分离的数字签名验证失败,但没有以下算法例外:提供者SUN的SHA256WITHECDSA

时间:2019-10-22 10:28:44

标签: java digital-signature bouncycastle pkcs#7

我正在使用外部签名API在分离模式下对某些内容进行签名,外部API进行内容哈希(SHA256)并以PKCS#7(Base64编码)和X509证书签名者返回已签名的字节。现在,我要验证签名,为此,我正在使用以下代码。

Pom.xml 

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>nic.oad</groupId>
    <artifactId>verifysig</artifactId>
    <version>1.0-SNAPSHOT</version>
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>8</source>
                    <target>8</target>
                </configuration>
            </plugin>
        </plugins>
    </build>
    <dependencies>
        <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.63</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
            <version>1.63</version>
        </dependency>
    </dependencies>

</project>

VerifyDetachedSignature.java 



import org.bouncycastle.cms.*;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;

import java.io.ByteArrayInputStream;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;

public class VerifyDetachedSignature {
    public static void main (String ... args){
        String origContentBeforeSign = "hello dear";

        //Input for external API
        String sha256OfOrigContent = "b17c48764e2ffbfecaa252c449b38185a6ef1f47f179f60d5776d2660f568298";
        //Response form external API
        String userX509Cert = "MIIF3zCCBMegAwIBAgIUAI3+onmDwTHVrLb0ZQjf6ieazc0wDQYJKoZIhvcNAQELBQAwgcExCzAJBgNVBAYTAklOMQ4wDAYDVQQKEwVDLURBQzEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDzANBgNVBBETBjQxMTAwNzEUMBIGA1UECBMLTWFoYXJhc2h0cmExJTAjBgNVBAkTHFB1bmUgVW5pdmVyc2l0eSBDYW1wdXMsIFB1bmUxGjAYBgNVBDMTETFzdCBmbG9vciwgS2hvc2xhMRYwFAYDVQQDEw1DLURBQyBDQSAyMDE0MB4XDTE5MTAyMTExMTcwMVoXDTE5MTAyMTExNDcwMVowggE/MQ4wDAYDVQQGEwVJbmRpYTEOMAwGA1UECBMFRGVsaGkxETAPBgNVBAoTCFBlcnNvbmFsMRowGAYDVQQDExFEZXZpIFNpbmdoIFBpbHdhbDEPMA0GA1UEERMGMTEwMDc2MVMwUQYDVQQtA0oAMDEwMDA1NTlWL3YyXCtZeHpaYnh0M2lTVm9GMXNjZGE3R3QxelF6RlVXTjFhd0NyWk55YjlxODE3Zzlwd1NlUEVpUy9DVVFmWTEpMCcGA1UEQRMgMTg2M2FiYmZhOWJhNDk0NGI3Yjg5ZWI1YjQ4MWYyYmMxDTALBgNVBAwTBDEwMzExTjBMBgNVBC4TRTE5ODNNNDdkOTNhZDAwYzM0N2QwZjljM2ViMzFjNGQxODQyOGEzMDU3NzU1NzEwNWIyMWNiMmQ0Yjc3NDA5MzYxZDI5ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTOniWF/vD11jHGEwRL1FEBi4yClLQGea4zbSDuxQyb8gL33XoHBVA1uK1PVnQq65loSYhUq+XwRzizMtwki0qjggIXMIICEzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRDbqI8q4d+l+E9/zCocyhcaDTqZDATBgNVHSMEDDAKgAhBQ3LI5DRx/DAOBgNVHQ8BAf8EBAMCBsAwOQYDVR0fBDIwMDAuoCygKoYoaHR0cHM6Ly9lc2lnbi5jZGFjLmluL2NhL2VzaWduQ0EyMDE5LmNybDCCAT8GA1UdIASCATYwggEyMIIBAQYHYIJkZAEJAjCB9TAwBggrBgEFBQcCARYkaHR0cHM6Ly9lc2lnbi5jZGFjLmluL2NhL0NQUy9DUFMucGRmMIHABggrBgEFBQcCAjCBszA+FjpDZW50cmUgZm9yIERldmVsb3BtZW50IG9mIEFkdmFuY2VkIENvbXB1dGluZyAoQy1EQUMpLCBQdW5lMAAacVRoaXMgQ1BTIGlzIG93bmVkIGJ5IEMtREFDIGFuZCB1c2VycyBhcmUgcmVxdWVzdGVkIHRvIHJlYWQgQ1BTIGJlZm9yZSB1c2luZyB0aGUgQy1EQUMgQ0EncyBjZXJ0aWZpY2F0aW9uIHNlcnZpY2VzMCsGB2CCZGQCBAEwIDAeBggrBgEFBQcCAjASGhBBYWRoYWFyIGVLWUMtT1RQMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAoYoaHR0cHM6Ly9lc2lnbi5jZGFjLmluL2NhL0NEQUMtQ0EyMDE0LmRlcjANBgkqhkiG9w0BAQsFAAOCAQEAWfgVBA2kn31HZCWX8Jhikcd9vjaKhPIecN7hlrTx7BNzTFCksmuck17Lr6DowBkPuT7kYCAPVPKrUwkQ7w1VjGwTS9hTsb+aQYePO9JqoVQ9IpCS5Mz4m7ftPnd04PAwWwwpl62p1cuRPBgd1kGRuMBQPmGYIqEvddAZtcylXLmE3HaWngqE4bYm9dV3pevv3hzZPazz0fLVCLdxEAIg4bAcfaGbyhXj4JmX4AHk5HoNTY081mqP8GA98CyGIBmzVKmyMydRa3rCRGeHmTDRIc3VIA2GAsW/+A+Z6h3BNoXSwT2AA4SqaKVAkpHWmoYlbb0Ju0qTBzQst/Zs9xF/BQ==";
        String signedContentPKCS7 ="MIIPIwYJKoZIhvcNAQcCoIIPFDCCDxACAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGggg0yMIIDIzCCAgugAwIBAgICJ60wDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4xEjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcNMTQwMzA1MTAxMDQ5WhcNMjQwMzA1MTAxMDQ5WjA6MQswCQYDVQQGEwJJTjESMBAGA1UEChMJSW5kaWEgUEtJMRcwFQYDVQQDEw5DQ0EgSW5kaWEgMjAxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN7IUL2K/yINrn+sglna9CkJ1AVrbJYBvsylsCF3vhStQC9kb7t4FwX7s+6AAMSakL5GUDJxVVNhMqf/2paerAzFACVNR1AiMLsG7ima4pCDhFn7t9052BQRbLBCPg4wekx6j+QULQFeW9ViLV7hjkEhKffeuoc3YaDmkkPSmA2mz6QKbUWYUu4PqQPRCrkiDH0ikdqR9eyYhWyuI7Gm/pc0atYnp1sru3rtLCaLS0ST/N/ELDEUUY2wgxglgoqEEdMhSSBL1CzaA8Ck9PErpnqC7VL+sbSyAKeJ9n56FttQzkwYjdOHMrgJRZaPb2i5VoVo1ZFkQF3ZKfiJ25VH5+8CAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQrjFz22zV+EwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAdAUjv0myKyt8GC1niIZplrlksOWIR6yXLg4BhFj4ziULxsGK4Jj0sIJGCkNJeHl+Ng9UlU5EI+r89DRdrGBTF/I+g3RHcViPtOne9xEgWRMRYtWD7QZe5FvoSSGkW9aV6D4iGLPBQML6FDUkQzW9CYDCFgGC2+awRMx61dQVXiFv3Nbkqa1Pejcel8NMAmxjfm5nZMd3Ft13hy3fNF6UzsOnBtMbyZWhS8Koj2KFfSUGX+M/DS1TG2ZujwKKXCuKq7+67m0WF6zohoHJbqjkmKX34zkuFnoXaXco9NkOi0RBvLCiqR2lKfzLM7B69bje+z0EqnRNo5+s8PWSdy+xtMIIEJDCCAwygAwIBAgICJ8AwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4xEjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcNMTYwNzI4MDkyNTE4WhcNMjQwMzA1MDYzMDAwWjCBwTELMAkGA1UEBhMCSU4xDjAMBgNVBAoTBUMtREFDMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEPMA0GA1UEERMGNDExMDA3MRQwEgYDVQQIEwtNYWhhcmFzaHRyYTElMCMGA1UECRMcUHVuZSBVbml2ZXJzaXR5IENhbXB1cywgUHVuZTEaMBgGA1UEMxMRMXN0IGZsb29yLCBLaG9zbGExFjAUBgNVBAMTDUMtREFDIENBIDIwMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYxLdnqHi9Kq57pJuv0ijLCcsbFWirh3vKvoWmxX+i5WacwDZqbF6Oia5aHEgLL0YPeJ+FBNoEAYrDvIGc+UmkAKvM/6+KN+/lhDf6TBDMNntCsZ45GrkLcsUXHu9MLEqcAUOku8T6aD/JexF2E5Sg//exL9xvUwwa4TgQm8N1rZBPm5cOPkn3YRerfzHKjoxDwxIN3iVS5BjjbJrwGbcOb+yqZo7xKNdHlDKljEYNFpkYWD7rhDrOlPq3IIOi74b1WpoT67//fkHu1qYFuUHU5mwkqRZ6gGlH6rYYx9LoLN2Gch8f7IcujvxJLaX5Q57pKiWBFa4FFhIZrupJ66NRAgMBAAGjgaswgagwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNVHQ4ECgQIQUNyyOQ0cfwwEgYDVR0gBAswCTAHBgVggmRkAjATBgNVHSMEDDAKgAhCuMXPbbNX4TAOBgNVHQ8BAf8EBAMCAQYwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NjYS5nb3YuaW4vcncvcmVzb3VyY2VzL0NDQUluZGlhMjAxNExhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADggEBAL+ELhdhs5EJmH4G8Allsf+JXnI1Wo/xgDBj0XvvhFD+4L0ZlKwm3Z7c21x4xw/AIUdhJ3YTXhih9HiJxAzS7trWmBRyEv3ebG5nQpID+uCAYjgd+SAStUK58Dm6ztiS06RtE5X780tdIEMDCFQDIcRpwqhGGGoapE7V7r0eXUoSEd+Ba0OxxmBqz5ebKR+XEM9//UHMvkObow/ZFR8IRZzFbWbUIVRbYtvO8ZCUMFlGwijGzpbDZPKxiYurY6TK1vVoJ54Cr0amkImQtaJNMLjOXCBS0K2jxguiT2jHoQ8L+mt5aNETT9HHkeZJorM+V6kqSy6zXMhhzIaO7DsFAbkwggXfMIIEx6ADAgECAhQAjf6ieYPBMdWstvRlCN/qJ5rNzTANBgkqhkiG9w0BAQsFADCBwTELMAkGA1UEBhMCSU4xDjAMBgNVBAoTBUMtREFDMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEPMA0GA1UEERMGNDExMDA3MRQwEgYDVQQIEwtNYWhhcmFzaHRyYTElMCMGA1UECRMcUHVuZSBVbml2ZXJzaXR5IENhbXB1cywgUHVuZTEaMBgGA1UEMxMRMXN0IGZsb29yLCBLaG9zbGExFjAUBgNVBAMTDUMtREFDIENBIDIwMTQwHhcNMTkxMDIxMTExNzAxWhcNMTkxMDIxMTE0NzAxWjCCAT8xDjAMBgNVBAYTBUluZGlhMQ4wDAYDVQQIEwVEZWxoaTERMA8GA1UEChMIUGVyc29uYWwxGjAYBgNVBAMTEURldmkgU2luZ2ggUGlsd2FsMQ8wDQYDVQQREwYxMTAwNzYxUzBRBgNVBC0DSgAwMTAwMDU1OVYvdjJcK1l4elpieHQzaVNWb0Yxc2NkYTdHdDF6UXpGVVdOMWF3Q3JaTnliOXE4MTdnOXB3U2VQRWlTL0NVUWZZMSkwJwYDVQRBEyAxODYzYWJiZmE5YmE0OTQ0YjdiODllYjViNDgxZjJiYzENMAsGA1UEDBMEMTAzMTFOMEwGA1UELhNFMTk4M000N2Q5M2FkMDBjMzQ3ZDBmOWMzZWIzMWM0ZDE4NDI4YTMwNTc3NTU3MTA1YjIxY2IyZDRiNzc0MDkzNjFkMjlkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5M6eJYX+8PXWMcYTBEvUUQGLjIKUtAZ5rjNtIO7FDJvyAvfdegcFUDW4rU9WdCrrmWhJiFSr5fBHOLMy3CSLSqOCAhcwggITMAkGA1UdEwQCMAAwHQYDVR0OBBYEFENuojyrh36X4T3/MKhzKFxoNOpkMBMGA1UdIwQMMAqACEFDcsjkNHH8MA4GA1UdDwEB/wQEAwIGwDA5BgNVHR8EMjAwMC6gLKAqhihodHRwczovL2VzaWduLmNkYWMuaW4vY2EvZXNpZ25DQTIwMTkuY3JsMIIBPwYDVR0gBIIBNjCCATIwggEBBgdggmRkAQkCMIH1MDAGCCsGAQUFBwIBFiRodHRwczovL2VzaWduLmNkYWMuaW4vY2EvQ1BTL0NQUy5wZGYwgcAGCCsGAQUFBwICMIGzMD4WOkNlbnRyZSBmb3IgRGV2ZWxvcG1lbnQgb2YgQWR2YW5jZWQgQ29tcHV0aW5nIChDLURBQyksIFB1bmUwABpxVGhpcyBDUFMgaXMgb3duZWQgYnkgQy1EQUMgYW5kIHVzZXJzIGFyZSByZXF1ZXN0ZWQgdG8gcmVhZCBDUFMgYmVmb3JlIHVzaW5nIHRoZSBDLURBQyBDQSdzIGNlcnRpZmljYXRpb24gc2VydmljZXMwKwYHYIJkZAIEATAgMB4GCCsGAQUFBwICMBIaEEFhZGhhYXIgZUtZQy1PVFAwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAChihodHRwczovL2VzaWduLmNkYWMuaW4vY2EvQ0RBQy1DQTIwMTQuZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQBZ+BUEDaSffUdkJZfwmGKRx32+NoqE8h5w3uGWtPHsE3NMUKSya5yTXsuvoOjAGQ+5PuRgIA9U8qtTCRDvDVWMbBNL2FOxv5pBh4870mqhVD0ikJLkzPibt+0+d3Tg8DBbDCmXranVy5E8GB3WQZG4wFA+YZgioS910Bm1zKVcuYTcdpaeCoThtib11Xel6+/eHNk9rPPR8tUIt3EQAiDhsBx9oZvKFePgmZfgAeTkeg1NjTzWao/wYD3wLIYgGbNUqbIzJ1FresJEZ4eZMNEhzdUgDYYCxb/4D5nqHcE2hdLBPYADhKpopUCSkdaahiVtvQm7SpMHNCy39mz3EX8FMYIBtTCCAbECAQEwgdowgcExCzAJBgNVBAYTAklOMQ4wDAYDVQQKEwVDLURBQzEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDzANBgNVBBETBjQxMTAwNzEUMBIGA1UECBMLTWFoYXJhc2h0cmExJTAjBgNVBAkTHFB1bmUgVW5pdmVyc2l0eSBDYW1wdXMsIFB1bmUxGjAYBgNVBDMTETFzdCBmbG9vciwgS2hvc2xhMRYwFAYDVQQDEw1DLURBQyBDQSAyMDE0AhQAjf6ieYPBMdWstvRlCN/qJ5rNzTANBglghkgBZQMEAgEFAKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MTAyMTExMTcwMVowLwYJKoZIhvcNAQkEMSIEILF8SHZOL/v+yqJSxEmzgYWm7x9H8Xn2DVd20mYPVoKYMAwGCCqGSM49BAMCBQAERzBFAiEA5yYdKoT8jppsvsajBDDwCIUMHjB7ZE1Fz4Lzdu+/r5YCIBYfT2JWSiVfn51pyC/iAwdC+x6zvYOk1fPMcrGj79fU";

