SignerID转换为BouncyCastle库中的X509CertSelector
我正在尝试validation特定邮件是否使用我自己的信任锚识别的实体证书中的有效签名进行签名。 我这样做:
public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception { CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = signedData.getSignerInfos(); Iterator it = signers.getSigners().iterator(); if (it.hasNext()){ SignerInformation signer = (SignerInformation)it.next(); X509CertSelector signerConstraints = signer.getSID(); PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs); return signer.verify(result.getPublicKey(), "BC"); } return false; } 但这一行给了我一个编译错误:
X509CertSelector signerConstraints = signer.getSID();
因为它无法从SignerId转换为X509CertSelector。 我尝试使用显式强制转换:
X509CertSelector signerConstraints = (CertSelector) signer.getSID();
和:
X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();
没有结果。 我怎样才能做到这一点? 谢谢
PS:请注意,此代码是从David Hook的“Beginning Cryptography with Java”中提取的,但它不能编译。
我昨天解决了自己的问题。 我认为这是与.jar相关的内容,作为外部存档包含在我的项目中。 现在,我正在使用这些:
bcprov-jdk16-145.jar bcmail-jdk16-145.jar
代替:
bcprov-jdk15on-147.jar bcmail-jdk15on-147.jar
也许旧版本不支持这种隐式演员。
编辑 :David Hook在http://bouncy-castle.1462172.n4.nabble.com/Problem-with-SignerID-and-X509CertSelector-td4620461.html的回答
使用org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter – 遗憾的是“Beginning Cryptography With Java”中的代码现在已经过时了。 猜猜我要再把文字处理器拿出去了。
问候,
大卫
使用BouncyCastle bcmail-jdk15on 1.52我成功地使用:
X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector(info.getSID().getSubjectKeyIdentifier()); X509CertSelector certSelector = new JcaX509CertSelectorConverter().getCertSelector(x509CertificateHolderSelector); @SuppressWarnings("unchecked") Collection certCollection = (Collection ) certs.getCertificates(certSelector);