Как прочитать оригинальный контент из signdata в цифровом сертификате?

Я хочу зачитать оригинальное содержание после проверки Signdata.

Мой код такой:

import java.io.*;
import java.util.*;
import java.security.*;
import java.security.Security;
import java.security.cert.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.cms.*;


/* Verify INCLUDED CMS signature CMS/pkcs #7 signature using BC provider.
    Verify with either the included signer certificate, or a specified separate signer
    certificate file.
    Output signed content to binary file
                 M. Gallant  04/01/2005  */

class BCVerifyISig {
 static final boolean DEBUG =true;

 public static void main(String args[]) {
 System.out.println("");


 Security.addProvider(new BouncyCastleProvider());

 X509Certificate signercert = null;

 String INFILE  = "MIIHWgYJKoZIhvcNAQcCoIIHSzCCB0cCAQExCzAJBgUrDgMCGgUAMDwGCSqGSIb3DQEHAaAvBC1UaGlzIGlzIHNhbXBsZSBmaWxlIGZyb20gVENTIC4NCg0KQnkgTmFyZW5kcmGgggUpMIIFJTCCBA2gAwIBAgIKBN4I7NsiDn/KbDANBgkqhkiG9w0BAQUFADCBszELMAkGA1UEBhMCSU4xEjAQBgNVBAoTCUluZGlhIFBLSTEPMA0GA1UECxMGVENTIENBMTcwNQYDVQQDEy5UYXRhIENvbnN1bHRhbmN5IFNlcnZpY2VzIENlcnRpZnlpbmcgQXV0aG9yaXR5MRIwEAYDVQQHEwlIeWRlcmFiYWQxJTAjBgkqhkiG9w0BCQEWFmFkbWluQHRjcy1jYS50Y3MuY28uaW4xCzAJBgNVBAgTAkFQMB4XDTEwMDQxOTEwMDYwOFoXDTExMDQxOTEwMDYwOFowggEaMQswCQYDVQQGEwJJTjEXMBUGA1UECBMOQW5kaHJhIFByYWRlc2gxEjAQBgNVBAcTCUh5ZGVyYWJhZDE5MDcGA1UEChMwVGF0YSBDb25zdWx0YW5jeSBTZXJ2aWNlcyAtIENlcnRpZnlpbmcgQXV0aG9yaXR5MSgwJgYDVQQLEx9UQ1MtQ0EgLSBSZWdpc3RyYXRpb24gQXV0aG9yaXR5MSAwHgYDVQQLExdJbmRpdmlkdWFsIC0gR292ZXJubWVudDEcMBoGA1UECxMTQ2xhc3MgMyBDZXJ0aWZpY2F0ZTEmMCQGCSqGSIb3DQEJARYXYXBvbmxpbmVfcnNkcEBhcC5nb3YuaW4xETAPBgNVBAMTCEEgTXVyYWxpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIOkRYUG4o0tEOLbqE+h41NKw/o8JBCJ139LB/yMOxiBZbn2jdhw2uiDqwinmwh1C6T2pu5LwtxKTgqLwcwNIIbs+C+A4PrnYRyoke/S15Tx6zxgiIOcLxOZOu9qAtzGbLyxE8vP0nIOhBRbt3zIBOhPKEHb4HYI8UrSjdp68xGQIDAQABo4IBUzCCAU8wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMB0GA1UdDgQWBBQxsf0e2vnFCoJ3rv98C6T9jNxRFzAiBgNVHREEGzAZgRdhcG9ubGluZV9yc2RwQGFwLmdvdi5pbjATBgNVHSMEDDAKgAhJuUo0WSwkoTBSBgNVHSAESzBJMEcGCGCCZGQBAwMDMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cudGNzLWNhLnRjcy5jby5pbi9yZWx5aW5ncGFydHkuaHRtbDBnBgNVHR8EYDBeMC6gLKAqhihodHRwOi8vd3d3LnRjcy1jYS50Y3MuY28uaW4vY3JsXzI3ODUuY3JsMCygKqAohiZodHRwOi8vd3d3LnRjcy1jYS50Y3MuY29tL2NybF8yNzg1LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAza5lRCk3ggOmPZX4/hfEwRQ3HBckrlVAjUUs11RZAbH36I/K1GdrbFpB+4IWA9HU4I+TkEklrMx+rCp6PROy/HKgO1u7IWsaoknOJMfhXH6zXm5VqWFuUOrqtWqhBSR9Xjnjc4E70gX+5hDFcPwvbeX2/nQdk1Ebr4lXMj++PWYWu9D8Ny7k+6pL1jSccCJxPQg8bLUoSSPl+zsp8pK8OIS49arbc+QSDL7rboE9UMTQgLPoXxcuUB3+ISQ1AjuJXW1aDb4NjGU+bkbYB58ngnbqSWCncYIQtaAwpqmPaUTSEHuZeE5zX8LDmuuAokHD1Z2elYV0SBn/9OxNpH1O7zGCAcgwggHEAgEBMIHCMIGzMQswCQYDVQQGEwJJTjESMBAGA1UEChMJSW5kaWEgUEtJMQ8wDQYDVQQLEwZUQ1MgQ0ExNzA1BgNVBAMTLlRhdGEgQ29uc3VsdGFuY3kgU2VydmljZXMgQ2VydGlmeWluZyBBdXRob3JpdHkxEjAQBgNVBAcTCUh5ZGVyYWJhZDElMCMGCSqGSIb3DQEJARYWYWRtaW5AdGNzLWNhLnRjcy5jby5pbjELMAkGA1UECBMCQVACCgTeCOzbIg5/ymwwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI";
