investigate timestamp issue

wja-id · Jun 23, 2021 · e8aa1e5 · e8aa1e5
1 parent 9c1b616
commit e8aa1e5
Show file tree

Hide file tree

Showing 6 changed files with 156 additions and 16 deletions.
diff --git a/go.mod b/go.mod
@@ -1,3 +1,5 @@
 module github.com/wja-id/pkcs7
 
 go 1.11
+
+require golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e // indirect
diff --git a/go.sum b/go.sum
@@ -1,2 +1,10 @@
 github.com/wja-id/globalsign-sdk v0.0.0-20201216095649-1d80c2fe9367 h1:eA5o6oaV/Mw+cISBLVbC8gEP78DGRJfUrPtlr82ofVY=
 github.com/wja-id/globalsign-sdk v0.0.0-20201216095649-1d80c2fe9367/go.mod h1:UjFOzSB3clBO1R7ulqrE2Bw3U2w3nC/WhV1nnRSIZDg=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/ocsp.go b/ocsp.go
@@ -0,0 +1,9 @@
+package pkcs7
+
+import "encoding/asn1"
+
+type RevocationInfoArchival struct {
+	Crl          []asn1.RawValue `asn1:"explicit,tag:0,optional"`
+	Ocsp         []asn1.RawValue `asn1:"explicit,tag:1,optional"`
+	OtherRevInfo []asn1.RawValue `asn1:"explicit,tag:2,optional"`
+}
diff --git a/sign.go b/sign.go
@@ -14,7 +14,6 @@ import (
 	"io/ioutil"
 	"math/big"
 	"net/http"
-	"time"
 )
 
 // SignedData is an opaque data structure for creating signed data payloads
@@ -212,7 +211,7 @@ func (sd *SignedData) addSignerChain(ee *x509.Certificate, pkey crypto.PrivateKe
 	attrs := &attributes{}
 	attrs.Add(OIDAttributeContentType, sd.sd.ContentInfo.ContentType)
 	attrs.Add(OIDAttributeMessageDigest, sd.messageDigest)
-	attrs.Add(OIDAttributeSigningTime, time.Now())
+	// attrs.Add(OIDAttributeSigningTime, time.Now())
 
 	// add id-aa-signing-certificate-v2
 	if b, err := populateSigningCertificateV2(ee); err == nil {
@@ -360,6 +359,25 @@ func (si *signerInfo) SetUnauthenticatedAttributes(extraUnsignedAttrs []Attribut
 	return nil
 }
 
+type TimestampTokenRequestCallback func(digest []byte) ([]byte, error)
+
+func (sd *SignedData) RequestSignerTimestampToken(signerID int, callback TimestampTokenRequestCallback) error {
+	if len(sd.sd.SignerInfos) < (signerID + 1) {
+		return fmt.Errorf("no signer information found for ID %d", signerID)
+	}
+
+	if callback == nil {
+		return fmt.Errorf("no callback defined")
+	}
+
+	tst, err := callback(sd.messageDigest)
+	if err != nil {
+		return err
+	}
+
+	return sd.AddTimestampTokenToSigner(signerID, tst)
+}
+
 // AddTimestampTokenToSigner inserts TimestampToken which described in RFC3161 into
 // unauthenticated attribute of that signer
 func (sd *SignedData) AddTimestampTokenToSigner(signerID int, tst []byte) (err error) {