Wenn ich meine Signatur mit BouncyCastle überprüfen möchte, komme ich nicht in die zweite while
Schleife der verifySignature
Methode. Die store.getMatches()
gibt ein leeres Array zurück.Unterschrift kann nicht überprüft werden (cmssigneddata) bouncycastle
public static CMSSignedData sign() throws Exception {
byte[] file = fileChooser();
store = KeyStore.getInstance(storeType);
FileInputStream in = new FileInputStream(new File(storePathKey));
store.load(in, storePassword);
in.close();
Key priv = store.getKey("Subject", storePassword);
System.out.println(priv.toString() + "priv string");
X509Certificate cert = (X509Certificate) store.geCertificate("Subject");
ContentSigner signer = new JcaContentSignerBuilder(sigAlgo).build((RSAPrivateKey) priv);
CMSTypedData data = new CMSProcessableByteArray(file);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
.build(signer, cert));
CMSSignedData sigData = gen.generate(data, true);
return sigData;
}
public static void verifySig(CMSSignedData sigData) throws Exception {
Store store = sigData.getCertificates();
SignerInformationStore signers = sigData.getSignerInfos();
System.out.println(store.toString() + "store");
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
System.out.println("enter while loop1");
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = store.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
System.out.println(store.getMatches(null) + "collection of certs");
while (certIt.hasNext()) {
System.out.println("enter while loop2");
X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) {
System.out.println("verified correct");
} else {
System.out.println("not verified");
}
}
}
}
Fehle ich etwas in der sign()
Methode?