verifying detached signature with BC

后端未结

关注

 3  1780

陌清茗 2020-12-16 03:54

How can I verify a detached signature (CMS/pkcs #7 signature) using the BouncyCastle provider in Java?

Currently, my code below throws an exception with the message

3条回答

悲&欢浪女 (楼主)

2020-12-16 04:50

the key for verify detached pKCS7 is use of CMSTypedStream ,like code bellow:

public void verifySign(byte[] signedData,byte[]bPlainText) throws Exception {
                InputStream is  = new ByteArrayInputStream(bPlainText);             
                CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream (is),signedData);
                CMSTypedStream signedContent = sp.getSignedContent();           

                 signedContent.drain();





                  //CMSSignedData s = new CMSSignedData(signedData); 
                  Store certStore = sp.getCertificates(); 

                  SignerInformationStore signers = sp.getSignerInfos(); 
                    Collection c = signers.getSigners();
                    Iterator it = c.iterator();
                    while (it.hasNext()) 
                    { 
                        SignerInformation signer = (SignerInformation)it.next(); 
                        Collection certCollection = certStore.getMatches(signer.getSID()); 

                        Iterator certIt = certCollection.iterator(); 

                        X509CertificateHolder certHolder = (X509CertificateHolder)certIt.next(); 




                        if ( !signer.verify(new 
            JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder))) 
                        { 
                            throw new DENException("Verification FAILED! "); 

                        } 
                        else
                        {
                            logger.debug("verify success" );
                        }


                    } 
    }

0 讨论(0)

查看其它3个回答