Add a getter for signed PKCS#7 attributes
authorMartin Willi <martin@revosec.ch>
Tue, 27 Nov 2012 16:10:23 +0000 (17:10 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 19 Dec 2012 09:32:08 +0000 (10:32 +0100)
src/libstrongswan/credentials/containers/pkcs7.h
src/libstrongswan/plugins/pkcs7/pkcs7_data.c
src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c

index eed340f..68125cd 100644 (file)
@@ -34,6 +34,20 @@ struct pkcs7_t {
         * Implements container_t.
         */
        container_t container;
+
+       /**
+        * Get an authenticated PKCS#9 attribute from PKCS#7 signerInfo.
+        *
+        * To select the signerInfo structure to get the attribute from, pass
+        * the enumerator position from container_t.create_signature_enumerator().
+        *
+        * @param oid                   OID from the attribute to get
+        * @param enumerator    enumerator to select signerInfo
+        * @param value                 chunk receiving attribute value, internal data
+        * @return                              TRUE if attribute found
+        */
+       bool (*get_attribute)(pkcs7_t *this, int oid, enumerator_t *enumerator,
+                                                 chunk_t *value);
 };
 
 #endif /** PKCS7_H_ @}*/
index 5f0ab10..d0e7e1c 100644 (file)
@@ -98,6 +98,7 @@ static private_pkcs7_data_t* create_empty()
                                .get_encoding = _get_encoding,
                                .destroy = _destroy,
                        },
+                       .get_attribute = (void*)return_false,
                },
        );
 
index 652769a..d9bff41 100644 (file)
@@ -380,6 +380,7 @@ static private_pkcs7_enveloped_data_t* create_empty()
                                .get_encoding = _get_encoding,
                                .destroy = _destroy,
                        },
+                       .get_attribute = (void*)return_false,
                },
        );
 
index dd95611..5ec5684 100644 (file)
@@ -172,6 +172,8 @@ typedef struct {
        enumerator_t *inner;
        /** currently enumerated auth_cfg */
        auth_cfg_t *auth;
+       /** currently enumerating signerinfo */
+       signerinfo_t *info;
        /** reference to container */
        private_pkcs7_signed_data_t *this;
 } signature_enumerator_t;
@@ -275,8 +277,10 @@ METHOD(enumerator_t, enumerate, bool,
                        continue;
                }
                *out = this->auth;
+               this->info = info;
                return TRUE;
        }
+       this->info = NULL;
        return FALSE;
 }
 
@@ -307,6 +311,25 @@ METHOD(container_t, create_signature_enumerator, enumerator_t*,
        return &enumerator->public;
 }
 
+METHOD(pkcs7_t, get_attribute, bool,
+       private_pkcs7_signed_data_t *this, int oid, enumerator_t *enumerator, chunk_t *value)
+{
+       signature_enumerator_t *e;
+       chunk_t chunk;
+
+       e = (signature_enumerator_t*)enumerator;
+       if (e->info)
+       {
+               chunk = e->info->attributes->get_attribute(e->info->attributes, oid);
+               if (chunk.len)
+               {
+                       *value = chunk;
+                       return TRUE;
+               }
+       }
+       return FALSE;
+}
+
 METHOD(container_t, get_data, bool,
        private_pkcs7_signed_data_t *this, chunk_t *data)
 {
@@ -351,6 +374,7 @@ static private_pkcs7_signed_data_t* create_empty()
                                .get_encoding = _get_encoding,
                                .destroy = _destroy,
                        },
+                       .get_attribute = _get_attribute,
                },
                .creds = mem_cred_create(),
                .signerinfos = linked_list_create(),