Preserve SignerInformation insertion order in parallel signatures

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Preserve SignerInformation insertion order in parallel signatures

Giacomo Boccardo
Hello everyone,

     I'm migrating some legacy code from BC 1.46 to 1.57.

In order to preserve the order of SignerInformation elements when adding
parallel signature the following code was used:

public final class OrderedDERSet extends DERSet {
     @Override
     public void addObject(final DEREncodable obj) {
         super.addObject(obj);
     }
}

and

final OrderedDERSet signerInfos = new OrderedDERSet();
final SignerInformation signerinformation = [...];
final SignerInfo signerInfo = signerinformation.toASN1Structure();
signerInfos.addObject(signerInfo);

Now DERSet is different and I can't use that approach.

I don't know exactly why the original author of the code had to produce
parallel signature keeping the SignerInformation in that order. Did "old
style" signatures have that limitation?

Can you suggest me a way to preserve the insertion order of
SignerInformation elements?


Thanks in advance,

     Giacomo Boccardo


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Preserve SignerInformation insertion order in parallel signatures

Peter Dettman-3
On 21/05/2017 5:37 PM, Giacomo Boccardo wrote:

> Hello everyone,
>
>     I'm migrating some legacy code from BC 1.46 to 1.57.
>
> In order to preserve the order of SignerInformation elements when adding
> parallel signature the following code was used:
>
> public final class OrderedDERSet extends DERSet {
>     @Override
>     public void addObject(final DEREncodable obj) {
>         super.addObject(obj);
>     }
> }
>
> and
>
> final OrderedDERSet signerInfos = new OrderedDERSet();
> final SignerInformation signerinformation = [...];
> final SignerInfo signerInfo = signerinformation.toASN1Structure();
> signerInfos.addObject(signerInfo);
>
> Now DERSet is different and I can't use that approach.
>
> I don't know exactly why the original author of the code had to produce
> parallel signature keeping the SignerInformation in that order. Did "old
> style" signatures have that limitation?

Just guessing, but a DER set encoding has a canonical ordering.
Sometimes an existing signature may be over a set that wasn't correctly
sorted (it's somewhat tricky) and you want to preserve that.


>
> Can you suggest me a way to preserve the insertion order of
> SignerInformation elements?

It might help to know what is done with the OrderedDERSet later, but
probably you need to collect the SignerInfo objects in an
ASN1EncodableVector, then pass them to a constructor
OrderedDERSet(ASN1EncodableVector v), and override the sort() method in
OrderedDERSet so that it does nothing.

It could also be that this was a workaround for a problem that no longer
exists, so you might be able to remove it.

Regards,
Pete Dettman


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Preserve SignerInformation insertion order in parallel signatures

David Hook-3
You want to use DLSet.

Regards,

Daid

On 21/05/17 21:09, Peter Dettman wrote:

> On 21/05/2017 5:37 PM, Giacomo Boccardo wrote:
>> Hello everyone,
>>
>>     I'm migrating some legacy code from BC 1.46 to 1.57.
>>
>> In order to preserve the order of SignerInformation elements when adding
>> parallel signature the following code was used:
>>
>> public final class OrderedDERSet extends DERSet {
>>     @Override
>>     public void addObject(final DEREncodable obj) {
>>         super.addObject(obj);
>>     }
>> }
>>
>> and
>>
>> final OrderedDERSet signerInfos = new OrderedDERSet();
>> final SignerInformation signerinformation = [...];
>> final SignerInfo signerInfo = signerinformation.toASN1Structure();
>> signerInfos.addObject(signerInfo);
>>
>> Now DERSet is different and I can't use that approach.
>>
>> I don't know exactly why the original author of the code had to produce
>> parallel signature keeping the SignerInformation in that order. Did "old
>> style" signatures have that limitation?
> Just guessing, but a DER set encoding has a canonical ordering.
> Sometimes an existing signature may be over a set that wasn't correctly
> sorted (it's somewhat tricky) and you want to preserve that.
>
>
>> Can you suggest me a way to preserve the insertion order of
>> SignerInformation elements?
> It might help to know what is done with the OrderedDERSet later, but
> probably you need to collect the SignerInfo objects in an
> ASN1EncodableVector, then pass them to a constructor
> OrderedDERSet(ASN1EncodableVector v), and override the sort() method in
> OrderedDERSet so that it does nothing.
>
> It could also be that this was a workaround for a problem that no longer
> exists, so you might be able to remove it.
>
> Regards,
> Pete Dettman
>
>
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Preserve SignerInformation insertion order in parallel signatures

Giacomo Boccardo
I used it for the SignerInformation and it works. Thanks!

However, it seems that it doesn't work for SignedData.certificates:

final ASN1EncodableVector certs = new ASN1EncodableVector();
[...add certificates...]
final DLSet certsDLSet new DLSet(certs);
DERTaggedObject signedDataCertificates = new DERTaggedObject(false, 0,
certsDLSet);
ASN1OutputStream asn1OS = new ASN1OutputStream(...);
asn1OS.writeObject(signedDataCertificates);

***

When ASN1OutputStream#writeObject is called DERTaggedObject#encode calls:

ASN1Primitive primitive = this.obj.toASN1Primitive().toDERObject();

when ASN1Set#toDERObject calls the sort method.

Is there something wrong in my approach?

