PKCS7 customization

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS7 customization

Jason Pyeron
I am likely going about this the wrong way, but this is what got the results I needed. What is the most proper way to customize the entries in the PKCS#7 (see example below) or what are the BC standards so I may submit a patch (see current implementation patch below against bcpkix-jdk15on-1.61).

-Jason Pyeron

[some tweaks for email have been made...]

commit c463688f016085e0de8acb1ac4a71fc48f990f58
Author: Jason Pyeron <[hidden email]>
Date:   Fri Nov 29 11:51:52 2019 -0500

    bug 1913 - PKCS7 structure matches Acrobat Reader DC

diff --git a/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
index d635a761..4ee9fdbc 100755
--- a/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
+++ b/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
@@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.BEROctetString;
 import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
 import org.bouncycastle.asn1.cms.SignedData;
@@ -68,17 +69,39 @@ public class CMSSignedDataGenerator
         return generate(content, false);
     }
 
+    /**
+     * Hack!
+     *
+     * @param content
+     * @param encapsulate
+     * @return
+     * @throws CMSException
+     * @see {@link #generate(CMSTypedData, boolean)}
+     */
+    public CMSSignedData generate(
+            // FIXME Avoid accessing more than once to support CMSProcessableInputStream
+            CMSTypedData content, boolean encapsulate) throws CMSException
+    {
+        return generate(content, encapsulate, null);
+    }
+
+    public interface AttributeFilter
+    {
+        AttributeTable filter(AttributeTable signed, SignerInfoGenerator signerInfoGenerator);
+    }
+
     /**
      * Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have encapsulated data, depending on the value
      * of the encapsulated parameter.
      *
      * @param content the content to be signed.
      * @param encapsulate true if the content should be encapsulated in the signature, false otherwise.
+     * @param attributeFilter a call back to modify attributes
      */
     public CMSSignedData generate(
         // FIXME Avoid accessing more than once to support CMSProcessableInputStream
         CMSTypedData content,
-        boolean encapsulate)
+            boolean encapsulate, AttributeFilter attributeFilter)
         throws CMSException
     {
         if (!signerInfs.isEmpty())
@@ -174,7 +197,7 @@ public class CMSSignedDataGenerator
         for (Iterator it = signerGens.iterator(); it.hasNext();)
         {
             SignerInfoGenerator sGen = (SignerInfoGenerator)it.next();
-            SignerInfo inf = sGen.generate(contentTypeOID);
+            SignerInfo inf = sGen.generate(contentTypeOID, attributeFilter);
 
             digestAlgs.add(inf.getDigestAlgorithm());
             signerInfos.add(inf);
diff --git a/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
index a233ec46..cee7c285 100755
--- a/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
+++ b/cresaptown-approval-frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
@@ -168,6 +168,12 @@ public class SignerInfoGenerator
     }
 
     public SignerInfo generate(ASN1ObjectIdentifier contentType)
+            throws CMSException
+    {
+        return generate(contentType, null);
+    }
+
+    public SignerInfo generate(ASN1ObjectIdentifier contentType, CMSSignedDataGenerator.AttributeFilter attributeFilter)
         throws CMSException
     {
         try
@@ -193,7 +199,7 @@ public class SignerInfoGenerator
                 calculatedDigest = digester.getDigest();
                 Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), digestEncryptionAlgorithm, calculatedDigest);
                 AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
-
+                if (attributeFilter != null) signed = attributeFilter.filter(signed, this);
                 signedAttr = getAttributeSet(signed);
 
                 // sig must be composed from the DER encoding.


$ cat /dev/clipboard  | xxd -r -p | openssl pkcs7 -inform der -print
PKCS7:
  type: pkcs7-signedData (1.2.840.113549.1.7.2)
  d.sign:
    version: 1
    md_algs:
        algorithm: sha256 (2.16.840.1.101.3.4.2.1)
        parameter: NULL
    contents:
      type: pkcs7-data (1.2.840.113549.1.7.1)
      d.data: <ABSENT>
    cert:
        cert_info:
          version: 2
          serialNumber: 225816366948433615078627595622547226476
          signature:
            algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
            parameter: NULL
          issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc, OU=Cresaptown Development - do not trust, CN=Cresaptown Development CA/emailAddress=cresaptown lists.pdinc.us
          validity:
            notBefore: Jun 11 18:10:38 2019 GMT
            notAfter: Mar  7 18:10:38 2022 GMT
          subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, OU=CONTRACTOR, CN=PYERON.JASON.J....
          key:
            algor:
              algorithm: rsaEncryption (1.2.840.113549.1.1.1)
              parameter: NULL
            public_key:  (0 unused bits)
              0000 - 30 82 01 0a 02 82 01 01-00 ba 87 bf d3 09   0.............
              000e - 16 6b dd 7b 43 2b 2c f8-e0 04 e2 16 64 b4   .k.{C+,.....d.
              001c - 44 c3 50 eb 62 95 b8 f1-1f c0 dd 60 bf a5   D.P.b......`..
              002a - 6f 27 3b 49 db b0 31 30-d2 e1 7a 4f 6b 7b   o';I..10..zOk{
              0038 - 91 ad 01 e5 ad 15 7d ff-5b 66 00 e7 d5 0b   ......}.[f....
              0046 - b8 c6 3b ed 5a 11 f1 d2-3c 25 b1 9a 93 79   ..;.Z...<%...y
              0054 - 00 74 05 ee bd 5e 3c 46-f2 47 f3 01 d8 2c   .t...^<F.G...,
              0062 - d7 de 52 66 35 bb 24 09-28 31 9a 89 7b f1   ..Rf5.$.(1..{.
              0070 - 24 64 92 e6 64 1b 19 94-9a 0a 8d c4 eb bb   $d..d.........
              007e - e0 ba d9 b5 af 44 01 01-07 aa e0 a2 81 9c   .....D........
              008c - 73 49 35 3b 7b 12 df a4-7d b0 ab f4 21 4c   sI5;{...}...!L
              009a - 29 a6 dc 33 f7 77 d0 61-0e 0c dd cf b0 79   )..3.w.a.....y
              00a8 - fc 51 80 87 79 69 e5 60-5e 69 4c 9f cf c2   .Q..yi.`^iL...
              00b6 - cb 0e d6 97 29 46 77 cc-16 2f 1b cd e0 6d   ....)Fw../...m
              00c4 - b1 98 8e aa 1b 40 df 06-58 eb bc 06 0c 97   .....@..X.....
              00d2 - 01 e3 eb b6 ba 21 51 78-11 35 10 8d 79 27   .....!Qx.5..y'
              00e0 - 66 f7 6d d8 33 5b 6e d7-2d 0a eb bb 18 01   f.m.3[n.-.....
              00ee - 8b 42 b7 a3 14 8e 33 56-bd c8 aa 9b 5d 61   .B....3V....]a
              00fc - 96 a3 67 48 5c 5e f7 f6-47 99 73 82 d9 02   ..gH\^..G.s...
              010a - 03 01 00 01                                 ....
          issuerUID: <ABSENT>
          subjectUID: <ABSENT>
          extensions:
              object: X509v3 Basic Constraints (2.5.29.19)
              critical: BOOL ABSENT
              value:
                0000 - 30 00                                    0.

              object: X509v3 Subject Key Identifier (2.5.29.14)
              critical: BOOL ABSENT
              value:
                0000 - 04 14 b2 b6 71 fb 8a db-5e dc c1 7a 43   ....q...^..zC
                000d - 0b a4 3a 8b a5 f6 25 cf-64               ..:...%.d

              object: X509v3 Authority Key Identifier (2.5.29.35)
              critical: BOOL ABSENT
              value:
                0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e   0.....bb?..P.
                000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a         ...6..d02..
        sig_alg:
          algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
          parameter: NULL
        signature:  (0 unused bits)
          0000 - 2f 32 aa 1b ff d4 17 29-3b b7 3f 74 dd 3b 42   /2.....);.?t.;B
          000f - 4e be b1 8c 36 38 96 16-b6 49 c8 d5 6d 23 5a   N...68...I..m#Z
          001e - 65 e3 c7 0e 69 7d ae 84-a8 a9 e8 a8 80 60 dd   e...i}.......`.
          002d - f4 90 aa c9 1a 1e 69 a2-30 d9 e1 a8 7e 26 44   ......i.0...~&D
          003c - cc 59 61 64 a2 7e 46 55-9c bb 0e fc cd e0 15   .Yad.~FU.......
          004b - 19 27 52 41 bc cf eb b5-58 ea ba 22 c3 80 07   .'RA....X.."...
          005a - 35 8d e4 df 6e ba 28 58-84 a2 02 35 7c 6b 92   5...n.(X...5|k.
          0069 - 28 e5 09 c2 3d 24 27 ba-23 e3 9c 31 56 40 67   (...=$'.#..1V@g
          0078 - 3f 09 56 8b 2e da 50 8e-70 b2 df 89 1b 0a 27   ?.V...P.p.....'
          0087 - a5 2c 9e 0b 14 ef a6 91-e0 39 3c 9e 2d f1 91   .,.......9<.-..
          0096 - e0 dc ef dd fc 7b 7c 71-17 fc ce e2 4c f5 a2   .....{|q....L..
          00a5 - 5e 62 48 17 98 09 f2 73-8c bb 7d c4 82 74 ad   ^bH....s..}..t.
          00b4 - 07 70 84 17 69 d0 f6 68-94 11 84 db 4c 5b ff   .p..i..h....L[.
          00c3 - 69 6d 03 16 65 45 67 db-f9 89 e6 42 66 46 f5   im..eEg....BfF.
          00d2 - fe 61 c8 1a f6 a0 19 ba-04 97 3f 04 97 16 98   .a........?....
          00e1 - f6 f3 56 70 af 16 b6 15-8a 03 c2 13 2b 54 4e   ..Vp........+TN
          00f0 - 2f d7 7c fe 53 20 00 8a-d3 ba 64 9b 7a 3a b7   /.|.S ....d.z:.
          00ff - 8b                                             .

        cert_info:
          version: 2
          serialNumber: 12765852582602929747
          signature:
            algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
            parameter: NULL
          issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc, OU=Cresaptown Development - do not trust, CN=Cresaptown Development CA/emailAddress=cresaptown lists.pdinc.us
          validity:
            notBefore: Jun  7 17:08:06 2019 GMT
            notAfter: Aug 24 17:08:06 2027 GMT
          subject: C=US, ST=Maryland, L=Baltimore City, O=PD Inc, OU=Cresaptown Development - do not trust, CN=Cresaptown Development CA/emailAddress=cresaptown lists.pdinc.us
          key:
            algor:
              algorithm: rsaEncryption (1.2.840.113549.1.1.1)
              parameter: NULL
            public_key:  (0 unused bits)
              0000 - 30 82 01 0a 02 82 01 01-00 e9 26 d4 13 9a   0.........&...
              000e - 4c 91 4b bb f0 e4 4c 87-43 19 f0 87 f5 72   L.K...L.C....r
              001c - 7c 1b 28 77 31 6e 6b 09-5e fd 59 c7 67 e6   |.(w1nk.^.Y.g.
              002a - 8a 71 6c da 43 50 cb 10-d9 9b 57 35 33 9d   .ql.CP....W53.
              0038 - 6c 55 c6 b6 b4 c5 39 70-d2 8e 34 2a c5 5b   lU....9p..4*.[
              0046 - 87 de 5f ec 54 54 fd 47-5f ac 0c f6 f9 be   .._.TT.G_.....
              0054 - 6b f7 85 a5 f1 6f de 64-f5 90 62 43 f5 0c   k....o.d..bC..
              0062 - 14 a9 7f e7 b8 ec e3 53-dd 07 84 09 08 6e   .......S.....n
              0070 - 9a 39 83 91 63 0e 11 c2-25 95 c1 34 d7 29   .9..c...%..4.)
              007e - 5b 2e 25 9d fb 5d b9 b2-e5 90 a9 6a 96 51   [.%..].....j.Q
              008c - e9 b8 5e 2b f4 66 8f b5-20 f1 18 53 5b 5d   ..^+.f.. ..S[]
              009a - 4a 4b ba b7 80 14 c4 b3-0c fc 8a 58 97 a0   JK.........X..
              00a8 - c4 d5 43 26 62 8b f8 f9-2b 37 88 eb 21 cf   ..C&b...+7..!.
              00b6 - 76 72 43 f8 e1 ce 99 56-63 fb ef 1f aa 2b   vrC....Vc....+
              00c4 - e8 9d c8 a9 35 65 6a 6a-0e 33 06 63 47 a3   ....5ejj.3.cG.
              00d2 - e4 a9 5c 4c 40 89 e9 f2-6a 74 73 62 66 0b   ..\L@...jtsbf.
              00e0 - 8a 3f 8c 33 91 4a 6b 1e-66 68 0d 57 fa d9   .?.3.Jk.fh.W..
              00ee - c9 1f 3e d7 65 29 9d b1-5b a5 f5 68 0b 87   ..>.e)..[..h..
              00fc - f0 8b e7 38 69 15 0d d9-02 9a 42 39 b5 02   ...8i.....B9..
              010a - 03 01 00 01                                 ....
          issuerUID: <ABSENT>
          subjectUID: <ABSENT>
          extensions:
              object: X509v3 Subject Key Identifier (2.5.29.14)
              critical: BOOL ABSENT
              value:
                0000 - 04 14 92 d3 62 62 3f f1-f8 50 0e e3 ec   ....bb?..P...
                000d - b5 36 a7 c5 64 30 32 d3-1a               .6..d02..

              object: X509v3 Authority Key Identifier (2.5.29.35)
              critical: BOOL ABSENT
              value:
                0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e   0.....bb?..P.
                000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a         ...6..d02..

