def degenerate_pkcs7_der(m2_x509s):
ct_p7 = get_lc().PKCS7_new()
assert get_lc().PKCS7_set_type(ct_p7, m2.PKCS7_SIGNED)
assert get_lc().PKCS7_content_new(ct_p7, m2.PKCS7_DATA)
ct_x509_sk = get_lc().sk_new_null()
for m2_x509 in m2_x509s:
# duplicate the provided X509 certificate (as it will get free'd)
# when we free our PKCS7 structure
m2_x509_dup = m2.x509_dup(m2_x509._ptr())
ct_x509_dup = c_void_p(long(m2_x509_dup))
get_lc().sk_push(ct_x509_sk, ct_x509_dup)
ct_p7.contents.d.sign.contents.crl = None
ct_p7.contents.d.sign.contents.cert = ct_x509_sk
m2_p7bio = BIO.MemoryBuffer()
ct_p7bio = c_void_p(long(m2_p7bio._ptr()))
assert get_lc().i2d_PKCS7_bio(ct_p7bio, ct_p7)
pkcs7_der = m2_p7bio.read()
get_lc().PKCS7_free(ct_p7)
return pkcs7_der
def from_pkcs7_der(cls, pkcs7_der):
m2_p7_bio = BIO.MemoryBuffer(pkcs7_der)
m2_p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(m2_p7_bio._ptr()), 1)
ct_p7 = cast(c_void_p(long(m2_p7._ptr())), POINTER(PKCS7))
ct_sis = get_lc().PKCS7_get_signer_info(ct_p7)
assert get_lc().sk_num(ct_sis) == 1
ct_si = cast(c_void_p(get_lc().sk_value(ct_sis, 0)), POINTER(PKCS7_SIGNER_INFO))
ct_x509 = get_lc().X509_find_by_issuer_and_serial(
ct_p7.contents.d.sign.contents.cert,
ct_si.contents.issuer_and_serial.contents.issuer,
ct_si.contents.issuer_and_serial.contents.serial)
signing_cert_int = m2_x509_from_ct_ptr(ct_x509)
signing_cert = X509.X509(m2.x509_dup(signing_cert_int._ptr()))
m2_p7buf = BIO.MemoryBuffer()
ct_p7buf = c_void_p(long(m2_p7buf._ptr()))
assert get_lc().PKCS7_signatureVerify(ct_p7buf, ct_p7, ct_si, ct_x509) >= 0
assert ct_si.contents.auth_attr
assert get_lc().sk_num(ct_si.contents.auth_attr)
attrs = []
for i in xrange(0, get_lc().sk_num(ct_si.contents.auth_attr)):
# loop through the signed attributes
ct_x509_attr_p = get_lc().sk_value(ct_si.contents.auth_attr, i)
assert ct_x509_attr_p
ct_x509_attr = cast(ct_x509_attr_p, POINTER(X509_ATTRIBUTE))
try:
# try to find a matching OID attribute that we handle
oid_obj = SCEPAttribute.find_by_matching_x509_attr_asn1_obj(ct_x509_attr)
except SCEPAttributeKeyError:
continue
attrs.append((oid_obj, oid_obj.get_string(ct_x509_attr)))
message_types = [attr for attr in attrs if issubclass(attr[0], MessageType)]
assert message_types
message_type = message_types[0]
attrs.remove(message_types[0])
ct_p7bio = get_lc().PKCS7_dataInit(ct_p7, None)
assert ct_p7bio
m2_p7bio = m2_MemoryBuffer_from_ct_ptr(ct_p7bio)
ncls = SCEPMessage.find_by_message_type(message_type[1])()
ncls.signing_cert = signing_cert
ncls.signedcontent = m2_p7bio.read()
ncls._set_attrs(attrs)
return ncls
