javabouncycastleapksigner

How to create MANIFEST-INF/CERT.RSA?

Since some packages are not available in higher versions of JDK, I am looking for an alternative to implement apk or jar signing (V1).

Source: https://github.com/appium-boneyard/sign/blob/master/src/orig/SignApk.java#L338-L355

    private static void writeSignatureBlock(
            Signature signature, X509Certificate publicKey, OutputStream out)
            throws IOException, GeneralSecurityException {
       /** SignerInfo signerInfo = new SignerInfo(
                new X500Name(publicKey.getIssuerX500Principal().getName()),
                publicKey.getSerialNumber(),
                AlgorithmId.get("SHA1"),
                AlgorithmId.get("RSA"),
                signature.sign());

        PKCS7 pkcs7 = new PKCS7(
                new AlgorithmId[] { AlgorithmId.get("SHA1") },
                new ContentInfo(ContentInfo.DATA_OID, null),
                new X509Certificate[] { publicKey },
                new SignerInfo[] { signerInfo });

        pkcs7.encodeSignedData(out);*/
    }

How should I reimplement this method?

I read some information:

Encode PKCS7 with Bouncycastle

Since I'm not very familiar with Java, I'm stuck here and would appreciate some help on this.

Solution

  • If you are using bouncycastle to generate CERT.RSA, you need to pay attention to

    setDefiniteLengthEncoding(true);

    Code:

    
  private static void writeSignatureBlock(Signature var0, X509Certificate var1,
                                          OutputStream var2)
      throws IOException, GeneralSecurityException {
    List<java.security.cert.Certificate> certList =
        new ArrayList<java.security.cert.Certificate>();
    certList.add(var1);
    final byte[] data = var0.sign();
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    try {
      generator.setDefiniteLengthEncoding(true); // Definite Length
      generator.addCertificates(new JcaCertStore(certList));
      generator.addSignerInfoGenerator(
          new JcaSignerInfoGeneratorBuilder(
              new JcaDigestCalculatorProviderBuilder().build())
              .setDirectSignature(true)
              .build(new ContentSigner() {
                @Override
                public byte[] getSignature() {
                  return data;
                }

                @Override
                public OutputStream getOutputStream() {
                  return new ByteArrayOutputStream();
                }

                @Override
                public AlgorithmIdentifier getAlgorithmIdentifier() {
                  return new DefaultSignatureAlgorithmIdentifierFinder().find(
                      "SHA1WithRSA");
                }
              }, var1));
      byte[] pkcs7data =
          generator.generate(new CMSProcessableByteArray(new byte[0]), true)
              .getEncoded();
      var2.write(pkcs7data);
    } catch (OperatorCreationException e) {
      e.printStackTrace();
    } catch (CMSException e) {
      e.printStackTrace();
    }
  }