服务器端的BouncyCastle与Android手机作为客户端 [英] BouncyCastle on the server side with Android phones as clients

问题描述

我目前在让BouncyCastle工作时遇到一些困难。现在正在搜索这几天，所以我希望你能提供任何有用的见解。

I'm currently having some difficulties with getting BouncyCastle to work. Been searching on this for a couple of days now, so I'm hoping you can provide any helpful insights.

这是设置。使用REST协议，Android客户端将POST消息发送到服务器。我用表示这些消息的类创建了一个单独的项目，以便我可以将它作为库包含在客户端和服务器上。消息对象首先被解析为JSON字符串，然后在服务器上进行解释。

Here's the set-up. Using REST-protocol, the Android-client sends POST-messages to the server. I made a separate project with classes representing these messages, so that I can include this as a library on both the client and the server. The message-objects are first parsed to a JSON-string and afterwards interpreted on the server.

为了数据完整性，消息包含数字签名（DSA） ）。我在之前的关于公钥交换的问题上提出了一个问题。我得到的答案很有帮助，因为这似乎可以正常工作。

For the sake of data-integrity, a message contains a digital signature (DSA). I asked a question on this issue earlier about the exchange of the public key. The answer I got was helpful, as this seems to work correctly.

然而，验证仍然失败。 Nikolay Elenkov在另一个帖子中的回答提到了一个可能的原因：顺便说一句，如果你与一个提供商打交道可能会更容易，所以你可能也想在服务器上使用Bouncy Castle。这是我遇到麻烦的地方（因为它是一个不同的问题，我为此制作了一个新主题）

However, the verification keeps on failing. Nikolay Elenkov's answer in the other thread mentions a possible cause: "BTW, it will probably be easier if you are dealing with a single provider, so you might want to use Bouncy Castle on the server as well." This is where I'm getting trouble (and since it is kind of a different issue, I made a new topic for this)

这里是代码的摘录message-class（来自公共库）：

Here's an excerpt of the code from the message-class (from the common library):

import org.bouncycastle.jce.provider.BouncyCastleProvider;

// ....

private byte[] signature;

// ....

public void sign(DSAPrivateKey key) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    Signature signer = Signature.getInstance("SHA1withDSA");
    signer.initSign(key);
    signer.update(this.toByteArray());
    this.signature = signer.sign();
}

public boolean verifySignature(DSAPublicKey key) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    Signature signer = Signature.getInstance("SHA1withDSA");
    signer.initVerify(key);
    signer.update(this.toByteArray());
    return (signer.verify(this.signature));
}

我收录了 bcprov-jdk15on-147.jar 在每个项目的类路径中：在客户端（不认为这是必要的，但谁知道），在协议项目和服务器项目中。

I included the bcprov-jdk15on-147.jar in the classpath of each project: on the client (don't think that was necessary, but who knows), in the protocol-project and in the server-project.

服务器似乎无法处理它，因为我得到的异常显然对于BouncyCastle来说很常见：

The server seems not to be able to deal with it, as I am getting an exception that is apparently kind of common for BouncyCastle:

java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389)
at java.lang.Class.getConstructor0(Class.java:2699)
at java.lang.Class.getDeclaredConstructor(Class.java:1985)
at com.google.gson.internal.ConstructorConstructor.newDefaultConstructor(ConstructorConstructor.java:82)
at com.google.gson.internal.ConstructorConstructor.getConstructor(ConstructorConstructor.java:66)
at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory.create(ReflectiveTypeAdapterFactory.java:71)
at com.google.gson.Gson.getAdapter(Gson.java:353)
at com.google.gson.Gson.fromJson(Gson.java:754)

下一行是对message-class的gson.fromJson（）调用。

The next line being the gson.fromJson() call for the message-class.

我应该提到的最后一件事是我正在使用Apache Felix服务器在Mac OS X上工作。如果项目完成，服务器模块应该可以轻松移植到另一台机器上。

Last thing I should mention is that I am working on Mac OS X with Apache Felix server. The server module should be easily portable to another machine if the project is finished.

那么，我哪里出错？感谢您提供任何帮助。

So, where am I going wrong? Thanks for any help already.

推荐答案

Apache Felix是一个OSGi环境。因此，正确的方法是将必要的BouncyCastle包作为依赖项添加到您的包中，并将BouncyCastle JAR安装为Bundle。

Apache Felix is an OSGi environment. Therefore the correct way would be to add the necessary BouncyCastle packages as dependencies to your bundle and install the BouncyCastle JAR as Bundle.

大约一年左右，BouncyCastle JAR文件已经是正确的捆绑包 - 它们已经在MANIFEST.MF中包含了所有必要的数据。

Since about a year or so the BouncyCastle JAR files are already correct bundles - they already include all the necessary data in the MANIFEST.MF.

这篇关于服务器端的BouncyCastle与Android手机作为客户端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！