0

Code for Pkcs7 generation 

@SuppressWarnings({ "unchecked", "rawtypes" })
public static byte[] createDetachedSignature() throws NoSuchAlgorithmException, NoSuchProviderException, DSCException, InvalidKeyException, SignatureException, CertificateEncodingException, OperatorCreationException, CMSException, IOException{

    //byte[] contentToSign = generateHash("Test".getBytes(Charset.forName("UTF-8"))).getBytes();
    //System.out.println("Original Content :: "+new String(contentToSign));

    DSCUtil.initKeyStore();
    DSCertificate dscCert = DSCUtil.findBySerialNumber(new BigInteger("1396617567"));

    PrivateKey privKey = dscCert.getPrivateKey();
    Signature signature = Signature.getInstance("SHA256WithRSA");
    signature.initSign(privKey);
    signature.update("Test".getBytes(Charset.forName("UTF-8")));

    //X509Certificate cert = dscCert.getCertificate();
   // List certList = new ArrayList();
    CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
    //certList.add(cert);

    Store certs = new JcaCertStore(Arrays.asList(dscCert.getCertChain()));
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").build(privKey);
    gen.addSignerInfoGenerator(
            new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
                    .build(sha1Signer, dscCert.getCertificate()));
    gen.addCertificates(certs);
    CMSSignedData sigData = gen.generate(msg, true);

    //BASE64Encoder encoder = new BASE64Encoder();


    String signedContent = Base64.encodeBase64String((byte[]) sigData.getSignedContent().getContent());
    System.out.println("Signed content: " + signedContent + "\n");

    String envelopedData = Base64.encodeBase64String(sigData.getEncoded());
    System.out.println("Enveloped data: " + envelopedData);


    return envelopedData.getBytes();
}

Code for verification

@SuppressWarnings({ "deprecation", "rawtypes" })
public static boolean verifyTextwithPKCS7(String input, byte[] pkcs7Resp) throws NoSuchAlgorithmException, NoSuchProviderException {
    boolean result = false;
    if (pkcs7Resp.length <= 0) {
        return result;
    }
    //String hash = generateHash(input.getBytes(Charset.forName("UTF-8")));
    try {
        CMSSignedData cms = new CMSSignedData(new CMSProcessableByteArray(input.getBytes()),
                pkcs7Resp);
        System.out.println(new String((byte[]) cms.getSignedContent().getContent()));
        CertStore certStore = cms.getCertificatesAndCRLs("Collection", "BC");
        SignerInformationStore signers = cms.getSignerInfos();
        Collection c = signers.getSigners();
        Iterator it = c.iterator();
        while (it.hasNext()) {
            SignerInformation signer = (SignerInformation) it.next();
            Collection certCollection = certStore.getCertificates(signer.getSID());
            Iterator certIt = certCollection.iterator();
            X509Certificate cert = (X509Certificate) certIt.next();
            result = signer.verify(cert, "BC");
            System.out.println(new String(signer.getContentDigest()));
        }
    } catch (Exception e) {
        e.printStackTrace();
        result = false;
    }
    return result;
}

Please tell me either any problem in Generation of PKCS#7 or in verification process.

if my process is wrong then please suggest me the right mechanism with some code snippet.

halfer
  • 19,824
  • 17
  • 99
  • 186
Rohit Singh
  • 9
  • 2
  • how would we know what DSCUtil etc classes do? you don't even provide the imports. – eis Nov 15 '17 at 21:06
  • DSCUtil is an user defined class used for initialize the keystore and getting certificates from keystotre. – Rohit Singh Nov 16 '17 at 05:36
  • since it is user defined, how would we know if there are any problems with it? code seems a mess, lot of printlns, comments etc - I suggest you make it clearer so it would contain just the parts you want comments about. – eis Nov 16 '17 at 08:11

0 Answers0