From e4bc9b8e76ce4de0c1937c35c11578e43f2d9650 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Wed, 4 Nov 2015 16:30:30 +0100 Subject: [PATCH] test: don't sort pkcs7 ? does that help firefox? --- .../pages/account/certs/Certificates.java | 102 +++++++++++++++++- 1 file changed, 101 insertions(+), 1 deletion(-) diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index 312e7dc6..d97c8b0a 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -2,12 +2,19 @@ package org.cacert.gigi.pages.account.certs; import java.io.IOException; import java.io.PrintWriter; +import java.math.BigInteger; import java.net.URLEncoder; import java.security.GeneralSecurityException; +import java.security.cert.CRLException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.HashMap; +import java.util.HashSet; import java.util.LinkedList; import java.util.Map; +import java.util.Set; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; @@ -27,7 +34,11 @@ import org.cacert.gigi.util.PEM; import sun.security.pkcs.ContentInfo; import sun.security.pkcs.PKCS7; import sun.security.pkcs.SignerInfo; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; import sun.security.x509.AlgorithmId; +import sun.security.x509.X509CRLImpl; +import sun.security.x509.X509CertImpl; public class Certificates extends Page implements HandlesMixedRequest { @@ -138,7 +149,96 @@ public class Certificates extends Page implements HandlesMixedRequest { private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException { LinkedList ll = getChain(c); - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]) { + + @Override + public void encodeSignedData(DerOutputStream out) throws IOException { + DerOutputStream signedData = new DerOutputStream(); + BigInteger version = getVersion(); + AlgorithmId[] digestAlgorithmIds = getDigestAlgorithmIds(); + ContentInfo contentInfo = getContentInfo(); + X509Certificate[] certificates = getCertificates(); + X509CRL[] crls = getCRLs(); + SignerInfo[] signerInfos = getSignerInfos(); + + // version + signedData.putInteger(version); + + // digestAlgorithmIds + signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds); + + // contentInfo + contentInfo.encode(signedData); + + // certificates (optional) + if (certificates != null && certificates.length != 0) { + DerOutputStream sub = new DerOutputStream(); + // cast to X509CertImpl[] since X509CertImpl implements + // DerEncoder + X509CertImpl implCerts[] = new X509CertImpl[certificates.length]; + for (int i = 0; i < certificates.length; i++) { + try { + sub.write(certificates[i].getEncoded()); + } catch (CertificateEncodingException e) { + sub.close(); + throw new IOException(e); + } + if (certificates[i] instanceof X509CertImpl) { + implCerts[i] = (X509CertImpl) certificates[i]; + } else { + try { + byte[] encoded = certificates[i].getEncoded(); + implCerts[i] = new X509CertImpl(encoded); + } catch (CertificateException ce) { + sub.close(); + throw new IOException(ce); + } + } + } + + // Add the certificate set (tagged with [0] IMPLICIT) + // to the signed data + signedData.write((byte) 0xA0, sub); + sub.close(); + } + + // CRLs (optional) + if (crls != null && crls.length != 0) { + // cast to X509CRLImpl[] since X509CRLImpl implements + // DerEncoder + Set implCRLs = new HashSet(crls.length); + for (X509CRL crl : crls) { + if (crl instanceof X509CRLImpl) { + implCRLs.add((X509CRLImpl) crl); + } else { + try { + byte[] encoded = crl.getEncoded(); + implCRLs.add(new X509CRLImpl(encoded)); + } catch (CRLException ce) { + throw new IOException(ce); + } + } + } + + // Add the CRL set (tagged with [1] IMPLICIT) + // to the signed data + signedData.putOrderedSetOf((byte) 0xA1, implCRLs.toArray(new X509CRLImpl[implCRLs.size()])); + } + + // signerInfos + signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos); + + // making it a signed data block + DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray()); + + // making it a content info sequence + ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq); + + // writing out the contentInfo sequence + block.encode(out); + } + + }; return p7; } -- 2.39.2