java 时间戳验证_Java中带有时间戳的数字签名

我在使用受信任的时间戳与Bouncy

Castle创建有效的CMS签名时遇到问题。签名创建工作良好(我想将签名包括到PDF文件中)，签名有效。但是，当我在签名的未签名属性表中添加可信时间戳后，签名仍然保持有效，但是Reader会报告

该签名包括嵌入式时间戳，但是无效 。这使我相信，哈希时间戳是不正确的，但是我似乎无法弄清楚问题出在哪里。

签名代码：

Store store = new JcaCertStore(Arrays.asList(certContainer.getChain()));

CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();

JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build());

JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA1withRSA");

signedDataGenerator.addSignerInfoGenerator(

infoGeneratorBuilder.build(contentSignerBuilder.build(certContainer.getPrivateKey()), (X509Certificate)certContainer.getSignatureCertificate()));

signedDataGenerator.addCertificates(store);

CMSTypedData cmsData = new CMSProcessableByteArray(data);

signedData = signedDataGenerator.generate(cmsData, false);

Collection ss = signedData.getSignerInfos().getSigners();

SignerInformation si = ss.iterator().next(); // get first signer (should be only one)

ASN1EncodableVector timestampVector = new ASN1EncodableVector();

Attribute token = createTSToken(si.getSignature());

timestampVector.add(token);

AttributeTable at = new AttributeTable(timestampVector);

si = SignerInformation.replaceUnsignedAttributes(si, at);

ss.clear();

ss.add(si);

SignerInformationStore newSignerStore = new SignerInformationStore(ss);

CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore);

该createTSToken代码：

public Attribute createTSToken(byte[] data) throws NoSuchProviderException, NoSuchAlgorithmException, IOException {

// Generate timestamp

MessageDigest digest = MessageDigest.getInstance("SHA1", "BC");

TimeStampResponse response = timestampData(digest.digest(data));

TimeStampToken timestampToken = response.getTimeStampToken();

// Create timestamp attribute

Attribute a = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(timestampToken.getEncoded())));

return a;

}

timestampData：

TimeStampRequestGenerator reqgen = new TimeStampRequestGenerator();

TimeStampRequest req = reqgen.generate(TSPAlgorithms.SHA1, data);

byte request[] = req.getEncoded();

URL url = new URL("http://time.certum.pl");

HttpURLConnection con = (HttpURLConnection) url.openConnection();

con.setDoOutput(true);

con.setDoInput(true);

con.setRequestMethod("POST");

con.setRequestProperty("Content-type", "application/timestamp-query");

con.setRequestProperty("Content-length", String.valueOf(request.length));

OutputStream out = con.getOutputStream();

out.write(request);

out.flush();

if (con.getResponseCode() != HttpURLConnection.HTTP_OK) {

throw new IOException("Received HTTP error: " + con.getResponseCode() + " - " + con.getResponseMessage());

}

InputStream in = con.getInputStream();

TimeStampResp resp = TimeStampResp.getInstance(new ASN1InputStream(in).readObject());

response = new TimeStampResponse(resp);

response.validate(req);

if(response.getStatus() != 0) {

System.out.println(response.getStatusString());

return null;

}

return response;

谢谢你的帮助！

示例文件：