充气城堡独立签名改变了api

时间:2015-03-23 15:23:09

标签: java bouncycastle

在我看来,Bouncy城​​堡已经改变了API,以下代码在1.52中不再起作用了:

  /**
   * SignatureInterface implementation. Creates detached signature of stream
   * using SHA-256.
   * 
   * @param content
   *          original content stream to sign
   * @throws SignatureException
   *           in case of signature error
   * @throws IOException
   *           in case of I/O error
   * @return signed byte content
   */
  @Override
  public byte[] sign(final InputStream content) throws SignatureException,
      IOException {
    try {

      CMSProcessableInputStream input = new CMSProcessableInputStream(content);
      List<Certificate> certList = Arrays.asList(keystore
          .getCertificateChain(alias));
      CertStore certStore = CertStore.getInstance("Collection",
          new CollectionCertStoreParameters(certList), provider);

      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();      
      gen.addSigner((PrivateKey) keystore.getKey(alias, pin),
          (X509Certificate) keystore.getCertificate(alias),
          CMSSignedGenerator.DIGEST_SHA256);
      gen.addCertificatesAndCRLs(certStore);

      return gen.generate(input, false, provider).getEncoded();
    } catch (Exception e) {
      throw new SignatureException(
          "Problem while preparing signature. Wrong certificate or alias.");
    }
  }

有人知道如何在新API中实现相同的行为吗?我没有在移植指南中找到任何相关信息。

EDITED(添加变量定义):

 /**
   * Size of the read buffer for signing.
   */
  private static final int BUFSIZE = 8192;

  /**
   * Stored instance of BC.
   */
  private BouncyCastleProvider provider;

  /**
   * PKCS#12 key store.
   */
  private KeyStore keystore;

  /**
   * Alias for certificate to sign.
   */
  private String alias;

  /**
   * Password to private key.
   */
  private char[] pin;

1 个答案:

答案 0 :(得分:1)

我已经能够将代码更改为以下内容,这似乎对我的1.51版本有用(版本1.52在OSGi下是错误的):

 public byte[] sign(final InputStream content) throws SignatureException,
      IOException {
    try {
      CMSTypedData input = new CMSProcessableByteArray(
          IOUtils.toByteArray(content));
      List<Certificate> certList = Arrays.asList(keystore
          .getCertificateChain(alias));
      Store certs = new JcaCertStore(certList);
      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
      ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA")
          .setProvider("BC").build((PrivateKey) keystore.getKey(alias, pin));
      gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
          new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
          .build(shaSigner, (X509Certificate) keystore.getCertificate(alias)));
      gen.addCertificates(certs);
      return gen.generate(input, false).getEncoded();
    } catch (Exception e) {
      throw new SignatureException(
          "Problem while preparing signature. Wrong certificate or alias.");
    }
  }
相关问题
最新问题