서명 (cmssigneddata) bouncycastle을 확인할 수 없음

Question

BouncyCastle로 만든 서명을 확인하려면 verifySignature 메서드의 두 번째 while 루프에 들어 가지 않습니다. store.getMatches()은 빈 배열을 반환합니다.

public static CMSSignedData sign() throws Exception { 
    byte[] file = fileChooser(); 
    store = KeyStore.getInstance(storeType); 
    FileInputStream in = new FileInputStream(new File(storePathKey)); 
    store.load(in, storePassword); 
    in.close(); 

    Key priv = store.getKey("Subject", storePassword); 
    System.out.println(priv.toString() + "priv string"); 
    X509Certificate cert = (X509Certificate) store.geCertificate("Subject"); 
    ContentSigner signer = new JcaContentSignerBuilder(sigAlgo).build((RSAPrivateKey) priv); 

    CMSTypedData data = new CMSProcessableByteArray(file); 
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); 
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) 
     .build(signer, cert)); 
    CMSSignedData sigData = gen.generate(data, true); 

    return sigData; 
} 

public static void verifySig(CMSSignedData sigData) throws Exception { 
    Store store = sigData.getCertificates(); 
    SignerInformationStore signers = sigData.getSignerInfos(); 
    System.out.println(store.toString() + "store"); 
    Collection c = signers.getSigners(); 
    Iterator it = c.iterator(); 

    while (it.hasNext()) { 
     System.out.println("enter while loop1"); 
     SignerInformation signer = (SignerInformation) it.next(); 

     Collection certCollection = store.getMatches(signer.getSID()); 
     Iterator certIt = certCollection.iterator(); 
     System.out.println(store.getMatches(null) + "collection of certs"); 

     while (certIt.hasNext()) { 
      System.out.println("enter while loop2"); 
      X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next(); 
      X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder); 

      if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) { 
       System.out.println("verified correct"); 
      } else { 
       System.out.println("not verified"); 
      } 
     } 
    } 
} 

sign() 방법 중 누락 된 것이 있습니까?

Answer 1

org.bouncycastle.util.CollectionStore에 인증서를 추가하고이 스토어를 서명에 추가해야합니다.

내가 사용하고 BouncyCastle 1.56 :

import org.bouncycastle.cert.X509CertificateHolder; 
import org.bouncycastle.util.CollectionStore; 

// add these lines after gen.addSignerInfoGenerator(...) 

// cert is your X509Certificate 
X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); 
CollectionStore<X509CertificateHolder> certStore = new CollectionStore<>(Collections.singletonList(holder)); 
gen.addCertificates(certStore); // add the store to the signature 

개 이상의 인증서를 추가 할 때 CollectionStore 유용합니다. 당신이 하나를 추가하려는 경우, 당신은 또한 수행 할 수 있습니다

X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); 
gen.addCertificate(holder); 

내가있어 출력 :

enter while loop1 
[org.bouncycastle.cert.X509CertificateHolder@5bc807a8]collection of certs 
enter while loop2 
verified correct 

을