Kind regards,
     Giacomo

On 05/22/17 00:57:38, David Hook wrote:

> You want to use DLSet.
>
> Regards,
>
> Daid
>
> On 21/05/17 21:09, Peter Dettman wrote:
>> On 21/05/2017 5:37 PM, Giacomo Boccardo wrote:
>>> Hello everyone,
>>>
>>>      I'm migrating some legacy code from BC 1.46 to 1.57.
>>>
>>> In order to preserve the order of SignerInformation elements when adding
>>> parallel signature the following code was used:
>>>
>>> public final class OrderedDERSet extends DERSet {
>>>      @Override
>>>      public void addObject(final DEREncodable obj) {
>>>          super.addObject(obj);
>>>      }
>>> }
>>>
>>> and
>>>
>>> final OrderedDERSet signerInfos = new OrderedDERSet();
>>> final SignerInformation signerinformation = [...];
>>> final SignerInfo signerInfo = signerinformation.toASN1Structure();
>>> signerInfos.addObject(signerInfo);
>>>
>>> Now DERSet is different and I can't use that approach.
>>>
>>> I don't know exactly why the original author of the code had to produce
>>> parallel signature keeping the SignerInformation in that order. Did "old
>>> style" signatures have that limitation?
>> Just guessing, but a DER set encoding has a canonical ordering.
>> Sometimes an existing signature may be over a set that wasn't correctly
>> sorted (it's somewhat tricky) and you want to preserve that.
>>
>>
>>> Can you suggest me a way to preserve the insertion order of
>>> SignerInformation elements?
>> It might help to know what is done with the OrderedDERSet later, but
>> probably you need to collect the SignerInfo objects in an
>> ASN1EncodableVector, then pass them to a constructor
>> OrderedDERSet(ASN1EncodableVector v), and override the sort() method in
>> OrderedDERSet so that it does nothing.
>>
>> It could also be that this was a workaround for a problem that no longer
>> exists, so you might be able to remove it.
>>
>> Regards,
>> Pete Dettman
>>
>>
>>
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Preserve SignerInformation insertion order in parallel signatures

David Hook-3

The same rule applies - if you're after definite-length encoding rather
than DER encoding use DLTaggedObject.

Regards,

David

On 22/05/17 23:04, Giacomo Boccardo wrote:

> I used it for the SignerInformation and it works. Thanks!
>
> However, it seems that it doesn't work for SignedData.certificates:
>
> final ASN1EncodableVector certs = new ASN1EncodableVector();
> [...add certificates...]
> final DLSet certsDLSet new DLSet(certs);
> DERTaggedObject signedDataCertificates = new DERTaggedObject(false, 0,
> certsDLSet);
> ASN1OutputStream asn1OS = new ASN1OutputStream(...);
> asn1OS.writeObject(signedDataCertificates);
>
> ***
>
> When ASN1OutputStream#writeObject is called DERTaggedObject#encode calls:
>
> ASN1Primitive primitive = this.obj.toASN1Primitive().toDERObject();
>
> when ASN1Set#toDERObject calls the sort method.
>
> Is there something wrong in my approach?
>
> Kind regards,
>     Giacomo
>
> On 05/22/17 00:57:38, David Hook wrote:
>> You want to use DLSet.
>>
>> Regards,
>>
>> Daid
>>
>> On 21/05/17 21:09, Peter Dettman wrote:
>>> On 21/05/2017 5:37 PM, Giacomo Boccardo wrote:
>>>> Hello everyone,
>>>>
>>>>      I'm migrating some legacy code from BC 1.46 to 1.57.
>>>>
>>>> In order to preserve the order of SignerInformation elements when
>>>> adding
>>>> parallel signature the following code was used:
>>>>
>>>> public final class OrderedDERSet extends DERSet {
>>>>      @Override
>>>>      public void addObject(final DEREncodable obj) {
>>>>          super.addObject(obj);
>>>>      }
>>>> }
>>>>
>>>> and
>>>>
>>>> final OrderedDERSet signerInfos = new OrderedDERSet();
>>>> final SignerInformation signerinformation = [...];
>>>> final SignerInfo signerInfo = signerinformation.toASN1Structure();
>>>> signerInfos.addObject(signerInfo);
>>>>
>>>> Now DERSet is different and I can't use that approach.
>>>>
>>>> I don't know exactly why the original author of the code had to
>>>> produce
>>>> parallel signature keeping the SignerInformation in that order. Did
>>>> "old
>>>> style" signatures have that limitation?
>>> Just guessing, but a DER set encoding has a canonical ordering.
>>> Sometimes an existing signature may be over a set that wasn't correctly
>>> sorted (it's somewhat tricky) and you want to preserve that.
>>>
>>>
>>>> Can you suggest me a way to preserve the insertion order of
>>>> SignerInformation elements?
>>> It might help to know what is done with the OrderedDERSet later, but
>>> probably you need to collect the SignerInfo objects in an
>>> ASN1EncodableVector, then pass them to a constructor
>>> OrderedDERSet(ASN1EncodableVector v), and override the sort() method in
>>> OrderedDERSet so that it does nothing.
>>>
>>> It could also be that this was a workaround for a problem that no
>>> longer
>>> exists, so you might be able to remove it.
>>>
>>> Regards,
>>> Pete Dettman
>>>
>>>
>>>
>>
>
>
>


Loading...