问题:
BouncyCastle jars给出JDK 1.7的SHA1摘要错误
苏华藏
对于我的项目,我必须对一个字符串进行数字签名,并且我正在使用bouncycastle JAR进行同样的签名。环境详情如下。
Weblogic 12c JSF,Primefaces Java版本:1.7.0\u 45 BC Jars:bcmail-jdk15on-152。jar,bcpkix-jdk15on-152。jar,bcprov-ext-jdk15on-152。jar,bcprov-jdk15on-152。罐子
或者,我使用了bcprov-jdk16-1.45。jar和bcmail-jdk16-1.45。jar也一样,但结果是一样的。我得到的错误是,
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: SHA1WithRSAEncryption, provider: BC, class: org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption)
at java.security.Provider$Service.newInstance(Provider.java:1262) ~[?:1.7.0_45]
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) ~[?:1.7.0_45]
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206) ~[?:1.7.0_45]
at java.security.Signature.getInstance(Signature.java:355) ~[?:1.7.0_45]
at DigiSigner.sign(DigiSigner.java:185) [DigiSigner.class:?]
... 40 more
Caused by: java.lang.SecurityException: SHA1 digest error for org/bouncycastle/jce/provider/JDKDigestSignature$SHA1WithRSAEncryption.class
at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:220) ~[?:1.7.0_45]
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:229) ~[?:1.7.0_45]
at java.util.jar.JarVerifier.update(JarVerifier.java:216) ~[?:1.7.0_45]
at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:471) ~[?:1.7.0_45]
at sun.misc.Resource.getBytes(Resource.java:124) ~[?:1.7.0_45]
at java.net.URLClassLoader.defineClass(URLClassLoader.java:444) ~[?:1.7.0_45]
at java.net.URLClassLoader.access$100(URLClassLoader.java:71) ~[?:1.7.0_45]
at java.net.URLClassLoader$1.run(URLClassLoader.java:361) ~[?:1.7.0_45]
at java.net.URLClassLoader$1.run(URLClassLoader.java:355) ~[?:1.7.0_45]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_45]
at java.net.URLClassLoader.findClass(URLClassLoader.java:354) ~[?:1.7.0_45]
at java.lang.ClassLoader.loadClass(ClassLoader.java:425) ~[?:1.7.0_45]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) ~[?:1.7.0_45]
at java.lang.ClassLoader.loadClass(ClassLoader.java:358) ~[?:1.7.0_45]
at java.security.Provider$Service.getImplClass(Provider.java:1279) ~[?:1.7.0_45]
at java.security.Provider$Service.newInstance(Provider.java:1237) ~[?:1.7.0_45]
... 44 more
DigiSigner.java的代码是
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;
import sun.misc.BASE64Encoder;
@SuppressWarnings("rawtypes")
public class DigiSigner {
private String certFilePath = null;
private String pfxFilename = null;
private String jksFilename = null;
private String certPassword = null;
private char[] certPasswordArr = null;
private KeyStore keystore = null;
CMSSignedDataGenerator sgen = null;
@SuppressWarnings("unchecked")
public DigiSigner(String certificatePrefix) throws IBException{
ConfigManager config = ConfigManager.getConfigManager();
this.certFilePath = "D:/Chintan/cert_files";
this.pfxFilename = "chintan.pfx";
this.jksFilename = "chintan.jks";
this.certPassword = "abc123";
certPasswordArr = certPassword.toCharArray();
try{
this.keystore = KeyStore.getInstance("jks");
File jksFile = new File(certFilePath + "/" + jksFilename);
if(!jksFile.exists()){
this.createJKS();
}
InputStream input = new FileInputStream(certFilePath + "/" + jksFilename);
keystore.load(input, certPasswordArr);
}
catch(KeyStoreException e){
e.printStacktrace();
}
catch (NoSuchAlgorithmException e) {
e.printStacktrace();
}
catch (CertificateException e) {
e.printStacktrace();
}
catch (IOException e) {
e.printStacktrace();
}
}
@SuppressWarnings("unchecked")
public String sign(String dataToSign) throws IBException{
String signedData = null;
try {
byte[] dataToSignArr = dataToSign.getBytes();
Security.addProvider(new BouncyCastleProvider());
Enumeration e = keystore.aliases();
String alias = "";
if(e != null){
while(e.hasMoreElements()){
String n = (String)e.nextElement();
if (keystore.isKeyEntry(n)){
alias = n;
}
}
}
PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, certPasswordArr);
Signature signature = Signature.getInstance("SHA1WithRSA", "BC");
signature.initSign(privateKey);
signature.update(dataToSignArr);
//Build CMS
