[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Verifying Signature signed by Netscape Communicator 4.xx



Hello,

in contrast to 2.51 the constructor of class ContentInfoStream of IAIK-JCE
2.61 only parses the contentType object identifier and lets the content
itself unparsed. Now an application either can call method getContent for
finishing the decoding or method getContentInputStream for doing the
decoding itsself (which may be used in explicit mode for initializing a
SignedDataStream object with raw message and hash algorithms to be used).
ContentInfoStream of 2.51 does not provide method getContentInputStream and
the inherent (SignedData) object is decoded already when calling the
constructor. Now when calling getContent you get a SignedDataStream object
which cannot be initialized with message and hash algorithms. You have two
options:
calculating the digest value(s) outside and setting the raw data supplying
inputstream and digest value(s) via methods setInputStream and
setMessageDigest:

    ContentInfoStream cis = new ContentInfoStream(encodedStream);
    System.out.println("This ContentInfo holds content of type " +
cis.getContentType().getName());
    SignedDataStream signed_data = (SignedDataStream)cis.getContent();
    // set the data transmitted by other means
    signed_data.setInputStream(new ByteArrayInputStream(message));
    // calculate and set the digest value
    signed_data.setMessageDigest(AlgorithmID.md5, digest);
    ...

An alternative (and more simple) way might be to use class
iaik.security.smime.SMimeSigned of IAIK-S/MIME which extends
SignedDataStream but already does the ContentInfo wrapping and unwrapping
itsself. SMimeSigned can be used in a similar way as SignedDataStream
(please see demo.smime.SMimeStream, explicit mode).

When using PKCS#7 of IAIK-JCE you also may use class SignedData instead of
SignedDataStream; however, be careful not to mix stream and non-stream
classes as in your sample below (ContentInfoStream, SignedData).

Regards,
Dieter Bratko


-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von CHIU,CALVIN-KH
(HP-HongKong,ex1)
Gesendet: Donnerstag, 1. Februar 2001 07:37
An: 'iaik-jce@iaik.at'
Betreff: [iaik-jce] Verifying Signature signed by Netscape Communicator 4.xx
Wichtigkeit: Hoch


Hi there,

I've got the following exception before verifying the signature WHEN USING
IAIK-JCE 2.51:

java.io.IOException: Next ASN.1 object is no SEQUENCE!
        at iaik.asn1.DerInputStream.readSequence(Unknown Source)
        at iaik.pkcs.pkcs7.SignedDataStream.decode(Unknown Source)
        at SecureVerify.verify(SecureVerify.java, Compiled Code)
        at SecureVerify.main(SecureVerify.java:209)

or sometimes it results:

java.io.IOException: Next ASN.1 object is no INTEGER!
        at iaik.asn1.DerInputStream.readInteger(Unknown Source)
        at iaik.pkcs.pkcs7.SignedDataStream.decode(Unknown Source)
        at SecureVerify.verify(SecureVerify.java, Compiled Code)
        at SecureVerify.main(SecureVerify.java:209)

BUT it is quite odd that if I use IAIK-JCE 2.61, everything works fine.
Since I HAVE TO use IAIK-JCE 2.51, anyone can help solve my problem? It's
very urgent...

Here is my code:
//********************************************
   String szContentInfoFile = "Base64 Encoded ContentInfo create by
Netscape";
    byte[] message; // Original data

   FileInputStream fis = new FileInputStream(szContentInfoFile);
   Base64InputStream der = new Base64InputStream(fis);
   ContentInfoStream cis = new ContentInfoStream(der);

   //if (cis.getContentType().equals(ObjectID.pkcs7_signedData)) {

    AlgorithmID []  algIDs   = { AlgorithmID.sha1, AlgorithmID.md5 };
    SignedData signedData  = new SignedData( message, algIDs);

    signedData.decode(der);

    SignerInfo[] signerInfos = signedData.getSignerInfos();

    for (int i=0; i<signerInfos.length; i++) {

         X509Certificate signerCert = signedData.verify(i);

         System.out.println("SecureVerify: SIGNATURE OK from " +
signerCert.getSubjectDN());

    }
   }

//********************************************

Thanks!

Calvin


smime.p7s