TimeStampToken类(bctsp-jdk16-1.46.jar)中有两种验证方法,其中一种已弃用。
不推荐使用的方法使用X509Certificate作为参数,并且很容易创建。
InputStream inPFX = getClass().getClassLoader().getResourceAsStream("tsp.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate cert = (X509Certificate) cf.generateCertificate(inPFX);
// The validate method just takes the X509Certificate object
token.validate(cert, "BC");
新方法使用SignerInformationVerifier对象。我找到了一种创建SignerInformationVerifier的方法(不确定这是正确的方法),但我仍然需要X509CertificateHolder对象。
如何从文件系统上的文件(* .cer文件)创建X509CertificateHolder
这是创建SignerInformationVerifier来验证TimeStampToken的正确方法吗?
我当前的代码如下所示:
TimeStampToken token = new TimeStampToken(new CMSSignedData(response));
X509CertificateHolder x = // HOW TODO THIS?
// create the SignerInformationVerifier object
DigestAlgorithmIdentifierFinder daif = new DefaultDigestAlgorithmIdentifierFinder();
DigestCalculatorProvider dcp = new BcDigestCalculatorProvider();
SignerInformationVerifier siv = new BcRSASignerInfoVerifierBuilder(daif, dcp).build(x509ch);
// use the new validate method
token.validate(siv);
最佳答案
尝试这个
TimeStampToken token = new TimeStampToken(new CMSSignedData(response));
InputStream in = new FileInputStream("tsp.cer");
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(in);
//RSA Signature processing with BC
X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
SignerInformationVerifier siv = new BcRSASignerInfoVerifierBuilder(new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(holder);
//Signature processing with JCA and other provider
//X509CertificateHolder holderJca = new JcaX509CertificateHolder(cert);
//SignerInformationVerifier sivJca = new JcaSimpleSignerInfoVerifierBuilder().setProvider("anotherprovider").build(holderJca);
token.validate(siv);
请查看BC Version 2 APIs文档的“验证SignerInformation对象”部分,以获取有关使用BC API进行签名验证的其他信息。
您正在以正确的方式创建
SignerInformationVerifier
,您可以在示例代码中找到附加的另一种为基于JCA / JCE提供程序的解决方案创建SignerInformationVerifier
的方法。