pkcs7: decode attribute OIDs when printing

author Dmitry Baryshkov <dbaryshkov@gmail.com>

Wed, 13 May 2020 23:22:20 +0000 (02:22 +0300)

committer Dmitry Baryshkov <dbaryshkov@gmail.com>

Thu, 14 May 2020 08:05:04 +0000 (11:05 +0300)
author Dmitry Baryshkov <dbaryshkov@gmail.com>
Wed, 13 May 2020 23:22:20 +0000 (02:22 +0300)
committer Dmitry Baryshkov <dbaryshkov@gmail.com>
Thu, 14 May 2020 08:05:04 +0000 (11:05 +0300)
diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c

index bf5dbac8376863539c375637d3505847373b99e5..bcffbaafd565bd8efe925621c2977a3cf2843c62 100644 (file)
--- a/lib/x509/pkcs7-output.c
+++ b/lib/x509/pkcs7-output.c
@@ -64,6 +64,31 @@ static void print_dn(gnutls_buffer_st * str, const char *prefix,
         gnutls_free(output.data);
  }
  
+/* Do not encode ASN1 and type for now */
+#define ENTRY(oid, name, type) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, type}
+#define ENTRY2(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, ASN1_ETYPE_INVALID}
+
+static const struct oid_to_string pkcs7_attrs[] = {
+       ENTRY ("1.2.840.113549.1.9.3", "contentType", ASN1_ETYPE_OBJECT_ID),
+       ENTRY ("1.2.840.113549.1.9.4", "messageDigest", ASN1_ETYPE_OCTET_STRING),
+       ENTRY ("1.2.840.113549.1.9.5", "signingTime", ASN1_ETYPE_INVALID),
+       ENTRY2("1.2.840.113549.1.9.6", "countersignature"),
+       ENTRY2("1.2.840.113549.1.9.15", "smimeCapabilities"),
+
+       ENTRY2("1.2.840.113549.1.9.16.2.1", "aa-receiptRequest"),
+       ENTRY2("1.2.840.113549.1.9.16.2.2", "aa-securityLabel"),
+       ENTRY2("1.2.840.113549.1.9.16.2.3", "aa-mlExpandHistory"),
+       ENTRY2("1.2.840.113549.1.9.16.2.4", "aa-contentHint"),
+       ENTRY2("1.2.840.113549.1.9.16.2.9", "aa-equivalentLabels"),
+       ENTRY2("1.2.840.113549.1.9.16.2.10", "aa-contentReference"),
+       ENTRY2("1.2.840.113549.1.9.16.2.11", "aa-encrypKeyPref"),
+       ENTRY2("1.2.840.113549.1.9.16.2.12", "aa-signingCertificate"),
+       ENTRY2("1.2.840.113549.1.9.16.2.19", "aa-ets-otherSigCert"),
+       ENTRY2("1.2.840.113549.1.9.16.2.47", "aa-signingCertificateV2"),
+
+       {NULL, 0, NULL, 0, NULL, 0}
+};
+
  static void print_raw(gnutls_buffer_st * str, const char *prefix,
                       const gnutls_datum_t * raw)
  {
@@ -94,6 +119,7 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info,
         char s[42];
         size_t max;
         int ret;
+       const struct oid_to_string * entry;
  
         if (info->issuer_dn.size > 0)
                 print_dn(str, "\tSigner's issuer DN", &info->issuer_dn);
@@ -130,7 +156,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info,
                                 if (i == 0)
                                         addf(str, "\tSigned Attributes:\n");
  
-                               snprintf(prefix, sizeof(prefix), "\t\t%s", oid);
+                               entry = _gnutls_oid_get_entry(pkcs7_attrs, oid);
+                               snprintf(prefix, sizeof(prefix), "\t\t%s",
+                                               (entry && entry->name_desc) ? entry->name_desc : oid);
                                 print_raw(str, prefix, &data);
                                 gnutls_free(data.data);
                         }
@@ -145,7 +173,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info,
                                 if (i == 0)
                                         addf(str, "\tUnsigned Attributes:\n");
  
-                               snprintf(prefix, sizeof(prefix), "\t\t%s", oid);
+                               entry = _gnutls_oid_get_entry(pkcs7_attrs, oid);
+                               snprintf(prefix, sizeof(prefix), "\t\t%s",
+                                               (entry && entry->name_desc) ? entry->name_desc : oid);
                                 print_raw(str, prefix, &data);
                                 gnutls_free(data.data);
                         }
diff --git a/tests/cert-tests/data/full.p7b.out b/tests/cert-tests/data/full.p7b.out

index fc200f5e17b0da81f0e4e607ed83c1fb2b98495a..c4dd043e339fd5eb320d8143f0ed805c5d774292 100644 (file)
--- a/tests/cert-tests/data/full.p7b.out
+++ b/tests/cert-tests/data/full.p7b.out
@@ -3,10 +3,10 @@ Signers:
         Signer's serial: 4de0b4ca
         Signature Algorithm: RSA-SHA256
         Signed Attributes:
-               1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
-               1.2.840.113549.1.9.4: 0420ca23e4b39a242dcece33fc776b6c9195595700f92201de19426d2d505576210f
-               1.2.840.113549.1.9.5: 170d3135303630313139323232325a
-               1.2.840.113549.1.9.3: 06092a864886f70d010701
+               smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+               messageDigest: 0420ca23e4b39a242dcece33fc776b6c9195595700f92201de19426d2d505576210f
+               signingTime: 170d3135303630313139323232325a
+               contentType: 06092a864886f70d010701
  
