SECOidTag NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo) { SECOidData *algdata; if (!signerinfo) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SEC_OID_UNKNOWN; } algdata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo); if (algdata != NULL) return algdata->offset; else return SEC_OID_UNKNOWN; }
/* * NSS_CMSSignedData_VerifySignerInfo - check the signatures. * * The digests were either calculated during decoding (and are stored in the * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests. * * The verification checks if the signing cert is valid and has a trusted chain * for the purpose specified by "certusage". */ SECStatus NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHandle *certdb, SECCertUsage certusage) { NSSCMSSignerInfo *signerinfo; NSSCMSContentInfo *cinfo; SECOidData *algiddata; SECItem *contentType, *digest; SECOidTag oidTag; SECStatus rv; if (!sigd) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } cinfo = &(sigd->contentInfo); signerinfo = sigd->signerInfos[i]; /* verify certificate */ rv = NSS_CMSSignerInfo_VerifyCertificate(signerinfo, certdb, certusage); if (rv != SECSuccess) return rv; /* error is set */ /* find digest and contentType for signerinfo */ algiddata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo); oidTag = algiddata ? algiddata->offset : SEC_OID_UNKNOWN; digest = NSS_CMSSignedData_GetDigestValue(sigd, oidTag); /* NULL digest is acceptable. */ contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo); /* NULL contentType is acceptable. */ /* now verify signature */ rv = NSS_CMSSignerInfo_Verify(signerinfo, digest, contentType); return rv; }