Closed
Bug 193545
Opened 22 years ago
Closed 2 years ago
The org.mozilla.jss.pkcs7.SignedAndEnvelopedData class constructor don't put the Context-specific Tags for Certificates e CRLs SETs as defined in the Template
Categories
(JSS Graveyard :: Library, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: egonrp, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2.1) Gecko/20021130 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2.1) Gecko/20021130 Hi! Take a look in the Template constructor of org.mozilla.jss.pkcs7.SignedAndEnvelopedData class: // public Template() { seqt = new SEQUENCE.Template(); seqt.addElement(INTEGER.getTemplate()); seqt.addElement(new SET.OF_Template(RecipientInfo.getTemplate())); seqt.addElement(new SET.OF_Template( AlgorithmIdentifier.getTemplate()) ); seqt.addElement(EncryptedContentInfo.getTemplate()); seqt.addOptionalElement(new Tag(0), new SET.OF_Template(ANY.getTemplate())); seqt.addOptionalElement(new Tag(1), new SET.OF_Template(ANY.getTemplate())); seqt.addElement(new SET.OF_Template(SignerInfo.getTemplate())); } // and now at org.mozilla.jss.pkcs7.SignedAndEnvelopedData class constructor: sequence = new SEQUENCE(); sequence.addElement(version); sequence.addElement(recipientInfos); sequence.addElement(digestAlgorithms); sequence.addElement(encryptedContentInfo); if( certificates!=null ) { sequence.addElement(certificates); //fixing... -> sequence.addElement(new Tag(0), certificates); } if( crls!=null ) { sequence.addElement(crls); //fixing... -> sequence.addElement(new Tag(1), crls); } sequence.addElement( signerInfos ); This causes the wrong encoding of signed-and-enveloped-data message when a certificate is added to certificates SET. The PKCS #7 message is encoded without any error message, but the decoding operation fails. A workaround maybe the use of alternative functions to encode and instantiate the object SignedAndEnvelopedData: //to encode SignedAndEnvelopedData public static byte[] encodeSignedAndEnvelopedData(SignedAndEnvelopedData signedAndEnvelopedData) throws Exception { SEQUENCE sequence = new SEQUENCE(); sequence.addElement(signedAndEnvelopedData.getVersion()); sequence.addElement(signedAndEnvelopedData.getRecipientInfos()); sequence.addElement(signedAndEnvelopedData.getDigestAlgorithms()); sequence.addElement(signedAndEnvelopedData.getEncryptedContentInfo()); if( signedAndEnvelopedData.getCertificates()!=null ) { sequence.addElement(new Tag(0), signedAndEnvelopedData.getCertificates()); } if( signedAndEnvelopedData.getCrls()!=null ) { sequence.addElement(new Tag(1), signedAndEnvelopedData.getCrls()); } sequence.addElement( signedAndEnvelopedData.getSignerInfos() ); return ASN1Util.encode(sequence); } //to get a instance of SignedAndEnvelopedData public static SignedAndEnvelopedData getSignedAndEnvelopedDataInstance( INTEGER version, SET recipientInfos, SET digestAlgorithms, EncryptedContentInfo encryptedContentInfo, SET certificates, SET crls, SET signerInfos ) throws Exception { if( version==null || recipientInfos==null || digestAlgorithms==null || encryptedContentInfo==null || signerInfos==null ) { throw new IllegalArgumentException( "SignedAndEnvelopedData constructor parameter is null"); } SEQUENCE sequence = new SEQUENCE(); sequence.addElement(version); sequence.addElement(recipientInfos); sequence.addElement(digestAlgorithms); sequence.addElement(encryptedContentInfo); if( certificates!=null ) { sequence.addElement(new Tag(0), certificates); } if( crls!=null ) { sequence.addElement(new Tag(1), crls); } sequence.addElement( signerInfos ); byte encData[] = ASN1Util.encode(sequence); ByteArrayInputStream bis = new ByteArrayInputStream(encData); SignedAndEnvelopedData ret = (SignedAndEnvelopedData) new SignedAndEnvelopedData.Template().decode(bis); return ret; } Reproducible: Always Steps to Reproduce: 1. 2. 3. Libraries and JVM: JSS 3.3, NSS 3.6/3.7.1, NSPR 4.2.2 and java 1.3.1_06.
Updated•17 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Updated•17 years ago
|
QA Contact: jamie-bugzilla → jss-qa
Updated•14 years ago
|
Assignee: jamie-bugzilla → nobody
Comment 1•2 years ago
|
||
JSS development has moved from the Mozilla community to the Dogtag PKI community. Please re-file this bug at https://github.com/dogtagpki/jss if it is still relevant. Thank you!
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•