Re: example of creating pkcs7 signature using JSS

[G. Rodr�guez]

I got quite the same problem. My source code is the following:

  private byte[] signData(byte[] abIn, X509Certificate x5cCert)
    throws Exception{

    SignedData sdDataOut = null;
    SET sDigestAlg = new SET();
    ContentInfo ciData = null;
    SET sCerts = new SET();
    SET sCRLs = null;
    SET sSignerList = new SET();
    SignerInfo siSigner = null;
    MessageDigest md = null;
    Name nName = new Name();
    
    sDigestAlg.addElement(new PrintableString("SHA1")); //algoritmo
    ciData = new ContentInfo(abIn); //datos a firmar
    
    X509Certificate[] xCerts = this.m_cmManager.buildCertificateChain(
x5cCert );
    for(int i=0; i<xCerts.length;i++){
      sCerts.addElement(new ANY(xCerts[i].getEncoded())); //cert
firmador
    }
    
    nName.addCommonName(x5cCert.getIssuerDN().getName());
    nName.addCommonName(getSubStrDN(x5cCert.getIssuerDN().toString(),
"CN="));
    nName.addCountryName(getSubStrDN(x5cCert.getIssuerDN().toString(),
"C="));
    nName.addOrganizationName(getSubStrDN(x5cCert.getIssuerDN().toString(),
"O="));
    nName.addOrganizationalUnitName(getSubStrDN(x5cCert.getIssuerDN().toString(),
"OU="));
    nName.addLocalityName(getSubStrDN(x5cCert.getIssuerDN().toString(),
"L="));
    nName.addStateOrProvinceName(getSubStrDN(x5cCert.getIssuerDN().toString(),
"ST="));

    md = MessageDigest.getInstance("SHA1");
    siSigner = new SignerInfo(new IssuerAndSerialNumber(nName, new
INTEGER(x5cCert.getSerialNumber())), //issuerAndSerialNumber
                              null, //authenticatedAttributes
                              null, //unauthenticatedAttributes
                              ContentInfo.DATA, //content type
                              md.digest(abIn), //digest del mensaje
                             
SignatureAlgorithm.RSASignatureWithSHA1Digest, //algoritmo
                             
this.m_cmManager.findPrivKeyByCert(x5cCert)); //clave privada
    sSignerList.addElement(siSigner); //info del firmador
    sdDataOut = new SignedData(sDigestAlg, ciData, sCerts, sCRLs,
sSignerList);
    
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    sdDataOut.encode(baos);
    
    /* i've tried the following too:
    ContentInfo ci = new ContentInfo(sdDataOut);
    ci.encode(baos);
    */
    
    return baos.toByteArray();
  }

  Any difference with your code, can anyone find out what i'm doing
wrong?

Ivan Brozovic <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> Does anybody have working example of creating pkcs7 digital signature
> in java using JSS ?
> 
> Please send it on my email or on this newsgroup.
> 
> I just can't create valid pkcs7 file. Program finish successfuly but
> pkcs7 parsing using openssl fails.
> 
> asn1parse shows different structure comparing to pkcs7 file generated by
> openssl utility.
> 
> I don't know what I'm doing wrong.
> 
> Thanks