由于项目需要,进行PKCS#7加密,由于在安卓端已经移除了sun的sun.security.*包。导致不能进行验签。所以选用BouncyCastle进行验签,由于跟可能跟安卓冲突。所以改用 BouncyCastle的替代版spongycastle,只不过是报名跟换,类一致。下面直接上代码。
能直接进行验签。整了好多时间。
package com.java.test;
import java.io.File;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.io.FileUtils;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationStore;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.util.Store;
import com.java.test.ttt.BouncyCastleProvider;
public class test3 {
@SuppressWarnings({ "restriction", "deprecation", "rawtypes", "unchecked", "unused" })
public static void main(String[] args) throws CMSException, IOException, OperatorCreationException, CertificateException, SignatureException, NoSuchAlgorithmException, InvalidKeyException, KeyStoreException, InvalidKeySpecException {
// File f = new File("d:/sss.text");
File f = new File("d:/21.json.RSA");
File f2 = new File("d:/21.json");
// File f = new File("d:/ANDROIDK.RSA");
Security.addProvider(new BouncyCastleProvider());
CMSSignedData s = new CMSSignedData(FileUtils.readFileToByteArray(f));
Store certStore = s.getCertificates();
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certStore.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
System.out.println(cert.getSubjectPublicKeyInfo().parsePublicKey().toString());
ASN1Sequence seq = (ASN1Sequence)(cert.getSubjectPublicKeyInfo().getPublicKey().toASN1Primitive());
ASN1Encodable[] ss = seq.toArray();
ASN1Integer a1 = (ASN1Integer) ss[0];
ASN1Integer a2 = (ASN1Integer) ss[1];
byte[] bts = cert.getSubjectPublicKeyInfo().getPublicKey().getEncoded();
KeyStore keyStore = KeyStore.getInstance("JKS");
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(new RSAPublicKeySpec(a1.getValue(), a2.getValue()));
System.out.println(Base64.getEncoder().encodeToString(signer.getSignature()));
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(publicKey);
sig.update(FileUtils.readFileToByteArray(f2));
//
//
boolean flag = sig.verify(signer.getSignature());
System.out.println(flag);
// PKCS7 p7 = new PKCS7(FileUtils.readFileToByteArray(f));
// SignerInfo si = p7.getSignerInfos()[0];
//
// System.out.println(Base64.getEncoder().encodeToString(si.getEncryptedDigest()));
}
}
}
能直接进行验签。整了好多时间。