久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

使用 BouncyCastle 向 CMS 簽名添加簽名/認(rèn)證屬性

Add signed/authenticated attributes to CMS signature using BouncyCastle (使用 BouncyCastle 向 CMS 簽名添加簽名/認(rèn)證屬性)
本文介紹了使用 BouncyCastle 向 CMS 簽名添加簽名/認(rèn)證屬性的處理方法,對(duì)大家解決問題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)吧!

問題描述

我想使用 bouncycastle 生成一個(gè)簡(jiǎn)單的 CMS 簽名.此代碼有效!

I want to generate a simple CMS signature using bouncycastle. This code works!

  Security.addProvider(new BouncyCastleProvider());
  String password = "123456";
  KeyStore ks = KeyStore.getInstance("PKCS12");
  ks.load(new FileInputStream("c:/cert_123456.p12"), password.toCharArray());
  String alias = (String)ks.aliases().nextElement();
  PrivateKey key = (PrivateKey)ks.getKey(alias, password.toCharArray());
  Certificate[] chain = ks.getCertificateChain(alias);

  CMSSignedDataGenerator generator = new CMSSignedDataGenerator();

  generator.addSigner(key, (X509Certificate)chain[0], CMSSignedDataGenerator.DIGEST_SHA1);
  ArrayList list = new ArrayList();
  for (int i = 0; i < chain.length; i++) {
       list.add(chain[i]);
  }
  CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), "BC");
  generator.addCertificatesAndCRLs(chainStore);
  CMSProcessable content = new CMSProcessableByteArray("test".getBytes());
  CMSSignedData signedData = generator.generate(content, false, "BC");

  byte[] pk = signedData.getEncoded();

但是,如何添加簽名屬性?
我想刪除默認(rèn)簽名屬性并添加簽名策略標(biāo)識(shí)符.

But, how to add signed attributes?
I want to remove default signed attributes and add signature-policy-identifier.

文章非常受歡迎.

推薦答案

首先,您似乎在使用在最新版本的 Bouncy Castle 中已棄用的構(gòu)造.要添加經(jīng)過身份驗(yàn)證/簽名的 屬性,您必須將它們打包到 AttributeTable 簽名屬性被添加到簽名者中所以:

First of all you appear to be using constructs that are deprecated in the latest versions of Bouncy Castle. To add authenticated/signed attributes you have to package them into an AttributeTable Signed attributes are added to the signer like so:

ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
signedAttributes.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digestBytes))));
signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(signingDate))));

AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);

然后在 addSigner 方法之一中使用它.正如我在開始時(shí)已經(jīng)提到的,這種方法已被棄用,我們鼓勵(lì)您使用生成器和生成器生成器.這是一個(gè)簡(jiǎn)短的例子:

Then use it in one of the addSigner methods. As I already mentioned in the beginning this method is deprecated and you are encouraged to use Generators and Generator Builders. Here's a short example:

    /* Construct signed attributes */
    ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
    signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
    signedAttributes.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digestBytes))));
    signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(signingDate))));

    AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
    signedAttributesTable.toASN1EncodableVector();
    DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);

    /* Build the SignerInfo generator builder, that will build the generator... that will generate the SignerInformation... */
    SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build());
    signerInfoBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    JcaContentSignerBuilder contentSigner = new JcaContentSignerBuilder("SHA1withRSA");
    contentSigner.setProvider("BC");

    generator.addSignerInfoGenerator(signerInfoBuilder.build(contentSigner.build(this.signingKey), new X509CertificateHolder(this.signingCert.getEncoded())));

    ArrayList<X509CertificateHolder> signingChainHolder = new ArrayList<X509CertificateHolder>();
    Iterator i = this.signingChain.iterator();
    while (i.hasNext()) {
        X509CertificateObject cert = (X509CertificateObject)i.next();
        signingChainHolder.add(new X509CertificateHolder(cert.getEncoded()));
    }

    generator.addCertificates(new JcaCertStore(signingChainHolder));
    generator.generate(new CMSAbsentContent(), "BC").getEncoded();

它相當(dāng)笨重,可能還不能工作(我正在編寫它,并在研究一些東西時(shí)偶然發(fā)現(xiàn)了你的問題),尤其是簽名日期部分,它可能必須是 new DERSet(新時(shí)間(新日期))(更新:它適用于DERUTCTime).

