本文整理汇总了Java中sun.security.pkcs.PKCS7类的典型用法代码示例。如果您正苦于以下问题:Java PKCS7类的具体用法?Java PKCS7怎么用?Java PKCS7使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
PKCS7类属于sun.security.pkcs包,在下文中一共展示了PKCS7类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: main
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
示例2: writeSignatureBlock
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
PrivateKey privateKey)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get(DIGEST_ALGORITHM),
AlgorithmId.get(privateKey.getAlgorithm()),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) },
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[] { publicKey },
new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(mOutputJar);
}
示例3: checkTimestamp
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readFully(is, -1, true);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
示例4: signatureBlock
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/** Write a .RSA file with a digital signature. */
private static void signatureBlock(
Signature signature,
X509Certificate publicKey,
OutputStream out)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get("SHA1"),
AlgorithmId.get("RSA"),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] { AlgorithmId.get("SHA1") },
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[] { publicKey },
new SignerInfo[] { signerInfo });
System.out.print("\rGenerating signature block...");
pkcs7.encodeSignedData(out);
}
示例5: writeSignatureBlock
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/**
* Write the certificate file with a digital signature.
*/
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
PrivateKey privateKey)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get(DIGEST_ALGORITHM),
AlgorithmId.get(privateKey.getAlgorithm()),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[]{AlgorithmId.get(DIGEST_ALGORITHM)},
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[]{publicKey},
new SignerInfo[]{signerInfo});
pkcs7.encodeSignedData(mOutputJar);
}
示例6: writeSignatureBlock
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
PrivateKey privateKey)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get(DIGEST_ALGORITHM),
AlgorithmId.get(privateKey.getAlgorithm()),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) },
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[] { publicKey },
new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(mOutputJar);
}
示例7: generateSignedData
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/**
* Generates a PKCS #7 signed data message that includes a signature
* timestamp.
* This method is used when a signature has already been generated.
* The signature, a signature timestamp, the signer's certificate chain,
* and optionally the content that was signed, are packaged into a PKCS #7
* signed data message.
*
* @param params The non-null input parameters.
* @param omitContent true if the content should be omitted from the
* signed data message. Otherwise the content is included.
* @param applyTimestamp true if the signature should be timestamped.
* Otherwise timestamping is not performed.
* @return A PKCS #7 signed data message including a signature timestamp.
* @throws NoSuchAlgorithmException The exception is thrown if the signature
* algorithm is unrecognised.
* @throws CertificateException The exception is thrown if an error occurs
* while processing the signer's certificate or the TSA's
* certificate.
* @throws IOException The exception is thrown if an error occurs while
* generating the signature timestamp or while generating the signed
* data message.
* @throws NullPointerException The exception is thrown if parameters is
* null.
*/
public byte[] generateSignedData(ContentSignerParameters params,
boolean omitContent, boolean applyTimestamp)
throws NoSuchAlgorithmException, CertificateException, IOException {
if (params == null) {
throw new NullPointerException();
}
// Parse the signature algorithm to extract the digest
// algorithm. The expected format is:
// "<digest>with<encryption>"
// or "<digest>with<encryption>and<mgf>"
String signatureAlgorithm = params.getSignatureAlgorithm();
X509Certificate[] signerChain = params.getSignerCertificateChain();
byte[] signature = params.getSignature();
// Include or exclude content
byte[] content = (omitContent == true) ? null : params.getContent();
URI tsaURI = null;
if (applyTimestamp) {
tsaURI = params.getTimestampingAuthority();
if (tsaURI == null) {
// Examine TSA cert
tsaURI = getTimestampingURI(
params.getTimestampingAuthorityCertificate());
if (tsaURI == null) {
throw new CertificateException(
"Subject Information Access extension not found");
}
}
}
return PKCS7.generateSignedData(signature, signerChain, content,
params.getSignatureAlgorithm(), tsaURI,
params.getTSAPolicyID());
}
示例8: SignatureFileVerifier
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/**
* Create the named SignatureFileVerifier.
*
* @param name the name of the signature block file (.DSA/.RSA/.EC)
*
* @param rawBytes the raw bytes of the signature block file
*/
public SignatureFileVerifier(ArrayList<CodeSigner[]> signerCache,
ManifestDigester md,
String name,
byte rawBytes[])
throws IOException, CertificateException
{
// new PKCS7() calls CertificateFactory.getInstance()
// need to use local providers here, see Providers class
Object obj = null;
try {
obj = Providers.startJarVerification();
block = new PKCS7(rawBytes);
sfBytes = block.getContentInfo().getData();
certificateFactory = CertificateFactory.getInstance("X509");
} finally {
Providers.stopJarVerification(obj);
}
this.name = name.substring(0, name.lastIndexOf("."))
.toUpperCase(Locale.ENGLISH);
this.md = md;
this.signerCache = signerCache;
}
示例9: SignatureFileVerifier
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/**
* Create the named SignatureFileVerifier.