X509Certificate cert = (X509Certificate) this.keystore.getCertificate(alias);
List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
certList.add(cert);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(msg, false);
BASE64Encoder encoder = new BASE64Encoder();
signedData = encoder.encode((byte[]) sigData.getSignedContent().getContent());
System.out.println("Signature is : " + signedData);
}
catch(KeyStoreException e){
e.printStacktrace();
}
catch (NoSuchAlgorithmException e) {
e.printStacktrace();
}
catch (NoSuchProviderException e) {
e.printStacktrace();
}
catch (CMSException e) {
e.printStacktrace();
}
catch (UnrecoverableKeyException e) {
e.printStacktrace();
}
catch (SignatureException e) {
e.printStacktrace();
}
catch (InvalidKeyException e) {
e.printStacktrace();
}
catch (CertificateEncodingException e) {
e.printStacktrace();
}
catch (OperatorCreationException e) {
e.printStacktrace();
}
return signedData;
}
public void createJKS() throws IBException{
try{
File fileIn = new File(certFilePath + "/" + pfxFilename);
File fileOut = new File(certFilePath + "/" + jksFilename);
if(!fileIn.canRead()){
throw new IBException("Unable to access input keystore: " + fileIn.getPath());
}
if(fileOut.exists() && !fileOut.canWrite()){
throw new IBException("Output file is not writable: " + fileOut.getPath());
}
KeyStore kspkcs12 = KeyStore.getInstance("PKCS12");
KeyStore ksjks = KeyStore.getInstance("jks");
char inphrase[] = certPassword.toCharArray();
char outphrase[] = certPassword.toCharArray();
kspkcs12.load(new FileInputStream(fileIn), inphrase);
ksjks.load(fileOut.exists() ? ((java.io.InputStream) (new FileInputStream(fileOut))) : null, outphrase);
Enumeration eAliases = kspkcs12.aliases();
do{
if(!eAliases.hasMoreElements())
break;
String strAlias = (String)eAliases.nextElement();
if(kspkcs12.isKeyEntry(strAlias))
{
java.security.Key key = kspkcs12.getKey(strAlias, inphrase);
Certificate chain[] = kspkcs12.getCertificateChain(strAlias);
ksjks.setKeyEntry(strAlias, key, outphrase, chain);
}
}
while(true);
OutputStream out = new FileOutputStream(fileOut);
ksjks.store(out, outphrase);
out.close();
}
catch(KeyStoreException e){
e.printStacktrace();
}
catch (NoSuchAlgorithmException e) {
e.printStacktrace();
}
catch (CertificateException e) {
e.printStacktrace();
}
catch (FileNotFoundException e) {
e.printStacktrace();
}
catch (IOException e) {
e.printStacktrace();
}
catch (UnrecoverableKeyException e) {
e.printStacktrace();
}
System.out.println("Java Key Store created successfully");
}
}
我引用了这个链接:Bouncycastle for JDK 1.7和PKCS库-但它对我不起作用。
错误在这一行:Signature Signature=Signature。getInstance(“SHA1WithRSA”,“BC”);
共有2个答案
颜楚青
Bouncycastle支持的相关签名算法列表:
SHA1withRSA
SHA1withRSA/ISO9796-2
SHA1withRSA/PSS
SHA1withRSA/X9.31
SHA1withRSAEncryption
SHA1withRSAandMGF1
因此,它应该起作用!
我猜您的Java类路径有问题。您可能混合了不兼容的Bouncycastle Jar文件,如下所述。
您正在引用bcprov-ext-jdk15on-152.jar和bcprov-jdk15on-152.jar。但只应采用其中之一。省略ext版本。
何涵畅
如前所述,Weblogic包含一个无效的bcprov-jdk16-1.45.jar
尝试使用jarsigner实用程序验证MW_HOME/oracle_common/模块/bcprov-jdk16-1.45.jar:
jarsigner -verify bcprov-jdk16-1.45.jar
抛出SecurityException:
jarsigner: java.lang.SecurityException: SHA1 digest error for org/bouncycastle/jce/ECKeyUtil$UnexpectedException.class
该文件与Maven存储库中成功通过验证的文件不同。
类似资料:
-
问题内容: 如果我将一个函数与regular一起使用,那么一切似乎都很好。但是,如果我使用,则会收到无限的摘要错误。 知道这里发生了什么吗?该视图确实渲染了输入,但是引发了无限错误摘要error。该文档也不是很有帮助。 问题答案: 问题在于,当对您的计算机求值时,Angular会调用您的测试函数并获取的结果。然后,Angular再次评估所有绑定,以查看是否所有内容都已解决。这意味着它将再次调用您的
-
我有以下XML文件: 按以下顺序排列: 或 但这些尝试都行不通。是不是少了什么?(下面是我用来计算SHA-1摘要的C#方法: 源文件在这里:https://1fichier.com/?y9spk6g2zk 包含缩进的源文件:https://1fichier.com/?11r0i8izzt 我试图获得以下摘要:EuerOS8DACSBE3XQXBY5T+M07AI=
-
我有绳子: 它的摘要值应该是 但是当我使用这个PHP代码 输出为 在SOAP中引用了规范化方法(http://www.w3.org/tr/2001/rec-xml-c14n-20010315)和摘要方法算法(http://www.w3.org/2000/09/xmldsig#sha1)。 多谢帮忙!
-
实验概要 这一章的实验指导中,你将会学到: 单独生成 ELF 格式的用户程序,并打包进文件系统中 创建并运行用户进程 使用系统调用为用户程序提供服务
-
实验概要 这一章的实验指导中,你将会学到: 设备树的概念和读取 virtio 总线协议 块设备驱动的实现 将块设备托管给文件系统
-
实验概要 这一章的实验指导中,你将会学到: 线程和进程的概念以及运行状态的表示 线程的切换 对 CPU 进行抽象在上面完成对线程的调度