===== Smartcard Signature =====
PKCS7 is one of the simplest form of signature. The class ''PKCS7Signature'' is responsible for the creation of PKCS7 signatures which can create both attached and detached signatures.
The method ''signExternalContent'' creates a detached signature whereas ''signInternalContent'' creates an attached signature.
In the code segment below, the creation of a detached PKCS7 signature is demonstrated. The content can be extracted from an attached signature by using the method ''getContentInfo().getContentBytes()''.
The code is only valid for Java and .NET API does not support PKCS7 signature.
PKCS7Signature pkcsSignature = new PKCS7Signature();
ByteArrayOutputStream signature = new ByteArrayOutputStream();
SmartCard sc = new SmartCard(CardType.AKIS);
long [] slots = sc.getSlotList();
//sc.getSlotInfo(slots[0]).slotDescription;
long session = sc.openSession(slots[0]);
sc.login(session, "12345");
//Gets first certificate, it must be asked to user if it is more than one certificate.
byte [] certBytes = sc.getSignatureCertificates(session).get(0);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(certBytes));
BaseSigner signer = new SCSignerWithCertSerialNo(sc, session, slots[0]
,cert.getSerialNumber().toByteArray()
, Algorithms.SIGNATURE_RSA_SHA1);
ByteArrayInputStream bais = new ByteArrayInputStream(toBeSigned);
pkcsSignature.signExternalContent(bais, cert, signature, signer);
Assert.assertEquals(true, validate(new ByteArrayInputStream(signature.toByteArray()), cert));
PKCS7 p = new PKCS7(signature);
//validates the signature, not the person.
SignerInfo [] signerInfo = p.verify(toBeSigned);
if(signerInfo == null)
returnfalse;
else
{
//Checks whether the expected person signed the data.
return signerInfo[0].getCertificateSerialNumber().equals(cert.getSerialNumber()) == true;
}