTableGenerator classes which work perfectly well with Signers. There seem to be some minor differences between the two in regards to signingTime, SignedAttributes adds the signingTime by default if not present. The RFCs mention both attribute types, but I couldn't find anything definite.

這篇關于使用 BouncyCastle 向 CMS 簽名添加簽名/認證屬性的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!

【網站聲明】本站部分內容來源于互聯網,旨在幫助大家更快的解決問題,如果有圖片或者內容侵犯了您的權益,請聯系我們刪除處理,感謝您的支持!

相關文檔推薦

Java Remove Duplicates from an Array?(Java從數組中刪除重復項?)
How to fix Invocation failed Unexpected Response from Server: Unauthorized in Android studio(如何修復調用失敗來自服務器的意外響應:在 Android 工作室中未經授權)
AES encryption, got extra trash characters in decrypted file(AES 加密,解密文件中有多余的垃圾字符)
AES Error: Given final block not properly padded(AES 錯誤:給定的最終塊未正確填充)
Detecting incorrect key using AES/GCM in JAVA(在 JAVA 中使用 AES/GCM 檢測不正確的密鑰)
AES-256-CBC in Java(Java 中的 AES-256-CBC)
主站蜘蛛池模板: 一区二区三区精品 | a中文在线视频 | av中文在线| 久久久涩 | 男女黄网站 | 国产精品久久久久久久久免费桃花 | 中文字幕在线一区二区三区 | 日本一区二区三区在线观看 | 国产在线高清 | 亚洲顶级毛片 | 91精品在线观看入口 | 中文字幕精品一区久久久久 | 亚洲国产成人av好男人在线观看 | 久久久日韩精品一区二区三区 | 国产综合欧美 | 99re热精品视频国产免费 | 婷婷国产一区二区三区 | 日韩精品一区二区三区在线观看 | 久久久影院 | 亚洲人成人一区二区在线观看 | 久一久| a久久| 91中文字幕在线 | 成人精品 | 天天拍天天操 | 在线日韩不卡 | 欧美中文字幕一区二区三区亚洲 | 欧美无乱码久久久免费午夜一区 | 三区在线| 一区二区三区日 | 国产美女黄色片 | 一级片免费在线观看 | 中文字幕视频在线 | 妞干网av| 国产免费一二三区 | 精品一区久久 | 欧美精品在线播放 | 欧美一区二区三区四区在线 | 欧美精品一区二区免费视频 | 精品视频在线一区 | 亚洲视频欧美视频 |