It's quite bulky and probably doesn't work yet (I'm in the process of writing it and stumbled upon your question while researching some stuff), especially the signingDate part, it probably has to be new DERSet(new Time(new Date)) (update: it works with DERUTCTime).

有點(diǎn)離題:我仍然無(wú)法理解 Signed 和 Authenticated 屬性之間的區(qū)別,Bouncy Castle 擁有 DefaultAuthenticatedAttributeTableGenerator、DefaultSignedAttributeTableGenerator 類,它們與 Signers 完美配合.兩者在簽名時(shí)間方面似乎存在一些細(xì)微差別,如果不存在,SignedAttributes 默認(rèn)會(huì)添加簽名時(shí)間.RFC 提到了這兩種屬性類型,但我找不到任何確定的內(nèi)容.

A bit of offtopic: I still can't get my head around the difference between Signed and Authenticated attributes, Bouncy Castle has got both DefaultAuthenticatedAttributeTableGenerator, DefaultSignedAttributeTableGenerator classes which work perfectly well with Signers. There seem to be some minor differences between the two in regards to signingTime, SignedAttributes adds the signingTime by default if not present. The RFCs mention both attribute types, but I couldn't find anything definite.

這篇關(guān)于使用 BouncyCastle 向 CMS 簽名添加簽名/認(rèn)證屬性的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

【網(wǎng)站聲明】本站部分內(nèi)容來(lái)源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請(qǐng)聯(lián)系我們刪除處理,感謝您的支持!

相關(guān)文檔推薦

Java Remove Duplicates from an Array?(Java從數(shù)組中刪除重復(fù)項(xiàng)?)
How to fix Invocation failed Unexpected Response from Server: Unauthorized in Android studio(如何修復(fù)調(diào)用失敗來(lái)自服務(wù)器的意外響應(yīng):在 Android 工作室中未經(jīng)授權(quán))
AES encryption, got extra trash characters in decrypted file(AES 加密,解密文件中有多余的垃圾字符)
AES Error: Given final block not properly padded(AES 錯(cuò)誤:給定的最終塊未正確填充)
Detecting incorrect key using AES/GCM in JAVA(在 JAVA 中使用 AES/GCM 檢測(cè)不正確的密鑰)
AES-256-CBC in Java(Java 中的 AES-256-CBC)
主站蜘蛛池模板: 99视频在线 | 91久久久久久久久 | 国产高清在线观看 | 日韩一区二区三区视频 | 午夜精品一区二区三区在线视频 | 国产精品福利久久久 | 欧产日产国产精品视频 | 黄免费观看| 国产一区二区在线视频 | 中文字幕视频免费 | 日韩中文字幕视频在线观看 | 狠狠操电影 | 一级毛片视频免费观看 | 亚洲高清久久 | 久久久久国产一区二区三区 | 国产在线一区二区 | 91干b| 久久99精品久久久久久国产越南 | 日韩色综合 | 中文字幕不卡 | 亚洲成人av在线 | 日本久久综合 | 久久精品免费看 | av永久| 精品9999| 91精品国产欧美一区二区成人 | 国产激情在线 | 久久综合影院 | 精品成人在线视频 | 国产又爽又黄的视频 | 91精品国产综合久久婷婷香蕉 | 久久91精品国产一区二区 | 国产精品亚洲精品 | 欧美一区二区三区在线免费观看 | 成人av一区二区在线观看 | 国产精品久久久久久久久图文区 | 欧美日韩高清免费 | av在线黄| 亚洲高清在线免费观看 | 日韩成人免费视频 | 婷婷在线网站 |