*
* @param name the name of the signature block file (.DSA/.RSA/.EC)
*
* @param rawBytes the raw bytes of the signature block file
*/
public SignatureFileVerifier(ArrayList<CodeSigner[]> signerCache,
ManifestDigester md,
String name,
byte[] rawBytes)
throws IOException, CertificateException
{
// new PKCS7() calls CertificateFactory.getInstance()
// need to use local providers here, see Providers class
Object obj = null;
try {
obj = Providers.startJarVerification();
block = new PKCS7(rawBytes);
sfBytes = block.getContentInfo().getData();
certificateFactory = CertificateFactory.getInstance("X509");
} finally {
Providers.stopJarVerification(obj);
}
this.name = name.substring(0, name.lastIndexOf('.'))
.toUpperCase(Locale.ENGLISH);
this.md = md;
this.signerCache = signerCache;
}
示例10: checkTimestamp
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = is.readAllBytes();
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
示例11: parse
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/**
* get certificate info
*
* @throws IOException
* @throws CertificateEncodingException
*/
public void parse() throws IOException, CertificateException {
PKCS7 pkcs7 = new PKCS7(Utils.toByteArray(in));
X509Certificate[] certificates = pkcs7.getCertificates();
certificateMetas = new ArrayList<>();
for (X509Certificate certificate : certificates) {
CertificateMeta certificateMeta = new CertificateMeta();
certificateMetas.add(certificateMeta);
byte[] bytes = certificate.getEncoded();
String certMd5 = md5Digest(bytes);
String publicKeyString = byteToHexString(bytes);
String certBase64Md5 = md5Digest(publicKeyString);
certificateMeta.setData(bytes);
certificateMeta.setCertBase64Md5(certBase64Md5);
certificateMeta.setCertMd5(certMd5);
certificateMeta.setStartDate(certificate.getNotBefore());
certificateMeta.setEndDate(certificate.getNotAfter());
certificateMeta.setSignAlgorithm(certificate.getSigAlgName());
certificateMeta.setSignAlgorithmOID(certificate.getSigAlgOID());
}
}
示例12: getPublicKey
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/**
* Retrieve public key from PKCS7 certificate
*
* @param certPath
* @return
* @throws IOException
* @throws InvalidKeySpecException
* @throws NoSuchAlgorithmException
*/
public static String getPublicKey(String certPath) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
File f = new File(certPath);
FileInputStream is = new FileInputStream(f);
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
int nRead;
byte[] data = new byte[16384];
while ((nRead = is.read(data, 0, data.length)) != -1) {
buffer.write(data, 0, nRead);
}
buffer.flush();
PKCS7 test = new PKCS7(buffer.toByteArray());
X509Certificate[] certs = test.getCertificates();
for (int i = 0; i < certs.length; i++) {
if (certs[i] != null && certs[i].getPublicKey() != null) {
return new BASE64Encoder().encode(certs[i].getPublicKey().getEncoded());
}
}
return "";
}
示例13: writeSignatureBlock
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
/** Write a .RSA file with a digital signature. */
private static void writeSignatureBlock(
Signature signature, X509Certificate publicKey, OutputStream out)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get("SHA1"),
AlgorithmId.get("RSA"),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] { AlgorithmId.get("SHA1") },
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[] { publicKey },
new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(out);
}
示例14: verify
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
public static void verify(byte[] sign, byte[] data)
throws IOException, NoSuchAlgorithmException, SignatureException,
InvalidKeyException, CertificateException, NoSuchProviderException {
PKCS7 p7 = new PKCS7(sign);
SignerInfo[] sis = p7.verify(data);
// check the results of the verification
if (sis == null)
throw new SignatureException("Signature failed verification, data has been tampered");
/* for (int i = 0; i < sis.length; i++) {
SignerInfo si = sis[i];
X509Certificate cert = si.getCertificate(p7);
// 证书是否过期验证,如果不用系统日期可用cert.checkValidity(date);
cert.checkValidity();
// if (!cert.equals(rootCertificate)) {
// //验证证书签名
// cert.verify(rootCertificate.getPublicKey());
// }
// 验证dn
if (i == 0 && dn != null) {
X500Principal name = cert.getSubjectX500Principal();
if (!dn.equals(name.getName(X500Principal.RFC1779))
&& !new X500Principal(dn).equals(name))
throw new SignatureException("Signer dn '"
+ name.getName(X500Principal.RFC1779)
+ "' does not matchs '" + dn + "'");
}
} */
}
示例15: verifyJarSignature
import sun.security.pkcs.PKCS7; //导入依赖的package包/类
private boolean verifyJarSignature(JarFile jar) throws IOException, NoSuchAlgorithmException, SignatureException,
InvalidKeyException, CertificateException, NoSuchProviderException {
SignatureBean sgb = getSpecifyFileBytes(jar);
if (sgb == null) {
return false;
}
PKCS7 p7 = new PKCS7(sgb.getRsaFileBytes());
SignerInfo[] sis = p7.verify(sgb.getSfFileBytes());
if (sis == null)
return false;
else
return true;
}