• 日期: 2027-08-04
  • 标签: 常规

以下是使用BC库实现SM2证书PKCS7签名的示例代码:

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

public class SM2PKCS7SignatureExample {

    public static void main(String[] args) throws Exception {
        // 添加BC作为安全提供者
        Security.addProvider(new BouncyCastleProvider());

        // 生成SM2密钥对
        KeyPair keyPair = generateSM2KeyPair();

        // 生成自签名证书
        X509Certificate cert = generateSelfSignedCertificate(keyPair);

        // 待签名数据
        byte[] data = "Hello, World!".getBytes();

        // 进行PKCS7签名
        byte[] signature = pkcs7Sign(data, keyPair.getPrivate(), cert);

        // 验证PKCS7签名
        boolean isValid = pkcs7Verify(data, signature);

        System.out.println("PKCS7 Signature is valid: " + isValid);
    }

    private static KeyPair generateSM2KeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
        keyPairGenerator.initialize(256);
        return keyPairGenerator.generateKeyPair();
    }

    private static X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws Exception {
        X509CertificateHolder certHolder = CertificateUtils.generateSelfSignedCertificate(keyPair);
        return new JcaX509CertificateConverter().getCertificate(certHolder);
    }

    private static byte[] pkcs7Sign(byte[] data, PrivateKey privateKey, X509Certificate certificate)
            throws OperatorCreationException, CertificateEncodingException, CMSException, IOException {
        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
        ContentSigner contentSigner = new JcaContentSignerBuilder("SM3withSM2").setProvider("BC").build(privateKey);
        generator.addSignerInfoGenerator(
                new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
                        .build(contentSigner, certificate));
        generator.addCertificates(new JcaCertStore(new ArrayList<>(List.of(certificate))));

        CMSTypedData cmsData = new CMSProcessableByteArray(data);
        CMSSignedData signedData = generator.generate(cmsData, true);

        return signedData.getEncoded();
    }

    private static boolean pkcs7Verify(byte[] data, byte[] signature) throws CMSException, IOException {
        CMSSignedData signedData = new CMSSignedData(signature);

        SignerInformationStore signerInfoStore = signedData.getSignerInfos();
        Collection<SignerInformation> signerInfos = signerInfoStore.getSigners();
        Iterator<SignerInformation> signerInfoIterator = signerInfos.iterator();

        while (signerInfoIterator.hasNext()) {
            SignerInformation signerInfo = signerInfoIterator.next();
            X509CertificateHolder certHolder = (X509CertificateHolder) signedData.getCertificates().getMatches(signerInfo.getSID()).iterator().next();
            X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);

            if (!signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)))
                return false;
        }

        return true;
    }

}

上述示例代码使用的是BouncyCastle库的版本1.68。请确保将最新的BouncyCastle库添加到您的项目中,并在代码中引入正确的包路径

BC库实现SM2证书PKCS7签名的示例代码并说明BC库版本

原文地址: https://www.cveoy.top/t/topic/iZXb 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录