📄 pkcs7signeddata.java
字号:
//
// Copy in the certificates and crls used to sign the private key.
//
signCert = (X509Certificate)certChain[0];
for (int i = 0;i < certChain.length;i++)
{
certs.add(certChain[i]);
}
if (crlList != null)
{
for (int i = 0;i < crlList.length;i++)
{
crls.add(crlList[i]);
}
}
//
// Now we have private key, find out what the digestEncryptionAlgorithm is.
//
digestEncryptionAlgorithm = privKey.getAlgorithm();
if (digestEncryptionAlgorithm.equals("RSA"))
{
digestEncryptionAlgorithm = ID_RSA;
}
else if (digestEncryptionAlgorithm.equals("DSA"))
{
digestEncryptionAlgorithm = ID_DSA;
}
else
{
throw new NoSuchAlgorithmException("Unknown Key Algorithm "+digestEncryptionAlgorithm);
}
sig = Signature.getInstance(getDigestAlgorithm(), provider);
sig.initSign(privKey);
}
/**
* Get the algorithm used to calculate the message digest
*/
public String getDigestAlgorithm()
{
String da = digestAlgorithm;
String dea = digestEncryptionAlgorithm;
if (digestAlgorithm.equals(ID_MD5))
{
da = "MD5";
}
else if (digestAlgorithm.equals(ID_MD2))
{
da = "MD2";
}
else if (digestAlgorithm.equals(ID_SHA1))
{
da = "SHA1";
}
if (digestEncryptionAlgorithm.equals(ID_RSA))
{
dea = "RSA";
}
else if (digestEncryptionAlgorithm.equals(ID_DSA))
{
dea = "DSA";
}
return da + "with" + dea;
}
/**
* Resets the PKCS7SignedData object to it's initial state, ready
* to sign or verify a new buffer.
*/
public void reset()
{
try
{
if (privKey==null)
{
sig.initVerify(signCert.getPublicKey());
}
else
{
sig.initSign(privKey);
}
}
catch (Exception e)
{
throw new RuntimeException(e.toString());
}
}
/**
* Get the X.509 certificates associated with this PKCS#7 object
*/
public Certificate[] getCertificates()
{
return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]);
}
/**
* Get the X.509 certificate revocation lists associated with this PKCS#7 object
*/
public Collection getCRLs()
{
return crls;
}
/**
* Get the X.509 certificate actually used to sign the digest.
*/
public X509Certificate getSigningCertificate()
{
return signCert;
}
/**
* Get the version of the PKCS#7 object. Always 1
*/
public int getVersion()
{
return version;
}
/**
* Get the version of the PKCS#7 "SignerInfo" object. Always 1
*/
public int getSigningInfoVersion()
{
return signerversion;
}
/**
* Update the digest with the specified byte. This method is used both for signing and verifying
*/
public void update(byte buf)
throws SignatureException
{
sig.update(buf);
}
/**
* Update the digest with the specified bytes. This method is used both for signing and verifying
*/
public void update(byte[] buf, int off, int len)
throws SignatureException
{
sig.update(buf, off, len);
}
/**
* Verify the digest
*/
public boolean verify()
throws SignatureException
{
return sig.verify(digest);
}
/**
* Get the "issuer" from the TBSCertificate bytes that are passed in
*/
private DERObject getIssuer(byte[] enc)
{
try
{
DERInputStream in = new DERInputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
}
catch (IOException e)
{
throw new Error("IOException reading from ByteArray: "+e);
}
}
/**
* return the bytes for the PKCS7SignedData object.
*/
public byte[] getEncoded()
{
try
{
digest = sig.sign();
// Create the set of Hash algorithms. I've assumed this is the
// set of all hash agorithms used to created the digest in the
// "signerInfo" structure. I may be wrong.
//
ASN1EncodableVector v = new ASN1EncodableVector();
for (Iterator i = digestalgos.iterator(); i.hasNext();)
{
AlgorithmIdentifier a = new AlgorithmIdentifier(
new DERObjectIdentifier((String)i.next()),
null);
v.add(a);
}
DERSet algos = new DERSet(v);
// Create the contentInfo. Empty, I didn't implement this bit
//
DERSequence contentinfo = new DERSequence(
new DERObjectIdentifier(ID_PKCS7_DATA));
// Get all the certificates
//
v = new ASN1EncodableVector();
for (Iterator i = certs.iterator();i.hasNext();)
{
DERInputStream tempstream = new DERInputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded()));
v.add(tempstream.readObject());
}
DERSet dercertificates = new DERSet(v);
// Create signerinfo structure.
//
ASN1EncodableVector signerinfo = new ASN1EncodableVector();
// Add the signerInfo version
//
signerinfo.add(new DERInteger(signerversion));
IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber(
new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())),
new DERInteger(signCert.getSerialNumber()));
signerinfo.add(isAnds);
// Add the digestAlgorithm
//
signerinfo.add(new AlgorithmIdentifier(
new DERObjectIdentifier(digestAlgorithm),
new DERNull()));
//
// Add the digestEncryptionAlgorithm
//
signerinfo.add(new AlgorithmIdentifier(
new DERObjectIdentifier(digestEncryptionAlgorithm),
new DERNull()));
//
// Add the digest
//
signerinfo.add(new DEROctetString(digest));
//
// Finally build the body out of all the components above
//
ASN1EncodableVector body = new ASN1EncodableVector();
body.add(new DERInteger(version));
body.add(algos);
body.add(contentinfo);
body.add(new DERTaggedObject(false, 0, dercertificates));
if (crls.size()>0) {
v = new ASN1EncodableVector();
for (Iterator i = crls.iterator();i.hasNext();) {
DERInputStream t = new DERInputStream(new ByteArrayInputStream((((X509CRL)i.next()).getEncoded())));
v.add(t.readObject());
}
DERSet dercrls = new DERSet(v);
body.add(new DERTaggedObject(false, 1, dercrls));
}
// Only allow one signerInfo
//
body.add(new DERSet(new DERSequence(signerinfo)));
// Now we have the body, wrap it in it's PKCS7Signed shell
// and return it
//
ASN1EncodableVector whole = new ASN1EncodableVector();
whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new DERTaggedObject(0, new DERSequence(body)));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dout = new DEROutputStream(bOut);
dout.writeObject(new DERSequence(whole));
dout.close();
return bOut.toByteArray();
}
catch (Exception e)
{
throw new RuntimeException(e.toString());
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -