当前位置: 首页 > 知识库问答 >
问题:

BouncyCastle jars给出JDK 1.7的SHA1摘要错误

苏华藏
2023-03-14

对于我的项目,我必须对一个字符串进行数字签名,并且我正在使用bouncycastle JAR进行同样的签名。环境详情如下。

Weblogic 12c JSF,Primefaces Java版本:1.7.0\u 45 BC Jars:bcmail-jdk15on-152。jar,bcpkix-jdk15on-152。jar,bcprov-ext-jdk15on-152。jar,bcprov-jdk15on-152。罐子

或者,我使用了bcprov-jdk16-1.45。jar和bcmail-jdk16-1.45。jar也一样,但结果是一样的。我得到的错误是,

java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: SHA1WithRSAEncryption, provider: BC, class: org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption)
    at java.security.Provider$Service.newInstance(Provider.java:1262) ~[?:1.7.0_45]
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) ~[?:1.7.0_45]
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:206) ~[?:1.7.0_45]
    at java.security.Signature.getInstance(Signature.java:355) ~[?:1.7.0_45]
    at DigiSigner.sign(DigiSigner.java:185) [DigiSigner.class:?]
    ... 40 more
Caused by: java.lang.SecurityException: SHA1 digest error for org/bouncycastle/jce/provider/JDKDigestSignature$SHA1WithRSAEncryption.class
    at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:220) ~[?:1.7.0_45]
    at java.util.jar.JarVerifier.processEntry(JarVerifier.java:229) ~[?:1.7.0_45]
    at java.util.jar.JarVerifier.update(JarVerifier.java:216) ~[?:1.7.0_45]
    at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:471) ~[?:1.7.0_45]
    at sun.misc.Resource.getBytes(Resource.java:124) ~[?:1.7.0_45]
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:444) ~[?:1.7.0_45]
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71) ~[?:1.7.0_45]
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361) ~[?:1.7.0_45]
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355) ~[?:1.7.0_45]
    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_45]
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354) ~[?:1.7.0_45]
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425) ~[?:1.7.0_45]
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) ~[?:1.7.0_45]
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358) ~[?:1.7.0_45]
    at java.security.Provider$Service.getImplClass(Provider.java:1279) ~[?:1.7.0_45]
    at java.security.Provider$Service.newInstance(Provider.java:1237) ~[?:1.7.0_45]
    ... 44 more

DigiSigner.java的代码是

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;

import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

import sun.misc.BASE64Encoder;


@SuppressWarnings("rawtypes")
public class DigiSigner {
    private String certFilePath = null;
    private String pfxFilename = null;
    private String jksFilename = null;
    private String certPassword = null;
    private char[] certPasswordArr = null;
    private KeyStore keystore = null;
    CMSSignedDataGenerator sgen = null;


    @SuppressWarnings("unchecked")
    public DigiSigner(String certificatePrefix) throws IBException{
        ConfigManager config = ConfigManager.getConfigManager();
        this.certFilePath = "D:/Chintan/cert_files";
        this.pfxFilename = "chintan.pfx";
        this.jksFilename = "chintan.jks";
        this.certPassword = "abc123";

        certPasswordArr = certPassword.toCharArray();

        try{
            this.keystore = KeyStore.getInstance("jks");
            File jksFile = new File(certFilePath + "/" + jksFilename);
            if(!jksFile.exists()){
                this.createJKS();
            }
            InputStream input = new FileInputStream(certFilePath + "/" + jksFilename);
            keystore.load(input, certPasswordArr);

        }
        catch(KeyStoreException e){
            e.printStacktrace();
        } 
        catch (NoSuchAlgorithmException e) {
            e.printStacktrace();
        } 
        catch (CertificateException e) {
            e.printStacktrace();
        } 
        catch (IOException e) {
            e.printStacktrace();
        }
    }

    @SuppressWarnings("unchecked")
    public String sign(String dataToSign) throws IBException{
        String signedData = null;
        try {
            byte[] dataToSignArr = dataToSign.getBytes();
            Security.addProvider(new BouncyCastleProvider());
            Enumeration e = keystore.aliases();
            String alias = "";
            if(e != null){
                while(e.hasMoreElements()){
                    String  n = (String)e.nextElement();
                    if (keystore.isKeyEntry(n)){
                        alias = n;
                    }
                }
            }
            PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, certPasswordArr);
            Signature signature = Signature.getInstance("SHA1WithRSA", "BC");
            signature.initSign(privateKey);
            signature.update(dataToSignArr);

            //Build CMS
            X509Certificate cert = (X509Certificate) this.keystore.getCertificate(alias);
            List certList = new ArrayList();
            CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
            certList.add(cert);
            Store certs = new JcaCertStore(certList);
            CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
            ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
            gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert));
            gen.addCertificates(certs);
            CMSSignedData sigData = gen.generate(msg, false);
            BASE64Encoder encoder = new BASE64Encoder();
            signedData = encoder.encode((byte[]) sigData.getSignedContent().getContent());
            System.out.println("Signature is : " + signedData);     
        }
        catch(KeyStoreException e){
            e.printStacktrace();
        } 
        catch (NoSuchAlgorithmException e) {
            e.printStacktrace();
        }
        catch (NoSuchProviderException e) {
            e.printStacktrace();
        }
        catch (CMSException e) {
            e.printStacktrace();
        }
        catch (UnrecoverableKeyException e) {
            e.printStacktrace();
        } 
        catch (SignatureException e) {
            e.printStacktrace();
        }
        catch (InvalidKeyException e) {
            e.printStacktrace();
        }
        catch (CertificateEncodingException e) {
            e.printStacktrace();
        }
        catch (OperatorCreationException e) {
            e.printStacktrace();
        } 
        return signedData;
    }

    public void createJKS() throws IBException{
        try{
            File fileIn = new File(certFilePath + "/" + pfxFilename);
            File fileOut = new File(certFilePath + "/" + jksFilename);

            if(!fileIn.canRead()){
                throw new IBException("Unable to access input keystore: " + fileIn.getPath());
            }
            if(fileOut.exists() && !fileOut.canWrite()){
                throw new IBException("Output file is not writable: " + fileOut.getPath());
            }

            KeyStore kspkcs12 = KeyStore.getInstance("PKCS12");
            KeyStore ksjks = KeyStore.getInstance("jks");

            char inphrase[] = certPassword.toCharArray();
            char outphrase[] = certPassword.toCharArray();


            kspkcs12.load(new FileInputStream(fileIn), inphrase);
            ksjks.load(fileOut.exists() ? ((java.io.InputStream) (new FileInputStream(fileOut))) : null, outphrase);
            Enumeration eAliases = kspkcs12.aliases();
            do{
                if(!eAliases.hasMoreElements())
                    break;
                String strAlias = (String)eAliases.nextElement();
                if(kspkcs12.isKeyEntry(strAlias))
                {
                    java.security.Key key = kspkcs12.getKey(strAlias, inphrase);
                    Certificate chain[] = kspkcs12.getCertificateChain(strAlias);
                    ksjks.setKeyEntry(strAlias, key, outphrase, chain);
                }
            } 
            while(true);
            OutputStream out = new FileOutputStream(fileOut);
            ksjks.store(out, outphrase);
            out.close();
        }
        catch(KeyStoreException e){
            e.printStacktrace();
        }
        catch (NoSuchAlgorithmException e) {
            e.printStacktrace();
        } 
        catch (CertificateException e) {
            e.printStacktrace();
        }
        catch (FileNotFoundException e) {
            e.printStacktrace();
        }
        catch (IOException e) {
            e.printStacktrace();
        }
        catch (UnrecoverableKeyException e) {
            e.printStacktrace();
        } 
        System.out.println("Java Key Store created successfully");
    }
}

我引用了这个链接:Bouncycastle for JDK 1.7和PKCS库-但它对我不起作用。

错误在这一行:Signature Signature=Signature。getInstance(“SHA1WithRSA”,“BC”);

共有2个答案

颜楚青
2023-03-14

Bouncycastle支持的相关签名算法列表:

SHA1withRSA
SHA1withRSA/ISO9796-2
SHA1withRSA/PSS
SHA1withRSA/X9.31
SHA1withRSAEncryption
SHA1withRSAandMGF1

因此,它应该起作用!

我猜您的Java类路径有问题。您可能混合了不兼容的Bouncycastle Jar文件,如下所述。

您正在引用bcprov-ext-jdk15on-152.jarbcprov-jdk15on-152.jar。但只应采用其中之一。省略ext版本。

何涵畅
2023-03-14

如前所述,Weblogic包含一个无效的bcprov-jdk16-1.45.jar

尝试使用jarsigner实用程序验证MW_HOME/oracle_common/模块/bcprov-jdk16-1.45.jar

jarsigner -verify bcprov-jdk16-1.45.jar

抛出SecurityException:

jarsigner: java.lang.SecurityException: SHA1 digest error for org/bouncycastle/jce/ECKeyUtil$UnexpectedException.class

该文件与Maven存储库中成功通过验证的文件不同。

 类似资料:
  • 问题内容: 如果我将一个函数与regular一起使用,那么一切似乎都很好。但是,如果我使用,则会收到无限的摘要错误。 知道这里发生了什么吗?该视图确实渲染了输入,但是引发了无限错误摘要error。该文档也不是很有帮助。 问题答案: 问题在于,当对您的计算机求值时,Angular会调用您的测试函数并获取的结果。然后,Angular再次评估所有绑定,以查看是否所有内容都已解决。这意味着它将再次调用您的

  • 我有以下XML文件: 按以下顺序排列: 或 但这些尝试都行不通。是不是少了什么?(下面是我用来计算SHA-1摘要的C#方法: 源文件在这里:https://1fichier.com/?y9spk6g2zk 包含缩进的源文件:https://1fichier.com/?11r0i8izzt 我试图获得以下摘要:EuerOS8DACSBE3XQXBY5T+M07AI=

  • 我有绳子: 它的摘要值应该是 但是当我使用这个PHP代码 输出为 在SOAP中引用了规范化方法(http://www.w3.org/tr/2001/rec-xml-c14n-20010315)和摘要方法算法(http://www.w3.org/2000/09/xmldsig#sha1)。 多谢帮忙!

  • 实验概要 这一章的实验指导中,你将会学到: 单独生成 ELF 格式的用户程序,并打包进文件系统中 创建并运行用户进程 使用系统调用为用户程序提供服务

  • 实验概要 这一章的实验指导中,你将会学到: 设备树的概念和读取 virtio 总线协议 块设备驱动的实现 将块设备托管给文件系统

  • 实验概要 这一章的实验指导中,你将会学到: 线程和进程的概念以及运行状态的表示 线程的切换 对 CPU 进行抽象在上面完成对线程的调度