Ejemplo n.º 1
0
//
// Generate the CMS signature for a (finished) CodeDirectory.
//
CFDataRef SecCodeSigner::Signer::signCodeDirectory(const CodeDirectory *cd)
{
	assert(state.mSigner);
	CFRef<CFMutableDictionaryRef> defaultTSContext = NULL;
    
	// a null signer generates a null signature blob
	if (state.mSigner == SecIdentityRef(kCFNull))
		return CFDataCreate(NULL, NULL, 0);
	
	// generate CMS signature
	CFRef<CMSEncoderRef> cms;
	MacOSError::check(CMSEncoderCreate(&cms.aref()));
	MacOSError::check(CMSEncoderSetCertificateChainMode(cms, kCMSCertificateChainWithRoot));
	CMSEncoderAddSigners(cms, state.mSigner);
	MacOSError::check(CMSEncoderSetHasDetachedContent(cms, true));
	
	if (signingTime) {
		MacOSError::check(CMSEncoderAddSignedAttributes(cms, kCMSAttrSigningTime));
		MacOSError::check(CMSEncoderSetSigningTime(cms, signingTime));
	}
	
	MacOSError::check(CMSEncoderUpdateContent(cms, cd, cd->length()));
    
    // Set up to call Timestamp server if requested
    
    if (state.mWantTimeStamp)
    {
        CFRef<CFErrorRef> error = NULL;
        defaultTSContext = SecCmsTSAGetDefaultContext(&error.aref());
        if (error)
            MacOSError::throwMe(errSecDataNotAvailable);
            
        if (state.mNoTimeStampCerts || state.mTimestampService) {
            if (state.mTimestampService)
                CFDictionarySetValue(defaultTSContext, kTSAContextKeyURL, state.mTimestampService);
            if (state.mNoTimeStampCerts)
                CFDictionarySetValue(defaultTSContext, kTSAContextKeyNoCerts, kCFBooleanTrue);
       }
            
        CmsMessageSetTSAContext(cms, defaultTSContext);
    }
    
	CFDataRef signature;
	MacOSError::check(CMSEncoderCopyEncodedContent(cms, &signature));

	return signature;
}
Ejemplo n.º 2
0
/*
 * High-level, one-shot encoder function.
 */
OSStatus CMSEncode(
	CFTypeRef			signers,
	CFTypeRef			recipients,
	const CSSM_OID		*eContentType,
	Boolean				detachedContent,
	CMSSignedAttributes	signedAttributes,
	const void			*content,
	size_t				contentLen,
	CFDataRef			*encodedContent)	/* RETURNED */
{
	if((signers == NULL) && (recipients == NULL)) {
		return errSecParam;
	}
	if(encodedContent == NULL) {
		return errSecParam;
	}
	
	CMSEncoderRef cmsEncoder;
	OSStatus ortn;
	
	/* set up the encoder */
	ortn = CMSEncoderCreate(&cmsEncoder);
	if(ortn) {
		return ortn;
	}
	
	/* subsequent errors to errOut: */
	if(signers) {
		ortn = CMSEncoderAddSigners(cmsEncoder, signers);
		if(ortn) {
			goto errOut;
		}
	}
	if(recipients) {
		ortn = CMSEncoderAddRecipients(cmsEncoder, recipients);
		if(ortn) {
			goto errOut;
		}
	}
	if(eContentType) {
		ortn = CMSEncoderSetEncapsulatedContentType(cmsEncoder, eContentType);
		if(ortn) {
			goto errOut;
		}
	}
	if(detachedContent) {
		ortn = CMSEncoderSetHasDetachedContent(cmsEncoder, detachedContent);
		if(ortn) {
			goto errOut;
		}
	}
	if(signedAttributes) {
		ortn = CMSEncoderAddSignedAttributes(cmsEncoder, signedAttributes);
		if(ortn) {
			goto errOut;
		}
	}
	/* GO */
	ortn = CMSEncoderUpdateContent(cmsEncoder, content, contentLen);
	if(ortn) {
		goto errOut;
	}
	ortn = CMSEncoderCopyEncodedContent(cmsEncoder, encodedContent);
	
errOut:
	CFRelease(cmsEncoder);
	return ortn;
}