[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PKCS#7 decoding
Alex,
If you are simply trying to extract a cert from a PKCS #7 object, then you
can use the constructor for the "CSM_MsgToVerify" class to decode a file,
then reference the "m_pMsgCertCrls" member, if there were any certificates
present in the SignedData (PKCS 7) message.
...
CSM_Buffer A("c:\temp\FILE_TO_DECODE.bin");
CSM_MsgToVerify B(&A);
CSM_CertificateChoice *tmpCert;
if (B.m_pMsgCertCrls && B.m_pMsgCertCrls->AccessCertificates())
{
for (tmpCert=B.m_pMsgCertCrls->AccessCertificates()->SetCurrtoFirst();
tmpCert;
tmpCert=B.m_pMsgCertCrls->AccessCertificates()->GoNext())
if (tmpCert->AccessSNACCCertificate())
{
tmpCert->AccessSNACCCertificate()->Print(cout);
// RAW SNACC class "Print(ostream &os)".
// At this point, you have access to all of the
// SNACC Certificate elemnts: "->AccessSNACCCertificate()".
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
If you need to use the SFL to ASN.1 decode a PKCS #7 object, add a
certificate, and then re-encode the PKCS #7 object then use the following
code.
Following is a segment of code that can be used to decode a signedData
(without verifying its signature), add a certificate, re-encode the
signedData and write out a New SignedData message.
The applications needs to feed the SignedData, the certificate and an output
file name.
{
// Open SignedData using CSM_MsgToVerify
CSM_MsgToVerify *pVerify = NULL;
CSM_Buffer *pBuf = NULL;
CSM_ContentInfoMsg *pContent = NULL;
pBuf = new CSM_Buffer(szSignedDataFile); // szSignedDataFile is a
pointer to the SignedData
pContent = new CSM_ContentInfoMsg(pBuf);
pVerify = new CSM_MsgToVerify(&pContent->AccessEncapContent()->m_content);
/* At this point, pVerify contains a pointer to an instance of the SNACC
class SignedData in member variable m_pSnaccSignedData. Inside of
m_pSnaccSignedData is a pointer to the list of certificates */
// Now add the certificate to the certificate list inside
m_pSnaccSignedData
CSM_Buffer CertBuf(szCertificateFile); // szCertificateFile is a pointer to
the cert to add
CSM_CertificateChoice *pCertChoice = NULL;
pCertChoice = new CSM_CertificateChoice(CertBuf);
CertificateChoices *pSNACCCert;
pSNACCCert = pVerify->m_pSnaccSignedData->certificates->Append();
pSNACCCert->choiceId = CertificateChoices::certificateCid;
pSNACCCert->certificate = pCertChoice->AccessSNACCCertificate();
/* At this point, pCertChoice contains a pointer to an instance of the SNACC
class Certificate in member variable m_pSNACCCert. This Certificate can be
appended to the list of certificates in m_pSnaccSignedData. */
// ReEncode the signed data into a CSM_Buffer
CSM_Buffer *pNewSignedData = NULL;
pNewSignedData = new CSM_Buffer();
ENCODE_BUF(pVerify->m_pSnaccSignedData, pNewSignedData);
// Now, take the encoded SignedData buffer and wrap it in a
// ContentInfo with an OID specifying id_signedData.
CSM_OID tOID(id_signedData);
CSM_ContentInfoMsg *pCI = new CSM_ContentInfoMsg;
CSM_Content tmpcont(pNewSignedData, tOID);
SME(pCI->SetEncapContent(tmpcont));
SME((pCI->AccessEncodedCI())->ConvertMemoryToFile(szOutputFile));
}
Much thanks to Bob Colestock, VDA, and Lourdes Maldonado, VDA, for providing
these code samples.
============================================
John Pawling, Director - Systems Engineering
J.G. Van Dyke & Associates, Inc;
a Wang Government Services Company
john.pawling@xxxxxxxx
============================================
-----Original Message-----
From: MCMAINS,ALEX (HP-Boise,ex1) [mailto:alex_mcmains@xxxxxx]
Sent: Thursday, February 24, 2000 6:47 PM
To: 'imc-sfl@xxxxxxx'
Subject: PKCS#7 decoding
Hi,
Using the SFL is there a way to take a CSM_Buffer instantiated with a PKCS#7
file and then instantiate some other class with this buffer that would allow
access to the ASN.1 encoded values, i.e. a PKCS#7 decoder class? I am
trying to get at a X.509v3 cert in a PKCS#7 file so that I can add it to a
CML database. If this seems nonsensical, are there any suggestions for
achieving this objective differently? Thanks.
-- Alex McMains