  Number of certificates: 2
  
diff --git a/tests/cert-tests/data/openssl-keyid.p7b.out b/tests/cert-tests/data/openssl-keyid.p7b.out

index 3eefda94c61e571afd8279f6071c8cd614a85f26..de622ea1fe45c595b3f27069d6286317361faac0 100644 (file)
--- a/tests/cert-tests/data/openssl-keyid.p7b.out
+++ b/tests/cert-tests/data/openssl-keyid.p7b.out
@@ -2,10 +2,10 @@ Signers:
         Signer's issuer key ID: 7607584ceab529f52d80068c834a820d09ec93de
         Signature Algorithm: RSA-SHA256
         Signed Attributes:
-               1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
-               1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
-               1.2.840.113549.1.9.5: 170d3136313132343135353132375a
-               1.2.840.113549.1.9.3: 06092a864886f70d010701
+               smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+               messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
+               signingTime: 170d3136313132343135353132375a
+               contentType: 06092a864886f70d010701
  
  Number of certificates: 2
  
diff --git a/tests/cert-tests/data/openssl.p7b.out b/tests/cert-tests/data/openssl.p7b.out

index 633045147770528628d326edae25ed932ed4392e..6d2e69d2ea9dfb145cb8913b18b6be109ecacbda 100644 (file)
--- a/tests/cert-tests/data/openssl.p7b.out
+++ b/tests/cert-tests/data/openssl.p7b.out
@@ -3,10 +3,10 @@ Signers:
         Signer's serial: 5838027a15510d5a
         Signature Algorithm: ECDSA-SHA256
         Signed Attributes:
-               1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
-               1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
-               1.2.840.113549.1.9.5: 170d3136313132353039333233305a
-               1.2.840.113549.1.9.3: 06092a864886f70d010701
+               smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+               messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
+               signingTime: 170d3136313132353039333233305a
+               contentType: 06092a864886f70d010701
  
  Number of certificates: 2
  
diff --git a/tests/cert-tests/data/single-ca.p7b.out b/tests/cert-tests/data/single-ca.p7b.out

index 35744628b8038fb2b284f4d8d35bff99de14d3a6..bb7425e285041c40e6ee4ea29273bcd3607129af 100644 (file)
--- a/tests/cert-tests/data/single-ca.p7b.out
+++ b/tests/cert-tests/data/single-ca.p7b.out
@@ -3,10 +3,10 @@ Signers:
         Signer's serial: 00
         Signature Algorithm: RSA-SHA256
         Signed Attributes:
-               1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
-               1.2.840.113549.1.9.4: 0420aadc1955c030f723e9d89ed9d486b4eef5b0d1c6945be0dd6b7b340d42928ec9
-               1.2.840.113549.1.9.5: 170d3135303533313036343633385a
-               1.2.840.113549.1.9.3: 06092a864886f70d010701
+               smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+               messageDigest: 0420aadc1955c030f723e9d89ed9d486b4eef5b0d1c6945be0dd6b7b340d42928ec9
+               signingTime: 170d3135303533313036343633385a
+               contentType: 06092a864886f70d010701
  
  Number of certificates: 1
  
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7

index eed9f068a281cf09cc254e6a65627dbd09ecd5b9..35d438107e0a2a37cdf0b12648ab98f2cf63d003 100755 (executable)
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -265,7 +265,7 @@ if test "${rc}" != "0"; then
  fi
  
  ${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}"
-grep '1.2.840.113549.1.9.3: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
+grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
  if test $? != 0;then
         echo "Content-Type was not set in attributes"
         exit 1
diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa

index 3ceee482b22e53535dc78b613225016e61e7b84a..1fd767bd7352d0cae2ed0f0dc855c83c7428d01f 100755 (executable)
--- a/tests/cert-tests/pkcs7-eddsa
+++ b/tests/cert-tests/pkcs7-eddsa
@@ -97,7 +97,7 @@ if test "${rc}" != "0"; then
  fi
  
