000014390 - Cert-J: Adding a NonStandardAttribute such as SigningCertificate to PKCS #7

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014390
Applies ToRSA BSAFE Cert-J
IssueCert-J: Add a NonStandardAttribute such as SigningCertificate to PKCS #7
Resolution

Some attributes such the SigningCertificate attribute (OID : 1.2.840.113549.1.9.16.2.12) do not have a class in Cert-J.  If you have the encoded value already, you can add it using NonStandardAttribute.

There are no sample programs that demonstrate the NonStandardAttribute class, but here is what the code should look like:


/* From RFC 2634 / RFC 5035:
   id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
       member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
       smime(16) id-aa(2) 12 }
 */
            byte[] signingCertificateOID = {
                (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86,
                (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x09,
                (byte) 0x10, (byte) 0x02, (byte) 0x0C
            };

            byte[] signingCertificateValueDER = {
                (byte) 0x ...
            };

            NonStandardAttribute signingCertificateAttribute =
                new NonStandardAttribute(signingCertificateOID, 0, signingCertificateOID.length, signingCertificateValueDER, 0, signingCertificateValueDER.length);

Legacy Article IDa45672

Attachments

    Outcomes