[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-jce] Help on pkcs#7 structure



Hello Tito,

If you've generated the PKCS#7 blob from Microsoft's CryptSignMessage(),
then the following code provided to me by Dieter should be able to do a
verification on the PKCS#7 blob as well as return the attached message...I
believe this is also somewhere in the demo directory.


Regards,
Daniel Teng
DSI Corp


import java.io.*;
import java.security.*;

import iaik.asn1.*;
import iaik.asn1.structures.*;
import iaik.pkcs.*;
import iaik.pkcs.pkcs7.*;
import iaik.x509.*;
import iaik.utils.*;
import iaik.security.provider.IAIK;

public class ReadSignedData {

  public static void main(String[] args) {

    try {
      IAIK.addAsProvider();
      byte[] enc = Util.readFile("c:/temp/msg.blob");
      byte[] content = getSignedData(enc, null);
      System.out.println("Content:");
      System.out.println(Util.toString(content));

	  System.out.println("Content of SignedData: "+new String(content));
    } catch (Exception ex) {
      ex.printStackTrace();
    }
    Util.waitKey();
  }

  static byte[] getSignedData(byte[] enc, byte[] message) throws
PKCSException, IOException {

    // create a content info from the ASN.1 object
    ContentInfo ci = new ContentInfo(new ByteArrayInputStream(enc));
    System.out.println("This ContentInfo holds content of type " +
ci.getContentType().getName());

    SignedData signed_data = null;
    if (message == null) {
      //in implicit mode we simply can get the content:
      signed_data = (SignedData)ci.getContent();
    }
    else {
      // explicitly signed; set the data for digesting the message
      AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 };
      try {
         signed_data = new SignedData(message, algIDs);
         // now explicit decode the DER encoded signedData obtained from the
contentInfo:
         signed_data.decode(ci.getContentInputStream());
      } catch (NoSuchAlgorithmException ex) {
         throw new PKCSException(ex.getMessage());
      }
    }

    System.out.println("SignedData contains the following signer
information:");
    SignerInfo[] signer_infos = signed_data.getSignerInfos();

    for (int i=0; i<signer_infos.length; i++) {
      try {
        // verify the signed data using the SignerInfo at index i
        X509Certificate signer_cert = signed_data.verify(i);
        // if the signature is OK the certificate of the signer is returned
        System.out.println("Signature OK from signer:
"+signer_cert.getSubjectDN());
        Attribute signingTime =
signer_infos[i].getAuthenticatedAttribute(ObjectID.signingTime);
        if (signingTime != null) {
          ChoiceOfTime cot = new ChoiceOfTime(signingTime.getValue()[0]);
          System.out.println("This message has been signed at " +
cot.getDate());
        }
        Attribute contentType =
signer_infos[i].getAuthenticatedAttribute(ObjectID.contentType);
        if (contentType != null) {
          System.out.println("The content has PKCS#7 content type " +
contentType.getValue()[0]);
        }
      } catch (SignatureException ex) {
         // if the signature is not OK a SignatureException is thrown
         System.out.println("Signature ERROR from signer:
"+signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).get
SubjectDN());
      } catch (CodingException ex) {
         System.out.println("Attribute decoding error: " + ex.getMessage());
      }
    }

    return signed_data.getContent();
  }


}

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce