我在我的应用程序中使用Sun的MSCAPI提供程序来检索签名证书。签名者的私钥是sun.security.mscapi.RSAPrivateKey。 IAIK似乎没有认识到这个类(见下面的错误)。我不懂为什么。我的问题有什么解决方案?
提前致谢!
java.security.NoSuchAlgorithmException: Error computing signature value: iaik.cms.CMSException: Unable to calculate signature: java.security.InvalidKeyException: Class does not represent an RSA key: sun.security.mscapi.RSAPrivateKey
at iaik.cms.SignedData.addSignerInfo(Unknown Source)
at testIaikCmsWithMsCAPIProvider.init(testIaikCmsWithMsCAPIProvider.java:69)
at testIaikCmsWithMsCAPIProvider.main(testIaikCmsWithMsCAPIProvider.java:39)
编辑:
这是我的“脏”类测试:
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.CMSException;
import iaik.cms.CMSParsingException;
import iaik.cms.ContentInfo;
import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.utils.Util;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class testIaikCmsWithMsCAPIProvider {
public static final String SunMscapiClassName = "sun.security.mscapi.SunMSCAPI";
private Provider provider;
private String providerName;
private String alias = "Sample Alias";
private X509Certificate signerCertificate;
private PrivateKey privateKey;
public static void main(String[] args) {
testIaikCmsWithMsCAPIProvider test = new testIaikCmsWithMsCAPIProvider();
test.init();
}
private void init() {
try {
Class<Provider> sunmscapiClass = (Class<Provider>)Class.forName(SunMscapiClassName);
Provider sunmscapiInstance = sunmscapiClass.newInstance();
Security.addProvider(sunmscapiInstance);
KeyStore ks = null;
ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null, null);
this.provider = ks.getProvider();
this.providerName = ks.getProvider().getName();
this.initMscapiProgrammaticMode(ks);
X509Certificate[] certificateChain = new X509Certificate[1];
certificateChain[0] = signerCertificate;
iaik.x509.X509Certificate[] iaikCertificateChain = Util.convertCertificateChain(certificateChain);
IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(iaikCertificateChain[0]);
AlgorithmID signatureAlg = AlgorithmID.rsaEncryption;
AlgorithmID digestAlg = AlgorithmID.sha1;
SignerInfo signerInfo = new SignerInfo(issuerSerial, digestAlg, signatureAlg, privateKey);
Path path = Paths.get("file.pdf");
byte[] signatureFileContent = Files.readAllBytes(path);
SignedData signedData = new SignedData(signatureFileContent, SignedData.EXPLICIT);
signedData.setCertificates(iaikCertificateChain);
signedData.addSignerInfo(signerInfo);
byte[] digitalSignature = new ContentInfo(signedData.getContentType()).getEncoded();
FileOutputStream fos = new FileOutputStream("signature.pdf");
fos.write(digitalSignature);
fos.close();
System.out.println(providerName + provider + alias + signerCertificate + privateKey.getClass());
}
catch(Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private void initMscapiProgrammaticMode(KeyStore ks) throws KeyStoreException, UnrecoverableKeyException,
NoSuchAlgorithmException {
X509Certificate javaCert = (X509Certificate)ks.getCertificate(this.alias);
this.signerCertificate = javaCert;
// retrieve associated private key
this.privateKey = (PrivateKey)ks.getKey(this.alias, null);
}
}
答案 0 :(得分:2)
非常简单,在尝试签名时,IAIK默认使用它自己的提供程序。现在我们要使用MSCAPI。这就是为什么我们需要他指定这一行,以便找到合适的提供者:
signedData.setSecurityProvider (new SecurityProvider ());