Sto lavorando alla firma e alla codifica dei messaggi CMS / PKCS # 7 (qualcosa di simile a C # SignedCms ).
Ho x509certificato dal keystore, rsa private key,
ContentInfo. ContentType è "oidPkcs7Data".
Non capisco cosa dovrei fare dopo.
Ho pensato:
- genera una firma e firma i dati ContentInfo
Signature signature = Signature.getInstance("MD5withRSA"); signature.initSign(rsaPrivateKeyFromStore); signature.update(contentInfo.getData()); signedData = signature.sign();
- codifica firma firmata + firma.
PKCS7 pkcs7 = new PKCS7(signedData); ByteArrayOutputStream baos = new ByteArrayOutputStream(); pkcs7.encodeSignedData(baos);
Ma ho ottenuto l'eccezione
sun.security.pkcs.ParsingException: Unable to parse the encoded bytes at sun.security.pkcs.PKCS7.(PKCS7.java:94)
Ovviamente sto sbagliando.
Inoltre mi piacerebbe farlo senza BouncyCastle o Classpth o smth come questi.
È possibile utilizzare solo le classi sun.security. *? Io uso Java 1.5.
Sono un nuovo membro del mondo DigitalSignature e qualsiasi aiuto o consiglio è apprezzato.
UPD
Ho generato il mio certificato e ho provato a firmare i dati con esso.
. Codice netto
X509Certificate2 certificate = new X509Certificate2("X:\mypfxstore.pfx", "123");
String text = "text";
ContentInfo contentInfo = new ContentInfo(System.Text.Encoding.UTF8.GetBytes(text));
SignedCms cms = new SignedCms(contentInfo, false);
CmsSigner signer = new CmsSigner(certificate);
signer.IncludeOption = X509IncludeOption.None;
signer.DigestAlgorithm = new Oid("SHA1");
cms.ComputeSignature(signer, false);
byte[] signature = cms.Encode();
print(signature);
.Java code
char[] password = "123".toCharArray();
String text = "text";
FileInputStream fis = new FileInputStream("X:\mypfxstore.pfx");
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(fis, password);
String alias = ks.aliases().nextElement();
PrivateKey pKey = (PrivateKey)ks.getKey(alias, password);
X509Certificate c = (X509Certificate)ks.getCertificate(alias);
//Data to sign
byte[] dataToSign = text.getBytes("UTF-8");
//compute signature:
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(pKey);
signature.update(dataToSign);
byte[] signedData = signature.sign();
//load X500Name
X500Name xName = X500Name.asX500Name(c.getSubjectX500Principal());
//load serial number
BigInteger serial = c.getSerialNumber();
//laod digest algorithm
AlgorithmId digestAlgorithmId = new AlgorithmId(AlgorithmId.SHA_oid);
//load signing algorithm
AlgorithmId signAlgorithmId = new AlgorithmId(AlgorithmId.RSAEncryption_oid);
//Create SignerInfo:
SignerInfo sInfo = new SignerInfo(xName, serial, digestAlgorithmId, signAlgorithmId, signedData);
//Create ContentInfo:
ContentInfo cInfo = new ContentInfo(ContentInfo.DIGESTED_DATA_OID, new DerValue(DerValue.tag_OctetString, dataToSign));
//Create PKCS7 Signed data
PKCS7 p7 = new PKCS7(new AlgorithmId[] { digestAlgorithmId }, cInfo,
new java.security.cert.X509Certificate[] { /*cert,*/ },
new SignerInfo[] { sInfo });
//Write PKCS7 to bYteArray
ByteArrayOutputStream bOut = new DerOutputStream();
p7.encodeSignedData(bOut);
byte[] encoded = bOut.toByteArray();
print(encoded);
Output Java
length=264
3082010406092A864886F70D010702A081F63081F3020101310B300906052B0E03021A0500
301306092A864886F70D0 -> 10705A <- 0060404746578743181CB3081C8020101302630123110300E06
035504031307436F6D70616E790210FCAF9B5224FB4B9F4000B5127D881E2E300906052B0E0302
1A0500300D06092A864886F70D0101010500048180636ADD9F7E218AF3CBC5A75FA2076A53BE49
03DC864E87EBA3C1EE594FAACAFE93CA6F3410D847AC0C0ACB9FD88EC9CF6B00379FA9AD256C86
7204ED81E3FA2F8F492109FF87E81398B7B489B00A35914A2B51919DAAEC2BA87CEFB5AF52294E
2448B5B150D50A39BA0471A9AA1EA2B38A4E23BBA56E029842459F0D5BA3D511
. Output netto
length=264
3082010406092A864886F70D010702A081F63081F3020101310B300906052B0E03021A0500
301306092A864886F70D0 -> 10701A <- 0060404746578743181CB3081C8020101302630123110300E06
035504031307436F6D70616E790210FCAF9B5224FB4B9F4000B5127D881E2E300906052B0E0302
1A0500300D06092A864886F70D0101010500048180636ADD9F7E218AF3CBC5A75FA2076A53BE49
03DC864E87EBA3C1EE594FAACAFE93CA6F3410D847AC0C0ACB9FD88EC9CF6B00379FA9AD256C86
7204ED81E3FA2F8F492109FF87E81398B7B489B00A35914A2B51919DAAEC2BA87CEFB5AF52294E
2448B5B150D50A39BA0471A9AA1EA2B38A4E23BBA56E029842459F0D5BA3D511
Esempio di certificato esempio