 INFILE +="hvcNAQkFMQ8XDTEwMDcwOTEzMzMxNFowIwYJKoZIhvcNAQkEMRYEFEIW89h1fgH0b6ofWCdqmeEI2fPWMA0GCSqGSIb3DQEBAQUABIGApi7QJtVF5FkDQ1eI0B7vaBfSmkdh8ywVdOH8AitKOduVeqQp74jWNN8p5J6ut4DhjrRPq9TGSy8vXDFm5tPAs/gqehGTGRixskLyF0mkwItIQvcfsxDmYnB0hrVt46fOUirVpSzQ6AqnW4DCXzX5zEY/dPk5bIgYi4KElaGVKSI=";   // Input CMS/PKCS#7 included signed content to verify
 String OUTFILE = "C:\\Documents and Settings\\Administrator\\Desktop\\cert\\abc.01";   //output file containing recovered signed-content
 if(true) {
    try{
         byte[] sigbytes1 = null;
        sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder() ;
        //String theString="-----BEGIN CERTIFICATE-----";
        String theString ="MIIFJTCCBA2gAwIBAgIKBN4I7NsiDn/KbDANBgkqhkiG9w0BAQUFADCBszELMAkG";
        theString +="A1UEBhMCSU4xEjAQBgNVBAoTCUluZGlhIFBLSTEPMA0GA1UECxMGVENTIENBMTcw";
        theString +="NQYDVQQDEy5UYXRhIENvbnN1bHRhbmN5IFNlcnZpY2VzIENlcnRpZnlpbmcgQXV0";
        theString +="aG9yaXR5MRIwEAYDVQQHEwlIeWRlcmFiYWQxJTAjBgkqhkiG9w0BCQEWFmFkbWlu";
        theString +="QHRjcy1jYS50Y3MuY28uaW4xCzAJBgNVBAgTAkFQMB4XDTEwMDQxOTEwMDYwOFoX";
        theString +="DTExMDQxOTEwMDYwOFowggEaMQswCQYDVQQGEwJJTjEXMBUGA1UECBMOQW5kaHJh";
        theString +="IFByYWRlc2gxEjAQBgNVBAcTCUh5ZGVyYWJhZDE5MDcGA1UEChMwVGF0YSBDb25z";
            theString +="dWx0YW5jeSBTZXJ2aWNlcyAtIENlcnRpZnlpbmcgQXV0aG9yaXR5MSgwJgYDVQQL";
        theString +="Ex9UQ1MtQ0EgLSBSZWdpc3RyYXRpb24gQXV0aG9yaXR5MSAwHgYDVQQLExdJbmRp";
        theString +="dmlkdWFsIC0gR292ZXJubWVudDEcMBoGA1UECxMTQ2xhc3MgMyBDZXJ0aWZpY2F0";
        theString +="ZTEmMCQGCSqGSIb3DQEJARYXYXBvbmxpbmVfcnNkcEBhcC5nb3YuaW4xETAPBgNV";
        theString +="BAMTCEEgTXVyYWxpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIOkRYUG4o";
            theString +="0tEOLbqE+h41NKw/o8JBCJ139LB/yMOxiBZbn2jdhw2uiDqwinmwh1C6T2pu5Lwt";
            theString +="xKTgqLwcwNIIbs+C+A4PrnYRyoke/S15Tx6zxgiIOcLxOZOu9qAtzGbLyxE8vP0n";
        theString +="IOhBRbt3zIBOhPKEHb4HYI8UrSjdp68xGQIDAQABo4IBUzCCAU8wDAYDVR0TAQH/";
        theString +="BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC";
        theString +="MB0GA1UdDgQWBBQxsf0e2vnFCoJ3rv98C6T9jNxRFzAiBgNVHREEGzAZgRdhcG9u";
        theString +="bGluZV9yc2RwQGFwLmdvdi5pbjATBgNVHSMEDDAKgAhJuUo0WSwkoTBSBgNVHSAE";
       theString +="SzBJMEcGCGCCZGQBAwMDMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cudGNzLWNh";
        theString +="LnRjcy5jby5pbi9yZWx5aW5ncGFydHkuaHRtbDBnBgNVHR8EYDBeMC6gLKAqhiho";
            theString +="dHRwOi8vd3d3LnRjcy1jYS50Y3MuY28uaW4vY3JsXzI3ODUuY3JsMCygKqAohiZo";
        theString +="dHRwOi8vd3d3LnRjcy1jYS50Y3MuY29tL2NybF8yNzg1LmNybDANBgkqhkiG9w0B";
        theString +="AQUFAAOCAQEAza5lRCk3ggOmPZX4/hfEwRQ3HBckrlVAjUUs11RZAbH36I/K1Gdr";
        theString +="bFpB+4IWA9HU4I+TkEklrMx+rCp6PROy/HKgO1u7IWsaoknOJMfhXH6zXm5VqWFu";
        theString +="UOrqtWqhBSR9Xjnjc4E70gX+5hDFcPwvbeX2/nQdk1Ebr4lXMj++PWYWu9D8Ny7k";
        theString +="+6pL1jSccCJxPQg8bLUoSSPl+zsp8pK8OIS49arbc+QSDL7rboE9UMTQgLPoXxcu";
        theString +="UB3+ISQ1AjuJXW1aDb4NjGU+bkbYB58ngnbqSWCncYIQtaAwpqmPaUTSEHuZeE5z";
                            theString +="X8LDmuuAokHD1Z2elYV0SBn/9OxNpH1O7w==";
                                    //  theString +="-----END CERTIFICATE-----";
        sigbytes1 = dec.decodeBuffer(new String(theString.getBytes()));
        System.out.println("sdfsdf"+sigbytes1);
     InputStream inStream =   new ByteArrayInputStream(sigbytes1); 

