From bff0a5c11c928035638689539243f92e5c71a97b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 24 Jun 2007 19:24:20 +0000
Subject: [PATCH] Implement and use HX509_CMS_SIGATURE_ID_NAME.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21267 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cms.c | 52 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 15 deletions(-)

diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index c17fcee77..d7d04056f 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -115,24 +115,42 @@ hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
     return 0;
 }
 
+#define CMS_ID_SKI	0
+#define CMS_ID_NAME	1
+
 static int
-fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
+fill_CMSIdentifier(const hx509_cert cert,
+		   int type,
+		   CMSIdentifier *id)
 {
-    hx509_name name;
     int ret;
 
-    id->element = choice_CMSIdentifier_issuerAndSerialNumber;
-    ret = hx509_cert_get_issuer(cert, &name);
-    if (ret)
-	return ret;
-    ret = copy_Name(&name->der_name,
-		    &id->u.issuerAndSerialNumber.issuer);
-    hx509_name_free(&name);
-    if (ret)
-	return ret;
+    switch (type) {
+    case CMS_ID_SKI:
+	id->element = choice_CMSIdentifier_subjectKeyIdentifier;
+	ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
+						   &id->u.subjectKeyIdentifier);
+	if (ret == 0)
+	    break;
+	/* FALL THOUGH */
+    case CMS_ID_NAME: {
+	hx509_name name;
 
-    ret = hx509_cert_get_serialnumber(cert,
-				      &id->u.issuerAndSerialNumber.serialNumber);
+	id->element = choice_CMSIdentifier_issuerAndSerialNumber;
+	ret = hx509_cert_get_issuer(cert, &name);
+	if (ret)
+	    return ret;
+	ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
+	hx509_name_free(&name);
+	if (ret)
+	    return ret;
+
+	ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
+	break;
+    }
+    default:
+	_hx509_abort("CMS fill identifier with unknown type");
+    }
     return ret;
 }
 
@@ -518,7 +536,7 @@ hx509_cms_envelope_1(hx509_context context,
     ri = &ed.recipientInfos.val[0];
 
     ri->version = 0;
-    ret = fill_CMSIdentifier(cert, &ri->rid);
+    ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid);
     if (ret) {
 	hx509_set_error_string(context, 0, ret,
 			       "Failed to set CMS identifier info "
@@ -941,6 +959,7 @@ hx509_cms_create_signed_1(hx509_context context,
     int ret;
     size_t size;
     hx509_path path;
+    int cmsidflag = CMS_ID_SKI;
 
     memset(&sd, 0, sizeof(sd));
     memset(&name, 0, sizeof(name));
@@ -950,6 +969,9 @@ hx509_cms_create_signed_1(hx509_context context,
     content.data = rk_UNCONST(data);
     content.length = length;
 
+    if (flags & HX509_CMS_SIGATURE_ID_NAME)
+	cmsidflag = CMS_ID_NAME;
+
     if (_hx509_cert_private_key(cert) == NULL) {
 	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
 			       "Private key missing for signing");
@@ -1004,7 +1026,7 @@ hx509_cms_create_signed_1(hx509_context context,
 
     signer_info->version = 1;
 
-    ret = fill_CMSIdentifier(cert, &signer_info->sid);
+    ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid);
     if (ret) {
 	hx509_clear_error_string(context);
 	goto out;