Merge pull request fullsailor#13 from broamski/master

Add method to remove authenticated attributes from signed data
chrisccoulson · Jun 12, 2018 · 90dc71f · 90dc71f
2 parents 930bd84 + 726187a
commit 90dc71f
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/sign.go b/sign.go
@@ -93,7 +93,9 @@ type issuerAndSerial struct {
 	SerialNumber *big.Int
 }
 
-// SetDigestAlgorithm sets the digest algorithm to be used in the signing process
+// SetDigestAlgorithm sets the digest algorithm to be used in the signing process.
+//
+// This should be called before adding signers
 func (sd *SignedData) SetDigestAlgorithm(d asn1.ObjectIdentifier) {
 	sd.digestOid = d
 }
@@ -226,6 +228,20 @@ func (sd *SignedData) Finish() ([]byte, error) {
 	return asn1.Marshal(outer)
 }
 
+// RemoveAuthenticatedAttributes removes authenticated attributes from signedData
+// similar to OpenSSL's PKCS7_NOATTR or -noattr flags
+func (sd *SignedData) RemoveAuthenticatedAttributes() error {
+	for i, _ := range sd.sd.SignerInfos {
+		blankAttrs := &attributes{}
+		finalBlankAttrs, err := blankAttrs.ForMarshalling()
+		if err != nil {
+			return err
+		}
+		sd.sd.SignerInfos[i].AuthenticatedAttributes = finalBlankAttrs
+	}
+	return nil
+}
+
 // verifyPartialChain checks that a given cert is issued by the first parent in the list,
 // then continue down the path. It doesn't require the last parent to be a root CA,
 // or to be trusted in any truststore. It simply verifies that the chain provided, albeit