193545 - The org.mozilla.jss.pkcs7.SignedAndEnvelopedData class constructor don't put the Context-specific Tags for Certificates e CRLs SETs as defined in the Template

Status: RESOLVED WONTFIX

(JSS Graveyard :: Library, defect)

Description

[Egon Rosa Pereira]

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2.1) Gecko/20021130
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2.1) Gecko/20021130

Hi!

Take a look in the Template constructor of
org.mozilla.jss.pkcs7.SignedAndEnvelopedData class:

//
      public Template() {
            seqt = new SEQUENCE.Template();

            seqt.addElement(INTEGER.getTemplate());
            seqt.addElement(new SET.OF_Template(RecipientInfo.getTemplate()));
            seqt.addElement(new SET.OF_Template(
                                    AlgorithmIdentifier.getTemplate()) );
            seqt.addElement(EncryptedContentInfo.getTemplate());
            seqt.addOptionalElement(new Tag(0),
                    new SET.OF_Template(ANY.getTemplate()));
            seqt.addOptionalElement(new Tag(1),
                    new SET.OF_Template(ANY.getTemplate()));
            seqt.addElement(new SET.OF_Template(SignerInfo.getTemplate()));
        }
// 
and now at org.mozilla.jss.pkcs7.SignedAndEnvelopedData class constructor:

        sequence = new SEQUENCE();
        sequence.addElement(version);
        sequence.addElement(recipientInfos);
        sequence.addElement(digestAlgorithms);
        sequence.addElement(encryptedContentInfo);
        if( certificates!=null ) {
            sequence.addElement(certificates);
           //fixing... -> sequence.addElement(new Tag(0), certificates);
        }
        if( crls!=null ) {
            sequence.addElement(crls);
           //fixing... -> sequence.addElement(new Tag(1), crls);
        }
        sequence.addElement( signerInfos );

This causes the wrong encoding of signed-and-enveloped-data message when a
certificate is added to certificates SET. The PKCS #7 message is encoded without
any error message, but the decoding operation fails.

A workaround maybe the use of alternative functions to encode and instantiate
the object SignedAndEnvelopedData:

//to encode SignedAndEnvelopedData 
public static byte[] encodeSignedAndEnvelopedData(SignedAndEnvelopedData
signedAndEnvelopedData) throws Exception {
								
	SEQUENCE sequence = new SEQUENCE();
	sequence.addElement(signedAndEnvelopedData.getVersion());
	sequence.addElement(signedAndEnvelopedData.getRecipientInfos());
	sequence.addElement(signedAndEnvelopedData.getDigestAlgorithms());
	sequence.addElement(signedAndEnvelopedData.getEncryptedContentInfo());
	if( signedAndEnvelopedData.getCertificates()!=null ) {
		sequence.addElement(new Tag(0), signedAndEnvelopedData.getCertificates());
	}
	if( signedAndEnvelopedData.getCrls()!=null ) {
		sequence.addElement(new Tag(1), signedAndEnvelopedData.getCrls());
	}
	sequence.addElement( signedAndEnvelopedData.getSignerInfos() );

	return ASN1Util.encode(sequence);

}

//to get a instance of SignedAndEnvelopedData
public static SignedAndEnvelopedData getSignedAndEnvelopedDataInstance(
							INTEGER version,
							SET recipientInfos,
							SET digestAlgorithms,
							EncryptedContentInfo encryptedContentInfo,
							SET certificates,
							SET crls,
							SET signerInfos
							) throws Exception {
								
								
	if( version==null || recipientInfos==null || digestAlgorithms==null
		|| encryptedContentInfo==null || signerInfos==null ) {
		throw new IllegalArgumentException(
			"SignedAndEnvelopedData constructor parameter is null");
	}

								
	SEQUENCE sequence = new SEQUENCE();
	sequence.addElement(version);
	sequence.addElement(recipientInfos);
	sequence.addElement(digestAlgorithms);
	sequence.addElement(encryptedContentInfo);
	if( certificates!=null ) {
		sequence.addElement(new Tag(0), certificates);
	}
	if( crls!=null ) {
		sequence.addElement(new Tag(1), crls);
	}
	sequence.addElement( signerInfos );

	
	byte encData[] = ASN1Util.encode(sequence);
	ByteArrayInputStream bis = new ByteArrayInputStream(encData);
	SignedAndEnvelopedData ret = (SignedAndEnvelopedData) new
SignedAndEnvelopedData.Template().decode(bis);
	
	return ret;

}



Reproducible: Always

Steps to Reproduce:
1.
2.
3.




Libraries and JVM: JSS 3.3, NSS 3.6/3.7.1, NSPR 4.2.2 and java 1.3.1_06.

Comment 1

[BMO Automation]

JSS development has moved from the Mozilla community to the Dogtag PKI community. Please re-file this bug at https://github.com/dogtagpki/jss if it is still relevant. Thank you!