Export SignedData in cms. Fixes #89

florentchauveau · florentchauveau · commit d66840f9a5ea · 2022-06-24T13:32:09.000+02:00
diff --git a/ietf-cms/sign.go b/ietf-cms/sign.go
@@ -45,5 +45,5 @@ func SignDetached(data []byte, chain []*x509.Certificate, signer crypto.Signer)
 // leaf certificate associated with the signer. Any additional intermediates
 // will also be added to the SignedData.
 func (sd *SignedData) Sign(chain []*x509.Certificate, signer crypto.Signer) error {
-	return sd.psd.AddSignerInfo(chain, signer)
+	return sd.AddSignerInfo(chain, signer)
 }
diff --git a/ietf-cms/sign_test.go b/ietf-cms/sign_test.go
@@ -33,7 +33,7 @@ func TestSign(t *testing.T) {
 	}
 
 	// test that we're including whole chain in sd
-	sdCerts, err := sd2.psd.X509Certificates()
+	sdCerts, err := sd2.X509Certificates()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -53,7 +53,7 @@ func TestSign(t *testing.T) {
 	}
 
 	// check that we're including signing time attribute
-	st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()
+	st, err := sd2.SignerInfos[0].GetSigningTimeAttribute()
 	if st.After(time.Now().Add(time.Second)) || st.Before(time.Now().Add(-time.Second)) {
 		t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))
 	}
@@ -77,7 +77,7 @@ func TestSignDetached(t *testing.T) {
 	}
 
 	// test that we're including whole chain in sd
-	sdCerts, err := sd2.psd.X509Certificates()
+	sdCerts, err := sd2.X509Certificates()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -97,7 +97,7 @@ func TestSignDetached(t *testing.T) {
 	}
 
 	// check that we're including signing time attribute
-	st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()
+	st, err := sd2.SignerInfos[0].GetSigningTimeAttribute()
 	if st.After(time.Now().Add(time.Second)) || st.Before(time.Now().Add(-time.Second)) {
 		t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))
 	}
diff --git a/ietf-cms/signed_data.go b/ietf-cms/signed_data.go
@@ -9,7 +9,7 @@ import (
 
 // SignedData represents a signed message or detached signature.
 type SignedData struct {
-	psd *protocol.SignedData
+	*protocol.SignedData
 }
 
 // NewSignedData creates a new SignedData from the given data.
@@ -19,12 +19,12 @@ func NewSignedData(data []byte) (*SignedData, error) {
 		return nil, err
 	}
 
-	psd, err := protocol.NewSignedData(eci)
+	sd, err := protocol.NewSignedData(eci)
 	if err != nil {
 		return nil, err
 	}
 
-	return &SignedData{psd}, nil
+	return &SignedData{sd}, nil
 }
 
 // ParseSignedData parses a SignedData from BER encoded data.
@@ -34,32 +34,32 @@ func ParseSignedData(ber []byte) (*SignedData, error) {
 		return nil, err
 	}
 
-	psd, err := ci.SignedDataContent()
+	sd, err := ci.SignedDataContent()
 	if err != nil {
 		return nil, err
 	}
 
-	return &SignedData{psd}, nil
+	return &SignedData{sd}, nil
 }
 
 // GetData gets the encapsulated data from the SignedData. Nil will be returned
 // if this is a detached signature. A protocol.ErrWrongType will be returned if
 // the SignedData encapsulates something other than data (1.2.840.113549.1.7.1).
 func (sd *SignedData) GetData() ([]byte, error) {
-	return sd.psd.EncapContentInfo.DataEContent()
+	return sd.EncapContentInfo.DataEContent()
 }
 
 // GetCertificates gets all the certificates stored in the SignedData.
 func (sd *SignedData) GetCertificates() ([]*x509.Certificate, error) {
-	return sd.psd.X509Certificates()
+	return sd.X509Certificates()
 }
 
 // SetCertificates replaces the certificates stored in the SignedData with new
 // ones.
 func (sd *SignedData) SetCertificates(certs []*x509.Certificate) error {
-	sd.psd.ClearCertificates()
+	sd.ClearCertificates()
 	for _, cert := range certs {
-		if err := sd.psd.AddCertificate(cert); err != nil {
+		if err := sd.AddCertificate(cert); err != nil {
 			return err
 		}
 	}
@@ -69,15 +69,15 @@ func (sd *SignedData) SetCertificates(certs []*x509.Certificate) error {
 // Detached removes the data content from this SignedData. No more signatures
 // can be added after this method has been called.
 func (sd *SignedData) Detached() {
-	sd.psd.EncapContentInfo.EContent = asn1.RawValue{}
+	sd.EncapContentInfo.EContent = asn1.RawValue{}
 }
 
