在Java中验证PKCS＃7证书

在Java中验证PKCS＃7证书

自己找到解决方案。因此，这是如何针对受信任的存储提取和验证证书链的方法（为便于阅读，跳过了异常处理）：

CertificateFactory cf = CertificateFactory.getInstance("X.509");// Get ContentInfo//byte[] signature = ... // PKCS#7 signature bytesInputStream signatureIn = new ByteArrayInputStream(signature);DERObject obj = new ASN1InputStream(signatureIn).readObject();ContentInfo contentInfo = ContentInfo.getInstance(obj);// Extract certificatesSignedData signedData = SignedData.getInstance(contentInfo.getContent());Enumeration certificates = signedData.getCertificates().getObjects();// Build certificate pathList certList = new ArrayList();while (certificates.hasMoreElements()) {    DERObject certObj = (DERObject) certificates.nextElement();    InputStream in = new ByteArrayInputStream(certObj.getDEREnpred());    certList.add(cf.generateCertificate(in));}CertPath certPath = cf.generateCertPath(certList);// Load key store//String keyStorePath = ...KeyStore keyStore = KeyStore.getInstance("JKS");keyStore.load(new FileInputStream(keyStorePath), null);// Set validation parametersPKIXParameters params = new PKIXParameters(keyStore);params.setRevocationEnabled(false); // to avoid exception on empty CRL// Validate certificate pathCertPathValidator validator = CertPathValidator.getInstance("PKIX");CertPathValidatorResult result = validator.validate(certPath, params);

validate()

如果验证失败，将抛出异常。

文档：

ASN1Set

，

ContentInfo

，

SignedData

。其他所有外来名称和相关文档都可以在中找到

java.security.cert

。

这里没有SUN依赖项，仅需要BouncyCastle提供程序库。