【发布时间】:2012-05-09 13:29:07
【问题描述】:
我正在尝试验证特定消息是否使用来自我自己的信任锚识别的实体证书的有效签名进行签名。我正在这样做:
public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception
{
CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = signedData.getSignerInfos();
Iterator it = signers.getSigners().iterator();
if (it.hasNext()){
SignerInformation signer = (SignerInformation)it.next();
X509CertSelector signerConstraints = signer.getSID();
PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs);
return signer.verify(result.getPublicKey(), "BC");
}
return false;
}
但是这一行给了我一个编译错误:
X509CertSelector signerConstraints = signer.getSID();
因为它无法从 SignerId 转换为 X509CertSelector。我尝试使用显式转换:
X509CertSelector signerConstraints = (CertSelector) signer.getSID();
还有:
X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();
没有结果。我怎样才能做到这一点?谢谢
PS:请注意,这段代码是从 David Hook 的“Beginning Cryptography with Java”中提取的,但它不能编译。
【问题讨论】:
-
您能给我们提供 API 版本的 Bouncy Castle 吗?当 Dave 在 BC 邮件列表上巡视时,您肯定会从他那里得到答案?
标签: java security x509certificate bouncycastle x509