Merge pull request #13 from mastahyeti/signingtime

Include SigningTime attribute in signatures
github · Dec 4, 2018 · f987d53 · f987d53
2 parents f17ec46 + d8dd28d
commit f987d53
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 1 deletion.
diff --git a/protocol/protocol.go b/protocol/protocol.go
@@ -670,6 +670,10 @@ func (sd *SignedData) AddSignerInfo(chain []*x509.Certificate, signer crypto.Sig
 	}
 
 	// Build our SignedAttributes
+	stAttr, err := NewAttribute(oid.AttributeSigningTime, time.Now())
+	if err != nil {
+		return err
+	}
 	mdAttr, err := NewAttribute(oid.AttributeMessageDigest, md.Sum(nil))
 	if err != nil {
 		return err
@@ -678,7 +682,8 @@ func (sd *SignedData) AddSignerInfo(chain []*x509.Certificate, signer crypto.Sig
 	if err != nil {
 		return err
 	}
-	si.SignedAttrs = append(si.SignedAttrs, mdAttr, ctAttr)
+
+	si.SignedAttrs = append(si.SignedAttrs, stAttr, mdAttr, ctAttr)
 
 	// Signature is over the marshaled signed attributes
 	sm, err := si.SignedAttrs.MarshaledForSigning()

diff --git a/protocol/protocol_test.go b/protocol/protocol_test.go
@@ -211,6 +211,48 @@ func TestContentTypeAttribute(t *testing.T) {
 	}
 }
 
+func TestSigningTimeAttribute(t *testing.T) {
+	ci, _ := ParseContentInfo(fixtureSignatureOpenSSLAttached)
+	sd, _ := ci.SignedDataContent()
+	si := sd.SignerInfos[0]
+
+	oldAttrVal, err := si.GetSigningTimeAttribute()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var oldAttr Attribute
+	for _, attr := range si.SignedAttrs {
+		if attr.Type.Equal(oid.AttributeSigningTime) {
+			oldAttr = attr
+			break
+		}
+	}
+
+	newAttr, err := NewAttribute(oid.AttributeSigningTime, oldAttrVal)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(oldAttr.RawValue.Bytes, newAttr.RawValue.Bytes) {
+		t.Fatal("raw value mismatch")
+	}
+
+	oldDER, err := asn1.Marshal(oldAttr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	newDER, err := asn1.Marshal(newAttr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(oldDER, newDER) {
+		t.Fatal("der mismatch")
+	}
+}
+
 func TestIssuerAndSerialNumber(t *testing.T) {
 	ci, _ := ParseContentInfo(fixtureSignatureOpenSSLAttached)
 	sd, _ := ci.SignedDataContent()

diff --git a/sign_test.go b/sign_test.go
@@ -3,6 +3,7 @@ package cms
 import (
 	"crypto/x509"
 	"testing"
+	"time"
 )
 
 var (
@@ -46,6 +47,12 @@ func TestSign(t *testing.T) {
 			t.Fatal("missing cert in sd")
 		}
 	}
+
+	// check that we're including signing time attribute
+	st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()
+	if st.After(time.Now().Add(time.Second)) || st.Before(time.Now().Add(-time.Second)) {
+		t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))
+	}
 }
 
 func TestSignDetached(t *testing.T) {
@@ -84,6 +91,12 @@ func TestSignDetached(t *testing.T) {
 			t.Fatal("missing cert in sd")
 		}
 	}
+
+	// check that we're including signing time attribute
+	st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()
+	if st.After(time.Now().Add(time.Second)) || st.Before(time.Now().Add(-time.Second)) {
+		t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))
+	}
 }
 
 func TestSignRemoveHeaders(t *testing.T) {