2

I am using bcprov-jdk16-1.46.jar and bcmail-jdk16-1.46.jar to verify the signature embedded inside a JSON file. Code is as below:

try
{
  Security.addProvider(new BouncyCastleProvider());
  InputStream objInputStream= new ByteArrayInputStream(signData);

  CMSSignedData objCMSSignedData =null;
  CMSProcessableByteArray cms_data = new CMSProcessableByteArray(actualData);
  objCMSSignedData= new CMSSignedData(cms_data,objInputStream);

  CertStore certs = objCMSSignedData.getCertificatesAndCRLs("Collection", "BC");
  SignerInformationStore signers = objCMSSignedData.getSignerInfos();
  Collection<?> c = signers.getSigners();
  Iterator<?> it = c.iterator();
  while(it.hasNext()) 
  {
    X509Certificate cert = null;
    SignerInformation signer = (SignerInformation)it.next();
    Collection<?> certCollection = certs.getCertificates(signer.getSID());  
    if(!certCollection.isEmpty())
    {
      for(Iterator<?> certIt = certCollection.iterator(); certIt.hasNext();)
      {
        cert = (X509Certificate)certIt.next();  

        PublicKey publicKey = cert.getPublicKey();
        String str=new String(publicKey.getEncoded());

        String sha256hex = DigestUtils.sha256Hex(new String(Base64.encodeBase64(publicKey.getEncoded())));

        if(verfiyHexadecimalKey(sha256hex,entityid) {//end
          if(signer.verify(publicKey, "BC"))
          {
            verified =true;
            verifyCounter++;
          }
          else{
            verifyCounter=0;
          }
        }
      }
    }
  }
}

On executing this code as a runnable jar on one of my servers, I am getting

"java.lang.NoSuchFieldError: id_TA_ECDSA_SHA_1" at line objCMSSignedData= new CMSSignedData(cms_data,objInputStream);

But on executing the same code on Eclipse the signature is verified successfully.
Help me in resolving this issue.

Aleks Andreev
  • 7,016
  • 8
  • 29
  • 37
Nayana Shekar C
  • 111
  • 2
  • 6
  • This is a runtime error probably due to then bouncycastle versions used to compile and execute are different – pedrofb Mar 18 '18 at 10:13
  • I have configured bouncy castle jars in the build path of the project in eclipse and creating a runnable jar in eclipse with all the dependency jars packed in it. – Nayana Shekar C Mar 19 '18 at 04:38
  • Bouncycastle jars are signed because is required to install the cryptographic provider. If you repack the classes in a jar, the signature is broken and the BouncycastleProvider will not be able to install. Install bouncycastle's jars separately – pedrofb Mar 19 '18 at 07:26
  • Thanks @pedrofb. Added local_policy.jar and US_export_policy.jar in jdk/jre/lib/security. This solved the issue – Nayana Shekar C Apr 05 '18 at 11:28

0 Answers0