  ${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}"
-grep '1.2.840.113549.1.9.3: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
+grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
  if test $? != 0;then
         echo "Content-Type was not set in attributes"
         exit 1
diff --git a/tests/data/test1.cat.out b/tests/data/test1.cat.out

index 1a0c955228a9faa36190f6dec8c9bfdf49d18702..d5b20765b485ef301b89d30592a369f82e12d281 100644 (file)
--- a/tests/data/test1.cat.out
+++ b/tests/data/test1.cat.out
@@ -5,11 +5,11 @@ Signers:
         Signature Algorithm: RSA-SHA1
         Signed Attributes:
                 1.3.6.1.4.1.311.2.1.12: 3064a030802e004800650077006c006500740074002d005000610063006b00610072006400200043006f006d00700061006e0079a130802e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f776864632f68636c2f64656661756c742e6d737078
-               1.2.840.113549.1.9.4: 04141c448883117564c1fe830b2833c0ef6b83030c0e
+               messageDigest: 04141c448883117564c1fe830b2833c0ef6b83030c0e
                 1.3.6.1.4.1.311.2.1.11: 300c060a2b060104018237020115
-               1.2.840.113549.1.9.3: 06092b0601040182370a01
+               contentType: 06092b0601040182370a01
         Unsigned Attributes:
-               1.2.840.113549.1.9.6: 3082021102010130818e3077310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f66742054696d652d5374616d7020504341021333000000af5347776c1bf1a3020000000000af300906052b0e03021a0500a05d301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3136303931333231313930395a302306092a864886f70d01090431160414d488cf8097e0d20f170aa7cff5414d9dc2f28f7b300d06092a864886f70d01010505000482010016dcd01f53ac52f8f37898f02352716c9de8dcdee53a2dfb243d503b31f252878e54c5716cd2f2237b82a1269322c50ed304c00a85e50c47b3ce43b2dfff9d1d8032541e28216281e715407b8cbe565fee869aa0e6fb6f421c1c5516c7fead80c1c2117998b0a754bb0683971d78a864707349514121bf2158305d672f8800ea02bd266c198afc22449f4579d7f0db337919accd8f8093539e1d24e5c89c0c1f9734ea8f9bec2ce9ff9f22f9649069b759ba05967742615a3953645572eddb4c5006b6fd4c6226beded0038548ed82d3993b17b473ca75e9891d524be5c39ec422d7a78baaa475bf1aa0e196d7db1858edcacea1ef34b2655772ab8fca3c7766
+               countersignature: 3082021102010130818e3077310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f66742054696d652d5374616d7020504341021333000000af5347776c1bf1a3020000000000af300906052b0e03021a0500a05d301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3136303931333231313930395a302306092a864886f70d01090431160414d488cf8097e0d20f170aa7cff5414d9dc2f28f7b300d06092a864886f70d01010505000482010016dcd01f53ac52f8f37898f02352716c9de8dcdee53a2dfb243d503b31f252878e54c5716cd2f2237b82a1269322c50ed304c00a85e50c47b3ce43b2dfff9d1d8032541e28216281e715407b8cbe565fee869aa0e6fb6f421c1c5516c7fead80c1c2117998b0a754bb0683971d78a864707349514121bf2158305d672f8800ea02bd266c198afc22449f4579d7f0db337919accd8f8093539e1d24e5c89c0c1f9734ea8f9bec2ce9ff9f22f9649069b759ba05967742615a3953645572eddb4c5006b6fd4c6226beded0038548ed82d3993b17b473ca75e9891d524be5c39ec422d7a78baaa475bf1aa0e196d7db1858edcacea1ef34b2655772ab8fca3c7766
  
  Number of certificates: 4
  
diff --git a/tests/data/test2.cat.out b/tests/data/test2.cat.out

index aead58067c552b422dba843cf73d89a0ce286ace..aec0af9adaaa5ba9192c8bc69d684e127f2a412d 100644 (file)
--- a/tests/data/test2.cat.out
+++ b/tests/data/test2.cat.out
@@ -4,9 +4,9 @@ Signers:
         Signer's serial: 1656c8b2bf9bb3b24e6f3411cdcff0b5
         Signature Algorithm: RSA-SHA1
         Signed Attributes:
-               1.2.840.113549.1.9.4: 041490608f08aab36bbeef8cb509bef6e60385058afa
+               messageDigest: 041490608f08aab36bbeef8cb509bef6e60385058afa
                 1.3.6.1.4.1.311.2.1.11: 300c060a2b060104018237020115
-               1.2.840.113549.1.9.3: 06092b0601040182370a01
+               contentType: 06092b0601040182370a01
                 1.3.6.1.4.1.311.2.1.12: 3000
  
  Number of certificates: 1
author	Dmitry Baryshkov <dbaryshkov@gmail.com>
	Wed, 13 May 2020 23:22:20 +0000 (02:22 +0300)
committer	Dmitry Baryshkov <dbaryshkov@gmail.com>
	Thu, 14 May 2020 08:05:04 +0000 (11:05 +0300)
lib/x509/pkcs7-output.c		patch \| blob \| blame \| history
tests/cert-tests/data/full.p7b.out		patch \| blob \| blame \| history
tests/cert-tests/data/openssl-keyid.p7b.out		patch \| blob \| blame \| history
tests/cert-tests/data/openssl.p7b.out		patch \| blob \| blame \| history
tests/cert-tests/data/single-ca.p7b.out		patch \| blob \| blame \| history
tests/cert-tests/pkcs7		patch \| blob \| blame \| history
tests/cert-tests/pkcs7-eddsa		patch \| blob \| blame \| history
tests/data/test1.cat.out		patch \| blob \| blame \| history
tests/data/test2.cat.out		patch \| blob \| blame \| history