Re: example of creating pkcs7 signature using JSS

Fri, 15 Aug 2003 10:51:45 -0700 

Hi,

I think the problem is this line : sDigestAlg.addElement(new
PrintableString("SHA1")); //algoritmo
and the object to transfer must be(I think) a contentInfo.

By the way, you don't know how to find the path to the configdir of the
current user(with netscape and
mozilla, I want to do an applet which will access the keystore of the user)?

Here is a portion code(sorry but all this code was a trial so it's not clean
:-) ), if it can help you :

    //TRY TO CONSTRUCT A PKCS7 OBJECT
//BonCertificat is a certificate that I get from the keystore
   byte[] derCert = BonCertificat.getEncoded();//obtient l'encodage DER
   org.mozilla.jss.pkix.cert.Certificate cert
=(org.mozilla.jss.pkix.cert.Certificate)ASN1Util.decode(org.mozilla.jss.pkix
.cert.Certificate.getTemplate(),derCert);
   Name issuerName = cert.getInfo().getIssuer();
   byte[] derIssuer = ASN1Util.encode(issuerName);

  MessageDigest md =
MessageDigest.getInstance(DigestAlgorithm.SHA1.toString());
  byte[] messageDigest = md.digest(data);

   ContentInfo ci = new ContentInfo(data);

   IssuerAndSerialNumber iasn=new IssuerAndSerialNumber(issuerName,new
INTEGER(BonCertificat.getSerialNumber()));

   SET authenticatedAttributes = null;
   SET unauthenticatedAttributes = null;

   OBJECT_IDENTIFIER contentType = ContentInfo.DATA;
   SignatureAlgorithm signingAlg
=SignatureAlgorithm.RSASignatureWithSHA1Digest;
   SignerInfo si = new SignerInfo(iasn,
                      authenticatedAttributes,
                       unauthenticatedAttributes, contentType,
                       messageDigest,
                       signingAlg,(org.mozilla.jss.crypto.PrivateKey) pk);


     SET digestAlgorithms = null;
    digestAlgorithms = new SET();
    digestAlgorithms.addElement(new
AlgorithmIdentifier(DigestAlgorithm.SHA1.toOID()));

    SET certificates = null;

    SET signers = null;

    SET crls = null;

    certificates = new SET();
    certificates.addElement( new ANY(BonCertificat.getEncoded()) );
    X509Certificate[] certChain=ksh.getCertificateChain(BonCertificat);
    certificates.addElement(new ANY(certChain[1].getEncoded()));
    //for(int i=certChain.length;i>0;--i){
     // System.out.println(i);
     // certificates.addElement(new ANY(certChain[i-1].getEncoded()));
    //}

    signers = new SET();
    signers.addElement(si);
    SignedData sd = new SignedData(digestAlgorithms, ci,certificates, crls,
signers);


   ContentInfo cisd=new ContentInfo(sd);// the final object





"G. Rodr�guez" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I got quite the same problem. My source code is the following:
>
>   private byte[] signData(byte[] abIn, X509Certificate x5cCert)
>     throws Exception{
>
>     SignedData sdDataOut = null;
>     SET sDigestAlg = new SET();
>     ContentInfo ciData = null;
>     SET sCerts = new SET();
>     SET sCRLs = null;
>     SET sSignerList = new SET();
>     SignerInfo siSigner = null;
>     MessageDigest md = null;
>     Name nName = new Name();
>
>     sDigestAlg.addElement(new PrintableString("SHA1")); //algoritmo
>     ciData = new ContentInfo(abIn); //datos a firmar
>
>     X509Certificate[] xCerts = this.m_cmManager.buildCertificateChain(
> x5cCert );
>     for(int i=0; i<xCerts.length;i++){
>       sCerts.addElement(new ANY(xCerts[i].getEncoded())); //cert
> firmador
>     }
>
>     nName.addCommonName(x5cCert.getIssuerDN().getName());
>     nName.addCommonName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> "CN="));
>     nName.addCountryName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> "C="));
>
nName.addOrganizationName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> "O="));
>
nName.addOrganizationalUnitName(getSubStrDN(x5cCert.getIssuerDN().toString()
,
> "OU="));
>     nName.addLocalityName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> "L="));
>
nName.addStateOrProvinceName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> "ST="));
>
>     md = MessageDigest.getInstance("SHA1");
>     siSigner = new SignerInfo(new IssuerAndSerialNumber(nName, new
> INTEGER(x5cCert.getSerialNumber())), //issuerAndSerialNumber
>                               null, //authenticatedAttributes
>                               null, //unauthenticatedAttributes
>                               ContentInfo.DATA, //content type
>                               md.digest(abIn), //digest del mensaje
>
> SignatureAlgorithm.RSASignatureWithSHA1Digest, //algoritmo
>
> this.m_cmManager.findPrivKeyByCert(x5cCert)); //clave privada
>     sSignerList.addElement(siSigner); //info del firmador
>     sdDataOut = new SignedData(sDigestAlg, ciData, sCerts, sCRLs,
> sSignerList);
>
>     ByteArrayOutputStream baos = new ByteArrayOutputStream();
>     sdDataOut.encode(baos);
>
>     /* i've tried the following too:
>     ContentInfo ci = new ContentInfo(sdDataOut);
>     ci.encode(baos);
>     */
>
>     return baos.toByteArray();
>   }
>
>   Any difference with your code, can anyone find out what i'm doing
> wrong?
>
> Ivan Brozovic <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> > Does anybody have working example of creating pkcs7 digital signature
> > in java using JSS ?
> >
> > Please send it on my email or on this newsgroup.
> >
> > I just can't create valid pkcs7 file. Program finish successfuly but
> > pkcs7 parsing using openssl fails.
> >
> > asn1parse shows different structure comparing to pkcs7 file generated by
> > openssl utility.
> >
> > I don't know what I'm doing wrong.
> >
> > Thanks

Reply via email to