 // IsDetached checks if this SignedData has data content.
 func (sd *SignedData) IsDetached() bool {
-	return sd.psd.EncapContentInfo.EContent.Bytes == nil
+	return sd.EncapContentInfo.EContent.Bytes == nil
 }
 
 // ToDER encodes this SignedData message using DER.
 func (sd *SignedData) ToDER() ([]byte, error) {
-	return sd.psd.ContentInfoDER()
+	return sd.ContentInfoDER()
 }
diff --git a/ietf-cms/timestamp.go b/ietf-cms/timestamp.go
@@ -16,20 +16,20 @@ import (
 // in old messages signed with revoked keys.
 func (sd *SignedData) AddTimestamps(url string) error {
 	var (
-		attrs = make([]protocol.Attribute, len(sd.psd.SignerInfos))
+		attrs = make([]protocol.Attribute, len(sd.SignerInfos))
 		err   error
 	)
 
 	// Fetch all timestamp tokens before adding any to sd. This avoids a partial
 	// failure.
 	for i := range attrs {
-		if attrs[i], err = fetchTS(url, sd.psd.SignerInfos[i]); err != nil {
+		if attrs[i], err = fetchTS(url, sd.SignerInfos[i]); err != nil {
 			return err
 		}
 	}
 
 	for i := range attrs {
-		sd.psd.SignerInfos[i].UnsignedAttrs = append(sd.psd.SignerInfos[i].UnsignedAttrs, attrs[i])
+		sd.SignerInfos[i].UnsignedAttrs = append(sd.SignerInfos[i].UnsignedAttrs, attrs[i])
 	}
 
 	return nil
@@ -88,7 +88,7 @@ func getTimestamp(si protocol.SignerInfo, opts x509.VerifyOptions) (timestamp.In
 		return timestamp.Info{}, err
 	}
 
-	tsti, err := timestamp.ParseInfo(tst.psd.EncapContentInfo)
+	tsti, err := timestamp.ParseInfo(tst.EncapContentInfo)
 	if err != nil {
 		return timestamp.Info{}, err
 	}
diff --git a/ietf-cms/timestamp_test.go b/ietf-cms/timestamp_test.go
@@ -24,7 +24,7 @@ func TestAddTimestamps(t *testing.T) {
 	if _, err := sd.Verify(intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
 
@@ -68,17 +68,17 @@ func TestTimestampsVerifications(t *testing.T) {
 	getTimestampedSignedData := func() *SignedData {
 		sd, _ := NewSignedData([]byte("hi"))
 		sd.Sign(leaf.Chain(), leaf.PrivateKey)
-		tsReq, _ := tsRequest(sd.psd.SignerInfos[0])
+		tsReq, _ := tsRequest(sd.SignerInfos[0])
 		tsResp, _ := tsa.Do(tsReq)
 		tsAttr, _ := protocol.NewAttribute(oid.AttributeTimeStampToken, tsResp.TimeStampToken)
-		sd.psd.SignerInfos[0].UnsignedAttrs = append(sd.psd.SignerInfos[0].UnsignedAttrs, tsAttr)
+		sd.SignerInfos[0].UnsignedAttrs = append(sd.SignerInfos[0].UnsignedAttrs, tsAttr)
 		return sd
 	}
 
 	// Good timestamp
 	tsa.Clear()
 	sd := getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := sd.Verify(intermediateOpts); err != nil {
@@ -97,7 +97,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return info
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := sd.Verify(intermediateOpts); err == nil || !strings.HasPrefix(err.Error(), "x509: certificate has expired") {
@@ -116,7 +116,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return info
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := sd.Verify(intermediateOpts); err != nil {
@@ -135,7 +135,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return info
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := sd.Verify(intermediateOpts); err == nil || !strings.HasPrefix(err.Error(), "x509: certificate has expired") {
@@ -154,7 +154,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return info
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := sd.Verify(intermediateOpts); err != nil {
@@ -167,7 +167,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return info
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err == nil || err.Error() != "invalid message imprint" {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err == nil || err.Error() != "invalid message imprint" {
 		t.Fatalf("expected 'invalid message imprint', got %v", err)
 	}
 
