SECOidTag
NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo)
{
SECOidData *algdata;
if (!signerinfo) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SEC_OID_UNKNOWN;
}
algdata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
if (algdata != NULL)
return algdata->offset;
else
return SEC_OID_UNKNOWN;
}
/*
* NSS_CMSSignedData_VerifySignerInfo - check the signatures.
*
* The digests were either calculated during decoding (and are stored in the
* signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
*
* The verification checks if the signing cert is valid and has a trusted chain
* for the purpose specified by "certusage".
*/
SECStatus
NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i,
CERTCertDBHandle *certdb, SECCertUsage certusage)
{
NSSCMSSignerInfo *signerinfo;
NSSCMSContentInfo *cinfo;
SECOidData *algiddata;
SECItem *contentType, *digest;
SECOidTag oidTag;
SECStatus rv;
if (!sigd) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
cinfo = &(sigd->contentInfo);
signerinfo = sigd->signerInfos[i];
/* verify certificate */
rv = NSS_CMSSignerInfo_VerifyCertificate(signerinfo, certdb, certusage);
if (rv != SECSuccess)
return rv; /* error is set */
/* find digest and contentType for signerinfo */
algiddata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
oidTag = algiddata ? algiddata->offset : SEC_OID_UNKNOWN;
digest = NSS_CMSSignedData_GetDigestValue(sigd, oidTag);
/* NULL digest is acceptable. */
contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo);
/* NULL contentType is acceptable. */
/* now verify signature */
rv = NSS_CMSSignerInfo_Verify(signerinfo, digest, contentType);
return rv;
}
