Merge pull request fullsailor#11 from digitorus/master

Add unsigned attributes support
chrisccoulson · Mar 21, 2018 · 930bd84 · 930bd84
2 parents 5183645 + 228ee02
commit 930bd84
Showing 1 changed file with 30 additions and 1 deletion.
diff --git a/sign.go b/sign.go
@@ -42,7 +42,8 @@ func NewSignedData(data []byte) (*SignedData, error) {
 
 // SignerInfoConfig are optional values to include when adding a signer
 type SignerInfoConfig struct {
-	ExtraSignedAttributes []Attribute
+	ExtraSignedAttributes   []Attribute
+	ExtraUnsignedAttributes []Attribute
 }
 
 type signedData struct {
@@ -140,6 +141,14 @@ func (sd *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKe
 	if err != nil {
 		return err
 	}
+	unsigned_attrs := &attributes{}
+	for _, attr := range config.ExtraUnsignedAttributes {
+		unsigned_attrs.Add(attr.Type, attr.Value)
+	}
+	finalUnsignedAttrs, err := unsigned_attrs.ForMarshalling()
+	if err != nil {
+		return err
+	}
 	signature, err := signAttributes(finalAttrs, pkey, hash)
 	if err != nil {
 		return err
@@ -159,6 +168,7 @@ func (sd *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKe
 	}
 	signer := signerInfo{
 		AuthenticatedAttributes:   finalAttrs,
+		UnauthenticatedAttributes: finalUnsignedAttrs,
 		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: sd.digestOid},
 		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid},
 		IssuerAndSerialNumber:     ias,
@@ -172,6 +182,21 @@ func (sd *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKe
 	return nil
 }
 
+func (si *signerInfo) SetUnauthenticatedAttributes(extra_unsigned_attrs []Attribute) error {
+	unsigned_attrs := &attributes{}
+	for _, attr := range extra_unsigned_attrs {
+		unsigned_attrs.Add(attr.Type, attr.Value)
+	}
+	finalUnsignedAttrs, err := unsigned_attrs.ForMarshalling()
+	if err != nil {
+		return err
+	}
+
+	si.UnauthenticatedAttributes = finalUnsignedAttrs
+
+	return nil
+}
+
 // AddCertificate adds the certificate to the payload. Useful for parent certificates
 func (sd *SignedData) AddCertificate(cert *x509.Certificate) {
 	sd.certs = append(sd.certs, cert)
@@ -183,6 +208,10 @@ func (sd *SignedData) Detach() {
 	sd.sd.ContentInfo = contentInfo{ContentType: OIDData}
 }
 
+func (sd *SignedData) GetSignedData() *signedData {
+	return &sd.sd
+}
+
 // Finish marshals the content and its signers
 func (sd *SignedData) Finish() ([]byte, error) {
 	sd.sd.Certificates = marshalCertificates(sd.certs)