充气城堡独立签名已更改 api
Bouncy castle detached signature changed api
在我看来,充气城堡已经改变 API 并且以下代码在 1.52 中不再有效:
/**
* SignatureInterface implementation. Creates detached signature of stream
* using SHA-256.
*
* @param content
* original content stream to sign
* @throws SignatureException
* in case of signature error
* @throws IOException
* in case of I/O error
* @return signed byte content
*/
@Override
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSProcessableInputStream input = new CMSProcessableInputStream(content);
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), provider);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
(X509Certificate) keystore.getCertificate(alias),
CMSSignedGenerator.DIGEST_SHA256);
gen.addCertificatesAndCRLs(certStore);
return gen.generate(input, false, provider).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
有人知道如何在新 API 中实现相同的行为吗?我在移植指南中没有找到任何相关信息。
已编辑(添加变量定义):
/**
* Size of the read buffer for signing.
*/
private static final int BUFSIZE = 8192;
/**
* Stored instance of BC.
*/
private BouncyCastleProvider provider;
/**
* PKCS#12 key store.
*/
private KeyStore keystore;
/**
* Alias for certificate to sign.
*/
private String alias;
/**
* Password to private key.
*/
private char[] pin;
我已经能够将代码更改为以下内容,这似乎适用于 1.51 版(1.52 版在 OSGi 下存在错误):
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSTypedData input = new CMSProcessableByteArray(
IOUtils.toByteArray(content));
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
.setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
gen.addCertificates(certs);
return gen.generate(input, false).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
在我看来,充气城堡已经改变 API 并且以下代码在 1.52 中不再有效:
/**
* SignatureInterface implementation. Creates detached signature of stream
* using SHA-256.
*
* @param content
* original content stream to sign
* @throws SignatureException
* in case of signature error
* @throws IOException
* in case of I/O error
* @return signed byte content
*/
@Override
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSProcessableInputStream input = new CMSProcessableInputStream(content);
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), provider);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
(X509Certificate) keystore.getCertificate(alias),
CMSSignedGenerator.DIGEST_SHA256);
gen.addCertificatesAndCRLs(certStore);
return gen.generate(input, false, provider).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}
有人知道如何在新 API 中实现相同的行为吗?我在移植指南中没有找到任何相关信息。
已编辑(添加变量定义):
/**
* Size of the read buffer for signing.
*/
private static final int BUFSIZE = 8192;
/**
* Stored instance of BC.
*/
private BouncyCastleProvider provider;
/**
* PKCS#12 key store.
*/
private KeyStore keystore;
/**
* Alias for certificate to sign.
*/
private String alias;
/**
* Password to private key.
*/
private char[] pin;
我已经能够将代码更改为以下内容,这似乎适用于 1.51 版(1.52 版在 OSGi 下存在错误):
public byte[] sign(final InputStream content) throws SignatureException,
IOException {
try {
CMSTypedData input = new CMSProcessableByteArray(
IOUtils.toByteArray(content));
List<Certificate> certList = Arrays.asList(keystore
.getCertificateChain(alias));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
.setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
gen.addCertificates(certs);
return gen.generate(input, false).getEncoded();
} catch (Exception e) {
throw new SignatureException(
"Problem while preparing signature. Wrong certificate or alias.");
}
}