[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Signed attribute troubles

To: <Olivier.Rey@xxxxxxxx>, <imc-sfl@xxxxxxx>
Subject: RE: Signed attribute troubles
From: "Colestock, Robert" <Robert.Colestock@xxxxxxxxxxxxxxxx>
Date: Tue, 13 Aug 2002 11:51:52 -0400
Cc: "Vracar, Lisa" <Lisa.Vracar@xxxxxxxxxxxxxxxx>, "Pawling, John" <John.Pawling@xxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/imc-sfl/mail-archive/>
List-id: <imc-sfl.imc.org>
List-unsubscribe: <mailto:imc-sfl-request@imc.org?body=unsubscribe>
Sender: owner-imc-sfl@xxxxxxxxxxxx
Thread-index: AcJCtjQS/5vboUSNRRacng7/YN3nuwAD7d4QAAZUI8A=
Thread-topic: Signed attribute troubles

Olivier:

This class is demonstrated by loading from a text configuration file in
"./SMIME/testsrc/util/sm_CLMsgToSign.cpp" around line 938
(CL_MsgToSign::FillSigningCertificate(...) is also in the same source
file; I have added comments here):

...
        if (SM_GetKwValue("SigningCertificate", kwValue, section) ==
            SM_NO_ERROR && !strstr(kwValue, "NULL"))
        {
            CSM_SigningCertificate *pTmpSigningCert = NULL;

            if ((pTmpSigningCert = new CSM_SigningCertificate) == NULL)
                SME_THROW(SM_MEMORY_ERROR, NULL, NULL);

            if ((status =
                    FillSigningCertificate(kwValue, pTmpSigningCert,
                                           m_outputFlag)) ==
SM_NO_ERROR)
            {					<<<<<RWC;ADD TO ATTR
LIST.
                if (pAttributes->m_pAttrs == NULL)
                    pAttributes->m_pAttrs = new CSM_AttribLst;
                pAttr = pAttributes->m_pAttrs->Append();
                pAttr->SetSigningCertificate(pTmpSigningCert);
                delete pTmpSigningCert;
            }
        }
    }
...
<<<<RWC: IN FillSigningCertificate(...)
...
        if ((pTmpCertIDLst = new CSM_CertIDLst) == NULL)
            SME_THROW(SM_MEMORY_ERROR, NULL, NULL);

        while (strlen(sectionCerts) && !strstr(kwValue, "NULL"))
        {
            if (SM_GetKwValue("signingCertificateCertHash",
                              kwValue, sectionCerts) == SM_NO_ERROR)
            {
                if ((pTmpCertID = pTmpCertIDLst->Append()) == NULL)
                    SME_THROW(SM_MEMORY_ERROR, NULL, NULL);

                CSM_Buffer tmpBuf(kwValue, strlen(kwValue));
					<<<RWC;FILE NAME IS IN
"kwValue", CONTAINING HASH
					<<<RWC; IN YOUR CASE, YOU WILL
NEED TO CREATE THE
					<<<RWC; HASH YOURSELF.  YOU CAN
CALL ANY CTIL 
					<<<RWC; SMTI_DigestData(...)
THAT HAS YOUR DIGEST.

                pTmpCertID->m_CertHash = tmpBuf;

                //IssuerSerial is an OPTIONAL field.
                if (SM_GetKwValue("signingCertificateIssuerSerial",
                            kwValue, sectionCerts) == SM_NO_ERROR)
                {
                    // Need to add code to process IssuerSerial
                }
            }
...

Sorry, this is not demonstrated further, our library was not responsible
for creating such data, just processing the data (taking application
data and providing the attribute back to the application).  The
demonstration code loads arbitrary data into this field for testing, not
a proper hash.  The hash is easy to generate using any login, including
the sm_free3 CTIL NULL login (no private key).  

As to loading IssuerSerial, this will take a bit of coding.  I would
suggest strictly using the SNACC class load operations for Certificate
issuer DN and the Certificate Serial Number.  You can assign them
directly once you have decoded the intended certificate (e.g.
DECODE_BUF(...), then assign the DN and serial number directly into
IssuerSerial members).  We do load an IssuerSerial instance in
"./VDAALLPROJECTS/CertificateBuilder/AtgtributeCertificateDlg.cpp"
around line 728, but the DN nor serial number is extracted from a
certificate:

...
	
m_SNACCAttributeCertificate.eitherHolder->baseCertificateID = new
IssuerSerial;

		   GeneralName *pTmpGeneralName =
	
m_SNACCAttributeCertificate.eitherHolder->baseCertificateID->issuer.Appe
nd();

		   pTmpGeneralName->directoryName = pTmpSubjName;
<<<RWC; NAME *pTmpSubjName
		   pTmpGeneralName->choiceId =
GeneralName::directoryNameCid;

		   CSM_Buffer tmpBuf;

		   SM_Hex2Buffer((char
*)LPCSTR(strSubjSerialNum),&tmpBuf);	<<<RWC;BINARY data 
	
<<<RWC; containing serial number

		   m_SNACCAttributeCertificate.eitherHolder->
	
baseCertificateID->serial.Set(tmpBuf.Access(),tmpBuf.Length());
...


As to the 2nd question (as well as the first), the CSM_Attib class will
allow you to provide an ASN.1 encoded buffer containing the attribute
with an appropriate OID.  You can either construct CSM_Attrib as
follows:

    CSM_Attrib(const SNACC::AsnOid &Oid,const CSM_Buffer &SNACCAnyBuf);

OR create the default and assign CSM_Attrib::m_poid (SNACC::AsnOid *)
AND CSM_Attrib::m_pEncodedAttrib (CSM_Buffer *)

In case you do not have these sources in your tree, you will need to
download the CertificateBuilder .tar.gz file containing these sources.
They are separate because they are considered test code, not actual
library sources.

Bob Colestock

-----Original Message-----
From: Olivier.Rey@xxxxxxxx [mailto:Olivier.Rey@xxxxxxxx] 
Sent: Tuesday, August 13, 2002 6:37 AM
To: imc-sfl@xxxxxxx
Subject: Signed attribute troubles


Hi all,
I have 2 questions:

* I am trying to add the ESSCertID attribute (CSM_SigningCertificate) to
a
signature, but I could not find out how to create a
CSM_SigningCertificate
object?
The main problem comes from the (CSM_CertIDLst) m_Certs member: how can
I
get the hash of a certificate, and how can I create an IssuerSerial1
object?

* I would try to add new signed attributes (for example "claimed role"
from
RFC 3126) which are not implemented in CSM_Attrib class. Could you
please
tell me how I can do that? (I think the easiest way is to add new SNACC
functions in sm_ess.cpp. Am I right?)

Thanks in advance,
     Olivier

Prev by Date: Signed attribute troubles
Next by Date: pkcs11
Previous by thread: Signed attribute troubles
Next by thread: pkcs11
Index(es):
- Date
- Thread