ssl 尝试使用pkijs验证CMS签名时出错

hmtdttj4 于 5个月前发布在其他

关注(0)|答案(1)|浏览(62)

我试图veryfy一个CMS签名创建与开放的SSL像这样：
第一个月
下面是我使用pkijs的代码：

import * as pkijs from "../src/shared/vendor/pkijs/index.es.js";
import * as pvtsutils from "../src/shared/vendor/pvtsutils/index.es.js";

function decodePEM(pem: string, tag = "[A-Z0-9 ]+"): ArrayBuffer[] {
  const pattern = new RegExp(
    `-{5}BEGIN ${tag}-{5}([a-zA-Z0-9=+\\/\\n\\r]+)-{5}END ${tag}-{5}`,
    "g",
  );

  const res: ArrayBuffer[] = [];
  let matches: RegExpExecArray | null = null;
  // eslint-disable-next-line no-cond-assign
  while ((matches = pattern.exec(pem))) {
    const base64 = matches[1]
      .replace(/\r/g, "")
      .replace(/\n/g, "");
    res.push(pvtsutils.Convert.FromBase64(base64));
  }

  return res;
}

const buffer = pvtsutils.BufferSourceConverter.toArrayBuffer(await Deno.readFile("./domain.pem"));
const pem = pvtsutils.Convert.ToBinary(buffer);
const certificate = pkijs.Certificate.fromBER(decodePEM(pem, "CERTIFICATE")[0]) as pkijs.Certificate;

//const publicKey = await certificate.getPublicKey();

//console.log(publicKey);
//console.log(certificate.signatureAlgorithm);

const cms = pkijs.ContentInfo.fromBER(await Deno.readFile("./signature"));
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [certificate],
});

console.log(ok);

字符串
证书被正确读取和解析，以及SignedData，但它在signedData.verify失败，并出现以下错误：

error: Uncaught (in promise) SignedDataVerifyError: Missed detached data input array
                    throw new SignedDataVerifyError({

型
我哪里做错了？

ssl

来源：https://stackoverflow.com/questions/77542305/error-trying-to-verify-cms-signature-with-pkijs

1条答案

按热度按时间

yx2lnoni1#

好吧，我的错......我只是忘了提供数据来验证签名......

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [certificate],
  data: await Deno.readFile("./README.md")
});

字符串

赞(0）回复(0）举报 5个月前

我来回答

ssl 尝试使用pkijs验证CMS签名时出错

1条答案

相关问题

热门标签

最新问答