@@ -179,7 +179,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return tst
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err == nil {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err == nil {
 		t.Fatal("expected error")
 	} else if _, ok := err.(x509.UnknownAuthorityError); !ok {
 		t.Fatalf("expected x509.UnknownAuthorityError, got %v", err)
@@ -191,7 +191,7 @@ func TestTimestampsVerifications(t *testing.T) {
 		return tst
 	})
 	sd = getTimestampedSignedData()
-	if _, err := getTimestamp(sd.psd.SignerInfos[0], intermediateOpts); err != rsa.ErrVerification {
+	if _, err := getTimestamp(sd.SignerInfos[0], intermediateOpts); err != rsa.ErrVerification {
 		t.Fatalf("expected %v, got %v", rsa.ErrVerification, err)
 	}
 }
diff --git a/ietf-cms/verify.go b/ietf-cms/verify.go
@@ -16,7 +16,7 @@ import (
 //
 // WARNING: this function doesn't do any revocation checking.
 func (sd *SignedData) Verify(opts x509.VerifyOptions) ([][][]*x509.Certificate, error) {
-	econtent, err := sd.psd.EncapContentInfo.EContentValue()
+	econtent, err := sd.EncapContentInfo.EContentValue()
 	if err != nil {
 		return nil, err
 	}
@@ -35,18 +35,18 @@ func (sd *SignedData) Verify(opts x509.VerifyOptions) ([][][]*x509.Certificate,
 //
 // WARNING: this function doesn't do any revocation checking.
 func (sd *SignedData) VerifyDetached(message []byte, opts x509.VerifyOptions) ([][][]*x509.Certificate, error) {
-	if sd.psd.EncapContentInfo.EContent.Bytes != nil {
+	if sd.EncapContentInfo.EContent.Bytes != nil {
 		return nil, errors.New("signature not detached")
 	}
 	return sd.verify(message, opts)
 }
 
 func (sd *SignedData) verify(econtent []byte, opts x509.VerifyOptions) ([][][]*x509.Certificate, error) {
-	if len(sd.psd.SignerInfos) == 0 {
+	if len(sd.SignerInfos) == 0 {
 		return nil, protocol.ASN1Error{Message: "no signatures found"}
 	}
 
-	certs, err := sd.psd.X509Certificates()
+	certs, err := sd.X509Certificates()
 	if err != nil {
 		return nil, err
 	}
@@ -64,16 +64,16 @@ func (sd *SignedData) verify(econtent []byte, opts x509.VerifyOptions) ([][][]*x
 	tsOpts := opts
 	tsOpts.KeyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}
 
-	chains := make([][][]*x509.Certificate, 0, len(sd.psd.SignerInfos))
+	chains := make([][][]*x509.Certificate, 0, len(sd.SignerInfos))
 
-	for _, si := range sd.psd.SignerInfos {
+	for _, si := range sd.SignerInfos {
 		var signedMessage []byte
 
 		// SignedAttrs is optional if EncapContentInfo eContentType isn't id-data.
 		if si.SignedAttrs == nil {
 			// SignedAttrs may only be absent if EncapContentInfo eContentType is
 			// id-data.
-			if !sd.psd.EncapContentInfo.IsTypeData() {
+			if !sd.EncapContentInfo.IsTypeData() {
 				return nil, protocol.ASN1Error{Message: "missing SignedAttrs"}
 			}
 
@@ -87,7 +87,7 @@ func (sd *SignedData) verify(econtent []byte, opts x509.VerifyOptions) ([][][]*x
 			if err != nil {
 				return nil, err
 			}
-			if !siContentType.Equal(sd.psd.EncapContentInfo.EContentType) {
+			if !siContentType.Equal(sd.EncapContentInfo.EContentType) {
 				return nil, protocol.ASN1Error{Message: "invalid SignerInfo ContentType attribute"}
 			}
 
diff --git a/ietf-cms/verify_test.go b/ietf-cms/verify_test.go
@@ -36,7 +36,7 @@ func ExampleSignedData() {
 
 func verifyOptionsForSignedData(sd *SignedData) (opts x509.VerifyOptions) {
 	// add self-signed cert as trusted root
-	certs, err := sd.psd.X509Certificates()
+	certs, err := sd.X509Certificates()
 	if err != nil {
 		panic(err)
 	}
@@ -46,7 +46,7 @@ func verifyOptionsForSignedData(sd *SignedData) (opts x509.VerifyOptions) {
 	}
 