              object: X509v3 Basic Constraints (2.5.29.19)
              critical: BOOL ABSENT
              value:
                0000 - 30 03 01 01 ff                           0....
        sig_alg:
          algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
          parameter: NULL
        signature:  (0 unused bits)
          0000 - cb 07 e5 52 29 c7 34 16-ec f3 d3 76 8c 8c 9f   ...R).4....v...
          000f - 9c 8c d9 7b 70 9d 9f 15-70 ef 06 93 93 2b 4f   ...{p...p....+O
          001e - 77 00 60 2b 66 25 7b 71-42 56 75 de 92 ab 9a   w.`+f%{qBVu....
          002d - 09 d7 43 5d 85 5b cf 0c-ed 76 4b 66 b1 1c 8c   ..C].[...vKf...
          003c - 8c ac 00 8a a1 01 a3 35-6b 5b 13 07 5e 3a 59   .......5k[..^:Y
          004b - 7a 00 3a ae 87 9a fe 11-f1 96 47 21 96 fc 87   z.:.......G!...
          005a - a0 7c 54 77 d3 96 dc 47-7a 7b c5 d6 bc 96 01   .|Tw...Gz{.....
          0069 - 00 f0 88 28 e7 a7 be 14-14 ee 56 9f 6a 33 d4   ...(......V.j3.
          0078 - 4e 86 57 da 57 1a cc 1b-fd fb b9 ee d7 4c 2c   N.W.W........L,
          0087 - 4d 39 ea 52 80 59 be 72-6e c3 f3 79 d5 e0 fb   M9.R.Y.rn..y...
          0096 - 21 87 e5 11 cf 64 4f 0d-91 cb 1c ca 23 59 68   !....dO.....#Yh
          00a5 - 68 06 93 78 53 4a 69 94-03 eb c3 fc ff 12 ea   h..xSJi........
          00b4 - 26 ff b2 99 36 05 7d 53-74 21 c0 7f 06 d2 09   &...6.}St!.....
          00c3 - 02 ad a5 4e 7d 8e d6 09-39 c8 e3 73 36 d4 14   ...N}...9..s6..
          00d2 - e5 03 fa a9 0e e2 d0 cb-b2 29 8b 44 9a f7 fc   .........).D...
          00e1 - 41 48 1f d4 e4 45 63 18-81 e3 f9 39 44 da d4   AH...Ec....9D..
          00f0 - ea 53 47 e1 82 c8 44 df-4f 32 93 42 cd fc 28   .SG...D.O2.B..(
          00ff - 87                                             .
    crl:
      <EMPTY>
    signer_info:
        version: 1
        issuer_and_serial:
          issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc, OU=Cresaptown Development - do not trust, CN=Cresaptown Development CA/emailAddress=cresaptown lists.pdinc.us
          serial: 225816366948433615078627595622547226476
        digest_alg:
          algorithm: sha256 (2.16.840.1.101.3.4.2.1)
          parameter: NULL
        auth_attr:
            object: undefined (1.2.840.113583.1.1.8)
            value.set:
              SEQUENCE:
    0:d=0  hl=2 l=   0 cons: SEQUENCE

            object: contentType (1.2.840.113549.1.9.3)
            value.set:
              OBJECT:pkcs7-data (1.2.840.113549.1.7.1)

            object: messageDigest (1.2.840.113549.1.9.4)
            value.set:
              OCTET STRING:
                0000 - 29 23 e5 69 a4 91 9a 5f-81 1d d8 85 28   )#.i..._....(
                000d - f1 7a 80 2b 38 e1 fd 1b-b8 43 bb e7 c5   .z.+8....C...
                001a - da 4a 28 1e 47 ce                        .J(.G.
        digest_enc_alg:
          algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
          parameter: NULL
        enc_digest:
          0000 - 41 bf c1 b5 d5 e7 1d 6d-5e 17 41 7c a3 2b 36   A......m^.A|.+6
          000f - 7a c6 e3 63 72 eb 3b df-0b 47 9a aa a9 42 10   z..cr.;..G...B.
          001e - 08 b8 bb 00 f6 78 e0 b4-33 99 93 bf 4d 00 90   .....x..3...M..
          002d - 54 19 5f 53 d2 82 c6 ea-15 89 66 7d b2 95 aa   T._S......f}...
          003c - b3 6a 89 57 a9 d7 25 33-81 ae 39 e9 4f 5a d8   .j.W..%3..9.OZ.
          004b - 98 dd fc 65 f7 93 b7 60-6e bd 82 c9 25 6d a6   ...e...`n...%m.
          005a - a6 ea aa a9 3a 18 c8 17-c4 52 76 b7 bd 05 c5   ....:....Rv....
          0069 - f5 14 f1 c6 cf 9f d7 db-f4 44 29 33 c9 cb af   .........D)3...
          0078 - 66 7c 3b 50 61 7f eb 30-37 e1 1d 66 38 78 db   f|;Pa..07..f8x.
          0087 - c4 40 5d 6c d7 49 2c 84-ab 18 99 32 d9 32 0c   .@]l.I,....2.2.
          0096 - 0e 40 3f c2 41 ab fb 57-41 8c 92 8b 86 d6 b0   .@?.A..WA......
          00a5 - df 02 e4 27 9c 9c 78 fb-20 10 d1 cb a7 cd 46   ...'..x. .....F
          00b4 - 9a cc 34 c9 b4 fc be b8-7a 95 89 9d c0 b6 b5   ..4.....z......
          00c3 - a4 68 54 32 eb c9 52 77-d4 34 ce fc f6 8c 32   .hT2..Rw.4....2
          00d2 - 25 3a 0c 21 cf 66 94 39-04 42 ad 05 b7 6a 21   %:.!.f.9.B...j!
          00e1 - e2 6b ea 23 c3 20 ec c5-9d f6 c6 60 cd 85 0f   .k.#. .....`...
          00f0 - a4 d5 6f f5 5a 7c 6a 67-88 ca 5c 2f d5 47 bf   ..o.Z|jg..\/.G.
          00ff - 60                                             `
        unauth_attr:
          <EMPTY>
-----BEGIN PKCS7-----
MIILLgYJKoZIhvcNAQcCoIILHzCCCxsCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggiKMIIEHTCCAwWgAwIBAgIRAKnipnpQiJcsjIZtS4Rcf2wwDQYJ
KoZIhvcNAQELBQAwgcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEX
MBUGA1UEBwwOQmFsdGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UE
CwwlQ3Jlc2FwdG93biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UE
AwwZQ3Jlc2FwdG93biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jl
c2FwdG93bkBsaXN0cy5wZGluYy51czAeFw0xOTA2MTExODEwMzhaFw0yMjAzMDcx
ODEwMzhaMHwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9VLlMuIEdvdmVybm1lbnQx
DDAKBgNVBAsMA0RvRDEMMAoGA1UECwwDUEtJMRMwEQYDVQQLDApDT05UUkFDVE9S
MSIwIAYDVQQDDBlQWUVST04uSkFTT04uSi4xMjkxMTQ3NzE5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoe/0wkWa917Qyss+OAE4hZktETDUOtilbjx
H8DdYL+lbyc7SduwMTDS4XpPa3uRrQHlrRV9/1tmAOfVC7jGO+1aEfHSPCWxmpN5
AHQF7r1ePEbyR/MB2CzX3lJmNbskCSgxmol78SRkkuZkGxmUmgqNxOu74LrZta9E
AQEHquCigZxzSTU7exLfpH2wq/QhTCmm3DP3d9BhDgzdz7B5/FGAh3lp5WBeaUyf
z8LLDtaXKUZ3zBYvG83gbbGYjqobQN8GWOu8BgyXAePrtrohUXgRNRCNeSdm923Y
M1tu1y0K67sYAYtCt6MUjjNWvciqm11hlqNnSFxe9/ZHmXOC2QIDAQABo00wSzAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBSytnH7itte3MF6QwukOoul9iXPZDAfBgNVHSME
GDAWgBSS02JiP/H4UA7j7LU2p8VkMDLTGjANBgkqhkiG9w0BAQsFAAOCAQEALzKq
G//UFyk7tz903TtCTr6xjDY4lha2ScjVbSNaZePHDml9roSoqeiogGDd9JCqyRoe
aaIw2eGofiZEzFlhZKJ+RlWcuw78zeAVGSdSQbzP67VY6roiw4AHNY3k3266KFiE
ogI1fGuSKOUJwj0kJ7oj45wxVkBnPwlWiy7aUI5wst+JGwonpSyeCxTvppHgOTye
LfGR4Nzv3fx7fHEX/M7iTPWiXmJIF5gJ8nOMu33EgnStB3CEF2nQ9miUEYTbTFv/
aW0DFmVFZ9v5ieZCZkb1/mHIGvagGboElz8ElxaY9vNWcK8WthWKA8ITK1ROL9d8
/lMgAIrTumSbejq3izCCBGUwggNNoAMCAQICCQCxKWtJmQz2UzANBgkqhkiG9w0B
AQsFADCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
QGxpc3RzLnBkaW5jLnVzMB4XDTE5MDYwNzE3MDgwNloXDTI3MDgyNDE3MDgwNlow
gcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEXMBUGA1UEBwwOQmFs
dGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UECwwlQ3Jlc2FwdG93
biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UEAwwZQ3Jlc2FwdG93
biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jlc2FwdG93bkBsaXN0
cy5wZGluYy51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkm1BOa
TJFLu/DkTIdDGfCH9XJ8Gyh3MW5rCV79Wcdn5opxbNpDUMsQ2ZtXNTOdbFXGtrTF
OXDSjjQqxVuH3l/sVFT9R1+sDPb5vmv3haXxb95k9ZBiQ/UMFKl/57js41PdB4QJ
CG6aOYORYw4RwiWVwTTXKVsuJZ37Xbmy5ZCpapZR6bheK/Rmj7Ug8RhTW11KS7q3
gBTEswz8iliXoMTVQyZii/j5KzeI6yHPdnJD+OHOmVZj++8fqivoncipNWVqag4z
BmNHo+SpXExAienyanRzYmYLij+MM5FKax5maA1X+tnJHz7XZSmdsVul9WgLh/CL
5zhpFQ3ZAppCObUCAwEAAaNQME4wHQYDVR0OBBYEFJLTYmI/8fhQDuPstTanxWQw
MtMaMB8GA1UdIwQYMBaAFJLTYmI/8fhQDuPstTanxWQwMtMaMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAMsH5VIpxzQW7PPTdoyMn5yM2XtwnZ8VcO8G
k5MrT3cAYCtmJXtxQlZ13pKrmgnXQ12FW88M7XZLZrEcjIysAIqhAaM1a1sTB146
WXoAOq6Hmv4R8ZZHIZb8h6B8VHfTltxHenvF1ryWAQDwiCjnp74UFO5Wn2oz1E6G
V9pXGswb/fu57tdMLE056lKAWb5ybsPzedXg+yGH5RHPZE8NkcscyiNZaGgGk3hT
SmmUA+vD/P8S6ib/spk2BX1TdCHAfwbSCQKtpU59jtYJOcjjczbUFOUD+qkO4tDL
simLRJr3/EFIH9TkRWMYgeP5OUTa1OpTR+GCyETfTzKTQs38KIcxggJoMIICZAIB
ATCB3jCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
QGxpc3RzLnBkaW5jLnVzAhEAqeKmelCIlyyMhm1LhFx/bDANBglghkgBZQMEAgEF
AKBcMA8GCSqGSIb3LwEBCDECMAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAv
BgkqhkiG9w0BCQQxIgQgKSPlaaSRml+BHdiFKPF6gCs44f0buEO758XaSigeR84w
DQYJKoZIhvcNAQELBQAEggEAQb/BtdXnHW1eF0F8oys2esbjY3LrO98LR5qqqUIQ
CLi7APZ44LQzmZO/TQCQVBlfU9KCxuoViWZ9spWqs2qJV6nXJTOBrjnpT1rYmN38
ZfeTt2BuvYLJJW2mpuqqqToYyBfEUna3vQXF9RTxxs+f19v0RCkzycuvZnw7UGF/
6zA34R1mOHjbxEBdbNdJLISrGJky2TIMDkA/wkGr+1dBjJKLhtaw3wLkJ5ycePsg
ENHLp81Gmsw0ybT8vrh6lYmdwLa1pGhUMuvJUnfUNM789owyJToMIc9mlDkEQq0F
t2oh4mvqI8Mg7MWd9sZgzYUPpNVv9Vp8ameIylwv1Ue/YA==
-----END PKCS7-----


--
Jason Pyeron  | Architect
PD Inc        |
10 w 24th St  |
Baltimore, MD |
 
.com: [hidden email]
tel : 202-741-9397




Reply | Threaded
Open this post in threaded view
|

RE: PKCS7 customization

Jason Pyeron
Is there something I can clarify or should I open a pull request as is?

