ssize_t calculate_signature_space(pesign_context *ctx)
{
int rc;
SECItem sig = { 0, };
rc = generate_spc_signed_data(&sig, &ctx->cms_ctx);
if (rc < 0) {
err:
fprintf(stderr, "Could not generate signature.\n");
exit(1);
}
data_directory *dd = NULL;
rc = pe_getdatadir(ctx->outpe, &dd);
if (rc < 0)
goto err;
ssize_t ret = sig.len + dd->certs.size + sizeof(win_certificate) -
available_cert_space(ctx);
//free(sig.data);
return ret;
}
/* before you run this, you'll need to enroll your CA with:
* certutil -A -n 'my CA' -d /etc/pki/pesign -t CT,CT,CT -i ca.crt
* And you'll need to enroll the private key like this:
* pk12util -d /etc/pki/pesign/ -i Peter\ Jones.p12
*/
int
generate_signature(pesign_context *p_ctx, SECItem *newsig)
{
int rc = 0;
cms_context *ctx = &p_ctx->cms_ctx;
assert(ctx->pe_digest != NULL);
SECItem sd_der;
memset(&sd_der, '\0', sizeof(sd_der));
rc = generate_spc_signed_data(&sd_der, ctx);
if (rc < 0) {
fprintf(stderr, "Could not create signed data: %s\n",
PORT_ErrorToString(PORT_GetError()));
return -1;
}
memcpy(newsig, &sd_der, sizeof (*newsig));
return 0;
}
