java - 如何在java中加载PKCS7(.p7b)文件

标签 java security digital-signature pkcs#7

我有一个 pkcs7 文件,我想加载它并提取其内容。

我尝试了这两种方法:

byte[] bytes = Files.readAllBytes(Paths.get("myfile.p7b"));
FileInputStream fi = new FileInputStream(file);

//Creating PKCS7 object
PKCS7 pkcs7Signature = new PKCS7(bytes);

或者这个

FileInputStream fis = new FileInputStream(new File("myfile.p7b"));
PKCS7 pkcs7Signature = new PKCS7(fis);

但是我得到了IOException:序列标记错误

那么我怎样才能加载这个.p7b文件呢?

最佳答案

最后我用 BouncyCaSTLe 库做到了。

PKCS#7 是一种复杂格式,也称为 CMS。 Sun JCE 不直接支持 PKCS#7。

这是我用来提取内容的代码:

// Loading the file first
   File f = new File("myFile.p7b");
   byte[] buffer = new byte[(int) f.length()];
   DataInputStream in = new DataInputStream(new FileInputStream(f));
   in.readFully(buffer);
   in.close();

   //Corresponding class of signed_data is CMSSignedData
   CMSSignedData signature = new CMSSignedData(buffer);
   Store cs = signature.getCertificates();
   SignerInformationStore signers = signature.getSignerInfos();
   Collection c = signers.getSigners();
   Iterator it = c.iterator();

   //the following array will contain the content of xml document
   byte[] data = null;

   while (it.hasNext()) {
        SignerInformation signer = (SignerInformation) it.next();
        Collection certCollection = cs.getMatches(signer.getSID());
        Iterator certIt = certCollection.iterator();
        X509CertificateHolder cert = (X509CertificateHolder) certIt.next();

        CMSProcessable sc = signature.getSignedContent();
        data = (byte[]) sc.getContent();
    }

如果您想根据 X509 证书验证此 PKCS7 文件的签名,则必须将以下代码添加到 while 循环中:

// ************************************************************* //
// ********************* Verify signature ********************** //
//get CA public key
// Create a X509 certificat
CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");

// Open the certificate file
FileInputStream fileinputstream = new FileInputStream("myCA.cert");

//get CA public key
PublicKey pk = certificatefactory.generateCertificate(fileinputstream).getPublicKey();

X509Certificate myCA = new JcaX509CertificateConverter().setProvider("BC").getCertificate(cert);

myCA.verify(pk);
System.out.println("Verfication done successfully ");

关于java - 如何在java中加载PKCS7(.p7b)文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31118893/

相关文章:

javascript - 如何保护应用程序免受第 3 方 js 库中存在的 XSS 向量的攻击?

java - 验证 SAML 响应的签名

php - 如何使用PHP对xml文档进行数字签名?

java - 如何在具有相同 ArrayAdapter 的同一 Activity 中将 GridView 与 ListView 交换?

java - MediaPlayer 并通过 Intent 返回当前 Activity

java - 轴2问题: WSHandler: Check Signature confirmation: stored SV vector not empty

java - 如何在 Java XML 中使用引用 URI 加载外部资源

java - Hibernate自定义删除策略

security - Weblogic主题传播: where is the subject stored?

security - GWT/Javascript客户端密码加密