> -----Original Message-----
> From: Jason Pyeron
> Sent: Tuesday, December 3, 2019 9:53 AM
>
> I am likely going about this the wrong way, but this is what got the
> results I needed. What is the most proper way to customize the entries
> in the PKCS#7 (see example below) or what are the BC standards so I may
> submit a patch (see current implementation patch below against bcpkix-
> jdk15on-1.61).
>
> -Jason Pyeron
>
> [some tweaks for email have been made...]
>
> commit c463688f016085e0de8acb1ac4a71fc48f990f58
> Author: Jason Pyeron <[hidden email]>
> Date:   Fri Nov 29 11:51:52 2019 -0500
>
>     bug 1913 - PKCS7 structure matches Acrobat Reader DC
>
> diff --git a/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> b/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> index d635a761..4ee9fdbc 100755
> --- a/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> +++ b/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> @@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1OctetString;
>  import org.bouncycastle.asn1.ASN1Set;
>  import org.bouncycastle.asn1.BEROctetString;
>  import org.bouncycastle.asn1.DERSet;
> +import org.bouncycastle.asn1.cms.AttributeTable;
>  import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
>  import org.bouncycastle.asn1.cms.ContentInfo;
>  import org.bouncycastle.asn1.cms.SignedData;
> @@ -68,17 +69,39 @@ public class CMSSignedDataGenerator
>          return generate(content, false);
>      }
>
> +    /**
> +     * Hack!
> +     *
> +     * @param content
> +     * @param encapsulate
> +     * @return
> +     * @throws CMSException
> +     * @see {@link #generate(CMSTypedData, boolean)}
> +     */
> +    public CMSSignedData generate(
> +            // FIXME Avoid accessing more than once to support
> CMSProcessableInputStream
> +            CMSTypedData content, boolean encapsulate) throws
> CMSException
> +    {
> +        return generate(content, encapsulate, null);
> +    }
> +
> +    public interface AttributeFilter
> +    {
> +        AttributeTable filter(AttributeTable signed,
> SignerInfoGenerator signerInfoGenerator);
> +    }
> +
>      /**
>       * Generate a CMS Signed Data object which can be carrying a
> detached CMS signature, or have encapsulated data, depending on the
> value
>       * of the encapsulated parameter.
>       *
>       * @param content the content to be signed.
>       * @param encapsulate true if the content should be encapsulated in
> the signature, false otherwise.
> +     * @param attributeFilter a call back to modify attributes
>       */
>      public CMSSignedData generate(
>          // FIXME Avoid accessing more than once to support
> CMSProcessableInputStream
>          CMSTypedData content,
> -        boolean encapsulate)
> +            boolean encapsulate, AttributeFilter attributeFilter)
>          throws CMSException
>      {
>          if (!signerInfs.isEmpty())
> @@ -174,7 +197,7 @@ public class CMSSignedDataGenerator
>          for (Iterator it = signerGens.iterator(); it.hasNext();)
>          {
>              SignerInfoGenerator sGen = (SignerInfoGenerator)it.next();
> -            SignerInfo inf = sGen.generate(contentTypeOID);
> +            SignerInfo inf = sGen.generate(contentTypeOID,
> attributeFilter);
>
>              digestAlgs.add(inf.getDigestAlgorithm());
>              signerInfos.add(inf);
> diff --git a/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> b/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> index a233ec46..cee7c285 100755
> --- a/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> +++ b/cresaptown-approval-
> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> @@ -168,6 +168,12 @@ public class SignerInfoGenerator
>      }
>
>      public SignerInfo generate(ASN1ObjectIdentifier contentType)
> +            throws CMSException
> +    {
> +        return generate(contentType, null);
> +    }
> +
> +    public SignerInfo generate(ASN1ObjectIdentifier contentType,
> CMSSignedDataGenerator.AttributeFilter attributeFilter)
>          throws CMSException
>      {
>          try
> @@ -193,7 +199,7 @@ public class SignerInfoGenerator
>                  calculatedDigest = digester.getDigest();
>                  Map parameters = getBaseParameters(contentType,
> digester.getAlgorithmIdentifier(), digestEncryptionAlgorithm,
> calculatedDigest);
>                  AttributeTable signed =
> sAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
> -
> +                if (attributeFilter != null) signed =
> attributeFilter.filter(signed, this);
>                  signedAttr = getAttributeSet(signed);
>
>                  // sig must be composed from the DER encoding.
>
>
> $ cat /dev/clipboard  | xxd -r -p | openssl pkcs7 -inform der -print
> PKCS7:
>   type: pkcs7-signedData (1.2.840.113549.1.7.2)
>   d.sign:
>     version: 1
>     md_algs:
>         algorithm: sha256 (2.16.840.1.101.3.4.2.1)
>         parameter: NULL
>     contents:
>       type: pkcs7-data (1.2.840.113549.1.7.1)
>       d.data: <ABSENT>
>     cert:
>         cert_info:
>           version: 2
>           serialNumber: 225816366948433615078627595622547226476
>           signature:
>             algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>             parameter: NULL
>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> CA/emailAddress=cresaptown lists.pdinc.us
>           validity:
>             notBefore: Jun 11 18:10:38 2019 GMT
>             notAfter: Mar  7 18:10:38 2022 GMT
>           subject: C=US, O=U.S. Government, OU=DoD, OU=PKI,
> OU=CONTRACTOR, CN=PYERON.JASON.J....
>           key:
>             algor:
>               algorithm: rsaEncryption (1.2.840.113549.1.1.1)
>               parameter: NULL
>             public_key:  (0 unused bits)
>               0000 - 30 82 01 0a 02 82 01 01-00 ba 87 bf d3 09
> 0.............
>               000e - 16 6b dd 7b 43 2b 2c f8-e0 04 e2 16 64 b4
> .k.{C+,.....d.
>               001c - 44 c3 50 eb 62 95 b8 f1-1f c0 dd 60 bf a5
> D.P.b......`..
>               002a - 6f 27 3b 49 db b0 31 30-d2 e1 7a 4f 6b 7b
> o';I..10..zOk{
>               0038 - 91 ad 01 e5 ad 15 7d ff-5b 66 00 e7 d5 0b
> ......}.[f....
>               0046 - b8 c6 3b ed 5a 11 f1 d2-3c 25 b1 9a 93 79
> ..;.Z...<%...y
>               0054 - 00 74 05 ee bd 5e 3c 46-f2 47 f3 01 d8 2c
> .t...^<F.G...,
>               0062 - d7 de 52 66 35 bb 24 09-28 31 9a 89 7b f1
> ..Rf5.$.(1..{.
>               0070 - 24 64 92 e6 64 1b 19 94-9a 0a 8d c4 eb bb
> $d..d.........
>               007e - e0 ba d9 b5 af 44 01 01-07 aa e0 a2 81 9c
> .....D........
>               008c - 73 49 35 3b 7b 12 df a4-7d b0 ab f4 21 4c
> sI5;{...}...!L
>               009a - 29 a6 dc 33 f7 77 d0 61-0e 0c dd cf b0 79
> )..3.w.a.....y
>               00a8 - fc 51 80 87 79 69 e5 60-5e 69 4c 9f cf c2
> .Q..yi.`^iL...
>               00b6 - cb 0e d6 97 29 46 77 cc-16 2f 1b cd e0 6d
> ....)Fw../...m
>               00c4 - b1 98 8e aa 1b 40 df 06-58 eb bc 06 0c 97
> .....@..X.....
>               00d2 - 01 e3 eb b6 ba 21 51 78-11 35 10 8d 79 27
> .....!Qx.5..y'
>               00e0 - 66 f7 6d d8 33 5b 6e d7-2d 0a eb bb 18 01
> f.m.3[n.-.....
>               00ee - 8b 42 b7 a3 14 8e 33 56-bd c8 aa 9b 5d 61
> .B....3V....]a
>               00fc - 96 a3 67 48 5c 5e f7 f6-47 99 73 82 d9 02
> ..gH\^..G.s...
>               010a - 03 01 00 01                                 ....
>           issuerUID: <ABSENT>
>           subjectUID: <ABSENT>
>           extensions:
>               object: X509v3 Basic Constraints (2.5.29.19)
>               critical: BOOL ABSENT
>               value:
>                 0000 - 30 00                                    0.
>
>               object: X509v3 Subject Key Identifier (2.5.29.14)
>               critical: BOOL ABSENT
>               value:
>                 0000 - 04 14 b2 b6 71 fb 8a db-5e dc c1 7a 43
> ....q...^..zC
>                 000d - 0b a4 3a 8b a5 f6 25 cf-64
> ..:...%.d
>
>               object: X509v3 Authority Key Identifier (2.5.29.35)
>               critical: BOOL ABSENT
>               value:
>                 0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e
> 0.....bb?..P.
>                 000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a
> ...6..d02..
>         sig_alg:
>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>           parameter: NULL
>         signature:  (0 unused bits)
>           0000 - 2f 32 aa 1b ff d4 17 29-3b b7 3f 74 dd 3b 42
> /2.....);.?t.;B
>           000f - 4e be b1 8c 36 38 96 16-b6 49 c8 d5 6d 23 5a
> N...68...I..m#Z
>           001e - 65 e3 c7 0e 69 7d ae 84-a8 a9 e8 a8 80 60 dd
> e...i}.......`.
>           002d - f4 90 aa c9 1a 1e 69 a2-30 d9 e1 a8 7e 26 44
> ......i.0...~&D
>           003c - cc 59 61 64 a2 7e 46 55-9c bb 0e fc cd e0 15
> .Yad.~FU.......
>           004b - 19 27 52 41 bc cf eb b5-58 ea ba 22 c3 80 07
> .'RA....X.."...
>           005a - 35 8d e4 df 6e ba 28 58-84 a2 02 35 7c 6b 92
> 5...n.(X...5|k.
>           0069 - 28 e5 09 c2 3d 24 27 ba-23 e3 9c 31 56 40 67
> (...=$'.#..1V@g
>           0078 - 3f 09 56 8b 2e da 50 8e-70 b2 df 89 1b 0a 27
> ?.V...P.p.....'
>           0087 - a5 2c 9e 0b 14 ef a6 91-e0 39 3c 9e 2d f1 91
> .,.......9<.-..
>           0096 - e0 dc ef dd fc 7b 7c 71-17 fc ce e2 4c f5 a2
> .....{|q....L..
>           00a5 - 5e 62 48 17 98 09 f2 73-8c bb 7d c4 82 74 ad
> ^bH....s..}..t.
>           00b4 - 07 70 84 17 69 d0 f6 68-94 11 84 db 4c 5b ff
> .p..i..h....L[.
>           00c3 - 69 6d 03 16 65 45 67 db-f9 89 e6 42 66 46 f5
> im..eEg....BfF.
>           00d2 - fe 61 c8 1a f6 a0 19 ba-04 97 3f 04 97 16 98
> .a........?....
>           00e1 - f6 f3 56 70 af 16 b6 15-8a 03 c2 13 2b 54 4e
> ..Vp........+TN
>           00f0 - 2f d7 7c fe 53 20 00 8a-d3 ba 64 9b 7a 3a b7   /.|.S
> ....d.z:.
>           00ff - 8b                                             .
>
>         cert_info:
>           version: 2
>           serialNumber: 12765852582602929747
>           signature:
>             algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>             parameter: NULL
>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> CA/emailAddress=cresaptown lists.pdinc.us
>           validity:
>             notBefore: Jun  7 17:08:06 2019 GMT
>             notAfter: Aug 24 17:08:06 2027 GMT
>           subject: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> CA/emailAddress=cresaptown lists.pdinc.us
>           key:
>             algor:
>               algorithm: rsaEncryption (1.2.840.113549.1.1.1)
>               parameter: NULL
>             public_key:  (0 unused bits)
>               0000 - 30 82 01 0a 02 82 01 01-00 e9 26 d4 13 9a
> 0.........&...
>               000e - 4c 91 4b bb f0 e4 4c 87-43 19 f0 87 f5 72
> L.K...L.C....r
>               001c - 7c 1b 28 77 31 6e 6b 09-5e fd 59 c7 67 e6
