我正在尝试使用PKCS7签名和验证数据。当我验证由以下代码生成的CMSSignedData时,它工作正常, 但是如果我从先前创建的CMSSignedData的字节创建另一个CMSSignedData,它会给我异常。
PrivateKey key = (PrivateKey) keyStore.getKey(MyUtils.END_ENTITY_ALIAS,MyUtils.KEY_PASSWORD);
Certificate[] chain = keyStore.getCertificateChain(MyUtils.END_ENTITY_ALIAS);
CertStore certsAndCRLs = CertStore.getInstance("Collection",new CollectionCertStoreParameters(Arrays.asList(chain)), "BC");
X509Certificate cert = (X509Certificate) chain[0];
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner(key, cert, CMSSignedDataGenerator.DIGEST_SHA224);
gen.addCertificatesAndCRLs(certsAndCRLs);
CMSProcessable data = new CMSProcessableByteArray("Hello World !".getBytes());
// This CMSSignedData works fine
CMSSignedData signed = gen.generate(data, "BC");
signed = new CMSSignedData(data, signed.getEncoded());
//This CMSSignedData giving me exception
CMSSignedData signed2 = new CMSSignedData(signed.getEncoded());
发生以下异常:
org.bouncycastle.cms.CMSException: message-digest attribute value does not match calculated value
出了什么问题?