     CertificateFactory cf = CertificateFactory.getInstance("X.509");
     signercert = (X509Certificate)cf.generateCertificate(inStream);
     inStream.close();
     if(DEBUG)
        System.out.println("Got certificate from file "  ) ;
    }
    catch(Exception cerexc) {
     System.out.println("Failed to create certificate from file " + cerexc.toString()) ;
     System.exit(1) ;
    }
    }

 boolean INCLUDED = true;   // included (true)  or detached (false) content

  FileInputStream freader = null;
  File f = null;

//------  Get the included data signature from file -------------
  //f = new File(INFILE) ;
  //int sizecontent = ((int) f.length());
  byte[] sigbytes = null;

  try {
    //freader = new FileInputStream(f);
    sigbytes=INFILE.getBytes();

   // System.out.println("\nSignature Bytes: " + freader.read(sigbytes, 0, sizecontent));
   // freader.close();
   }
  catch(Exception ioe) {
    System.out.println(ioe.toString());
    return;
    }




 if(isBase64Encoded(sigbytes)){
    try{
    sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder() ;

    sigbytes = dec.decodeBuffer(new String(sigbytes));
    System.out.println("Signature file is BASE64 encoded") ;
    }
    catch(Exception ioe) {System.out.println("Problem decoding from b64") ; }
   }