        try {
            byte[] signedByte = Base64.getDecoder().decode(signedContentPKCS7);
            byte base64EncodedCert[] = Base64.getDecoder().decode(userX509Cert);
            ByteArrayInputStream inputStream  =  new ByteArrayInputStream(base64EncodedCert);

            Security.addProvider(new BouncyCastleProvider());

            CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(sha256OfOrigContent.getBytes()), signedByte);
            SignerInformationStore signers = s.getSignerInfos();
            SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next();

            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate)cf.generateCertificates(inputStream).iterator().next();
            System.out.println(cert.getSigAlgName());
            JcaSimpleSignerInfoVerifierBuilder obj = new JcaSimpleSignerInfoVerifierBuilder();
            obj.setProvider("SUN");
            boolean result = signerInfo.verify(obj.build(cert.getPublicKey()));
            System.out.println("Verified: "+result);
        } catch (CertificateException | CMSException
                | OperatorCreationException
                e) {
            e.printStackTrace();
        }



    }
}

我在执行代码时遇到异常。

org.bouncycastle.cms.CMSException: can't create content verifier: exception on setup: java.security.NoSuchAlgorithmException: no such algorithm: SHA256WITHECDSA for provider SUN
    at org.bouncycastle.cms.SignerInformation.doVerify(Unknown Source)
    at org.bouncycastle.cms.SignerInformation.verify(Unknown Source)
    at VerifyDetachedSignature.main(VerifyDetachedSignature.java:41)
Caused by: org.bouncycastle.operator.OperatorCreationException: exception on setup: java.security.NoSuchAlgorithmException: no such algorithm: SHA256WITHECDSA for provider SUN
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignature(Unknown Source)
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source)
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source)
    at org.bouncycastle.cms.SignerInformationVerifier.getContentVerifier(Unknown Source)
    ... 3 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256WITHECDSA for provider SUN
    at sun.security.jca.GetInstance.getService(GetInstance.java:87)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
    at java.security.Signature.getInstance(Signature.java:361)
    at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createSignature(Unknown Source)
    at org.bouncycastle.operator.jcajce.OperatorHelper.createSignature(Unknown Source)
    ... 7 more
Disconnected from the target VM, address: '127.0.0.1:63442', transport: 'socket'

Process finished with exit code 0

我正在使用Java版本1.8.0_221 我还尝试过使用here

中提到的JDK / JRE的Java密码学扩展(JCE)无限强度管辖权策略文件

有人可以指导我,我想念什么或做错什么了吗?

0 个答案:

没有答案
相关问题
最新问题