Unify PKCS#9 set_attribute* methods to a single add_attribute

This way the PKCS#9 implementation does not have to know
the encoding types for values

diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c
index 6876035..6b7e725 100644 (file)
--- a/src/libstrongswan/crypto/pkcs7.c
+++ b/src/libstrongswan/crypto/pkcs7.c
@@ -930,17 +930,16 @@ METHOD(pkcs7_t, build_signedData, bool,
                                return FALSE;
                        }
                        hasher->destroy(hasher);
-                       this->attributes->set_attribute(this->attributes,
-                                                                       OID_PKCS9_MESSAGE_DIGEST,
-                                                                       messageDigest);
-                       free(messageDigest.ptr);
+                       this->attributes->add_attribute(this->attributes,
+                                                       OID_PKCS9_MESSAGE_DIGEST,
+                                                       asn1_wrap(ASN1_OCTET_STRING, "m", messageDigest));
 
                        /* take the current time as signingTime */
                        now = time(NULL);
                        signingTime = asn1_from_time(&now, ASN1_UTCTIME);
-                       this->attributes->set_attribute_raw(this->attributes,
+                       this->attributes->add_attribute(this->attributes,
                                                                        OID_PKCS9_SIGNING_TIME, signingTime);
-                       this->attributes->set_attribute_raw(this->attributes,
+                       this->attributes->add_attribute(this->attributes,
                                                                        OID_PKCS9_CONTENT_TYPE,
                                                                        asn1_build_known_oid(OID_PKCS7_DATA));
 

diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c
index d30d02e..f1a7421 100644 (file)
--- a/src/libstrongswan/crypto/pkcs9.c
+++ b/src/libstrongswan/crypto/pkcs9.c
@@ -69,32 +69,6 @@ struct attribute_t {
 };
 
 /**
- * return the ASN.1 encoding of a PKCS#9 attribute
- */
-static asn1_t get_attribute_type(int oid)
-{
-       switch (oid)
-       {
-               case OID_PKCS9_CONTENT_TYPE:
-                       return ASN1_OID;
-               case OID_PKCS9_SIGNING_TIME:
-                       return ASN1_UTCTIME;
-               case OID_PKI_MESSAGE_TYPE:
-               case OID_PKI_STATUS:
-               case OID_PKI_FAIL_INFO:
-                       return ASN1_PRINTABLESTRING;
-               case OID_PKI_SENDER_NONCE:
-               case OID_PKI_RECIPIENT_NONCE:
-               case OID_PKCS9_MESSAGE_DIGEST:
-                       return ASN1_OCTET_STRING;
-               case OID_PKI_TRANS_ID:
-                       return ASN1_PRINTABLESTRING;
-               default:
-                       return ASN1_EOC;
-       }
-}
-
-/**
  * Destroy an attribute_t object.
  */
 static void attribute_destroy(attribute_t *this)
@@ -185,23 +159,14 @@ METHOD(pkcs9_t, get_attribute, chunk_t,
        return chunk_empty;
 }
 
-METHOD(pkcs9_t, set_attribute_raw, void,
+METHOD(pkcs9_t, add_attribute, void,
        private_pkcs9_t *this, int oid, chunk_t value)
 {
-       attribute_t *attribute = attribute_create(oid, value);
-
-       this->attributes->insert_last(this->attributes, attribute);
+       this->attributes->insert_last(this->attributes,
+                                                                 attribute_create(oid, value));
        chunk_free(&value);
 }
 
-METHOD(pkcs9_t, set_attribute, void,
-       private_pkcs9_t *this, int oid, chunk_t value)
-{
-       chunk_t attr = asn1_simple_object(get_attribute_type(oid), value);
-
-       set_attribute_raw(this, oid, attr);
-}
-
 METHOD(pkcs9_t, destroy, void,
        private_pkcs9_t *this)
 {
@@ -222,8 +187,7 @@ pkcs9_t *pkcs9_create(void)
                .public = {
                        .get_encoding = _get_encoding,
                        .get_attribute = _get_attribute,
-                       .set_attribute = _set_attribute,
-                       .set_attribute_raw = _set_attribute_raw,
+                       .add_attribute = _add_attribute,
                        .destroy = _destroy,
                },
                .attributes = linked_list_create(),

diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
index 3af0006..0c2a779 100644 (file)
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@@ -50,17 +50,9 @@ struct pkcs9_t {
         * Adds a PKCS#9 attribute.
         *
         * @param oid                   OID of the attribute
-        * @param value                 value of the attribute (gets cloned)
+        * @param value                 value of the attribute, with ASN1 type (gets owned)
         */
-       void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value);
-
-       /**
-        * Adds a ASN.1 encoded PKCS#9 attribute.
-        *
-        * @param oid                   OID of the attribute
-        * @param value                 ASN.1 encoded value of the attribute (gets adopted)
-        */
-       void (*set_attribute_raw) (pkcs9_t *this, int oid, chunk_t value);
+       void (*add_attribute) (pkcs9_t *this, int oid, chunk_t value);
 
        /**
         * Destroys the PKCS#9 attribute list.

diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index 938340d..f7a1f0b 100644 (file)
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -205,7 +205,8 @@ static bool add_senderNonce_attribute(pkcs9_t *pkcs9)
        }
        rng->destroy(rng);
 
-       pkcs9->set_attribute(pkcs9, OID_PKI_SENDER_NONCE, senderNonce);
+       pkcs9->add_attribute(pkcs9, OID_PKI_SENDER_NONCE,
+                                                asn1_wrap(ASN1_OCTET_STRING, "c", senderNonce));
        return TRUE;
 }
 
@@ -232,8 +233,10 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
        }
 
        pkcs9 = pkcs9_create();
-       pkcs9->set_attribute(pkcs9, OID_PKI_TRANS_ID, transID);
-       pkcs9->set_attribute(pkcs9, OID_PKI_MESSAGE_TYPE, msgType);
+       pkcs9->add_attribute(pkcs9, OID_PKI_TRANS_ID,
+                                                asn1_wrap(ASN1_PRINTABLESTRING, "c", transID));
+       pkcs9->add_attribute(pkcs9, OID_PKI_MESSAGE_TYPE,
+                                                asn1_wrap(ASN1_PRINTABLESTRING, "c", msgType));
        if (!add_senderNonce_attribute(pkcs9))
        {
                pkcs9->destroy(pkcs9);