search

digitalbazaar / forge

A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps
https://digitalbazaar.com/
Other
5.05k stars 779 forks source link

Extracting information from PKCS#7 signed data #395

Open NuSkooler opened 8 years ago

NuSkooler commented 8 years ago

I'm using node-forge for a iOS MDM server and am in need to extract and validate (*) PKCS#7 signed data but cannot seem to get anywhere.

(*) it's my understanding -- and from the code -- that verification of PKCS#7 is NYI.

The data in question is DER encoded PKCS#7 mobile configuration (.plist / XML). I'm attempting to get basic information like so:

const p7 = forge.pkcs7.messageFromAsn1(
  forge.asn1.fromDer(
    forge.util.createBuffer(req.payload, 'binary')
  )
);

When I inspect p7.signers, p7.content, etc. they are empty. Inspecting p7.rawCapture.content... shows me the data is present (I can see the XML "message" here), but I'm not sure how I should be accessing it.

Any ideas/tips/etc. appreciated!

BTW, Apple's docs show the following in their sample for this step:

 p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
 store = OpenSSL::X509::Store.new
 p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
 signers = p7sign.signers
NuSkooler commented 8 years ago

Update: I've moved to just accessing the rawCapture. This works, so unless there is/should be an more elegant way to do such things, you could consider this closed.

Example:

p7.rawCapture.content.value[0].value[0].value