> |.(w1nk.^.Y.g.
>               002a - 8a 71 6c da 43 50 cb 10-d9 9b 57 35 33 9d
> .ql.CP....W53.
>               0038 - 6c 55 c6 b6 b4 c5 39 70-d2 8e 34 2a c5 5b
> lU....9p..4*.[
>               0046 - 87 de 5f ec 54 54 fd 47-5f ac 0c f6 f9 be
> .._.TT.G_.....
>               0054 - 6b f7 85 a5 f1 6f de 64-f5 90 62 43 f5 0c
> k....o.d..bC..
>               0062 - 14 a9 7f e7 b8 ec e3 53-dd 07 84 09 08 6e
> .......S.....n
>               0070 - 9a 39 83 91 63 0e 11 c2-25 95 c1 34 d7 29
> .9..c...%..4.)
>               007e - 5b 2e 25 9d fb 5d b9 b2-e5 90 a9 6a 96 51
> [.%..].....j.Q
>               008c - e9 b8 5e 2b f4 66 8f b5-20 f1 18 53 5b 5d
> ..^+.f.. ..S[]
>               009a - 4a 4b ba b7 80 14 c4 b3-0c fc 8a 58 97 a0
> JK.........X..
>               00a8 - c4 d5 43 26 62 8b f8 f9-2b 37 88 eb 21 cf
> ..C&b...+7..!.
>               00b6 - 76 72 43 f8 e1 ce 99 56-63 fb ef 1f aa 2b
> vrC....Vc....+
>               00c4 - e8 9d c8 a9 35 65 6a 6a-0e 33 06 63 47 a3
> ....5ejj.3.cG.
>               00d2 - e4 a9 5c 4c 40 89 e9 f2-6a 74 73 62 66 0b
> ..\L@...jtsbf.
>               00e0 - 8a 3f 8c 33 91 4a 6b 1e-66 68 0d 57 fa d9
> .?.3.Jk.fh.W..
>               00ee - c9 1f 3e d7 65 29 9d b1-5b a5 f5 68 0b 87
> ..>.e)..[..h..
>               00fc - f0 8b e7 38 69 15 0d d9-02 9a 42 39 b5 02
> ...8i.....B9..
>               010a - 03 01 00 01                                 ....
>           issuerUID: <ABSENT>
>           subjectUID: <ABSENT>
>           extensions:
>               object: X509v3 Subject Key Identifier (2.5.29.14)
>               critical: BOOL ABSENT
>               value:
>                 0000 - 04 14 92 d3 62 62 3f f1-f8 50 0e e3 ec
> ....bb?..P...
>                 000d - b5 36 a7 c5 64 30 32 d3-1a
> .6..d02..
>
>               object: X509v3 Authority Key Identifier (2.5.29.35)
>               critical: BOOL ABSENT
>               value:
>                 0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e
> 0.....bb?..P.
>                 000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a
> ...6..d02..
>
>               object: X509v3 Basic Constraints (2.5.29.19)
>               critical: BOOL ABSENT
>               value:
>                 0000 - 30 03 01 01 ff                           0....
>         sig_alg:
>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>           parameter: NULL
>         signature:  (0 unused bits)
>           0000 - cb 07 e5 52 29 c7 34 16-ec f3 d3 76 8c 8c 9f
> ...R).4....v...
>           000f - 9c 8c d9 7b 70 9d 9f 15-70 ef 06 93 93 2b 4f
> ...{p...p....+O
>           001e - 77 00 60 2b 66 25 7b 71-42 56 75 de 92 ab 9a
> w.`+f%{qBVu....
>           002d - 09 d7 43 5d 85 5b cf 0c-ed 76 4b 66 b1 1c 8c
> ..C].[...vKf...
>           003c - 8c ac 00 8a a1 01 a3 35-6b 5b 13 07 5e 3a 59
> .......5k[..^:Y
>           004b - 7a 00 3a ae 87 9a fe 11-f1 96 47 21 96 fc 87
> z.:.......G!...
>           005a - a0 7c 54 77 d3 96 dc 47-7a 7b c5 d6 bc 96 01
> .|Tw...Gz{.....
>           0069 - 00 f0 88 28 e7 a7 be 14-14 ee 56 9f 6a 33 d4
> ...(......V.j3.
>           0078 - 4e 86 57 da 57 1a cc 1b-fd fb b9 ee d7 4c 2c
> N.W.W........L,
>           0087 - 4d 39 ea 52 80 59 be 72-6e c3 f3 79 d5 e0 fb
> M9.R.Y.rn..y...
>           0096 - 21 87 e5 11 cf 64 4f 0d-91 cb 1c ca 23 59 68
> !....dO.....#Yh
>           00a5 - 68 06 93 78 53 4a 69 94-03 eb c3 fc ff 12 ea
> h..xSJi........
>           00b4 - 26 ff b2 99 36 05 7d 53-74 21 c0 7f 06 d2 09
> &...6.}St!.....
>           00c3 - 02 ad a5 4e 7d 8e d6 09-39 c8 e3 73 36 d4 14
> ...N}...9..s6..
>           00d2 - e5 03 fa a9 0e e2 d0 cb-b2 29 8b 44 9a f7 fc
> .........).D...
>           00e1 - 41 48 1f d4 e4 45 63 18-81 e3 f9 39 44 da d4
> AH...Ec....9D..
>           00f0 - ea 53 47 e1 82 c8 44 df-4f 32 93 42 cd fc 28
> .SG...D.O2.B..(
>           00ff - 87                                             .
>     crl:
>       <EMPTY>
>     signer_info:
>         version: 1
>         issuer_and_serial:
>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> CA/emailAddress=cresaptown lists.pdinc.us
>           serial: 225816366948433615078627595622547226476
>         digest_alg:
>           algorithm: sha256 (2.16.840.1.101.3.4.2.1)
>           parameter: NULL
>         auth_attr:
>             object: undefined (1.2.840.113583.1.1.8)
>             value.set:
>               SEQUENCE:
>     0:d=0  hl=2 l=   0 cons: SEQUENCE
>
>             object: contentType (1.2.840.113549.1.9.3)
>             value.set:
>               OBJECT:pkcs7-data (1.2.840.113549.1.7.1)
>
>             object: messageDigest (1.2.840.113549.1.9.4)
>             value.set:
>               OCTET STRING:
>                 0000 - 29 23 e5 69 a4 91 9a 5f-81 1d d8 85 28
> )#.i..._....(
>                 000d - f1 7a 80 2b 38 e1 fd 1b-b8 43 bb e7 c5
> .z.+8....C...
>                 001a - da 4a 28 1e 47 ce                        .J(.G.
>         digest_enc_alg:
>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>           parameter: NULL
>         enc_digest:
>           0000 - 41 bf c1 b5 d5 e7 1d 6d-5e 17 41 7c a3 2b 36
> A......m^.A|.+6
>           000f - 7a c6 e3 63 72 eb 3b df-0b 47 9a aa a9 42 10
> z..cr.;..G...B.
>           001e - 08 b8 bb 00 f6 78 e0 b4-33 99 93 bf 4d 00 90
> .....x..3...M..
>           002d - 54 19 5f 53 d2 82 c6 ea-15 89 66 7d b2 95 aa
> T._S......f}...
>           003c - b3 6a 89 57 a9 d7 25 33-81 ae 39 e9 4f 5a d8
> .j.W..%3..9.OZ.
>           004b - 98 dd fc 65 f7 93 b7 60-6e bd 82 c9 25 6d a6
> ...e...`n...%m.
>           005a - a6 ea aa a9 3a 18 c8 17-c4 52 76 b7 bd 05 c5
> ....:....Rv....
>           0069 - f5 14 f1 c6 cf 9f d7 db-f4 44 29 33 c9 cb af
> .........D)3...
>           0078 - 66 7c 3b 50 61 7f eb 30-37 e1 1d 66 38 78 db
> f|;Pa..07..f8x.
>           0087 - c4 40 5d 6c d7 49 2c 84-ab 18 99 32 d9 32 0c
> .@]l.I,....2.2.
>           0096 - 0e 40 3f c2 41 ab fb 57-41 8c 92 8b 86 d6 b0
> .@?.A..WA......
>           00a5 - df 02 e4 27 9c 9c 78 fb-20 10 d1 cb a7 cd 46   ...'..x.
> .....F
>           00b4 - 9a cc 34 c9 b4 fc be b8-7a 95 89 9d c0 b6 b5
> ..4.....z......
>           00c3 - a4 68 54 32 eb c9 52 77-d4 34 ce fc f6 8c 32
> .hT2..Rw.4....2
>           00d2 - 25 3a 0c 21 cf 66 94 39-04 42 ad 05 b7 6a 21
> %:.!.f.9.B...j!
>           00e1 - e2 6b ea 23 c3 20 ec c5-9d f6 c6 60 cd 85 0f   .k.#.
> .....`...
>           00f0 - a4 d5 6f f5 5a 7c 6a 67-88 ca 5c 2f d5 47 bf
> ..o.Z|jg..\/.G.
>           00ff - 60                                             `
>         unauth_attr:
>           <EMPTY>
> -----BEGIN PKCS7-----
> MIILLgYJKoZIhvcNAQcCoIILHzCCCxsCAQExDzANBglghkgBZQMEAgEFADALBgkq
> hkiG9w0BBwGgggiKMIIEHTCCAwWgAwIBAgIRAKnipnpQiJcsjIZtS4Rcf2wwDQYJ
> KoZIhvcNAQELBQAwgcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEX
> MBUGA1UEBwwOQmFsdGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UE
> CwwlQ3Jlc2FwdG93biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UE
> AwwZQ3Jlc2FwdG93biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jl
> c2FwdG93bkBsaXN0cy5wZGluYy51czAeFw0xOTA2MTExODEwMzhaFw0yMjAzMDcx
> ODEwMzhaMHwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9VLlMuIEdvdmVybm1lbnQx
> DDAKBgNVBAsMA0RvRDEMMAoGA1UECwwDUEtJMRMwEQYDVQQLDApDT05UUkFDVE9S
> MSIwIAYDVQQDDBlQWUVST04uSkFTT04uSi4xMjkxMTQ3NzE5MIIBIjANBgkqhkiG
> 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoe/0wkWa917Qyss+OAE4hZktETDUOtilbjx
> H8DdYL+lbyc7SduwMTDS4XpPa3uRrQHlrRV9/1tmAOfVC7jGO+1aEfHSPCWxmpN5
> AHQF7r1ePEbyR/MB2CzX3lJmNbskCSgxmol78SRkkuZkGxmUmgqNxOu74LrZta9E
> AQEHquCigZxzSTU7exLfpH2wq/QhTCmm3DP3d9BhDgzdz7B5/FGAh3lp5WBeaUyf
> z8LLDtaXKUZ3zBYvG83gbbGYjqobQN8GWOu8BgyXAePrtrohUXgRNRCNeSdm923Y
> M1tu1y0K67sYAYtCt6MUjjNWvciqm11hlqNnSFxe9/ZHmXOC2QIDAQABo00wSzAJ
> BgNVHRMEAjAAMB0GA1UdDgQWBBSytnH7itte3MF6QwukOoul9iXPZDAfBgNVHSME
> GDAWgBSS02JiP/H4UA7j7LU2p8VkMDLTGjANBgkqhkiG9w0BAQsFAAOCAQEALzKq
> G//UFyk7tz903TtCTr6xjDY4lha2ScjVbSNaZePHDml9roSoqeiogGDd9JCqyRoe
> aaIw2eGofiZEzFlhZKJ+RlWcuw78zeAVGSdSQbzP67VY6roiw4AHNY3k3266KFiE
> ogI1fGuSKOUJwj0kJ7oj45wxVkBnPwlWiy7aUI5wst+JGwonpSyeCxTvppHgOTye
> LfGR4Nzv3fx7fHEX/M7iTPWiXmJIF5gJ8nOMu33EgnStB3CEF2nQ9miUEYTbTFv/
> aW0DFmVFZ9v5ieZCZkb1/mHIGvagGboElz8ElxaY9vNWcK8WthWKA8ITK1ROL9d8
> /lMgAIrTumSbejq3izCCBGUwggNNoAMCAQICCQCxKWtJmQz2UzANBgkqhkiG9w0B
> AQsFADCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
> DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
> YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
> YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
> QGxpc3RzLnBkaW5jLnVzMB4XDTE5MDYwNzE3MDgwNloXDTI3MDgyNDE3MDgwNlow
> gcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEXMBUGA1UEBwwOQmFs
> dGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UECwwlQ3Jlc2FwdG93
> biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UEAwwZQ3Jlc2FwdG93
> biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jlc2FwdG93bkBsaXN0
> cy5wZGluYy51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkm1BOa
> TJFLu/DkTIdDGfCH9XJ8Gyh3MW5rCV79Wcdn5opxbNpDUMsQ2ZtXNTOdbFXGtrTF
> OXDSjjQqxVuH3l/sVFT9R1+sDPb5vmv3haXxb95k9ZBiQ/UMFKl/57js41PdB4QJ
> CG6aOYORYw4RwiWVwTTXKVsuJZ37Xbmy5ZCpapZR6bheK/Rmj7Ug8RhTW11KS7q3
> gBTEswz8iliXoMTVQyZii/j5KzeI6yHPdnJD+OHOmVZj++8fqivoncipNWVqag4z
> BmNHo+SpXExAienyanRzYmYLij+MM5FKax5maA1X+tnJHz7XZSmdsVul9WgLh/CL
> 5zhpFQ3ZAppCObUCAwEAAaNQME4wHQYDVR0OBBYEFJLTYmI/8fhQDuPstTanxWQw
> MtMaMB8GA1UdIwQYMBaAFJLTYmI/8fhQDuPstTanxWQwMtMaMAwGA1UdEwQFMAMB
> Af8wDQYJKoZIhvcNAQELBQADggEBAMsH5VIpxzQW7PPTdoyMn5yM2XtwnZ8VcO8G
> k5MrT3cAYCtmJXtxQlZ13pKrmgnXQ12FW88M7XZLZrEcjIysAIqhAaM1a1sTB146
> WXoAOq6Hmv4R8ZZHIZb8h6B8VHfTltxHenvF1ryWAQDwiCjnp74UFO5Wn2oz1E6G
> V9pXGswb/fu57tdMLE056lKAWb5ybsPzedXg+yGH5RHPZE8NkcscyiNZaGgGk3hT
> SmmUA+vD/P8S6ib/spk2BX1TdCHAfwbSCQKtpU59jtYJOcjjczbUFOUD+qkO4tDL
> simLRJr3/EFIH9TkRWMYgeP5OUTa1OpTR+GCyETfTzKTQs38KIcxggJoMIICZAIB
> ATCB3jCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
> DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
> YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
> YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
> QGxpc3RzLnBkaW5jLnVzAhEAqeKmelCIlyyMhm1LhFx/bDANBglghkgBZQMEAgEF
> AKBcMA8GCSqGSIb3LwEBCDECMAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAv
> BgkqhkiG9w0BCQQxIgQgKSPlaaSRml+BHdiFKPF6gCs44f0buEO758XaSigeR84w
> DQYJKoZIhvcNAQELBQAEggEAQb/BtdXnHW1eF0F8oys2esbjY3LrO98LR5qqqUIQ
> CLi7APZ44LQzmZO/TQCQVBlfU9KCxuoViWZ9spWqs2qJV6nXJTOBrjnpT1rYmN38
> ZfeTt2BuvYLJJW2mpuqqqToYyBfEUna3vQXF9RTxxs+f19v0RCkzycuvZnw7UGF/
> 6zA34R1mOHjbxEBdbNdJLISrGJky2TIMDkA/wkGr+1dBjJKLhtaw3wLkJ5ycePsg
> ENHLp81Gmsw0ybT8vrh6lYmdwLa1pGhUMuvJUnfUNM789owyJToMIc9mlDkEQq0F
> t2oh4mvqI8Mg7MWd9sZgzYUPpNVv9Vp8ameIylwv1Ue/YA==
> -----END PKCS7-----
>
>
> --
> Jason Pyeron  | Architect
> PD Inc        |
> 10 w 24th St  |
> Baltimore, MD |
>
> .com: [hidden email]
> tel : 202-741-9397
>
>
>
>



Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 customization

David Hook-3

Hi Jason,

I'm just wondering if this is something you could do using the
setSignedAttributeGenerator() method on the signer info generator builder.

Regards,

David

On 6/12/19 12:19 am, Jason Pyeron wrote:

> Is there something I can clarify or should I open a pull request as is?
>
>> -----Original Message-----
>> From: Jason Pyeron
>> Sent: Tuesday, December 3, 2019 9:53 AM
>>
>> I am likely going about this the wrong way, but this is what got the
>> results I needed. What is the most proper way to customize the entries
>> in the PKCS#7 (see example below) or what are the BC standards so I may
>> submit a patch (see current implementation patch below against bcpkix-
>> jdk15on-1.61).
>>
>> -Jason Pyeron
>>
>> [some tweaks for email have been made...]
>>
>> commit c463688f016085e0de8acb1ac4a71fc48f990f58
>> Author: Jason Pyeron <[hidden email]>
>> Date:   Fri Nov 29 11:51:52 2019 -0500
>>
>>     bug 1913 - PKCS7 structure matches Acrobat Reader DC
>>
>> diff --git a/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
>> b/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
>> index d635a761..4ee9fdbc 100755
>> --- a/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
>> +++ b/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
>> @@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1OctetString;
>>  import org.bouncycastle.asn1.ASN1Set;
>>  import org.bouncycastle.asn1.BEROctetString;
>>  import org.bouncycastle.asn1.DERSet;
>> +import org.bouncycastle.asn1.cms.AttributeTable;
>>  import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
>>  import org.bouncycastle.asn1.cms.ContentInfo;
>>  import org.bouncycastle.asn1.cms.SignedData;
>> @@ -68,17 +69,39 @@ public class CMSSignedDataGenerator
>>          return generate(content, false);
>>      }
>>
>> +    /**
>> +     * Hack!
>> +     *
>> +     * @param content
>> +     * @param encapsulate
>> +     * @return
>> +     * @throws CMSException
>> +     * @see {@link #generate(CMSTypedData, boolean)}
>> +     */
>> +    public CMSSignedData generate(
>> +            // FIXME Avoid accessing more than once to support
>> CMSProcessableInputStream
>> +            CMSTypedData content, boolean encapsulate) throws
>> CMSException
>> +    {
>> +        return generate(content, encapsulate, null);
>> +    }
>> +
>> +    public interface AttributeFilter
>> +    {
>> +        AttributeTable filter(AttributeTable signed,
>> SignerInfoGenerator signerInfoGenerator);
>> +    }
>> +
>>      /**
>>       * Generate a CMS Signed Data object which can be carrying a
>> detached CMS signature, or have encapsulated data, depending on the
>> value
>>       * of the encapsulated parameter.
>>       *
>>       * @param content the content to be signed.
>>       * @param encapsulate true if the content should be encapsulated in
>> the signature, false otherwise.
>> +     * @param attributeFilter a call back to modify attributes
>>       */
>>      public CMSSignedData generate(
>>          // FIXME Avoid accessing more than once to support
>> CMSProcessableInputStream
>>          CMSTypedData content,
>> -        boolean encapsulate)
>> +            boolean encapsulate, AttributeFilter attributeFilter)
>>          throws CMSException
>>      {
>>          if (!signerInfs.isEmpty())
>> @@ -174,7 +197,7 @@ public class CMSSignedDataGenerator
>>          for (Iterator it = signerGens.iterator(); it.hasNext();)
>>          {
>>              SignerInfoGenerator sGen = (SignerInfoGenerator)it.next();
>> -            SignerInfo inf = sGen.generate(contentTypeOID);
>> +            SignerInfo inf = sGen.generate(contentTypeOID,
>> attributeFilter);
>>
>>              digestAlgs.add(inf.getDigestAlgorithm());
>>              signerInfos.add(inf);
>> diff --git a/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
>> b/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
>> index a233ec46..cee7c285 100755
>> --- a/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
>> +++ b/cresaptown-approval-
>> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
>> @@ -168,6 +168,12 @@ public class SignerInfoGenerator
>>      }
>>
>>      public SignerInfo generate(ASN1ObjectIdentifier contentType)
>> +            throws CMSException
>> +    {
>> +        return generate(contentType, null);
>> +    }
>> +
>> +    public SignerInfo generate(ASN1ObjectIdentifier contentType,
>> CMSSignedDataGenerator.AttributeFilter attributeFilter)
>>          throws CMSException
>>      {
>>          try
>> @@ -193,7 +199,7 @@ public class SignerInfoGenerator
>>                  calculatedDigest = digester.getDigest();
>>                  Map parameters = getBaseParameters(contentType,
>> digester.getAlgorithmIdentifier(), digestEncryptionAlgorithm,
>> calculatedDigest);
>>                  AttributeTable signed =
>> sAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
>> -
>> +                if (attributeFilter != null) signed =
>> attributeFilter.filter(signed, this);
>>                  signedAttr = getAttributeSet(signed);
>>
>>                  // sig must be composed from the DER encoding.
>>
>>
>> $ cat /dev/clipboard  | xxd -r -p | openssl pkcs7 -inform der -print
>> PKCS7:
>>   type: pkcs7-signedData (1.2.840.113549.1.7.2)
>>   d.sign:
>>     version: 1
>>     md_algs:
>>         algorithm: sha256 (2.16.840.1.101.3.4.2.1)
>>         parameter: NULL
>>     contents:
>>       type: pkcs7-data (1.2.840.113549.1.7.1)
>>       d.data: <ABSENT>
>>     cert:
>>         cert_info:
>>           version: 2
>>           serialNumber: 225816366948433615078627595622547226476
>>           signature:
>>             algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>>             parameter: NULL
>>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
>> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
>> CA/emailAddress=cresaptown lists.pdinc.us
>>           validity:
>>             notBefore: Jun 11 18:10:38 2019 GMT
>>             notAfter: Mar  7 18:10:38 2022 GMT
>>           subject: C=US, O=U.S. Government, OU=DoD, OU=PKI,
>> OU=CONTRACTOR, CN=PYERON.JASON.J....
>>           key:
>>             algor:
>>               algorithm: rsaEncryption (1.2.840.113549.1.1.1)
>>               parameter: NULL
>>             public_key:  (0 unused bits)
>>               0000 - 30 82 01 0a 02 82 01 01-00 ba 87 bf d3 09
>> 0.............
>>               000e - 16 6b dd 7b 43 2b 2c f8-e0 04 e2 16 64 b4
>> .k.{C+,.....d.
>>               001c - 44 c3 50 eb 62 95 b8 f1-1f c0 dd 60 bf a5
>> D.P.b......`..
>>               002a - 6f 27 3b 49 db b0 31 30-d2 e1 7a 4f 6b 7b
>> o';I..10..zOk{
>>               0038 - 91 ad 01 e5 ad 15 7d ff-5b 66 00 e7 d5 0b
>> ......}.[f....
>>               0046 - b8 c6 3b ed 5a 11 f1 d2-3c 25 b1 9a 93 79
>> ..;.Z...<%...y
>>               0054 - 00 74 05 ee bd 5e 3c 46-f2 47 f3 01 d8 2c
>> .t...^<F.G...,
>>               0062 - d7 de 52 66 35 bb 24 09-28 31 9a 89 7b f1
>> ..Rf5.$.(1..{.
>>               0070 - 24 64 92 e6 64 1b 19 94-9a 0a 8d c4 eb bb
>> $d..d.........
>>               007e - e0 ba d9 b5 af 44 01 01-07 aa e0 a2 81 9c
>> .....D........
>>               008c - 73 49 35 3b 7b 12 df a4-7d b0 ab f4 21 4c
>> sI5;{...}...!L
>>               009a - 29 a6 dc 33 f7 77 d0 61-0e 0c dd cf b0 79
>> )..3.w.a.....y
>>               00a8 - fc 51 80 87 79 69 e5 60-5e 69 4c 9f cf c2
>> .Q..yi.`^iL...
>>               00b6 - cb 0e d6 97 29 46 77 cc-16 2f 1b cd e0 6d
>> ....)Fw../...m
>>               00c4 - b1 98 8e aa 1b 40 df 06-58 eb bc 06 0c 97
>> .....@..X.....
>>               00d2 - 01 e3 eb b6 ba 21 51 78-11 35 10 8d 79 27
>> .....!Qx.5..y'
>>               00e0 - 66 f7 6d d8 33 5b 6e d7-2d 0a eb bb 18 01
>> f.m.3[n.-.....
>>               00ee - 8b 42 b7 a3 14 8e 33 56-bd c8 aa 9b 5d 61
>> .B....3V....]a
>>               00fc - 96 a3 67 48 5c 5e f7 f6-47 99 73 82 d9 02
>> ..gH\^..G.s...
>>               010a - 03 01 00 01                                 ....
>>           issuerUID: <ABSENT>
>>           subjectUID: <ABSENT>
>>           extensions:
>>               object: X509v3 Basic Constraints (2.5.29.19)
>>               critical: BOOL ABSENT
>>               value:
>>                 0000 - 30 00                                    0.
>>
>>               object: X509v3 Subject Key Identifier (2.5.29.14)
>>               critical: BOOL ABSENT
>>               value:
>>                 0000 - 04 14 b2 b6 71 fb 8a db-5e dc c1 7a 43
>> ....q...^..zC
>>                 000d - 0b a4 3a 8b a5 f6 25 cf-64
>> ..:...%.d
>>
>>               object: X509v3 Authority Key Identifier (2.5.29.35)
>>               critical: BOOL ABSENT
>>               value:
>>                 0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e
>> 0.....bb?..P.
>>                 000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a
>> ...6..d02..
>>         sig_alg:
>>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>>           parameter: NULL
>>         signature:  (0 unused bits)
>>           0000 - 2f 32 aa 1b ff d4 17 29-3b b7 3f 74 dd 3b 42
>> /2.....);.?t.;B
>>           000f - 4e be b1 8c 36 38 96 16-b6 49 c8 d5 6d 23 5a
>> N...68...I..m#Z
>>           001e - 65 e3 c7 0e 69 7d ae 84-a8 a9 e8 a8 80 60 dd
>> e...i}.......`.
>>           002d - f4 90 aa c9 1a 1e 69 a2-30 d9 e1 a8 7e 26 44
>> ......i.0...~&D
>>           003c - cc 59 61 64 a2 7e 46 55-9c bb 0e fc cd e0 15
>> .Yad.~FU.......
>>           004b - 19 27 52 41 bc cf eb b5-58 ea ba 22 c3 80 07
>> .'RA....X.."...
>>           005a - 35 8d e4 df 6e ba 28 58-84 a2 02 35 7c 6b 92
>> 5...n.(X...5|k.
>>           0069 - 28 e5 09 c2 3d 24 27 ba-23 e3 9c 31 56 40 67
>> (...=$'.#..1V@g
>>           0078 - 3f 09 56 8b 2e da 50 8e-70 b2 df 89 1b 0a 27
>> ?.V...P.p.....'
>>           0087 - a5 2c 9e 0b 14 ef a6 91-e0 39 3c 9e 2d f1 91
>> .,.......9<.-..
>>           0096 - e0 dc ef dd fc 7b 7c 71-17 fc ce e2 4c f5 a2
>> .....{|q....L..
>>           00a5 - 5e 62 48 17 98 09 f2 73-8c bb 7d c4 82 74 ad
>> ^bH....s..}..t.
>>           00b4 - 07 70 84 17 69 d0 f6 68-94 11 84 db 4c 5b ff
>> .p..i..h....L[.
>>           00c3 - 69 6d 03 16 65 45 67 db-f9 89 e6 42 66 46 f5
>> im..eEg....BfF.
>>           00d2 - fe 61 c8 1a f6 a0 19 ba-04 97 3f 04 97 16 98
>> .a........?....
>>           00e1 - f6 f3 56 70 af 16 b6 15-8a 03 c2 13 2b 54 4e
>> ..Vp........+TN
>>           00f0 - 2f d7 7c fe 53 20 00 8a-d3 ba 64 9b 7a 3a b7   /.|.S
>> ....d.z:.
>>           00ff - 8b                                             .
>>
>>         cert_info:
>>           version: 2
>>           serialNumber: 12765852582602929747
>>           signature:
>>             algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>>             parameter: NULL
>>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
>> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
>> CA/emailAddress=cresaptown lists.pdinc.us
>>           validity:
>>             notBefore: Jun  7 17:08:06 2019 GMT
>>             notAfter: Aug 24 17:08:06 2027 GMT
>>           subject: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
>> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
>> CA/emailAddress=cresaptown lists.pdinc.us
>>           key:
>>             algor:
>>               algorithm: rsaEncryption (1.2.840.113549.1.1.1)
>>               parameter: NULL
