pkcs7signeddata.java
来自「bouncycastle 是一个JAVA安全提供者」· Java 代码 · 共 599 行 · 第 1/2 页
JAVA
599 行
// Copy in the certificates and crls used to sign the private key. // signCert = (X509Certificate)certChain[0]; for (int i = 0;i < certChain.length;i++) { certs.add(certChain[i]); } if (crlList != null) { for (int i = 0;i < crlList.length;i++) { crls.add(crlList[i]); } } // // Now we have private key, find out what the digestEncryptionAlgorithm is. // digestEncryptionAlgorithm = privKey.getAlgorithm(); if (digestEncryptionAlgorithm.equals("RSA")) { digestEncryptionAlgorithm = ID_RSA; } else if (digestEncryptionAlgorithm.equals("DSA")) { digestEncryptionAlgorithm = ID_DSA; } else { throw new NoSuchAlgorithmException("Unknown Key Algorithm "+digestEncryptionAlgorithm); } sig = Signature.getInstance(getDigestAlgorithm(), provider); sig.initSign(privKey); } /** * Get the algorithm used to calculate the message digest */ public String getDigestAlgorithm() { String da = digestAlgorithm; String dea = digestEncryptionAlgorithm; if (digestAlgorithm.equals(ID_MD5)) { da = "MD5"; } else if (digestAlgorithm.equals(ID_MD2)) { da = "MD2"; } else if (digestAlgorithm.equals(ID_SHA1)) { da = "SHA1"; } if (digestEncryptionAlgorithm.equals(ID_RSA)) { dea = "RSA"; } else if (digestEncryptionAlgorithm.equals(ID_DSA)) { dea = "DSA"; } return da + "with" + dea; } /** * Resets the PKCS7SignedData object to it's initial state, ready * to sign or verify a new buffer. */ public void reset() { try { if (privKey==null) { sig.initVerify(signCert.getPublicKey()); } else { sig.initSign(privKey); } } catch (Exception e) { throw new RuntimeException(e.toString()); } } /** * Get the X.509 certificates associated with this PKCS#7 object */ public Certificate[] getCertificates() { return (X509Certificate[])certs.toArray(new X509Certificate[0]); } /** * Get the X.509 certificate revocation lists associated with this PKCS#7 object */ public Collection getCRLs() { return crls; } /** * Get the X.509 certificate actually used to sign the digest. */ public X509Certificate getSigningCertificate() { return signCert; } /** * Get the version of the PKCS#7 object. Always 1 */ public int getVersion() { return version; } /** * Get the version of the PKCS#7 "SignerInfo" object. Always 1 */ public int getSigningInfoVersion() { return signerversion; } /** * Update the digest with the specified byte. This method is used both for signing and verifying */ public void update(byte buf) throws SignatureException { sig.update(buf); } /** * Update the digest with the specified bytes. This method is used both for signing and verifying */ public void update(byte[] buf, int off, int len) throws SignatureException { sig.update(buf, off, len); } /** * Verify the digest */ public boolean verify() throws SignatureException { return sig.verify(digest); } /** * Get the "issuer" from the TBSCertificate bytes that are passed in */ private DERObject getIssuer(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); } catch (IOException e) { throw new Error("IOException reading from ByteArray: "+e); } } /** * return the bytes for the PKCS7SignedData object. */ public byte[] getEncoded() { try { digest = sig.sign(); // Create the set of Hash algorithms. I've assumed this is the // set of all hash agorithms used to created the digest in the // "signerInfo" structure. I may be wrong. // ASN1EncodableVector v = new ASN1EncodableVector(); for (Iterator i = digestalgos.iterator(); i.hasNext();) { AlgorithmIdentifier a = new AlgorithmIdentifier( new DERObjectIdentifier((String)i.next()), null); v.add(a); } DERSet algos = new DERSet(v); // Create the contentInfo. Empty, I didn't implement this bit // DERSequence contentinfo = new DERSequence( new DERObjectIdentifier(ID_PKCS7_DATA)); // Get all the certificates // v = new ASN1EncodableVector(); for (Iterator i = certs.iterator();i.hasNext();) { ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded())); v.add(tempstream.readObject()); } DERSet dercertificates = new DERSet(v); // Create signerinfo structure. // ASN1EncodableVector signerinfo = new ASN1EncodableVector(); // Add the signerInfo version // signerinfo.add(new DERInteger(signerversion)); IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber( new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())), new DERInteger(signCert.getSerialNumber())); signerinfo.add(isAnds); // Add the digestAlgorithm // signerinfo.add(new AlgorithmIdentifier( new DERObjectIdentifier(digestAlgorithm), new DERNull())); // // Add the digestEncryptionAlgorithm // signerinfo.add(new AlgorithmIdentifier( new DERObjectIdentifier(digestEncryptionAlgorithm), new DERNull())); // // Add the digest // signerinfo.add(new DEROctetString(digest)); // // Finally build the body out of all the components above // ASN1EncodableVector body = new ASN1EncodableVector(); body.add(new DERInteger(version)); body.add(algos); body.add(contentinfo); body.add(new DERTaggedObject(false, 0, dercertificates)); if (crls.size()>0) { v = new ASN1EncodableVector(); for (Iterator i = crls.iterator();i.hasNext();) { ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL)i.next()).getEncoded())); v.add(t.readObject()); } DERSet dercrls = new DERSet(v); body.add(new DERTaggedObject(false, 1, dercrls)); } // Only allow one signerInfo // body.add(new DERSet(new DERSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.add(new DERTaggedObject(0, new DERSequence(body))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dout = new DEROutputStream(bOut); dout.writeObject(new DERSequence(whole)); dout.close(); return bOut.toByteArray(); } catch (Exception e) { throw new RuntimeException(e.toString()); } }}⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?