Implement and use HX509_CMS_SIGATURE_ID_NAME.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21267 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-24 19:24:20 +00:00
parent 0a6bc4b22c
commit bff0a5c11c
1 changed files with 37 additions and 15 deletions
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -115,24 +115,42 @@ hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
    return 0;
 }

+#define CMS_ID_SKI	0
+#define CMS_ID_NAME	1
+
 static int
-fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
+fill_CMSIdentifier(const hx509_cert cert,
+		   int type,
+		   CMSIdentifier *id)
 {
-    hx509_name name;
    int ret;

-    id->element = choice_CMSIdentifier_issuerAndSerialNumber;
-    ret = hx509_cert_get_issuer(cert, &name);
-    if (ret)
-	return ret;
-    ret = copy_Name(&name->der_name,
-		    &id->u.issuerAndSerialNumber.issuer);
-    hx509_name_free(&name);
-    if (ret)
-	return ret;
+    switch (type) {
+    case CMS_ID_SKI:
+	id->element = choice_CMSIdentifier_subjectKeyIdentifier;
+	ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
+						   &id->u.subjectKeyIdentifier);
+	if (ret == 0)
+	    break;
+	/* FALL THOUGH */
+    case CMS_ID_NAME: {
+	hx509_name name;

-    ret = hx509_cert_get_serialnumber(cert,
-				      &id->u.issuerAndSerialNumber.serialNumber);
+	id->element = choice_CMSIdentifier_issuerAndSerialNumber;
+	ret = hx509_cert_get_issuer(cert, &name);
+	if (ret)
+	    return ret;
+	ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
+	hx509_name_free(&name);
+	if (ret)
+	    return ret;
+
+	ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
+	break;
+    }
+    default:
+	_hx509_abort("CMS fill identifier with unknown type");
+    }
    return ret;
 }

@@ -518,7 +536,7 @@ hx509_cms_envelope_1(hx509_context context,
    ri = &ed.recipientInfos.val[0];

    ri->version = 0;
-    ret = fill_CMSIdentifier(cert, &ri->rid);
+    ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid);
    if (ret) {
 	hx509_set_error_string(context, 0, ret,
 			       "Failed to set CMS identifier info "
@@ -941,6 +959,7 @@ hx509_cms_create_signed_1(hx509_context context,
    int ret;
    size_t size;
    hx509_path path;
+    int cmsidflag = CMS_ID_SKI;

    memset(&sd, 0, sizeof(sd));
    memset(&name, 0, sizeof(name));
@@ -950,6 +969,9 @@ hx509_cms_create_signed_1(hx509_context context,
    content.data = rk_UNCONST(data);
    content.length = length;

+    if (flags & HX509_CMS_SIGATURE_ID_NAME)
+	cmsidflag = CMS_ID_NAME;
+
    if (_hx509_cert_private_key(cert) == NULL) {
 	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
 			       "Private key missing for signing");
@@ -1004,7 +1026,7 @@ hx509_cms_create_signed_1(hx509_context context,

    signer_info->version = 1;

-    ret = fill_CMSIdentifier(cert, &signer_info->sid);
+    ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid);
    if (ret) {
 	hx509_clear_error_string(context);
 	goto out;