Thanks very much, it works now! At least i got a valid PKCS7
file....not yet a valid S/MIME message, but i think i'll be keen to
make it work....as i said, thx very much.
"Rodrigue Butaye" <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> Hi,
>
> I think the problem is this line : sDigestAlg.addElement(new
> PrintableString("SHA1")); //algoritmo
> and the object to transfer must be(I think) a contentInfo.
>
> By the way, you don't know how to find the path to the configdir of the
> current user(with netscape and
> mozilla, I want to do an applet which will access the keystore of the user)?
>
> Here is a portion code(sorry but all this code was a trial so it's not clean
> :-) ), if it can help you :
>
> //TRY TO CONSTRUCT A PKCS7 OBJECT
> //BonCertificat is a certificate that I get from the keystore
> byte[] derCert = BonCertificat.getEncoded();//obtient l'encodage DER
> org.mozilla.jss.pkix.cert.Certificate cert
> =(org.mozilla.jss.pkix.cert.Certificate)ASN1Util.decode(org.mozilla.jss.pkix
> .cert.Certificate.getTemplate(),derCert);
> Name issuerName = cert.getInfo().getIssuer();
> byte[] derIssuer = ASN1Util.encode(issuerName);
>
> MessageDigest md =
> MessageDigest.getInstance(DigestAlgorithm.SHA1.toString());
> byte[] messageDigest = md.digest(data);
>
> ContentInfo ci = new ContentInfo(data);
>
> IssuerAndSerialNumber iasn=new IssuerAndSerialNumber(issuerName,new
> INTEGER(BonCertificat.getSerialNumber()));
>
> SET authenticatedAttributes = null;
> SET unauthenticatedAttributes = null;
>
> OBJECT_IDENTIFIER contentType = ContentInfo.DATA;
> SignatureAlgorithm signingAlg
> =SignatureAlgorithm.RSASignatureWithSHA1Digest;
> SignerInfo si = new SignerInfo(iasn,
> authenticatedAttributes,
> unauthenticatedAttributes, contentType,
> messageDigest,
> signingAlg,(org.mozilla.jss.crypto.PrivateKey) pk);
>
>
> SET digestAlgorithms = null;
> digestAlgorithms = new SET();
> digestAlgorithms.addElement(new
> AlgorithmIdentifier(DigestAlgorithm.SHA1.toOID()));
>
> SET certificates = null;
>
> SET signers = null;
>
> SET crls = null;
>
> certificates = new SET();
> certificates.addElement( new ANY(BonCertificat.getEncoded()) );
> X509Certificate[] certChain=ksh.getCertificateChain(BonCertificat);
> certificates.addElement(new ANY(certChain[1].getEncoded()));
> //for(int i=certChain.length;i>0;--i){
> // System.out.println(i);
> // certificates.addElement(new ANY(certChain[i-1].getEncoded()));
> //}
>
> signers = new SET();
> signers.addElement(si);
> SignedData sd = new SignedData(digestAlgorithms, ci,certificates, crls,
> signers);
>
>
> ContentInfo cisd=new ContentInfo(sd);// the final object
>
>
>
>
>
> "G. Rodr�guez" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > I got quite the same problem. My source code is the following:
> >
> > private byte[] signData(byte[] abIn, X509Certificate x5cCert)
> > throws Exception{
> >
> > SignedData sdDataOut = null;
> > SET sDigestAlg = new SET();
> > ContentInfo ciData = null;
> > SET sCerts = new SET();
> > SET sCRLs = null;
> > SET sSignerList = new SET();
> > SignerInfo siSigner = null;
> > MessageDigest md = null;
> > Name nName = new Name();
> >
> > sDigestAlg.addElement(new PrintableString("SHA1")); //algoritmo
> > ciData = new ContentInfo(abIn); //datos a firmar
> >
> > X509Certificate[] xCerts = this.m_cmManager.buildCertificateChain(
> > x5cCert );
> > for(int i=0; i<xCerts.length;i++){
> > sCerts.addElement(new ANY(xCerts[i].getEncoded())); //cert
> > firmador
> > }
> >
> > nName.addCommonName(x5cCert.getIssuerDN().getName());
> > nName.addCommonName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> > "CN="));
> > nName.addCountryName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> > "C="));
> >
> nName.addOrganizationName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> > "O="));
> >
> nName.addOrganizationalUnitName(getSubStrDN(x5cCert.getIssuerDN().toString()
> ,
> > "OU="));
> > nName.addLocalityName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> > "L="));
> >
> nName.addStateOrProvinceName(getSubStrDN(x5cCert.getIssuerDN().toString(),
> > "ST="));
> >
> > md = MessageDigest.getInstance("SHA1");
> > siSigner = new SignerInfo(new IssuerAndSerialNumber(nName, new
> > INTEGER(x5cCert.getSerialNumber())), //issuerAndSerialNumber
> > null, //authenticatedAttributes
> > null, //unauthenticatedAttributes
> > ContentInfo.DATA, //content type
> > md.digest(abIn), //digest del mensaje
> >
> > SignatureAlgorithm.RSASignatureWithSHA1Digest, //algoritmo
> >
> > this.m_cmManager.findPrivKeyByCert(x5cCert)); //clave privada
> > sSignerList.addElement(siSigner); //info del firmador
> > sdDataOut = new SignedData(sDigestAlg, ciData, sCerts, sCRLs,
> > sSignerList);
> >
> > ByteArrayOutputStream baos = new ByteArrayOutputStream();
> > sdDataOut.encode(baos);
> >
> > /* i've tried the following too:
> > ContentInfo ci = new ContentInfo(sdDataOut);
> > ci.encode(baos);
> > */
> >
> > return baos.toByteArray();
> > }
> >
> > Any difference with your code, can anyone find out what i'm doing
> > wrong?
> >
> > Ivan Brozovic <[EMAIL PROTECTED]> wrote in message
> news:<[EMAIL PROTECTED]>...
> > > Does anybody have working example of creating pkcs7 digital signature
> > > in java using JSS ?
> > >
> > > Please send it on my email or on this newsgroup.
> > >
> > > I just can't create valid pkcs7 file. Program finish successfuly but
> > > pkcs7 parsing using openssl fails.
> > >
> > > asn1parse shows different structure comparing to pkcs7 file generated by
> > > openssl utility.
> > >
> > > I don't know what I'm doing wrong.
> > >
> > > Thanks
