Bouncy castle 的 CMSSignedDataGenerator 的 python 等价物是什么?
如何使用python创建字符串的数字签名?我想将给定 CertStore 中包含的证书和 CRL 添加到将包含在编码签名块中的池中(java bouncy castle 的 CMSSignedDataGenerator.addCertificatesAndCRLs 执行此工作)。下面是我想在 python 中复制的 java 代码。
package pkcs7gen;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.util.encoders.Base64;
import org.springframework.stereotype.Service;
@Service
public class Pkcs7gen {
final String SIGNATUREALGO = "SHA1withRSA";
byte[] signPkcs7(final byte[] content, final CMSSignedDataGenerator generator) throws Exception {
CMSTypedData cmsdata = new CMSProcessableByteArray(content);
CMSSignedData signeddata = generator.generate(cmsdata, true);
return signeddata.getEncoded();
}
public static void main(String[] args) {
try {
String data = getSignature(args[0]);
System.out.println(data);
}
catch (Exception exc) {
// TODO: handle exception
}
}
public static String getSignature (String content) throws Exception{
KeyStore keystore = KeyStore.getInstance("jks");
InputStream input = new FileInputStream("./keystore.jks");
try {
char[] password= "password".toCharArray();
keystore.load(input, password);
} catch (IOException e) {
} finally {
Enumeration e = keystore.aliases();
String alias = "";
if(e!=null)
{
while (e.hasMoreElements())
{
String n = (String)e.nextElement();
if (keystore.isKeyEntry(n))
{
alias = n;
}
}
}
PrivateKey privateKey=(PrivateKey) keystore.getKey(alias, "password".toCharArray());
X509Certificate myPubCert=(X509Certificate) keystore.getCertificate(alias);
byte[] dataToSign=content.getBytes();
CMSSignedDataGenerator sgen = new CMSSignedDataGenerator();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider ());
sgen.addSigner(privateKey, myPubCert,CMSSignedDataGenerator.DIGEST_SHA1);
Certificate[] certChain =keystore.getCertificateChain(alias);
ArrayList certList = new ArrayList();
CertStore certs = null;
for (int i=0; i < certChain.length; i++)
certList.add(certChain[i]);
sgen.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"));
CMSSignedData csd = sgen.generate(new CMSProcessableByteArray(dataToSign),true, "BC");
byte[] signedData = csd.getEncoded();
byte[] signedData64 = Base64.encode(signedData);
return new String(signedData64);
}
}
}
How do I use python to create digital signature of string? I want to add the certificates and CRLs contained in the given CertStore to the pool that will be included in the encoded signature block (java bouncy castle's CMSSignedDataGenerator.addCertificatesAndCRLs does this job). Below is a java code I want to replicate in python.
package pkcs7gen;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.util.encoders.Base64;
import org.springframework.stereotype.Service;
@Service
public class Pkcs7gen {
final String SIGNATUREALGO = "SHA1withRSA";
byte[] signPkcs7(final byte[] content, final CMSSignedDataGenerator generator) throws Exception {
CMSTypedData cmsdata = new CMSProcessableByteArray(content);
CMSSignedData signeddata = generator.generate(cmsdata, true);
return signeddata.getEncoded();
}
public static void main(String[] args) {
try {
String data = getSignature(args[0]);
System.out.println(data);
}
catch (Exception exc) {
// TODO: handle exception
}
}
public static String getSignature (String content) throws Exception{
KeyStore keystore = KeyStore.getInstance("jks");
InputStream input = new FileInputStream("./keystore.jks");
try {
char[] password= "password".toCharArray();
keystore.load(input, password);
} catch (IOException e) {
} finally {
Enumeration e = keystore.aliases();
String alias = "";
if(e!=null)
{
while (e.hasMoreElements())
{
String n = (String)e.nextElement();
if (keystore.isKeyEntry(n))
{
alias = n;
}
}
}
PrivateKey privateKey=(PrivateKey) keystore.getKey(alias, "password".toCharArray());
X509Certificate myPubCert=(X509Certificate) keystore.getCertificate(alias);
byte[] dataToSign=content.getBytes();
CMSSignedDataGenerator sgen = new CMSSignedDataGenerator();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider ());
sgen.addSigner(privateKey, myPubCert,CMSSignedDataGenerator.DIGEST_SHA1);
Certificate[] certChain =keystore.getCertificateChain(alias);
ArrayList certList = new ArrayList();
CertStore certs = null;
for (int i=0; i < certChain.length; i++)
certList.add(certChain[i]);
sgen.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"));
CMSSignedData csd = sgen.generate(new CMSProcessableByteArray(dataToSign),true, "BC");
byte[] signedData = csd.getEncoded();
byte[] signedData64 = Base64.encode(signedData);
return new String(signedData64);
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论