org.bouncycastle.cms.CMSException: content-type 属性值与 eContentType 不匹配
org.bouncycastle.cms.CMSException: content-type attribute value does not match eContentType
我目前正在使用 BouncyCastle 构建时间戳服务器。服务器运行良好,但在客户端,当我想验证收到的 TimeStampResponse 时,出现以下错误:
org.bouncycastle.cms.CMSException: content-type attribute value does
not match eContentType
在服务器端,我包括这样的内容类型属性:
ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
signedAttributes.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(request.getMessageImprintDigest()))));
signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(timeStampDate))));
AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
signedAttributesTable.toASN1EncodableVector();
//Linking Attribute Table to the signBuilder (linked to JKS Certificate)
DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);
signBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
signBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(new AttributeTable(new Hashtable<String, String>())));
......
在客户端:
Collection<X509CertificateHolder> tstMatches = response.getTimeStampToken().getCertificates().getMatches(response.getTimeStampToken().getSID());
X509CertificateHolder holder = tstMatches.iterator().next();
java.security.cert.X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder);
System.out.println("Cert Date exp: "+tstCert.getNotAfter());
SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(tstCert);
AttributeTable att = response.getTimeStampToken().getSignedAttributes();
System.out.println("Content-type: "+att.get(CMSAttributes.contentType).getAttrValues().getObjectAt(0));
if(bytesToHex(response.getTimeStampToken().getTimeStampInfo().getMessageImprintDigest()).equals(bytesToHex(digest))) {
System.out.println("TimeStamp is valid, imprint is identical");
}
try {
response.getTimeStampToken().validate(siv);
}catch(Exception e) {
System.out.println("Still getting issue with Content Type: "+e.toString());
}
我似乎在我的 TimeStampToken(“1.2.840.113549.1.7.1”)中正确包含了内容类型,但我不知道 eContentType 在哪里,也不知道在哪里可以检查它。
编辑 1:可能是我的回答不清楚……我会尝试重新表述……
如何访问 TimeStampToken 的 eContentType?
BouncyCastle 比较的是什么?
经过多次阅读,我发现添加 contentType 属性会导致此类错误,因为我已经根据请求构建了 TimeStampResponse,内容类型已被考虑在内。
它在 BouncyCastle 库上造成冲突,因此通过删除行:
//signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
一切正常,我的 TimeStampResponse 已正确验证。
我目前正在使用 BouncyCastle 构建时间戳服务器。服务器运行良好,但在客户端,当我想验证收到的 TimeStampResponse 时,出现以下错误:
org.bouncycastle.cms.CMSException: content-type attribute value does not match eContentType
在服务器端,我包括这样的内容类型属性:
ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
signedAttributes.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(request.getMessageImprintDigest()))));
signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(timeStampDate))));
AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
signedAttributesTable.toASN1EncodableVector();
//Linking Attribute Table to the signBuilder (linked to JKS Certificate)
DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);
signBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
signBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(new AttributeTable(new Hashtable<String, String>())));
......
在客户端:
Collection<X509CertificateHolder> tstMatches = response.getTimeStampToken().getCertificates().getMatches(response.getTimeStampToken().getSID());
X509CertificateHolder holder = tstMatches.iterator().next();
java.security.cert.X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder);
System.out.println("Cert Date exp: "+tstCert.getNotAfter());
SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(tstCert);
AttributeTable att = response.getTimeStampToken().getSignedAttributes();
System.out.println("Content-type: "+att.get(CMSAttributes.contentType).getAttrValues().getObjectAt(0));
if(bytesToHex(response.getTimeStampToken().getTimeStampInfo().getMessageImprintDigest()).equals(bytesToHex(digest))) {
System.out.println("TimeStamp is valid, imprint is identical");
}
try {
response.getTimeStampToken().validate(siv);
}catch(Exception e) {
System.out.println("Still getting issue with Content Type: "+e.toString());
}
我似乎在我的 TimeStampToken(“1.2.840.113549.1.7.1”)中正确包含了内容类型,但我不知道 eContentType 在哪里,也不知道在哪里可以检查它。
编辑 1:可能是我的回答不清楚……我会尝试重新表述…… 如何访问 TimeStampToken 的 eContentType?
BouncyCastle 比较的是什么?
经过多次阅读,我发现添加 contentType 属性会导致此类错误,因为我已经根据请求构建了 TimeStampResponse,内容类型已被考虑在内。
它在 BouncyCastle 库上造成冲突,因此通过删除行:
//signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))));
一切正常,我的 TimeStampResponse 已正确验证。