 	// trust signing time
-	signingTime, err := sd.psd.SignerInfos[0].GetSigningTimeAttribute()
+	signingTime, err := sd.SignerInfos[0].GetSigningTimeAttribute()
 	if err != nil {
 		panic(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -45,5 +45,5 @@ func SignDetached(data []byte, chain []*x509.Certificate, signer crypto.Signer)`
`45`	`45`	`// leaf certificate associated with the signer. Any additional intermediates`
`46`	`46`	`// will also be added to the SignedData.`
`47`	`47`	`func (sd SignedData) Sign(chain []x509.Certificate, signer crypto.Signer) error {`
`48`		`- return sd.psd.AddSignerInfo(chain, signer)`
	`48`	`+ return sd.AddSignerInfo(chain, signer)`
`49`	`49`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ func TestSign(t *testing.T) {`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`// test that we're including whole chain in sd`
`36`		`- sdCerts, err := sd2.psd.X509Certificates()`
	`36`	`+ sdCerts, err := sd2.X509Certificates()`
`37`	`37`	`if err != nil {`
`38`	`38`	`t.Fatal(err)`
`39`	`39`	`}`
`@@ -53,7 +53,7 @@ func TestSign(t *testing.T) {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`// check that we're including signing time attribute`
`56`		`- st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()`
	`56`	`+ st, err := sd2.SignerInfos[0].GetSigningTimeAttribute()`
`57`	`57`	`if st.After(time.Now().Add(time.Second)) \|\| st.Before(time.Now().Add(-time.Second)) {`
`58`	`58`	`t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))`
`59`	`59`	`}`
`@@ -77,7 +77,7 @@ func TestSignDetached(t *testing.T) {`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`// test that we're including whole chain in sd`
`80`		`- sdCerts, err := sd2.psd.X509Certificates()`
	`80`	`+ sdCerts, err := sd2.X509Certificates()`
`81`	`81`	`if err != nil {`
`82`	`82`	`t.Fatal(err)`
`83`	`83`	`}`
`@@ -97,7 +97,7 @@ func TestSignDetached(t *testing.T) {`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`// check that we're including signing time attribute`
`100`		`- st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()`
	`100`	`+ st, err := sd2.SignerInfos[0].GetSigningTimeAttribute()`
`101`	`101`	`if st.After(time.Now().Add(time.Second)) \|\| st.Before(time.Now().Add(-time.Second)) {`
`102`	`102`	`t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))`
`103`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ import (`
`9`	`9`
`10`	`10`	`// SignedData represents a signed message or detached signature.`
`11`	`11`	`type SignedData struct {`
`12`		`- psd *protocol.SignedData`
	`12`	`+ *protocol.SignedData`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`// NewSignedData creates a new SignedData from the given data.`
`@@ -19,12 +19,12 @@ func NewSignedData(data []byte) (*SignedData, error) {`
`19`	`19`	`return nil, err`
`20`	`20`	`}`
`21`	`21`
`22`		`- psd, err := protocol.NewSignedData(eci)`
	`22`	`+ sd, err := protocol.NewSignedData(eci)`
`23`	`23`	`if err != nil {`
`24`	`24`	`return nil, err`
`25`	`25`	`}`
`26`	`26`
`27`		`- return &SignedData{psd}, nil`
	`27`	`+ return &SignedData{sd}, nil`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`// ParseSignedData parses a SignedData from BER encoded data.`
`@@ -34,32 +34,32 @@ func ParseSignedData(ber []byte) (*SignedData, error) {`
`34`	`34`	`return nil, err`
`35`	`35`	`}`
`36`	`36`
`37`		`- psd, err := ci.SignedDataContent()`
	`37`	`+ sd, err := ci.SignedDataContent()`
`38`	`38`	`if err != nil {`
`39`	`39`	`return nil, err`
`40`	`40`	`}`
`41`	`41`
`42`		`- return &SignedData{psd}, nil`
	`42`	`+ return &SignedData{sd}, nil`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`// GetData gets the encapsulated data from the SignedData. Nil will be returned`
`46`	`46`	`// if this is a detached signature. A protocol.ErrWrongType will be returned if`
`47`	`47`	`// the SignedData encapsulates something other than data (1.2.840.113549.1.7.1).`
`48`	`48`	`func (sd *SignedData) GetData() ([]byte, error) {`
`49`		`- return sd.psd.EncapContentInfo.DataEContent()`
