I am trying to sign the governance and permission certificate using ECDSA based CA certificate in Java for Cyclone DDS,
Here are couple of references https://www.tabnine.com/code/java/methods/java.security.KeyStore/getCertificate
It is using the command https://cyclonedds.io/docs/cyclonedds/latest/security/example_configuration.html
openssl smime -sign -in example_governance.xml -text -out example_governance.p7s -signer example_perm_ca_cert.pem -inkey example_perm_ca_priv_key.pem
openssl smime -sign -in example_permissions.xml -text -out example_permissions.p7s -signer example_perm_ca_cert.pem -inkey example_perm_ca_priv_key.pem
Using the openssl command, I am able to make DDS cyclone accept the signed documents but when using java, it does not accept. I have managed to get similar outcome using bouncy castle library using email signing process.
Please find the code snippet.
private static byte[] signXML(byte[] xmlData, X509Certificate certificate, PrivateKey privateKey) throws IOException, OperatorCreationException, CertificateEncodingException, MessagingException, SMIMEException {
// Create a list with the certificate to sign
List<Certificate> certList = Arrays.asList(certificate);
Store certs = new JcaCertStore(certList);
// Build the signer information
SMIMESignedGenerator signer = new SMIMESignedGenerator();
signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().build("SHA256withECDSA", privateKey, certificate));
signer.addCertificates(certs);
// Create a MIME body part from the XML data
MimeBodyPart messagePart = new MimeBodyPart();
messagePart.setContent(xmlData, "application/xml");
// Generate the signed message
MimeMultipart signedPart = signer.generate(messagePart);
// Create the final S/MIME message
Properties props = System.getProperties();
Session session = Session.getDefaultInstance(props);
MimeMessage finalMessage = new MimeMessage(session);
finalMessage.setContent(signedPart, signedPart.getContentType());
finalMessage.saveChanges();
finalMessage.removeHeader("Date");
finalMessage.removeHeader("Message-Id");
// Return the signed message as a byte array
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
finalMessage.writeTo(outputStream);
return outputStream.toByteArray();
}
Error while giving for DDS
Listener Instantiated 1689945593.215404 [0] python: config: //CycloneDDS/Domain: 'DDSSecurity': deprecated alias for 'Security' (/root/dds-device1-certs/config.xml line 3) 1689945593.221912 [0] python: Error occurred while validating local permissions: Failed to parse PKCS7 SMIME document: 40865E32807F0000:error:10800080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:../crypto/pkcs7/pk7_smime.c:428: (code: 127)
Looking for some pointers. Been stuck for more than a week now with different solutions tried which, this being the nearest one.
Here are couple of references, I tried https://www.tabnine.com/code/java/methods/java.security.KeyStore/getCertificate