// --- Use Bouncy Castle provider to verify included-content CSM/PKCS#7 signature  ---
 try{
  CMSSignedData s   = new CMSSignedData(sigbytes) ;
  CertStore  certs      = s.getCertificatesAndCRLs("Collection", "BC");
  SignerInformationStore  signers = s.getSignerInfos();
  Collection            c   = signers.getSigners();
  Iterator                it    = c.iterator();
  int verified = 0;

  while (it.hasNext())
  {
      X509Certificate cert =null;
      SignerInformation   signer = (SignerInformation)it.next();
      Collection          certCollection = certs.getCertificates(signer.getSID());
      if (certCollection.isEmpty() && signercert==null)
    continue;  
      else  if (signercert !=null)      // use a signer cert file for verification, if it was provided
    cert = signercert;
      else {                // use the certificates included in the signature for verification
    Iterator        certIt = certCollection.iterator();
     cert = (X509Certificate)certIt.next();
    }

    if(DEBUG)
        System.out.println("Current certificate " + cert.toString()) ;
    System.out.println("") ;

      if (signer.verify(cert.getPublicKey(), "BC"))
    verified++;
  }

   if(verified == 0)
    System.out.println("WARNING: No signers' signatures could be verified !") ;
   else if(signercert !=null)
    System.out.println("Verified a signature using signer certificate file  '"  ) ;
   else
    System.out.println("Verified a signature using a certificate in the signature file '" + INFILE + "'") ;


   CMSProcessableByteArray cpb = (CMSProcessableByteArray) s.getSignedContent() ;
   byte[] rawcontent  = (byte[]) cpb.getContent() ;
   System.out.println("\nWriting content (" + rawcontent.length + " bytes) to file " + OUTFILE + " ... ") ;
   FileOutputStream fcontent = new FileOutputStream(OUTFILE);
   fcontent.write(rawcontent);
   fcontent.close();

 }
 catch(Exception ex){
  System.out.println("Couldn't verify included-content CMS signature\n" + ex.toString()) ;
 }
}


 private static final boolean isBase64Encoded(byte[] data) {
  Arrays.sort(Base64Map);
  for (int i=0; i<data.length; i++){
    //System.out.println("data[" + i + "] " + (char)data[i]) ;
    if( Arrays.binarySearch(Base64Map, (char)data[i])<0 
        && !Character.isWhitespace((char)data[i]) )
     return false;
    }
  return true;
 }

   private static char[] Base64Map =
   {  'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
      'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
      'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
      'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
      'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
      'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
      'w', 'x', 'y', 'z', '0', '1', '2', '3',
      '4', '5', '6', '7', '8', '9', '+', '/', '='
   };




 private static void usage() {
  System.out.println("Usage:\n java BCVerifyISig  <includedContentSignatureFile>  <outputContentFile>  [signercertFile]") ;
  System.exit(1);
 }
}

После проверки я хочу вернуть исходное окончательное содержимое, откуда я генерирую данные подписи.

Здесь в приведенном выше коде INFILE - это мои Signdata, а theString - открытый ключ пользователя.

Источник

3 ответа

Если эта информация включена в представление PKCS7, вы можете получить ее через:

byte[] data = Base64.decodeBase64(base64EncodedPKCS7.getBytes());
CMSSignedData signedData = new CMSSignedData(data);
signedData.getSignedContent();

Однако не обязательно, чтобы эта информация была включена. Если это не так, вы должны передать его отдельно от PKCS7.

base64EncodedPKCS7 это содержание вашего infile.

Источник

Попробуй это:

    byte[] byte_out=null;
    ByteArrayOutputStream out=null;
    out = new ByteArrayOutputStream();
    signedData.getSignedContent().write(out);
    byte_out=out.toByteArray();
    String s = new String(byte_out);
    System.out.println("Original Content-->" +s);
Источник

Попробуйте использовать это.

byte[] signedBytes = documento.getDataDocumento()
CMSSignedData signedData = new CMSSignedData(signedBytes);

CMSProcessable signedContent = signedData.getSignedContent();

byte[] archivoOriginal = (byte[]) signedContent.getContent();
Источник
Другие вопросы по тегам