大家帮我看一下这个问题:使用bouncycastle的包,对一个字符串进行签名生成P#7,之后进行Base64编码,生成以下数据:
MIAGCSqGSIb3DQEHAqCAMIACAQMxCzAJBgUrDgMCGgUAMIAGAyoFBqCAJIAECTEyMzQ1Njc4OQAA
AAAAAKCAMIICWTCCAcKgAwIBAgIIQbKDub2yJdIwDQYJKoZIhvcNAQEFBQAwJzELMAkGA1UEBhMC
U0UxCzAJBgNVBAoMAkNBMQswCQYDVQQDDAJjYTAeFw0wOTA2MTYxMTE4MjFaFw0xMTA2MTYxMTI4
MjFaMBYxFDASBgNVBAMMC1JB5b2V5YWl5ZGYMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN
m0S6TVfKQOK7KGU7kKsm1QmzgYObY6Hbz7cWgEynMdQYqeEfzbgfLgS4m3JK0ENTp9dXiOjJpqX2
TD0gaPFgDbeeA4yBzFzpemb78WQUg0ZlcPsQMGDj10J7n3+prB+1QSeHxf7xsOsIJZ8CO9uXzbd0
Tv1/jje7IeP3XHYBrwIDAQABo4GeMIGbMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMDsG
A1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMFBggrBgEFBQcD
BzAdBgNVHQ4EFgQUuNm/U3ztrcDfeMry1ujsGkiXluMwHwYDVR0jBBgwFoAUb3kuuU/4Gm7MjfkJ
/Dsqm89rZzcwDQYJKoZIhvcNAQEFBQADgYEAJq2HRr8IK/OVcW50T4t6fVh12RiDXg8YSMDkhDUl
HyOOsCaepWKFPDWX9VC6pmNBNJvU98Kud+X2MOC/qqgtBNe1E0TLChk4912wfsIjws3X4LWLX74T
aVT++IPTPGZzJwDLjwYdE0Hw/OWs3o6cKL4qXUFCypgMqo5inmP+V9gAADGCATIwggEuAgEBMDMw
JzELMAkGA1UEBhMCU0UxCzAJBgNVBAoMAkNBMQswCQYDVQQDDAJjYQIIQbKDub2yJdIwCQYFKw4D
AhoFAKBXMBIGCSqGSIb3DQEJAzEFBgMqBQYwHAYJKoZIhvcNAQkFMQ8XDTA5MDgxOTA5MTE0NFow
IwYJKoZIhvcNAQkEMRYEFPfDvB2AjgRzKt9nmWXMw0ynrjRBMA0GCSqGSIb3DQEBAQUABIGAVlY8
a9t0mz/FHVPRB/fAuGyf7U6xVTuCEe+/to+LkHyABikjOod06AsvFThOFs+sRpsLr4ArQEs+UplK
xkw+yUPbqz4ZvuJbD9G2x6ldnFh//IgpG6/NT41T51HeBo0t/BVlb01vK0gr10sMowMDeOYv8uht
MBgQ/YG1cw6s6TAAAAAAAAA=
再使用sun.security.pkcs.PKCS7对PKCS7进行验证,能够取出P#7中的证书,但是验证签名信息不能通过。
以下是生成PKCS7格式的方法:
public byte[] createPKCS7(String originalTest) {
byte[] signedData = null;
getCert();
Collection chain = getCertChain();
ArrayList certList = new ArrayList();
Certificate cert = getCert509();
if (cert != null) {
certList.add(cert);
}
try {
CMSProcessable msg = new CMSProcessableByteArray(originalTest
.getBytes());
CertStore certs = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), "BC");
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner(getPk(), (X509Certificate) getCert509(),
CMSSignedGenerator.DIGEST_SHA1);
gen.addCertificatesAndCRLs(certs);
CMSSignedData s = null;
Provider provider = new BouncyCastleProvider();
Security.addProvider(provider);
s = gen.generate(msg,true,provider);//,
signedData = s.getEncoded();
} catch (Exception e) {
e.printStackTrace();
}
return signedData;
}
以下是验证的方法:
private boolean isVerified(byte[] sig, byte[] content) {
PKCS7 pkcs7;
X509Certificate[] x509s;
X509Certificate x509;