>>             public_key:  (0 unused bits)
>>               0000 - 30 82 01 0a 02 82 01 01-00 e9 26 d4 13 9a
>> 0.........&...
>>               000e - 4c 91 4b bb f0 e4 4c 87-43 19 f0 87 f5 72
>> L.K...L.C....r
>>               001c - 7c 1b 28 77 31 6e 6b 09-5e fd 59 c7 67 e6
>> |.(w1nk.^.Y.g.
>>               002a - 8a 71 6c da 43 50 cb 10-d9 9b 57 35 33 9d
>> .ql.CP....W53.
>>               0038 - 6c 55 c6 b6 b4 c5 39 70-d2 8e 34 2a c5 5b
>> lU....9p..4*.[
>>               0046 - 87 de 5f ec 54 54 fd 47-5f ac 0c f6 f9 be
>> .._.TT.G_.....
>>               0054 - 6b f7 85 a5 f1 6f de 64-f5 90 62 43 f5 0c
>> k....o.d..bC..
>>               0062 - 14 a9 7f e7 b8 ec e3 53-dd 07 84 09 08 6e
>> .......S.....n
>>               0070 - 9a 39 83 91 63 0e 11 c2-25 95 c1 34 d7 29
>> .9..c...%..4.)
>>               007e - 5b 2e 25 9d fb 5d b9 b2-e5 90 a9 6a 96 51
>> [.%..].....j.Q
>>               008c - e9 b8 5e 2b f4 66 8f b5-20 f1 18 53 5b 5d
>> ..^+.f.. ..S[]
>>               009a - 4a 4b ba b7 80 14 c4 b3-0c fc 8a 58 97 a0
>> JK.........X..
>>               00a8 - c4 d5 43 26 62 8b f8 f9-2b 37 88 eb 21 cf
>> ..C&b...+7..!.
>>               00b6 - 76 72 43 f8 e1 ce 99 56-63 fb ef 1f aa 2b
>> vrC....Vc....+
>>               00c4 - e8 9d c8 a9 35 65 6a 6a-0e 33 06 63 47 a3
>> ....5ejj.3.cG.
>>               00d2 - e4 a9 5c 4c 40 89 e9 f2-6a 74 73 62 66 0b
>> ..\L@...jtsbf.
>>               00e0 - 8a 3f 8c 33 91 4a 6b 1e-66 68 0d 57 fa d9
>> .?.3.Jk.fh.W..
>>               00ee - c9 1f 3e d7 65 29 9d b1-5b a5 f5 68 0b 87
>> ..>.e)..[..h..
>>               00fc - f0 8b e7 38 69 15 0d d9-02 9a 42 39 b5 02
>> ...8i.....B9..
>>               010a - 03 01 00 01                                 ....
>>           issuerUID: <ABSENT>
>>           subjectUID: <ABSENT>
>>           extensions:
>>               object: X509v3 Subject Key Identifier (2.5.29.14)
>>               critical: BOOL ABSENT
>>               value:
>>                 0000 - 04 14 92 d3 62 62 3f f1-f8 50 0e e3 ec
>> ....bb?..P...
>>                 000d - b5 36 a7 c5 64 30 32 d3-1a
>> .6..d02..
>>
>>               object: X509v3 Authority Key Identifier (2.5.29.35)
>>               critical: BOOL ABSENT
>>               value:
>>                 0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e
>> 0.....bb?..P.
>>                 000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a
>> ...6..d02..
>>
>>               object: X509v3 Basic Constraints (2.5.29.19)
>>               critical: BOOL ABSENT
>>               value:
>>                 0000 - 30 03 01 01 ff                           0....
>>         sig_alg:
>>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>>           parameter: NULL
>>         signature:  (0 unused bits)
>>           0000 - cb 07 e5 52 29 c7 34 16-ec f3 d3 76 8c 8c 9f
>> ...R).4....v...
>>           000f - 9c 8c d9 7b 70 9d 9f 15-70 ef 06 93 93 2b 4f
>> ...{p...p....+O
>>           001e - 77 00 60 2b 66 25 7b 71-42 56 75 de 92 ab 9a
>> w.`+f%{qBVu....
>>           002d - 09 d7 43 5d 85 5b cf 0c-ed 76 4b 66 b1 1c 8c
>> ..C].[...vKf...
>>           003c - 8c ac 00 8a a1 01 a3 35-6b 5b 13 07 5e 3a 59
>> .......5k[..^:Y
>>           004b - 7a 00 3a ae 87 9a fe 11-f1 96 47 21 96 fc 87
>> z.:.......G!...
>>           005a - a0 7c 54 77 d3 96 dc 47-7a 7b c5 d6 bc 96 01
>> .|Tw...Gz{.....
>>           0069 - 00 f0 88 28 e7 a7 be 14-14 ee 56 9f 6a 33 d4
>> ...(......V.j3.
>>           0078 - 4e 86 57 da 57 1a cc 1b-fd fb b9 ee d7 4c 2c
>> N.W.W........L,
>>           0087 - 4d 39 ea 52 80 59 be 72-6e c3 f3 79 d5 e0 fb
>> M9.R.Y.rn..y...
>>           0096 - 21 87 e5 11 cf 64 4f 0d-91 cb 1c ca 23 59 68
>> !....dO.....#Yh
>>           00a5 - 68 06 93 78 53 4a 69 94-03 eb c3 fc ff 12 ea
>> h..xSJi........
>>           00b4 - 26 ff b2 99 36 05 7d 53-74 21 c0 7f 06 d2 09
>> &...6.}St!.....
>>           00c3 - 02 ad a5 4e 7d 8e d6 09-39 c8 e3 73 36 d4 14
>> ...N}...9..s6..
>>           00d2 - e5 03 fa a9 0e e2 d0 cb-b2 29 8b 44 9a f7 fc
>> .........).D...
>>           00e1 - 41 48 1f d4 e4 45 63 18-81 e3 f9 39 44 da d4
>> AH...Ec....9D..
>>           00f0 - ea 53 47 e1 82 c8 44 df-4f 32 93 42 cd fc 28
>> .SG...D.O2.B..(
>>           00ff - 87                                             .
>>     crl:
>>       <EMPTY>
>>     signer_info:
>>         version: 1
>>         issuer_and_serial:
>>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
>> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
>> CA/emailAddress=cresaptown lists.pdinc.us
>>           serial: 225816366948433615078627595622547226476
>>         digest_alg:
>>           algorithm: sha256 (2.16.840.1.101.3.4.2.1)
>>           parameter: NULL
>>         auth_attr:
>>             object: undefined (1.2.840.113583.1.1.8)
>>             value.set:
>>               SEQUENCE:
>>     0:d=0  hl=2 l=   0 cons: SEQUENCE
>>
>>             object: contentType (1.2.840.113549.1.9.3)
>>             value.set:
>>               OBJECT:pkcs7-data (1.2.840.113549.1.7.1)
>>
>>             object: messageDigest (1.2.840.113549.1.9.4)
>>             value.set:
>>               OCTET STRING:
>>                 0000 - 29 23 e5 69 a4 91 9a 5f-81 1d d8 85 28
>> )#.i..._....(
>>                 000d - f1 7a 80 2b 38 e1 fd 1b-b8 43 bb e7 c5
>> .z.+8....C...
>>                 001a - da 4a 28 1e 47 ce                        .J(.G.
>>         digest_enc_alg:
>>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
>>           parameter: NULL
>>         enc_digest:
>>           0000 - 41 bf c1 b5 d5 e7 1d 6d-5e 17 41 7c a3 2b 36
>> A......m^.A|.+6
>>           000f - 7a c6 e3 63 72 eb 3b df-0b 47 9a aa a9 42 10
>> z..cr.;..G...B.
>>           001e - 08 b8 bb 00 f6 78 e0 b4-33 99 93 bf 4d 00 90
>> .....x..3...M..
>>           002d - 54 19 5f 53 d2 82 c6 ea-15 89 66 7d b2 95 aa
>> T._S......f}...
>>           003c - b3 6a 89 57 a9 d7 25 33-81 ae 39 e9 4f 5a d8
>> .j.W..%3..9.OZ.
>>           004b - 98 dd fc 65 f7 93 b7 60-6e bd 82 c9 25 6d a6
>> ...e...`n...%m.
>>           005a - a6 ea aa a9 3a 18 c8 17-c4 52 76 b7 bd 05 c5
>> ....:....Rv....
>>           0069 - f5 14 f1 c6 cf 9f d7 db-f4 44 29 33 c9 cb af
>> .........D)3...
>>           0078 - 66 7c 3b 50 61 7f eb 30-37 e1 1d 66 38 78 db
>> f|;Pa..07..f8x.
>>           0087 - c4 40 5d 6c d7 49 2c 84-ab 18 99 32 d9 32 0c
>> .@]l.I,....2.2.
>>           0096 - 0e 40 3f c2 41 ab fb 57-41 8c 92 8b 86 d6 b0
>> .@?.A..WA......
>>           00a5 - df 02 e4 27 9c 9c 78 fb-20 10 d1 cb a7 cd 46   ...'..x.
>> .....F
>>           00b4 - 9a cc 34 c9 b4 fc be b8-7a 95 89 9d c0 b6 b5
>> ..4.....z......
>>           00c3 - a4 68 54 32 eb c9 52 77-d4 34 ce fc f6 8c 32
>> .hT2..Rw.4....2
>>           00d2 - 25 3a 0c 21 cf 66 94 39-04 42 ad 05 b7 6a 21
>> %:.!.f.9.B...j!
>>           00e1 - e2 6b ea 23 c3 20 ec c5-9d f6 c6 60 cd 85 0f   .k.#.
>> .....`...
>>           00f0 - a4 d5 6f f5 5a 7c 6a 67-88 ca 5c 2f d5 47 bf
>> ..o.Z|jg..\/.G.
>>           00ff - 60                                             `
>>         unauth_attr:
>>           <EMPTY>
>> -----BEGIN PKCS7-----
>> MIILLgYJKoZIhvcNAQcCoIILHzCCCxsCAQExDzANBglghkgBZQMEAgEFADALBgkq
>> hkiG9w0BBwGgggiKMIIEHTCCAwWgAwIBAgIRAKnipnpQiJcsjIZtS4Rcf2wwDQYJ
>> KoZIhvcNAQELBQAwgcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEX
>> MBUGA1UEBwwOQmFsdGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UE
>> CwwlQ3Jlc2FwdG93biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UE
>> AwwZQ3Jlc2FwdG93biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jl
>> c2FwdG93bkBsaXN0cy5wZGluYy51czAeFw0xOTA2MTExODEwMzhaFw0yMjAzMDcx
>> ODEwMzhaMHwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9VLlMuIEdvdmVybm1lbnQx
>> DDAKBgNVBAsMA0RvRDEMMAoGA1UECwwDUEtJMRMwEQYDVQQLDApDT05UUkFDVE9S
>> MSIwIAYDVQQDDBlQWUVST04uSkFTT04uSi4xMjkxMTQ3NzE5MIIBIjANBgkqhkiG
>> 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoe/0wkWa917Qyss+OAE4hZktETDUOtilbjx
>> H8DdYL+lbyc7SduwMTDS4XpPa3uRrQHlrRV9/1tmAOfVC7jGO+1aEfHSPCWxmpN5
>> AHQF7r1ePEbyR/MB2CzX3lJmNbskCSgxmol78SRkkuZkGxmUmgqNxOu74LrZta9E
>> AQEHquCigZxzSTU7exLfpH2wq/QhTCmm3DP3d9BhDgzdz7B5/FGAh3lp5WBeaUyf
>> z8LLDtaXKUZ3zBYvG83gbbGYjqobQN8GWOu8BgyXAePrtrohUXgRNRCNeSdm923Y
>> M1tu1y0K67sYAYtCt6MUjjNWvciqm11hlqNnSFxe9/ZHmXOC2QIDAQABo00wSzAJ
>> BgNVHRMEAjAAMB0GA1UdDgQWBBSytnH7itte3MF6QwukOoul9iXPZDAfBgNVHSME
>> GDAWgBSS02JiP/H4UA7j7LU2p8VkMDLTGjANBgkqhkiG9w0BAQsFAAOCAQEALzKq
>> G//UFyk7tz903TtCTr6xjDY4lha2ScjVbSNaZePHDml9roSoqeiogGDd9JCqyRoe
>> aaIw2eGofiZEzFlhZKJ+RlWcuw78zeAVGSdSQbzP67VY6roiw4AHNY3k3266KFiE
>> ogI1fGuSKOUJwj0kJ7oj45wxVkBnPwlWiy7aUI5wst+JGwonpSyeCxTvppHgOTye
>> LfGR4Nzv3fx7fHEX/M7iTPWiXmJIF5gJ8nOMu33EgnStB3CEF2nQ9miUEYTbTFv/
>> aW0DFmVFZ9v5ieZCZkb1/mHIGvagGboElz8ElxaY9vNWcK8WthWKA8ITK1ROL9d8
>> /lMgAIrTumSbejq3izCCBGUwggNNoAMCAQICCQCxKWtJmQz2UzANBgkqhkiG9w0B
>> AQsFADCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
>> DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
>> YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
>> YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
>> QGxpc3RzLnBkaW5jLnVzMB4XDTE5MDYwNzE3MDgwNloXDTI3MDgyNDE3MDgwNlow
>> gcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEXMBUGA1UEBwwOQmFs
>> dGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UECwwlQ3Jlc2FwdG93
>> biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UEAwwZQ3Jlc2FwdG93
>> biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jlc2FwdG93bkBsaXN0
>> cy5wZGluYy51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkm1BOa
>> TJFLu/DkTIdDGfCH9XJ8Gyh3MW5rCV79Wcdn5opxbNpDUMsQ2ZtXNTOdbFXGtrTF
>> OXDSjjQqxVuH3l/sVFT9R1+sDPb5vmv3haXxb95k9ZBiQ/UMFKl/57js41PdB4QJ
>> CG6aOYORYw4RwiWVwTTXKVsuJZ37Xbmy5ZCpapZR6bheK/Rmj7Ug8RhTW11KS7q3
>> gBTEswz8iliXoMTVQyZii/j5KzeI6yHPdnJD+OHOmVZj++8fqivoncipNWVqag4z
>> BmNHo+SpXExAienyanRzYmYLij+MM5FKax5maA1X+tnJHz7XZSmdsVul9WgLh/CL
>> 5zhpFQ3ZAppCObUCAwEAAaNQME4wHQYDVR0OBBYEFJLTYmI/8fhQDuPstTanxWQw
>> MtMaMB8GA1UdIwQYMBaAFJLTYmI/8fhQDuPstTanxWQwMtMaMAwGA1UdEwQFMAMB
>> Af8wDQYJKoZIhvcNAQELBQADggEBAMsH5VIpxzQW7PPTdoyMn5yM2XtwnZ8VcO8G
>> k5MrT3cAYCtmJXtxQlZ13pKrmgnXQ12FW88M7XZLZrEcjIysAIqhAaM1a1sTB146
>> WXoAOq6Hmv4R8ZZHIZb8h6B8VHfTltxHenvF1ryWAQDwiCjnp74UFO5Wn2oz1E6G
>> V9pXGswb/fu57tdMLE056lKAWb5ybsPzedXg+yGH5RHPZE8NkcscyiNZaGgGk3hT
>> SmmUA+vD/P8S6ib/spk2BX1TdCHAfwbSCQKtpU59jtYJOcjjczbUFOUD+qkO4tDL
>> simLRJr3/EFIH9TkRWMYgeP5OUTa1OpTR+GCyETfTzKTQs38KIcxggJoMIICZAIB
>> ATCB3jCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
>> DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
>> YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
>> YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
>> QGxpc3RzLnBkaW5jLnVzAhEAqeKmelCIlyyMhm1LhFx/bDANBglghkgBZQMEAgEF
>> AKBcMA8GCSqGSIb3LwEBCDECMAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAv
>> BgkqhkiG9w0BCQQxIgQgKSPlaaSRml+BHdiFKPF6gCs44f0buEO758XaSigeR84w
>> DQYJKoZIhvcNAQELBQAEggEAQb/BtdXnHW1eF0F8oys2esbjY3LrO98LR5qqqUIQ
>> CLi7APZ44LQzmZO/TQCQVBlfU9KCxuoViWZ9spWqs2qJV6nXJTOBrjnpT1rYmN38
>> ZfeTt2BuvYLJJW2mpuqqqToYyBfEUna3vQXF9RTxxs+f19v0RCkzycuvZnw7UGF/
>> 6zA34R1mOHjbxEBdbNdJLISrGJky2TIMDkA/wkGr+1dBjJKLhtaw3wLkJ5ycePsg
>> ENHLp81Gmsw0ybT8vrh6lYmdwLa1pGhUMuvJUnfUNM789owyJToMIc9mlDkEQq0F
>> t2oh4mvqI8Mg7MWd9sZgzYUPpNVv9Vp8ameIylwv1Ue/YA==
>> -----END PKCS7-----
>>
>>
>> --
>> Jason Pyeron  | Architect
>> PD Inc        |
>> 10 w 24th St  |
>> Baltimore, MD |
>>
>> .com: [hidden email]
>> tel : 202-741-9397
>>
>>
>>
>>
>
>
>


