android端对 pkcs#7文件进行验签

由于项目需要，进行PKCS#7加密，由于在安卓端已经移除了sun的sun.security.*包。导致不能进行验签。所以选用BouncyCastle进行验签，由于跟可能跟安卓冲突。所以改用 BouncyCastle的替代版spongycastle，只不过是报名跟换，类一致。下面直接上代码。

package com.java.test;

import java.io.File;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;

import org.apache.commons.io.FileUtils;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationStore;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.util.Store;

import com.java.test.ttt.BouncyCastleProvider;


public class test3 {

	@SuppressWarnings({ "restriction", "deprecation", "rawtypes", "unchecked", "unused" })
	public static void main(String[] args) throws CMSException, IOException, OperatorCreationException, CertificateException, SignatureException, NoSuchAlgorithmException, InvalidKeyException, KeyStoreException, InvalidKeySpecException  {

		//		File f = new File("d:/sss.text");

		File f = new File("d:/21.json.RSA");

		File f2 = new File("d:/21.json");

		//		File f = new File("d:/ANDROIDK.RSA");

		Security.addProvider(new BouncyCastleProvider());

		CMSSignedData s = new CMSSignedData(FileUtils.readFileToByteArray(f));

		Store                   certStore = s.getCertificates();
		SignerInformationStore  signers = s.getSignerInfos();
		Collection              c = signers.getSigners();
		Iterator                it = c.iterator();

		while (it.hasNext())
		{
			SignerInformation   signer = (SignerInformation)it.next();
			Collection          certCollection = certStore.getMatches(signer.getSID());
			Iterator              certIt = certCollection.iterator();
			X509CertificateHolder cert = (X509CertificateHolder)certIt.next();



			System.out.println(cert.getSubjectPublicKeyInfo().parsePublicKey().toString());


			ASN1Sequence seq = (ASN1Sequence)(cert.getSubjectPublicKeyInfo().getPublicKey().toASN1Primitive());
			ASN1Encodable[] ss = seq.toArray();
			ASN1Integer  a1 = (ASN1Integer) ss[0];
			ASN1Integer  a2 = (ASN1Integer) ss[1];

			byte[] bts = cert.getSubjectPublicKeyInfo().getPublicKey().getEncoded();
			KeyStore keyStore = KeyStore.getInstance("JKS");

			KeyFactory keyFactory = KeyFactory.getInstance("RSA");  

			PublicKey publicKey = keyFactory.generatePublic(new RSAPublicKeySpec(a1.getValue(), a2.getValue()));  

			
			System.out.println(Base64.getEncoder().encodeToString(signer.getSignature()));
			
			Signature sig = Signature.getInstance("SHA1withRSA");
			sig.initVerify(publicKey);
			sig.update(FileUtils.readFileToByteArray(f2));
//
//
			boolean flag = sig.verify(signer.getSignature());
			System.out.println(flag);
			
//			PKCS7 p7 = new PKCS7(FileUtils.readFileToByteArray(f));
//			SignerInfo si = p7.getSignerInfos()[0];
//			
//			System.out.println(Base64.getEncoder().encodeToString(si.getEncryptedDigest()));
		}




	}

}

能直接进行验签。整了好多时间。