SignerInfo[] ss;
SignerInfo s;
Signature sign;
try {
pkcs7 = new PKCS7(sig);
x509s = pkcs7.getCertificates();
x509 = x509s[0];
System.out.println(pkcs7.getContentInfo().getContent().getAsString());
ss = pkcs7.getSignerInfos();
s = ss[0];
sign = Signature.getInstance("SHA1/RSA", "BC");
sign.initVerify(x509);
sign.update(toUnicode(content));//toUnicode(content)
byte[] aa = s.getEncryptedDigest();
System.out.println(new String(aa));
boolean verified = sign.verify(s.getEncryptedDigest());
///////////////////////////////////////////////////////
pkcs7 = null;
sign = null;
s = null;
ss = null;
x509 = null;
x509s = null;
return verified;
} catch (SignatureException sigex) {
//System.out.println("VerifyP7sTool.isVerified22222222");
sigex.printStackTrace();
// System.out.println("sigexcept " + sigex.toString());
return false;
} catch (Exception secex) {
//System.out.println("VerifyP7sTool.isVerified3333333333");
secex.printStackTrace();
// System.out.println("other exception " + secex.toString());
return false;
}
}
不知道是不是生成的P#7的base64格式有问题,
以下是用CAPICOM生成的
"MIIDbAYJKoZIhvcNAQcCoIIDXTCCA1kCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3"
+ "DQEHAaCCAl0wggJZMIIBwqADAgECAghBsoO5vbIl0jANBgkqhkiG9w0BAQUFADAn"
+ "MQswCQYDVQQGEwJTRTELMAkGA1UECgwCQ0ExCzAJBgNVBAMMAmNhMB4XDTA5MDYx"
+ "NjExMTgyMVoXDTExMDYxNjExMjgyMVowFjEUMBIGA1UEAwwLUkHlvZXlhaXlkZgw"
+ "gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI2bRLpNV8pA4rsoZTuQqybVCbOB"
+ "g5tjodvPtxaATKcx1Bip4R/NuB8uBLibckrQQ1On11eI6MmmpfZMPSBo8WANt54D"
+ "jIHMXOl6ZvvxZBSDRmVw+xAwYOPXQnuff6msH7VBJ4fF/vGw6wglnwI725fNt3RO"
+ "/X+ON7sh4/dcdgGvAgMBAAGjgZ4wgZswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E"
+ "BAMCBaAwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYI"
+ "KwYBBQUHAwUGCCsGAQUFBwMHMB0GA1UdDgQWBBS42b9TfO2twN94yvLW6OwaSJeW"
+ "4zAfBgNVHSMEGDAWgBRveS65T/gabsyN+Qn8Oyqbz2tnNzANBgkqhkiG9w0BAQUF"
+ "AAOBgQAmrYdGvwgr85VxbnRPi3p9WHXZGINeDxhIwOSENSUfI46wJp6lYoU8NZf1"
+ "ULqmY0E0m9T3wq535fYw4L+qqC0E17UTRMsKGTj3XbB+wiPCzdfgtYtfvhNpVP74"
+ "g9M8ZnMnAMuPBh0TQfD85azejpwovipdQULKmAyqjmKeY/5X2DGB2DCB1QIBATAz"
+ "MCcxCzAJBgNVBAYTAlNFMQswCQYDVQQKDAJDQTELMAkGA1UEAwwCY2ECCEGyg7m9"
+ "siXSMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYBDgHuulzpzyUF1+YEBOsvV"
+ "M6LIsTgm2nv5ofzWk2tduZFWmMejfpafZpFlEpOn+SA/bu08CrJWPBDk+BwFfMzv"
+ "8IxQw6BlPL70IH08n45ZbzMaya56zc9mXfDPoHFiOHNZVJE7ikZ01XzpvkCKj6IA"
+ "XgyYSI+H5R2DhsVratOCxw== ";
谢谢~~
