我对证书概念很新,我想知道如何使用RSASSA-PSS算法验证证书的签名(OID - 1.2.840.113549.1.1.10)。
package com.learn.package.certificates;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class VerifyCertificate {
public static void main(String[] args) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
X509Certificate clientCert = ...;
X509Certificate caCert = ...;
c1.verify(c2.getPublicKey(), "BC");
}
}
正在运行我收到此错误..
Exception in thread "main" java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:449)
at com.learn.package.certificates.VerifyCertificate.main(VerifyCertificate.java:33)
我可以使用命令
通过openssl从命令行验证这些证书op verify -CAfile cacert.pem clientcert.pem
>> clientcert.pem: OK
我可能不确定我错过了什么(可能是微不足道的事情),但有人可以提供帮助吗?
提前致谢。