Reply | Threaded
Open this post in threaded view
|

RE: PKCS7 customization

Jason Pyeron
> -----Original Message-----
> From: David Hook
> Sent: Thursday, December 5, 2019 4:38 PM
>
>
> Hi Jason,
>
> I'm just wondering if this is something you could do using the
> setSignedAttributeGenerator() method on the signer info generator builder.

I did not investigate that - doing so now.

>
> Regards,
>
> David
>
> On 6/12/19 12:19 am, Jason Pyeron wrote:
> > Is there something I can clarify or should I open a pull request as is?
> >
> >> -----Original Message-----
> >> From: Jason Pyeron
> >> Sent: Tuesday, December 3, 2019 9:53 AM
> >>
> >> I am likely going about this the wrong way, but this is what got the
> >> results I needed. What is the most proper way to customize the entries
> >> in the PKCS#7 (see example below) or what are the BC standards so I may
> >> submit a patch (see current implementation patch below against bcpkix-
> >> jdk15on-1.61).
> >>
> >> -Jason Pyeron
> >>
> >> [some tweaks for email have been made...]
> >>
> >> commit c463688f016085e0de8acb1ac4a71fc48f990f58
> >> Author: Jason Pyeron <[hidden email]>
> >> Date:   Fri Nov 29 11:51:52 2019 -0500
> >>
> >>     bug 1913 - PKCS7 structure matches Acrobat Reader DC
> >>
> >> diff --git a/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> >> b/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> >> index d635a761..4ee9fdbc 100755
> >> --- a/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> >> +++ b/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
> >> @@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1OctetString;
> >>  import org.bouncycastle.asn1.ASN1Set;
> >>  import org.bouncycastle.asn1.BEROctetString;
> >>  import org.bouncycastle.asn1.DERSet;
> >> +import org.bouncycastle.asn1.cms.AttributeTable;
> >>  import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
> >>  import org.bouncycastle.asn1.cms.ContentInfo;
> >>  import org.bouncycastle.asn1.cms.SignedData;
> >> @@ -68,17 +69,39 @@ public class CMSSignedDataGenerator
> >>          return generate(content, false);
> >>      }
> >>
> >> +    /**
> >> +     * Hack!
> >> +     *
> >> +     * @param content
> >> +     * @param encapsulate
> >> +     * @return
> >> +     * @throws CMSException
> >> +     * @see {@link #generate(CMSTypedData, boolean)}
> >> +     */
> >> +    public CMSSignedData generate(
> >> +            // FIXME Avoid accessing more than once to support
> >> CMSProcessableInputStream
> >> +            CMSTypedData content, boolean encapsulate) throws
> >> CMSException
> >> +    {
> >> +        return generate(content, encapsulate, null);
> >> +    }
> >> +
> >> +    public interface AttributeFilter
> >> +    {
> >> +        AttributeTable filter(AttributeTable signed,
> >> SignerInfoGenerator signerInfoGenerator);
> >> +    }
> >> +
> >>      /**
> >>       * Generate a CMS Signed Data object which can be carrying a
> >> detached CMS signature, or have encapsulated data, depending on the
> >> value
> >>       * of the encapsulated parameter.
> >>       *
> >>       * @param content the content to be signed.
> >>       * @param encapsulate true if the content should be encapsulated in
> >> the signature, false otherwise.
> >> +     * @param attributeFilter a call back to modify attributes
> >>       */
> >>      public CMSSignedData generate(
> >>          // FIXME Avoid accessing more than once to support
> >> CMSProcessableInputStream
> >>          CMSTypedData content,
> >> -        boolean encapsulate)
> >> +            boolean encapsulate, AttributeFilter attributeFilter)
> >>          throws CMSException
> >>      {
> >>          if (!signerInfs.isEmpty())
> >> @@ -174,7 +197,7 @@ public class CMSSignedDataGenerator
> >>          for (Iterator it = signerGens.iterator(); it.hasNext();)
> >>          {
> >>              SignerInfoGenerator sGen = (SignerInfoGenerator)it.next();
> >> -            SignerInfo inf = sGen.generate(contentTypeOID);
> >> +            SignerInfo inf = sGen.generate(contentTypeOID,
> >> attributeFilter);
> >>
> >>              digestAlgs.add(inf.getDigestAlgorithm());
> >>              signerInfos.add(inf);
> >> diff --git a/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> >> b/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> >> index a233ec46..cee7c285 100755
> >> --- a/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> >> +++ b/cresaptown-approval-
> >> frontend/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
> >> @@ -168,6 +168,12 @@ public class SignerInfoGenerator
> >>      }
> >>
> >>      public SignerInfo generate(ASN1ObjectIdentifier contentType)
> >> +            throws CMSException
> >> +    {
> >> +        return generate(contentType, null);
> >> +    }
> >> +
> >> +    public SignerInfo generate(ASN1ObjectIdentifier contentType,
> >> CMSSignedDataGenerator.AttributeFilter attributeFilter)
> >>          throws CMSException
> >>      {
> >>          try
> >> @@ -193,7 +199,7 @@ public class SignerInfoGenerator
> >>                  calculatedDigest = digester.getDigest();
> >>                  Map parameters = getBaseParameters(contentType,
> >> digester.getAlgorithmIdentifier(), digestEncryptionAlgorithm,
> >> calculatedDigest);
> >>                  AttributeTable signed =
> >> sAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
> >> -
> >> +                if (attributeFilter != null) signed =
> >> attributeFilter.filter(signed, this);
> >>                  signedAttr = getAttributeSet(signed);
> >>
> >>                  // sig must be composed from the DER encoding.
> >>
> >>
> >> $ cat /dev/clipboard  | xxd -r -p | openssl pkcs7 -inform der -print
> >> PKCS7:
> >>   type: pkcs7-signedData (1.2.840.113549.1.7.2)
> >>   d.sign:
> >>     version: 1
> >>     md_algs:
> >>         algorithm: sha256 (2.16.840.1.101.3.4.2.1)
> >>         parameter: NULL
> >>     contents:
> >>       type: pkcs7-data (1.2.840.113549.1.7.1)
> >>       d.data: <ABSENT>
> >>     cert:
> >>         cert_info:
> >>           version: 2
> >>           serialNumber: 225816366948433615078627595622547226476
> >>           signature:
> >>             algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
> >>             parameter: NULL
> >>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> >> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> >> CA/emailAddress=cresaptown lists.pdinc.us
> >>           validity:
> >>             notBefore: Jun 11 18:10:38 2019 GMT
> >>             notAfter: Mar  7 18:10:38 2022 GMT
> >>           subject: C=US, O=U.S. Government, OU=DoD, OU=PKI,
> >> OU=CONTRACTOR, CN=PYERON.JASON.J....
> >>           key:
> >>             algor:
> >>               algorithm: rsaEncryption (1.2.840.113549.1.1.1)
> >>               parameter: NULL
> >>             public_key:  (0 unused bits)
> >>               0000 - 30 82 01 0a 02 82 01 01-00 ba 87 bf d3 09
> >> 0.............
> >>               000e - 16 6b dd 7b 43 2b 2c f8-e0 04 e2 16 64 b4
> >> .k.{C+,.....d.
> >>               001c - 44 c3 50 eb 62 95 b8 f1-1f c0 dd 60 bf a5
> >> D.P.b......`..
> >>               002a - 6f 27 3b 49 db b0 31 30-d2 e1 7a 4f 6b 7b
> >> o';I..10..zOk{
> >>               0038 - 91 ad 01 e5 ad 15 7d ff-5b 66 00 e7 d5 0b
> >> ......}.[f....
> >>               0046 - b8 c6 3b ed 5a 11 f1 d2-3c 25 b1 9a 93 79
> >> ..;.Z...<%...y
> >>               0054 - 00 74 05 ee bd 5e 3c 46-f2 47 f3 01 d8 2c
> >> .t...^<F.G...,
> >>               0062 - d7 de 52 66 35 bb 24 09-28 31 9a 89 7b f1
> >> ..Rf5.$.(1..{.
> >>               0070 - 24 64 92 e6 64 1b 19 94-9a 0a 8d c4 eb bb
> >> $d..d.........
> >>               007e - e0 ba d9 b5 af 44 01 01-07 aa e0 a2 81 9c
> >> .....D........
> >>               008c - 73 49 35 3b 7b 12 df a4-7d b0 ab f4 21 4c
> >> sI5;{...}...!L
> >>               009a - 29 a6 dc 33 f7 77 d0 61-0e 0c dd cf b0 79
> >> )..3.w.a.....y
> >>               00a8 - fc 51 80 87 79 69 e5 60-5e 69 4c 9f cf c2
> >> .Q..yi.`^iL...
> >>               00b6 - cb 0e d6 97 29 46 77 cc-16 2f 1b cd e0 6d
> >> ....)Fw../...m
> >>               00c4 - b1 98 8e aa 1b 40 df 06-58 eb bc 06 0c 97
> >> .....@..X.....
> >>               00d2 - 01 e3 eb b6 ba 21 51 78-11 35 10 8d 79 27
> >> .....!Qx.5..y'
> >>               00e0 - 66 f7 6d d8 33 5b 6e d7-2d 0a eb bb 18 01
> >> f.m.3[n.-.....
> >>               00ee - 8b 42 b7 a3 14 8e 33 56-bd c8 aa 9b 5d 61
> >> .B....3V....]a
> >>               00fc - 96 a3 67 48 5c 5e f7 f6-47 99 73 82 d9 02
> >> ..gH\^..G.s...
> >>               010a - 03 01 00 01                                 ....
> >>           issuerUID: <ABSENT>
> >>           subjectUID: <ABSENT>
> >>           extensions:
> >>               object: X509v3 Basic Constraints (2.5.29.19)
> >>               critical: BOOL ABSENT
> >>               value:
> >>                 0000 - 30 00                                    0.
> >>
> >>               object: X509v3 Subject Key Identifier (2.5.29.14)
> >>               critical: BOOL ABSENT
> >>               value:
> >>                 0000 - 04 14 b2 b6 71 fb 8a db-5e dc c1 7a 43
> >> ....q...^..zC
> >>                 000d - 0b a4 3a 8b a5 f6 25 cf-64
> >> ..:...%.d
> >>
> >>               object: X509v3 Authority Key Identifier (2.5.29.35)
> >>               critical: BOOL ABSENT
> >>               value:
> >>                 0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e
> >> 0.....bb?..P.
> >>                 000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a
> >> ...6..d02..
> >>         sig_alg:
> >>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
> >>           parameter: NULL
> >>         signature:  (0 unused bits)
> >>           0000 - 2f 32 aa 1b ff d4 17 29-3b b7 3f 74 dd 3b 42
> >> /2.....);.?t.;B
> >>           000f - 4e be b1 8c 36 38 96 16-b6 49 c8 d5 6d 23 5a
> >> N...68...I..m#Z
> >>           001e - 65 e3 c7 0e 69 7d ae 84-a8 a9 e8 a8 80 60 dd
> >> e...i}.......`.
> >>           002d - f4 90 aa c9 1a 1e 69 a2-30 d9 e1 a8 7e 26 44
> >> ......i.0...~&D
> >>           003c - cc 59 61 64 a2 7e 46 55-9c bb 0e fc cd e0 15
> >> .Yad.~FU.......
> >>           004b - 19 27 52 41 bc cf eb b5-58 ea ba 22 c3 80 07
> >> .'RA....X.."...
> >>           005a - 35 8d e4 df 6e ba 28 58-84 a2 02 35 7c 6b 92
> >> 5...n.(X...5|k.
> >>           0069 - 28 e5 09 c2 3d 24 27 ba-23 e3 9c 31 56 40 67
> >> (...=$'.#..1V@g
> >>           0078 - 3f 09 56 8b 2e da 50 8e-70 b2 df 89 1b 0a 27
> >> ?.V...P.p.....'
> >>           0087 - a5 2c 9e 0b 14 ef a6 91-e0 39 3c 9e 2d f1 91
> >> .,.......9<.-..
> >>           0096 - e0 dc ef dd fc 7b 7c 71-17 fc ce e2 4c f5 a2
> >> .....{|q....L..
> >>           00a5 - 5e 62 48 17 98 09 f2 73-8c bb 7d c4 82 74 ad
> >> ^bH....s..}..t.
> >>           00b4 - 07 70 84 17 69 d0 f6 68-94 11 84 db 4c 5b ff
> >> .p..i..h....L[.
> >>           00c3 - 69 6d 03 16 65 45 67 db-f9 89 e6 42 66 46 f5
> >> im..eEg....BfF.
> >>           00d2 - fe 61 c8 1a f6 a0 19 ba-04 97 3f 04 97 16 98
> >> .a........?....
> >>           00e1 - f6 f3 56 70 af 16 b6 15-8a 03 c2 13 2b 54 4e
> >> ..Vp........+TN
> >>           00f0 - 2f d7 7c fe 53 20 00 8a-d3 ba 64 9b 7a 3a b7   /.|.S
> >> ....d.z:.
> >>           00ff - 8b                                             .
> >>
> >>         cert_info:
> >>           version: 2
> >>           serialNumber: 12765852582602929747
> >>           signature:
> >>             algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
> >>             parameter: NULL
> >>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> >> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> >> CA/emailAddress=cresaptown lists.pdinc.us
> >>           validity:
> >>             notBefore: Jun  7 17:08:06 2019 GMT
> >>             notAfter: Aug 24 17:08:06 2027 GMT
> >>           subject: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> >> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> >> CA/emailAddress=cresaptown lists.pdinc.us
> >>           key:
> >>             algor:
