X509v3CertificateBuilder:java.lang.IllegalArgumentException:无法生成证书签名
X509v3CertificateBuilder: java.lang.IllegalArgumentException: cannot produce certificate signature
我正在创建一个 KeyPair
并试图用它创建一个 X509Certificate
(在 Android 上使用 BouncyCastle),但是 运行 出现以下错误:
java.lang.IllegalArgumentException: cannot produce certificate signature
at org.bouncycastle.cert.X509v3CertificateBuilder.build(Unknown Source:57)
我是这样创建 KeyPair
:
val kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
kpg.initialize(KeyGenParameterSpec.Builder(
"alias",
KeyProperties.PURPOSE_SIGN or KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA512,
KeyProperties.DIGEST_NONE)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setUserAuthenticationRequired(true)
.build())
return kpg.generateKeyPair()
以及我如何尝试生成证书:
// replace the default BC implementation, and use: implementation 'org.bouncycastle:bcpkix-jdk15on:1.64'
Security.removeProvider("BC")
val bc = BouncyCastleProvider()
Security.insertProviderAt(bc, 1)
val builder = JcaContentSignerBuilder("SHA256WithRSA")
builder.setProvider("AndroidKeyStoreBCWorkaround")
val certGen: X509v3CertificateBuilder = JcaX509v3CertificateBuilder(X500Name("name removed"),
BigInteger.valueOf(SecureRandom().nextLong()),
Date(),
Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000),
X500Name("Name removed"),
keyPair.public)
val contentSigner: ContentSigner = builder.build(keyPair.private)
val certHolder = certGen.build(contentSigner) <- THE ERROR OCCURS HERE
val cert = JcaX509CertificateConverter().getCertificate(certHolder)
调用 X509v3CertificateBuilder
' build()
方法时发生错误,但错误消息并没有太大帮助。
编辑:这是完整的堆栈跟踪:
E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.example.app, PID: 31547
java.lang.IllegalArgumentException: cannot produce certificate signature
at org.bouncycastle.cert.X509v3CertificateBuilder.build(Unknown Source:57)
at com.example.app.Helper$Companion.createX509Certificate(Helper.kt:104)
at com.example.app.Presenter.getLocalKeyPair(Presenter.kt:123)
at com.example.app.Presenter$getKey.onComplete(Presenter.kt:109)
at com.example.app.Manager$getKey.onResponse(Manager.kt:30)
at retrofit2.DefaultCallAdapterFactory$ExecutorCallbackCall.run(DefaultCallAdapterFactory.java:83)
at android.os.Handler.handleCallback(Handler.java:790)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:164)
at android.app.ActivityThread.main(ActivityThread.java:6626)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:811)
几个小时后,我找到了解决这个问题的方法。
我试图调试我想到的一切,我注意到 contentSigner.signature
抛出异常:
android.security.KeyStoreException: Key user not authenticated
这当然表明生物认证有问题。变化:
.setUserAuthenticationRequired(false)
似乎一切正常。
最后我使用了以下两行:
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(100)
这也符合预期。
我正在创建一个 KeyPair
并试图用它创建一个 X509Certificate
(在 Android 上使用 BouncyCastle),但是 运行 出现以下错误:
java.lang.IllegalArgumentException: cannot produce certificate signature
at org.bouncycastle.cert.X509v3CertificateBuilder.build(Unknown Source:57)
我是这样创建 KeyPair
:
val kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
kpg.initialize(KeyGenParameterSpec.Builder(
"alias",
KeyProperties.PURPOSE_SIGN or KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA512,
KeyProperties.DIGEST_NONE)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setUserAuthenticationRequired(true)
.build())
return kpg.generateKeyPair()
以及我如何尝试生成证书:
// replace the default BC implementation, and use: implementation 'org.bouncycastle:bcpkix-jdk15on:1.64'
Security.removeProvider("BC")
val bc = BouncyCastleProvider()
Security.insertProviderAt(bc, 1)
val builder = JcaContentSignerBuilder("SHA256WithRSA")
builder.setProvider("AndroidKeyStoreBCWorkaround")
val certGen: X509v3CertificateBuilder = JcaX509v3CertificateBuilder(X500Name("name removed"),
BigInteger.valueOf(SecureRandom().nextLong()),
Date(),
Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000),
X500Name("Name removed"),
keyPair.public)
val contentSigner: ContentSigner = builder.build(keyPair.private)
val certHolder = certGen.build(contentSigner) <- THE ERROR OCCURS HERE
val cert = JcaX509CertificateConverter().getCertificate(certHolder)
调用 X509v3CertificateBuilder
' build()
方法时发生错误,但错误消息并没有太大帮助。
编辑:这是完整的堆栈跟踪:
E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.example.app, PID: 31547
java.lang.IllegalArgumentException: cannot produce certificate signature
at org.bouncycastle.cert.X509v3CertificateBuilder.build(Unknown Source:57)
at com.example.app.Helper$Companion.createX509Certificate(Helper.kt:104)
at com.example.app.Presenter.getLocalKeyPair(Presenter.kt:123)
at com.example.app.Presenter$getKey.onComplete(Presenter.kt:109)
at com.example.app.Manager$getKey.onResponse(Manager.kt:30)
at retrofit2.DefaultCallAdapterFactory$ExecutorCallbackCall.run(DefaultCallAdapterFactory.java:83)
at android.os.Handler.handleCallback(Handler.java:790)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:164)
at android.app.ActivityThread.main(ActivityThread.java:6626)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:811)
几个小时后,我找到了解决这个问题的方法。
我试图调试我想到的一切,我注意到 contentSigner.signature
抛出异常:
android.security.KeyStoreException: Key user not authenticated
这当然表明生物认证有问题。变化:
.setUserAuthenticationRequired(false)
似乎一切正常。
最后我使用了以下两行:
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(100)
这也符合预期。