时间戳验证java bouncycastle
时间戳验证java bouncycastle
提问于 2017-02-08 21:41:45
我使用BouncyCastle验证签名并从".p7m“文件(原始内容、签名者等)中提取信息。
现在,我需要验证并从同一".p7m“文件中的TimeStamp中提取信息。
如何验证TimeStampToken?我写的这段代码可以很好地处理签名,但它不会验证TimeStamp。我将"cert“变量传递给build()方法以验证签名和TimeStampToken。对于签名它是可以的,但是对于TimeStamp它不起作用:(
我哪里错了?提前谢谢。
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Security;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Store;
public class Launcher3 {
public static void main(String[] args) throws Exception {
File myFile=new File("D:\\fdr\\bouncycastle\\New Text Document.txt.p7m");
byte[] bytesArray = readContentIntoByteArray(myFile);
FileOutputStream fos = new FileOutputStream("D:\\fdr\\bouncycastle\\New Text Document.txt");
byte[] bytesArrayOriginalFile=getData(bytesArray);
fos.write(bytesArrayOriginalFile);
fos.close();
verifySign(bytesArray);
}
static public void verifySign(byte[] signedData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signedData);
sp.getSignedContent().drain();
Store certStore = sp.getCertificates();
SignerInformationStore signers = sp.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certStore.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
System.out.println("info 1: "+cert.getIssuer());
System.out.println("info 2: "+cert.getSubject());
System.out.println("date from: "+cert.getNotBefore());
System.out.println("date to: "+cert.getNotAfter());
System.out.println("Serial n. "+cert.getSerialNumber());
System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
// --------------------------------------------------------------------------------------------------------------------^
// LOOK AT HERE: it works!
AttributeTable attrs = signer.getUnsignedAttributes();
Attribute att = attrs.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
ASN1Encodable dob = att.getAttrValues().getObjectAt(0);
byte[] encodedTsp = dob.toASN1Primitive().getEncoded();
TimeStampToken result = null;
if(encodedTsp!=null) {
CMSSignedData cms = new CMSSignedData(encodedTsp);
result = new TimeStampToken(cms);
System.out.println("timestamp: "+result.getTimeStampInfo().getGenTime());
System.out.println("serial n. "+result.getTimeStampInfo().getSerialNumber());
System.out.println("tsa: "+result.getTimeStampInfo().getTsa());
System.out.println("policy: "+result.getTimeStampInfo().getPolicy());
result.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
// ------------------------------------------------------------------------------^
// LOOK AT HERE: it doesn't work!
}
}
}
static public byte[] getData(final byte[] p7bytes) throws CMSException, IOException {
CMSSignedData signedData = new CMSSignedData(p7bytes);
CMSProcessable signedContent = signedData.getSignedContent();
return (byte[])signedContent.getContent();
}
private static byte[] readContentIntoByteArray(File file)
{
FileInputStream fileInputStream = null;
byte[] bFile = new byte[(int) file.length()];
try
{
fileInputStream = new FileInputStream(file);
fileInputStream.read(bFile);
fileInputStream.close();
}
catch (Exception e)
{
e.printStackTrace();
}
return bFile;
}
}回答 1
Stack Overflow用户
发布于 2017-02-09 22:21:58
我自己解决了(我很高兴)。我需要这样找到时间戳的证书:
Store storeTt = result.getCertificates();
Collection collTt = storeTt.getMatches(result.getSID());
Iterator certIt2 = collTt.iterator();
X509CertificateHolder cert2 = (X509CertificateHolder)certIt2.next();
System.out.println("timestamp's verify: "+result.isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert2)));
result.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert2));页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/42114742
复制相关文章
相似问题
腾讯云开发者