> >>               algorithm: rsaEncryption (1.2.840.113549.1.1.1)
> >>               parameter: NULL
> >>             public_key:  (0 unused bits)
> >>               0000 - 30 82 01 0a 02 82 01 01-00 e9 26 d4 13 9a
> >> 0.........&...
> >>               000e - 4c 91 4b bb f0 e4 4c 87-43 19 f0 87 f5 72
> >> L.K...L.C....r
> >>               001c - 7c 1b 28 77 31 6e 6b 09-5e fd 59 c7 67 e6
> >> |.(w1nk.^.Y.g.
> >>               002a - 8a 71 6c da 43 50 cb 10-d9 9b 57 35 33 9d
> >> .ql.CP....W53.
> >>               0038 - 6c 55 c6 b6 b4 c5 39 70-d2 8e 34 2a c5 5b
> >> lU....9p..4*.[
> >>               0046 - 87 de 5f ec 54 54 fd 47-5f ac 0c f6 f9 be
> >> .._.TT.G_.....
> >>               0054 - 6b f7 85 a5 f1 6f de 64-f5 90 62 43 f5 0c
> >> k....o.d..bC..
> >>               0062 - 14 a9 7f e7 b8 ec e3 53-dd 07 84 09 08 6e
> >> .......S.....n
> >>               0070 - 9a 39 83 91 63 0e 11 c2-25 95 c1 34 d7 29
> >> .9..c...%..4.)
> >>               007e - 5b 2e 25 9d fb 5d b9 b2-e5 90 a9 6a 96 51
> >> [.%..].....j.Q
> >>               008c - e9 b8 5e 2b f4 66 8f b5-20 f1 18 53 5b 5d
> >> ..^+.f.. ..S[]
> >>               009a - 4a 4b ba b7 80 14 c4 b3-0c fc 8a 58 97 a0
> >> JK.........X..
> >>               00a8 - c4 d5 43 26 62 8b f8 f9-2b 37 88 eb 21 cf
> >> ..C&b...+7..!.
> >>               00b6 - 76 72 43 f8 e1 ce 99 56-63 fb ef 1f aa 2b
> >> vrC....Vc....+
> >>               00c4 - e8 9d c8 a9 35 65 6a 6a-0e 33 06 63 47 a3
> >> ....5ejj.3.cG.
> >>               00d2 - e4 a9 5c 4c 40 89 e9 f2-6a 74 73 62 66 0b
> >> ..\L@...jtsbf.
> >>               00e0 - 8a 3f 8c 33 91 4a 6b 1e-66 68 0d 57 fa d9
> >> .?.3.Jk.fh.W..
> >>               00ee - c9 1f 3e d7 65 29 9d b1-5b a5 f5 68 0b 87
> >> ..>.e)..[..h..
> >>               00fc - f0 8b e7 38 69 15 0d d9-02 9a 42 39 b5 02
> >> ...8i.....B9..
> >>               010a - 03 01 00 01                                 ....
> >>           issuerUID: <ABSENT>
> >>           subjectUID: <ABSENT>
> >>           extensions:
> >>               object: X509v3 Subject Key Identifier (2.5.29.14)
> >>               critical: BOOL ABSENT
> >>               value:
> >>                 0000 - 04 14 92 d3 62 62 3f f1-f8 50 0e e3 ec
> >> ....bb?..P...
> >>                 000d - b5 36 a7 c5 64 30 32 d3-1a
> >> .6..d02..
> >>
> >>               object: X509v3 Authority Key Identifier (2.5.29.35)
> >>               critical: BOOL ABSENT
> >>               value:
> >>                 0000 - 30 16 80 14 92 d3 62 62-3f f1 f8 50 0e
> >> 0.....bb?..P.
> >>                 000d - e3 ec b5 36 a7 c5 64 30-32 d3 1a
> >> ...6..d02..
> >>
> >>               object: X509v3 Basic Constraints (2.5.29.19)
> >>               critical: BOOL ABSENT
> >>               value:
> >>                 0000 - 30 03 01 01 ff                           0....
> >>         sig_alg:
> >>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
> >>           parameter: NULL
> >>         signature:  (0 unused bits)
> >>           0000 - cb 07 e5 52 29 c7 34 16-ec f3 d3 76 8c 8c 9f
> >> ...R).4....v...
> >>           000f - 9c 8c d9 7b 70 9d 9f 15-70 ef 06 93 93 2b 4f
> >> ...{p...p....+O
> >>           001e - 77 00 60 2b 66 25 7b 71-42 56 75 de 92 ab 9a
> >> w.`+f%{qBVu....
> >>           002d - 09 d7 43 5d 85 5b cf 0c-ed 76 4b 66 b1 1c 8c
> >> ..C].[...vKf...
> >>           003c - 8c ac 00 8a a1 01 a3 35-6b 5b 13 07 5e 3a 59
> >> .......5k[..^:Y
> >>           004b - 7a 00 3a ae 87 9a fe 11-f1 96 47 21 96 fc 87
> >> z.:.......G!...
> >>           005a - a0 7c 54 77 d3 96 dc 47-7a 7b c5 d6 bc 96 01
> >> .|Tw...Gz{.....
> >>           0069 - 00 f0 88 28 e7 a7 be 14-14 ee 56 9f 6a 33 d4
> >> ...(......V.j3.
> >>           0078 - 4e 86 57 da 57 1a cc 1b-fd fb b9 ee d7 4c 2c
> >> N.W.W........L,
> >>           0087 - 4d 39 ea 52 80 59 be 72-6e c3 f3 79 d5 e0 fb
> >> M9.R.Y.rn..y...
> >>           0096 - 21 87 e5 11 cf 64 4f 0d-91 cb 1c ca 23 59 68
> >> !....dO.....#Yh
> >>           00a5 - 68 06 93 78 53 4a 69 94-03 eb c3 fc ff 12 ea
> >> h..xSJi........
> >>           00b4 - 26 ff b2 99 36 05 7d 53-74 21 c0 7f 06 d2 09
> >> &...6.}St!.....
> >>           00c3 - 02 ad a5 4e 7d 8e d6 09-39 c8 e3 73 36 d4 14
> >> ...N}...9..s6..
> >>           00d2 - e5 03 fa a9 0e e2 d0 cb-b2 29 8b 44 9a f7 fc
> >> .........).D...
> >>           00e1 - 41 48 1f d4 e4 45 63 18-81 e3 f9 39 44 da d4
> >> AH...Ec....9D..
> >>           00f0 - ea 53 47 e1 82 c8 44 df-4f 32 93 42 cd fc 28
> >> .SG...D.O2.B..(
> >>           00ff - 87                                             .
> >>     crl:
> >>       <EMPTY>
> >>     signer_info:
> >>         version: 1
> >>         issuer_and_serial:
> >>           issuer: C=US, ST=Maryland, L=Baltimore City, O=PD Inc,
> >> OU=Cresaptown Development - do not trust, CN=Cresaptown Development
> >> CA/emailAddress=cresaptown lists.pdinc.us
> >>           serial: 225816366948433615078627595622547226476
> >>         digest_alg:
> >>           algorithm: sha256 (2.16.840.1.101.3.4.2.1)
> >>           parameter: NULL
> >>         auth_attr:
> >>             object: undefined (1.2.840.113583.1.1.8)
> >>             value.set:
> >>               SEQUENCE:
> >>     0:d=0  hl=2 l=   0 cons: SEQUENCE
> >>
> >>             object: contentType (1.2.840.113549.1.9.3)
> >>             value.set:
> >>               OBJECT:pkcs7-data (1.2.840.113549.1.7.1)
> >>
> >>             object: messageDigest (1.2.840.113549.1.9.4)
> >>             value.set:
> >>               OCTET STRING:
> >>                 0000 - 29 23 e5 69 a4 91 9a 5f-81 1d d8 85 28
> >> )#.i..._....(
> >>                 000d - f1 7a 80 2b 38 e1 fd 1b-b8 43 bb e7 c5
> >> .z.+8....C...
> >>                 001a - da 4a 28 1e 47 ce                        .J(.G.
> >>         digest_enc_alg:
> >>           algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
> >>           parameter: NULL
> >>         enc_digest:
> >>           0000 - 41 bf c1 b5 d5 e7 1d 6d-5e 17 41 7c a3 2b 36
> >> A......m^.A|.+6
> >>           000f - 7a c6 e3 63 72 eb 3b df-0b 47 9a aa a9 42 10
> >> z..cr.;..G...B.
> >>           001e - 08 b8 bb 00 f6 78 e0 b4-33 99 93 bf 4d 00 90
> >> .....x..3...M..
> >>           002d - 54 19 5f 53 d2 82 c6 ea-15 89 66 7d b2 95 aa
> >> T._S......f}...
> >>           003c - b3 6a 89 57 a9 d7 25 33-81 ae 39 e9 4f 5a d8
> >> .j.W..%3..9.OZ.
> >>           004b - 98 dd fc 65 f7 93 b7 60-6e bd 82 c9 25 6d a6
> >> ...e...`n...%m.
> >>           005a - a6 ea aa a9 3a 18 c8 17-c4 52 76 b7 bd 05 c5
> >> ....:....Rv....
> >>           0069 - f5 14 f1 c6 cf 9f d7 db-f4 44 29 33 c9 cb af
> >> .........D)3...
> >>           0078 - 66 7c 3b 50 61 7f eb 30-37 e1 1d 66 38 78 db
> >> f|;Pa..07..f8x.
> >>           0087 - c4 40 5d 6c d7 49 2c 84-ab 18 99 32 d9 32 0c
> >> .@]l.I,....2.2.
> >>           0096 - 0e 40 3f c2 41 ab fb 57-41 8c 92 8b 86 d6 b0
> >> .@?.A..WA......
> >>           00a5 - df 02 e4 27 9c 9c 78 fb-20 10 d1 cb a7 cd 46   ...'..x.
> >> .....F
> >>           00b4 - 9a cc 34 c9 b4 fc be b8-7a 95 89 9d c0 b6 b5
> >> ..4.....z......
> >>           00c3 - a4 68 54 32 eb c9 52 77-d4 34 ce fc f6 8c 32
> >> .hT2..Rw.4....2
> >>           00d2 - 25 3a 0c 21 cf 66 94 39-04 42 ad 05 b7 6a 21
> >> %:.!.f.9.B...j!
> >>           00e1 - e2 6b ea 23 c3 20 ec c5-9d f6 c6 60 cd 85 0f   .k.#.
> >> .....`...
> >>           00f0 - a4 d5 6f f5 5a 7c 6a 67-88 ca 5c 2f d5 47 bf
> >> ..o.Z|jg..\/.G.
> >>           00ff - 60                                             `
> >>         unauth_attr:
> >>           <EMPTY>
> >> -----BEGIN PKCS7-----
> >> MIILLgYJKoZIhvcNAQcCoIILHzCCCxsCAQExDzANBglghkgBZQMEAgEFADALBgkq
> >> hkiG9w0BBwGgggiKMIIEHTCCAwWgAwIBAgIRAKnipnpQiJcsjIZtS4Rcf2wwDQYJ
> >> KoZIhvcNAQELBQAwgcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEX
> >> MBUGA1UEBwwOQmFsdGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UE
> >> CwwlQ3Jlc2FwdG93biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UE
> >> AwwZQ3Jlc2FwdG93biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jl
> >> c2FwdG93bkBsaXN0cy5wZGluYy51czAeFw0xOTA2MTExODEwMzhaFw0yMjAzMDcx
> >> ODEwMzhaMHwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9VLlMuIEdvdmVybm1lbnQx
> >> DDAKBgNVBAsMA0RvRDEMMAoGA1UECwwDUEtJMRMwEQYDVQQLDApDT05UUkFDVE9S
> >> MSIwIAYDVQQDDBlQWUVST04uSkFTT04uSi4xMjkxMTQ3NzE5MIIBIjANBgkqhkiG
> >> 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoe/0wkWa917Qyss+OAE4hZktETDUOtilbjx
> >> H8DdYL+lbyc7SduwMTDS4XpPa3uRrQHlrRV9/1tmAOfVC7jGO+1aEfHSPCWxmpN5
> >> AHQF7r1ePEbyR/MB2CzX3lJmNbskCSgxmol78SRkkuZkGxmUmgqNxOu74LrZta9E
> >> AQEHquCigZxzSTU7exLfpH2wq/QhTCmm3DP3d9BhDgzdz7B5/FGAh3lp5WBeaUyf
> >> z8LLDtaXKUZ3zBYvG83gbbGYjqobQN8GWOu8BgyXAePrtrohUXgRNRCNeSdm923Y
> >> M1tu1y0K67sYAYtCt6MUjjNWvciqm11hlqNnSFxe9/ZHmXOC2QIDAQABo00wSzAJ
> >> BgNVHRMEAjAAMB0GA1UdDgQWBBSytnH7itte3MF6QwukOoul9iXPZDAfBgNVHSME
> >> GDAWgBSS02JiP/H4UA7j7LU2p8VkMDLTGjANBgkqhkiG9w0BAQsFAAOCAQEALzKq
> >> G//UFyk7tz903TtCTr6xjDY4lha2ScjVbSNaZePHDml9roSoqeiogGDd9JCqyRoe
> >> aaIw2eGofiZEzFlhZKJ+RlWcuw78zeAVGSdSQbzP67VY6roiw4AHNY3k3266KFiE
> >> ogI1fGuSKOUJwj0kJ7oj45wxVkBnPwlWiy7aUI5wst+JGwonpSyeCxTvppHgOTye
> >> LfGR4Nzv3fx7fHEX/M7iTPWiXmJIF5gJ8nOMu33EgnStB3CEF2nQ9miUEYTbTFv/
> >> aW0DFmVFZ9v5ieZCZkb1/mHIGvagGboElz8ElxaY9vNWcK8WthWKA8ITK1ROL9d8
> >> /lMgAIrTumSbejq3izCCBGUwggNNoAMCAQICCQCxKWtJmQz2UzANBgkqhkiG9w0B
> >> AQsFADCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
> >> DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
> >> YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
> >> YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
> >> QGxpc3RzLnBkaW5jLnVzMB4XDTE5MDYwNzE3MDgwNloXDTI3MDgyNDE3MDgwNlow
> >> gcgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEXMBUGA1UEBwwOQmFs
> >> dGltb3JlIENpdHkxDzANBgNVBAoMBlBEIEluYzEuMCwGA1UECwwlQ3Jlc2FwdG93
> >> biBEZXZlbG9wbWVudCAtIGRvIG5vdCB0cnVzdDEiMCAGA1UEAwwZQ3Jlc2FwdG93
> >> biBEZXZlbG9wbWVudCBDQTEoMCYGCSqGSIb3DQEJARYZY3Jlc2FwdG93bkBsaXN0
> >> cy5wZGluYy51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkm1BOa
> >> TJFLu/DkTIdDGfCH9XJ8Gyh3MW5rCV79Wcdn5opxbNpDUMsQ2ZtXNTOdbFXGtrTF
> >> OXDSjjQqxVuH3l/sVFT9R1+sDPb5vmv3haXxb95k9ZBiQ/UMFKl/57js41PdB4QJ
> >> CG6aOYORYw4RwiWVwTTXKVsuJZ37Xbmy5ZCpapZR6bheK/Rmj7Ug8RhTW11KS7q3
> >> gBTEswz8iliXoMTVQyZii/j5KzeI6yHPdnJD+OHOmVZj++8fqivoncipNWVqag4z
> >> BmNHo+SpXExAienyanRzYmYLij+MM5FKax5maA1X+tnJHz7XZSmdsVul9WgLh/CL
> >> 5zhpFQ3ZAppCObUCAwEAAaNQME4wHQYDVR0OBBYEFJLTYmI/8fhQDuPstTanxWQw
> >> MtMaMB8GA1UdIwQYMBaAFJLTYmI/8fhQDuPstTanxWQwMtMaMAwGA1UdEwQFMAMB
> >> Af8wDQYJKoZIhvcNAQELBQADggEBAMsH5VIpxzQW7PPTdoyMn5yM2XtwnZ8VcO8G
> >> k5MrT3cAYCtmJXtxQlZ13pKrmgnXQ12FW88M7XZLZrEcjIysAIqhAaM1a1sTB146
> >> WXoAOq6Hmv4R8ZZHIZb8h6B8VHfTltxHenvF1ryWAQDwiCjnp74UFO5Wn2oz1E6G
> >> V9pXGswb/fu57tdMLE056lKAWb5ybsPzedXg+yGH5RHPZE8NkcscyiNZaGgGk3hT
> >> SmmUA+vD/P8S6ib/spk2BX1TdCHAfwbSCQKtpU59jtYJOcjjczbUFOUD+qkO4tDL
> >> simLRJr3/EFIH9TkRWMYgeP5OUTa1OpTR+GCyETfTzKTQs38KIcxggJoMIICZAIB
> >> ATCB3jCByDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1hcnlsYW5kMRcwFQYDVQQH
> >> DA5CYWx0aW1vcmUgQ2l0eTEPMA0GA1UECgwGUEQgSW5jMS4wLAYDVQQLDCVDcmVz
> >> YXB0b3duIERldmVsb3BtZW50IC0gZG8gbm90IHRydXN0MSIwIAYDVQQDDBlDcmVz
> >> YXB0b3duIERldmVsb3BtZW50IENBMSgwJgYJKoZIhvcNAQkBFhljcmVzYXB0b3du
> >> QGxpc3RzLnBkaW5jLnVzAhEAqeKmelCIlyyMhm1LhFx/bDANBglghkgBZQMEAgEF
> >> AKBcMA8GCSqGSIb3LwEBCDECMAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAv
> >> BgkqhkiG9w0BCQQxIgQgKSPlaaSRml+BHdiFKPF6gCs44f0buEO758XaSigeR84w
> >> DQYJKoZIhvcNAQELBQAEggEAQb/BtdXnHW1eF0F8oys2esbjY3LrO98LR5qqqUIQ
> >> CLi7APZ44LQzmZO/TQCQVBlfU9KCxuoViWZ9spWqs2qJV6nXJTOBrjnpT1rYmN38
> >> ZfeTt2BuvYLJJW2mpuqqqToYyBfEUna3vQXF9RTxxs+f19v0RCkzycuvZnw7UGF/
> >> 6zA34R1mOHjbxEBdbNdJLISrGJky2TIMDkA/wkGr+1dBjJKLhtaw3wLkJ5ycePsg
> >> ENHLp81Gmsw0ybT8vrh6lYmdwLa1pGhUMuvJUnfUNM789owyJToMIc9mlDkEQq0F
> >> t2oh4mvqI8Mg7MWd9sZgzYUPpNVv9Vp8ameIylwv1Ue/YA==
> >> -----END PKCS7-----
> >>
> >>
> >> --
> >> Jason Pyeron  | Architect
> >> PD Inc        |
> >> 10 w 24th St  |
> >> Baltimore, MD |
> >>
> >> .com: [hidden email]
> >> tel : 202-741-9397
> >>
> >>
> >>
> >>
> >
> >
> >