mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-05-14 13:06:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7: reduce duplicated and useless code

Browse Source
This commit is contained in:
Sun Yimin 2023-03-14 17:48:29 +08:00 committed by GitHub
parent 652e6da354
commit a93f7fd94d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkcs7/sign.go
View File

@ -185,14 +185,6 @@ func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.Private
if err != nil { if err != nil {
return err return err
} }
unsignedAttrs := &attributes{}
for _, attr := range config.ExtraUnsignedAttributes {
unsignedAttrs.Add(attr.Type, attr.Value)
}
finalUnsignedAttrs, err := unsignedAttrs.ForMarshalling()
if err != nil {
return err
}
// create signature of signed attributes // create signature of signed attributes
signature, err := signAttributes(finalAttrs, pkey, hasher) signature, err := signAttributes(finalAttrs, pkey, hasher)
if err != nil { if err != nil {
@ -200,13 +192,16 @@ func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.Private
} }
signer := signerInfo{ signer := signerInfo{
AuthenticatedAttributes: finalAttrs, AuthenticatedAttributes: finalAttrs,
UnauthenticatedAttributes: finalUnsignedAttrs,
DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.digestOid}, DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.digestOid},
DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid}, DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid},
IssuerAndSerialNumber: ias, IssuerAndSerialNumber: ias,
EncryptedDigest: signature, EncryptedDigest: signature,
Version: 1, Version: 1,
} }
if err = signer.SetUnauthenticatedAttributes(config.ExtraUnsignedAttributes); err != nil {
return err
}
if !config.SkipCertificates { if !config.SkipCertificates {
sd.certs = append(sd.certs, ee) sd.certs = append(sd.certs, ee)
if len(parents) > 0 { if len(parents) > 0 {
@ -227,6 +222,7 @@ func newHash(hasher crypto.Hash, hashOid asn1.ObjectIdentifier) hash.Hash {
return h return h
} }
/*
// SignWithoutAttr issues a signature on the content of the pkcs7 SignedData. // SignWithoutAttr issues a signature on the content of the pkcs7 SignedData.
// Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone // Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone
// and does not include any signed attributes like timestamp and so on. // and does not include any signed attributes like timestamp and so on.
@ -276,6 +272,7 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
sd.sd.SignerInfos = append(sd.sd.SignerInfos, signer) sd.sd.SignerInfos = append(sd.sd.SignerInfos, signer)
return nil return nil
} }
*/
func (si *signerInfo) SetUnauthenticatedAttributes(extraUnsignedAttrs []Attribute) error { func (si *signerInfo) SetUnauthenticatedAttributes(extraUnsignedAttrs []Attribute) error {
unsignedAttrs := &attributes{} unsignedAttrs := &attributes{}

6
pkcs7/verify_test.go
View File

@ -254,6 +254,12 @@ func TestVerifyFirefoxAddon(t *testing.T) {
t.Errorf("Verify failed with error: %v", err) t.Errorf("Verify failed with error: %v", err)
} }
p7.Content = []byte("bad content")
if err = p7.VerifyWithChain(certPool); err == nil {
t.Errorf("Verify with incorrect content did not error")
}
p7.Content = FirefoxAddonContent
// The chain has validity: // The chain has validity:
// //
// EE: 2016-08-17 20:04:58 +0000 UTC 2021-08-16 20:04:58 +0000 UTC // EE: 2016-08-17 20:04:58 +0000 UTC 2021-08-16 20:04:58 +0000 UTC