我在使用受信任的時間戳與Bouncy

Castle創建有效的CMS簽名時遇到問題。簽名創建工作良好(我想將簽名包括到PDF文件中)，簽名有效。但是，當我在簽名的未簽名屬性表中添加可信時間戳后，簽名仍然保持有效，但是Reader會報告

該簽名包括嵌入式時間戳，但是無效 。這使我相信，哈希時間戳是不正確的，但是我似乎無法弄清楚問題出在哪里。

簽名代碼：

Store store = new JcaCertStore(Arrays.asList(certContainer.getChain()));

CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();

JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build());

JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA1withRSA");

signedDataGenerator.addSignerInfoGenerator(

infoGeneratorBuilder.build(contentSignerBuilder.build(certContainer.getPrivateKey()), (X509Certificate)certContainer.getSignatureCertificate()));

signedDataGenerator.addCertificates(store);

CMSTypedData cmsData = new CMSProcessableByteArray(data);

signedData = signedDataGenerator.generate(cmsData, false);

Collection ss = signedData.getSignerInfos().getSigners();

SignerInformation si = ss.iterator().next(); // get first signer (should be only one)

ASN1EncodableVector timestampVector = new ASN1EncodableVector();

Attribute token = createTSToken(si.getSignature());

timestampVector.add(token);

AttributeTable at = new AttributeTable(timestampVector);

si = SignerInformation.replaceUnsignedAttributes(si, at);

ss.clear();

ss.add(si);

SignerInformationStore newSignerStore = new SignerInformationStore(ss);

CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore);

該createTSToken代碼：

public Attribute createTSToken(byte[] data) throws NoSuchProviderException, NoSuchAlgorithmException, IOException {

// Generate timestamp

MessageDigest digest = MessageDigest.getInstance("SHA1", "BC");

TimeStampResponse response = timestampData(digest.digest(data));

TimeStampToken timestampToken = response.getTimeStampToken();

// Create timestamp attribute

Attribute a = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(timestampToken.getEncoded())));

return a;

}

timestampData：

TimeStampRequestGenerator reqgen = new TimeStampRequestGenerator();

TimeStampRequest req = reqgen.generate(TSPAlgorithms.SHA1, data);

byte request[] = req.getEncoded();

URL url = new URL("http://time.certum.pl");

HttpURLConnection con = (HttpURLConnection) url.openConnection();

con.setDoOutput(true);

con.setDoInput(true);

con.setRequestMethod("POST");

con.setRequestProperty("Content-type", "application/timestamp-query");

con.setRequestProperty("Content-length", String.valueOf(request.length));

OutputStream out = con.getOutputStream();

out.write(request);

out.flush();

if (con.getResponseCode() != HttpURLConnection.HTTP_OK) {

throw new IOException("Received HTTP error: " + con.getResponseCode() + " - " + con.getResponseMessage());

}

InputStream in = con.getInputStream();

TimeStampResp resp = TimeStampResp.getInstance(new ASN1InputStream(in).readObject());

response = new TimeStampResponse(resp);

response.validate(req);

if(response.getStatus() != 0) {

System.out.println(response.getStatusString());

return null;

}

return response;

謝謝你的幫助！

示例文件：

總結

以上是生活随笔為你收集整理的java 时间戳验证_Java中带有时间戳的数字签名的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。