Add a getter for signed PKCS#7 attributes

2025-10-06 00:00:47 -04:00 · 2012-11-27 17:10:23 +01:00 · 2012-11-27 17:10:23 +01:00 · d3d706f4fc
commit d3d706f4fc
parent 5a50bec9d2
4 changed files with 40 additions and 0 deletions
--- a/src/libstrongswan/credentials/containers/pkcs7.h
+++ b/src/libstrongswan/credentials/containers/pkcs7.h
@ -34,6 +34,20 @@ struct pkcs7_t {
 	 * Implements container_t.
 	 */
 	container_t container;
+
+	/**
+	 * Get an authenticated PKCS#9 attribute from PKCS#7 signerInfo.
+	 *
+	 * To select the signerInfo structure to get the attribute from, pass
+	 * the enumerator position from container_t.create_signature_enumerator().
+	 *
+	 * @param oid			OID from the attribute to get
+	 * @param enumerator	enumerator to select signerInfo
+	 * @param value			chunk receiving attribute value, internal data
+	 * @return				TRUE if attribute found
+	 */
+	bool (*get_attribute)(pkcs7_t *this, int oid, enumerator_t *enumerator,
+						  chunk_t *value);
 };

 #endif /** PKCS7_H_ @}*/
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_data.c
@ -98,6 +98,7 @@ static private_pkcs7_data_t* create_empty()
 				.get_encoding = _get_encoding,
 				.destroy = _destroy,
 			},
+			.get_attribute = (void*)return_false,
 		},
 	);

--- a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
@ -380,6 +380,7 @@ static private_pkcs7_enveloped_data_t* create_empty()
 				.get_encoding = _get_encoding,
 				.destroy = _destroy,
 			},
+			.get_attribute = (void*)return_false,
 		},
 	);

--- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
@ -172,6 +172,8 @@ typedef struct {
 	enumerator_t *inner;
 	/** currently enumerated auth_cfg */
 	auth_cfg_t *auth;
+	/** currently enumerating signerinfo */
+	signerinfo_t *info;
 	/** reference to container */
 	private_pkcs7_signed_data_t *this;
 } signature_enumerator_t;
@ -275,8 +277,10 @@ METHOD(enumerator_t, enumerate, bool,
 			continue;
 		}
 		*out = this->auth;
+		this->info = info;
 		return TRUE;
 	}
+	this->info = NULL;
 	return FALSE;
 }

@ -307,6 +311,25 @@ METHOD(container_t, create_signature_enumerator, enumerator_t*,
 	return &enumerator->public;
 }

+METHOD(pkcs7_t, get_attribute, bool,
+	private_pkcs7_signed_data_t *this, int oid, enumerator_t *enumerator, chunk_t *value)
+{
+	signature_enumerator_t *e;
+	chunk_t chunk;
+
+	e = (signature_enumerator_t*)enumerator;
+	if (e->info)
+	{
+		chunk = e->info->attributes->get_attribute(e->info->attributes, oid);
+		if (chunk.len)
+		{
+			*value = chunk;
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
 METHOD(container_t, get_data, bool,
 	private_pkcs7_signed_data_t *this, chunk_t *data)
 {
@ -351,6 +374,7 @@ static private_pkcs7_signed_data_t* create_empty()
 				.get_encoding = _get_encoding,
 				.destroy = _destroy,
 			},
+			.get_attribute = _get_attribute,
 		},
 		.creds = mem_cred_create(),
 		.signerinfos = linked_list_create(),