[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] problem with applet and Netscape



It seems to me that I'm a little bit unlucky :( My applet runs fine on
appletviewer, but I still have some problems on Netscape...

The jarfile is ok (well, I guess! :)) and includes every class needed.
(thanks to Mario Luis Peralta and Sridharan Rajalingam!)
Before telling my problem let me show what my applet is supposed to do:
to POST on a https server a file that can be plain text, signed,
encrypted or signed and encrypted.

Everything works fine if I try to POST a plain text, but something
happens when I sign or encrypt the file. This is really strange to me,
because the applet works the same way: it does a POST with file on the
local machine, a plain text in the former case, a encrypted text in the
latter... the encrypted text is created by a class named PKCS7File3 that
gives a method called writeTo... that's the only difference...

Btw, the problem I experience is a cool one: the server create a
temporary file that fills the entire free disk space avaliable! Good way
for a "denial of service" attack!!! :)

Maybe you can check my class to find out if there's something wrong or
strange... (but it works on appletviewer, I can't understand!)

As usual, thanks for your help

Riccardo Conturbia
engineering student at Turin Politecnico
import iaik.security.provider.IAIK;
import iaik.x509.X509Certificate;
import iaik.utils.KeyAndCertificate;
import iaik.java.security.PrivateKey;
import java.io.*;
import iaik.pkcs.pkcs7.SignedAndEnvelopedDataStream;
import iaik.pkcs.pkcs7.SignedDataStream;
import iaik.pkcs.pkcs7.EnvelopedDataStream;
import iaik.pkcs.pkcs7.*;
import iaik.asn1.structures.AlgorithmID;
import iaik.pkcs.pkcs12.*;
import java.awt.*;
import netscape.security.PrivilegeManager;


public class PKCS7File3
{
   String fileIn;
   String fileOut;
   int mode;
   static X509Certificate trustedCA;
   AlgorithmID algoritmoDiCifratura;
   AlgorithmID algoritmoDiFirma;
   PKCS12 signerCertificate;
   PKCS12 recipientCertificate;
   
   PKCS7File3 (String fileSorgente, AlgorithmID algoritmo_di_firma, AlgorithmID algoritmo_di_cifratura, PKCS12 signCert, PKCS12 recCert, int scelta)
   {
      fileIn = fileSorgente;
      mode = scelta;
      algoritmoDiCifratura = algoritmo_di_cifratura;
      algoritmoDiFirma = algoritmo_di_firma;
      signerCertificate = signCert;
      recipientCertificate = recCert;
   }

  

   public void writeTo (String fileDestinazione)
   {
      fileOut = fileDestinazione;   
      IAIK.addAsProvider();

      try
      {
      
         if (SecurityContext.isCapableOf("UniversalFileAccess"))
         {
            PrivilegeManager.enablePrivilege("UniversalFileAccess");
         }
      
         FileInputStream data_is = new FileInputStream(fileIn);

         X509Certificate[] signer_certs = null;
         IssuerAndSerialNumber issuer_and_serialNr = null;
         SignerInfo signer_info = null;
         if (signerCertificate != null)
         {
            CertificateBag[] cb = signerCertificate.getCertificateBags();
            X509Certificate[] cert = CertificateBag.getCertificates(cb);
            KeyBag kb = signerCertificate.getKeyBag();
            KeyAndCertificate kac = new KeyAndCertificate(kb.getPrivateKey(), cert);                  
            PrivateKey privateKey = (iaik.java.security.PrivateKey)kac.getPrivateKey();
            signer_certs = kac.getCertificateChain();
            issuer_and_serialNr = new IssuerAndSerialNumber(signer_certs[0]);
            signer_info = new SignerInfo(issuer_and_serialNr, AlgorithmID.sha, privateKey);
         }  
                  
         RecipientInfo recipient = null;
         if (recipientCertificate!= null)
         {
            CertificateBag[] dest_cb = recipientCertificate.getCertificateBags();
            X509Certificate[] recipient_certs = CertificateBag.getCertificates(dest_cb);
            recipient = new RecipientInfo(recipient_certs[0], algoritmoDiFirma);
         }

         int blockSize = 64; 
         
         if (mode == 1)
         {
            SignedAndEnvelopedDataStream saed = new SignedAndEnvelopedDataStream(data_is, algoritmoDiCifratura);
            saed.setCertificates(signer_certs);
            saed.addSignerInfo(signer_info);
            saed.addRecipientInfo(recipient);
          
            if (SecurityContext.isCapableOf("UniversalFileAccess"))
            {
               PrivilegeManager.enablePrivilege("UniversalFileAccess");
            }
            FileOutputStream encoded_stream = new FileOutputStream(fileOut);
            saed.writeTo(encoded_stream, blockSize);
         }
         else if (mode == 2)
         {
            SignedDataStream sds = new SignedDataStream(data_is, SignedDataStream.IMPLICIT);
            sds.setCertificates(signer_certs);
            sds.addSignerInfo(signer_info);
            if (SecurityContext.isCapableOf("UniversalFileAccess"))
            {
               PrivilegeManager.enablePrivilege("UniversalFileAccess");
            }
            FileOutputStream encoded_stream = new FileOutputStream(fileOut);
            sds.writeTo(encoded_stream, blockSize);
         }
         else if (mode == 0)
         {
            EnvelopedDataStream eds = new EnvelopedDataStream(data_is, algoritmoDiCifratura);
            eds.addRecipientInfo(recipient);
            if (SecurityContext.isCapableOf("UniversalFileAccess"))
            {
               PrivilegeManager.enablePrivilege("UniversalFileAccess");
            }
            FileOutputStream encoded_stream = new FileOutputStream(fileOut);
            eds.writeTo(encoded_stream, blockSize);
         }
                                       
                                 
      }
      catch (Exception e)
      {
         System.out.println(e.getMessage());
         e.printStackTrace();
      }
   }
}