oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use hx509_cms_create_signed to create signed data

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24579 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-02-04 22:04:18 +00:00
parent 64748478da
commit f0214c8843
1 changed files with 45 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
lib/hx509/hxtool.c
View File

@@ -283,6 +283,28 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
return 0; return 0;
} }
static int
print_signer(hx509_context context, void *ctx, hx509_cert cert)
{
hx509_pem_header **header = ctx;
char *signer_name = NULL;
hx509_name name;
int ret;
ret = hx509_cert_get_subject(cert, &name);
if (ret)
errx(1, "hx509_cert_get_subject");
ret = hx509_name_to_string(name, &signer_name);
hx509_name_free(&name);
if (ret)
errx(1, "hx509_name_to_string");
hx509_pem_add_header(header, "Signer", signer_name);
free(signer_name);
}
int int
cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
{ {
@@ -291,12 +313,10 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
heim_octet_string o; heim_octet_string o;
hx509_query *q; hx509_query *q;
hx509_lock lock; hx509_lock lock;
hx509_certs store, pool, anchors; hx509_certs store, pool, anchors, signer;
hx509_cert cert;
size_t sz; size_t sz;
void *p; void *p;
int ret, flags = 0; int ret, flags = 0;
char *signer_name = NULL;
memset(&contentType, 0, sizeof(contentType)); memset(&contentType, 0, sizeof(contentType));
@@ -306,6 +326,8 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
hx509_lock_init(context, &lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
ret = hx509_certs_init(context, "MEMORY:signer-certs", 0, NULL, &signer);
if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY");
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY");
ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool); ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool);
@@ -326,6 +348,10 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
flags |= HX509_CMS_SIGATURE_DETACHED; flags |= HX509_CMS_SIGATURE_DETACHED;
if (opt->id_by_name_flag) if (opt->id_by_name_flag)
flags |= HX509_CMS_SIGATURE_ID_NAME; flags |= HX509_CMS_SIGATURE_ID_NAME;
if (!opt->signer_flag) {
flags |= HX509_CMS_SIGATURE_NO_SIGNER;
}
ret = hx509_query_alloc(context, &q); ret = hx509_query_alloc(context, &q);
if (ret) if (ret)
@@ -337,7 +363,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
if (opt->signer_string) if (opt->signer_string)
hx509_query_match_friendly_name(q, opt->signer_string); hx509_query_match_friendly_name(q, opt->signer_string);
ret = hx509_certs_find(context, store, q, &cert); ret = hx509_certs_filter(context, store, q, signer);
hx509_query_free(context, q); hx509_query_free(context, q);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_certs_find"); hx509_err(context, 1, ret, "hx509_certs_find");
@@ -351,37 +377,22 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType); parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
ret = hx509_cms_create_signed_1(context, ret = hx509_cms_create_signed(context,
flags, flags,
&contentType, &contentType,
p, p,
sz, sz,
NULL, NULL,
cert, signer,
peer, peer,
anchors, anchors,
pool, pool,
&o); &o);
if (ret) if (ret)
errx(1, "hx509_cms_create_signed: %d", ret); errx(1, "hx509_cms_create_signed: %d", ret);
{
hx509_name name;
ret = hx509_cert_get_subject(cert, &name);
if (ret)
errx(1, "hx509_cert_get_subject");
ret = hx509_name_to_string(name, &signer_name);
hx509_name_free(&name);
if (ret)
errx(1, "hx509_name_to_string");
}
hx509_certs_free(&anchors); hx509_certs_free(&anchors);
hx509_certs_free(&pool); hx509_certs_free(&pool);
hx509_cert_free(cert);
hx509_certs_free(&store); hx509_certs_free(&store);
rk_xfree(p); rk_xfree(p);
hx509_lock_free(lock); hx509_lock_free(lock);
@@ -406,7 +417,9 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
hx509_pem_add_header(&header, "Content-disposition", hx509_pem_add_header(&header, "Content-disposition",
opt->detached_signature_flag ? opt->detached_signature_flag ?
"detached" : "inline"); "detached" : "inline");
hx509_pem_add_header(&header, "Signer", signer_name); ret = hx509_certs_iter(context, signer, print_signer, header);
if (ret)
hx509_err(context, 1, ret, "print signer");
f = fopen(argv[1], "w"); f = fopen(argv[1], "w");
if (f == NULL) if (f == NULL)
@@ -425,7 +438,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
errx(1, "hx509_write_file: %d", ret); errx(1, "hx509_write_file: %d", ret);
} }
free(signer_name); hx509_certs_free(&signer);
free(o.data); free(o.data);
return 0; return 0;