[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKCS#7 decoding



Alex,

If you are simply trying to extract a cert from a PKCS #7 object, then you
can use the constructor for the "CSM_MsgToVerify" class to decode a file,
then reference the "m_pMsgCertCrls" member, if there were any certificates
present in the SignedData (PKCS 7) message.  

...
  CSM_Buffer A("c:\temp\FILE_TO_DECODE.bin");
  CSM_MsgToVerify B(&A);
  CSM_CertificateChoice *tmpCert;
  if (B.m_pMsgCertCrls && B.m_pMsgCertCrls->AccessCertificates())
  {
    for (tmpCert=B.m_pMsgCertCrls->AccessCertificates()->SetCurrtoFirst();
tmpCert; 
         tmpCert=B.m_pMsgCertCrls->AccessCertificates()->GoNext())
      if (tmpCert->AccessSNACCCertificate())
      {
         tmpCert->AccessSNACCCertificate()->Print(cout);	
               // RAW SNACC class "Print(ostream &os)".
         // At this point, you have access to all of the
         //  SNACC Certificate elemnts: "->AccessSNACCCertificate()".
       }
  }

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

If you need to use the SFL to ASN.1 decode a PKCS #7 object, add a
certificate, and then re-encode the PKCS #7 object then use the following
code.  

Following is a segment of code that can be used to decode a signedData
(without verifying its signature), add a certificate, re-encode the
signedData and write out a New SignedData message.

The applications needs to feed the SignedData, the certificate and an output
file name.
{
// Open SignedData using CSM_MsgToVerify

CSM_MsgToVerify *pVerify = NULL;
CSM_Buffer *pBuf = NULL;
CSM_ContentInfoMsg *pContent = NULL;

pBuf = new CSM_Buffer(szSignedDataFile);     // szSignedDataFile is a
pointer to the SignedData
pContent = new CSM_ContentInfoMsg(pBuf);

pVerify = new CSM_MsgToVerify(&pContent->AccessEncapContent()->m_content);

/* At this point, pVerify contains a pointer to an instance of the SNACC
class SignedData in member variable m_pSnaccSignedData.  Inside of
m_pSnaccSignedData is a pointer to the list of certificates */

	// Now add the certificate to the certificate list inside
m_pSnaccSignedData
CSM_Buffer CertBuf(szCertificateFile);	// szCertificateFile is a pointer to
the cert to add
CSM_CertificateChoice *pCertChoice = NULL;
pCertChoice = new CSM_CertificateChoice(CertBuf);

CertificateChoices *pSNACCCert;

pSNACCCert = pVerify->m_pSnaccSignedData->certificates->Append();
pSNACCCert->choiceId = CertificateChoices::certificateCid;
pSNACCCert->certificate = pCertChoice->AccessSNACCCertificate();

/* At this point, pCertChoice contains a pointer to an instance of the SNACC
class Certificate in member variable m_pSNACCCert.  This Certificate can be
appended to the list of certificates in m_pSnaccSignedData. */

// ReEncode the signed data into a CSM_Buffer
CSM_Buffer *pNewSignedData = NULL;
pNewSignedData = new CSM_Buffer();

ENCODE_BUF(pVerify->m_pSnaccSignedData, pNewSignedData);

// Now, take the encoded SignedData buffer and wrap it in a 
// ContentInfo with an OID specifying id_signedData.
CSM_OID tOID(id_signedData);
CSM_ContentInfoMsg *pCI = new CSM_ContentInfoMsg;
CSM_Content tmpcont(pNewSignedData, tOID);
SME(pCI->SetEncapContent(tmpcont));
SME((pCI->AccessEncodedCI())->ConvertMemoryToFile(szOutputFile));
}

Much thanks to Bob Colestock, VDA, and Lourdes Maldonado, VDA, for providing
these code samples.

============================================
John Pawling, Director - Systems Engineering
J.G. Van Dyke & Associates, Inc;
a Wang Government Services Company
john.pawling@xxxxxxxx
============================================ 


-----Original Message-----
From: MCMAINS,ALEX (HP-Boise,ex1) [mailto:alex_mcmains@xxxxxx]
Sent: Thursday, February 24, 2000 6:47 PM
To: 'imc-sfl@xxxxxxx'
Subject: PKCS#7 decoding

Hi,

Using the SFL is there a way to take a CSM_Buffer instantiated with a PKCS#7
file and then instantiate some other class with this buffer that would allow
access to the ASN.1 encoded values, i.e. a PKCS#7 decoder class?  I am
trying to get at a X.509v3 cert in a PKCS#7 file so that I can add it to a
CML database.  If this seems nonsensical, are there any suggestions for
achieving this objective differently?  Thanks.

	-- Alex McMains