从Bouncy Castle中的ASN.1编码中检索CMSSignedData

时间:2017-06-22 15:56:31

标签: java bouncycastle asn.1 pkcs#7

在下面的代码中,我使用Bouncy Castle签署了一条消息:

import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

import java.io.FileInputStream;

import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;

public class Sign {

    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        String certPath = "certPath";
        FileInputStream inPublic = new FileInputStream(certPath);
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) factory.generateCertificate(inPublic);


        String keyPrivatePath = "keyPath";
        Path path = Paths.get(keyPrivatePath);
        Files.readAllBytes(Paths.get(keyPrivatePath));
        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Files.readAllBytes(Paths.get(keyPrivatePath)));
        KeyFactory kf = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = kf.generatePrivate(spec);

        CMSProcessableByteArray msg = new CMSProcessableByteArray("My message".getBytes());
        CMSSignedDataGenerator sGen = new CMSSignedDataGenerator();

        ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
        sGen.addSignerInfoGenerator(
                new JcaSignerInfoGeneratorBuilder(
                        new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()
                ).build(sha1Signer, cert)
        );

        CMSSignedData sd = sGen.generate(msg);

        CMSTypedData cmsBytes = new CMSProcessableByteArray(sd.getEncoded());
        // How to reconstruct a CMSSignedData from cmsBytes again?
        byte[] bytes = (byte[]) cmsBytes.getContent();
        CMSSignedData retrieved = new CMSSignedData(bytes);
        System.out.println(retrieved.getSignedContent()); // Doesn't work, is null
    }
}

我的问题是如何仅使用此对象的ASN.1编码的字节数组来检索原始CMSSignedData(想要读取原始消息并进行验证)。

我问这个的原因是,我想要解密某个加密和签名的邮件。我能够解密此消息,但它会产生一个ASN.1编码的字节数组(确实对应于我的原始消息),但我无法再处理这个解密的消息。

1 个答案:

答案 0 :(得分:0)

您可以使用课程thenCombineAsyncorg.bouncycastle.asn1.cms.ContentInfo

org.bouncycastle.asn1.ASN1Sequence

另请注意,您必须使用签名中封装的内容创建CMSTypedData cmsBytes = new CMSProcessableByteArray(sd.getEncoded()); byte[] bytes = (byte[]) cmsBytes.getContent(); // reconstruct CMSSignedData from the byte array ContentInfo ci = ContentInfo.getInstance(ASN1Sequence.fromByteArray(bytes)); CMSSignedData sig = new CMSSignedData(ci); ,因此您必须更改此内容:

CMSSignedData

对此:

CMSSignedData sd = sGen.generate(msg);