	`49`	`+ return sd.EncapContentInfo.DataEContent()`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`// GetCertificates gets all the certificates stored in the SignedData.`
`53`	`53`	`func (sd SignedData) GetCertificates() ([]x509.Certificate, error) {`
`54`		`- return sd.psd.X509Certificates()`
	`54`	`+ return sd.X509Certificates()`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`// SetCertificates replaces the certificates stored in the SignedData with new`
`58`	`58`	`// ones.`
`59`	`59`	`func (sd SignedData) SetCertificates(certs []x509.Certificate) error {`
`60`		`- sd.psd.ClearCertificates()`
	`60`	`+ sd.ClearCertificates()`
`61`	`61`	`for _, cert := range certs {`
`62`		`- if err := sd.psd.AddCertificate(cert); err != nil {`
	`62`	`+ if err := sd.AddCertificate(cert); err != nil {`
`63`	`63`	`return err`
`64`	`64`	`}`
`65`	`65`	`}`
`@@ -69,15 +69,15 @@ func (sd SignedData) SetCertificates(certs []x509.Certificate) error {`
`69`	`69`	`// Detached removes the data content from this SignedData. No more signatures`
`70`	`70`	`// can be added after this method has been called.`
`71`	`71`	`func (sd *SignedData) Detached() {`
`72`		`- sd.psd.EncapContentInfo.EContent = asn1.RawValue{}`
	`72`	`+ sd.EncapContentInfo.EContent = asn1.RawValue{}`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`// IsDetached checks if this SignedData has data content.`
`76`	`76`	`func (sd *SignedData) IsDetached() bool {`
`77`		`- return sd.psd.EncapContentInfo.EContent.Bytes == nil`
	`77`	`+ return sd.EncapContentInfo.EContent.Bytes == nil`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`// ToDER encodes this SignedData message using DER.`
`81`	`81`	`func (sd *SignedData) ToDER() ([]byte, error) {`
`82`		`- return sd.psd.ContentInfoDER()`
	`82`	`+ return sd.ContentInfoDER()`
`83`	`83`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,20 +16,20 @@ import (`
`16`	`16`	`// in old messages signed with revoked keys.`
`17`	`17`	`func (sd *SignedData) AddTimestamps(url string) error {`
`18`	`18`	`var (`
`19`		`- attrs = make([]protocol.Attribute, len(sd.psd.SignerInfos))`
	`19`	`+ attrs = make([]protocol.Attribute, len(sd.SignerInfos))`
`20`	`20`	`err error`
`21`	`21`	`)`
`22`	`22`
`23`	`23`	`// Fetch all timestamp tokens before adding any to sd. This avoids a partial`
`24`	`24`	`// failure.`
`25`	`25`	`for i := range attrs {`
`26`		`- if attrs[i], err = fetchTS(url, sd.psd.SignerInfos[i]); err != nil {`
	`26`	`+ if attrs[i], err = fetchTS(url, sd.SignerInfos[i]); err != nil {`
`27`	`27`	`return err`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`for i := range attrs {`
`32`		`- sd.psd.SignerInfos[i].UnsignedAttrs = append(sd.psd.SignerInfos[i].UnsignedAttrs, attrs[i])`
	`32`	`+ sd.SignerInfos[i].UnsignedAttrs = append(sd.SignerInfos[i].UnsignedAttrs, attrs[i])`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`return nil`
`@@ -88,7 +88,7 @@ func getTimestamp(si protocol.SignerInfo, opts x509.VerifyOptions) (timestamp.In`
`88`	`88`	`return timestamp.Info{}, err`
`89`	`89`	`}`
`90`	`90`
`91`		`- tsti, err := timestamp.ParseInfo(tst.psd.EncapContentInfo)`
	`91`	`+ tsti, err := timestamp.ParseInfo(tst.EncapContentInfo)`
`92`	`92`	`if err != nil {`
`93`	`93`	`return timestamp.Info{}, err`
`94`	`94`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ func ExampleSignedData() {`
`36`	`36`
`37`	`37`	`func verifyOptionsForSignedData(sd *SignedData) (opts x509.VerifyOptions) {`
`38`	`38`	`// add self-signed cert as trusted root`
`39`		`- certs, err := sd.psd.X509Certificates()`
	`39`	`+ certs, err := sd.X509Certificates()`
`40`	`40`	`if err != nil {`
`41`	`41`	`panic(err)`
`42`	`42`	`}`
`@@ -46,7 +46,7 @@ func verifyOptionsForSignedData(sd *SignedData) (opts x509.VerifyOptions) {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`// trust signing time`
`49`		`- signingTime, err := sd.psd.SignerInfos[0].GetSigningTimeAttribute()`
	`49`	`+ signingTime, err := sd.SignerInfos[0].GetSigningTimeAttribute()`
`50`	`50`	`if err != nil {`
`51`	`51`	`panic(err)`
`52`	`52`	`}`