try ETSI.CAdES.detached

2026-02-10 18:05:41 +08:00 · 2023-07-28 17:54:45 +03:00
parent 13367a03fe
commit 26cea78ada
4 changed files with 94 additions and 4 deletions
--- a/DesktopEditor/xmlsec/src/src/Certificate_openssl.h
+++ b/DesktopEditor/xmlsec/src/src/Certificate_openssl.h
@ -131,6 +131,64 @@ public:
 		}
 	}

+	bool Generate2(const std::string& key_alg)
+	{
+		EVP_PKEY* pubkeyEd25519=EVP_PKEY_new();
+		EVP_PKEY* privkeyEd25519=EVP_PKEY_new();
+
+		unsigned char sPublicK[32] = {1,1,1,1,1,1,1,1,1,1,
+										1,1,1,1,1,1,1,1,1,1,
+										1,1,1,1,1,1,1,1,1,1,
+										1,1};
+		unsigned char sPrivateK[32] = {2,1,1,1,1,1,1,1,1,1,
+										1,1,1,1,1,1,1,1,1,1,
+										1,1,1,1,1,1,1,1,1,1,
+										1,1};
+
+		pubkeyEd25519 = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, sPublicK, 32);
+		privkeyEd25519 = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, sPrivateK, 32);
+
+		if ((m_cert=X509_new()) == NULL)
+			return false;
+
+		X509_set_version(m_cert,2);
+		X509_gmtime_adj(X509_get_notBefore(m_cert),(long)0);
+		X509_gmtime_adj(X509_get_notAfter(m_cert), 31536000L);
+		X509_set_pubkey(m_cert,privkeyEd25519);
+
+		 X509_NAME *subjectName=X509_get_subject_name(m_cert);
+
+		X509_NAME_add_entry_by_txt(subjectName, "C",  MBSTRING_ASC,
+								(unsigned char *)"US", -1, -1, 0);
+		X509_NAME_add_entry_by_txt(subjectName, "O",  MBSTRING_ASC,
+								(unsigned char *)"Organization", -1, -1, 0);
+		X509_NAME_add_entry_by_txt(subjectName, "CN", MBSTRING_ASC,
+								(unsigned char *)"CNwho", -1, -1, 0);
+
+		X509_set_issuer_name(m_cert,subjectName);
+
+		EVP_PKEY *pkey = X509_get_pubkey(m_cert);
+
+		if (!X509_sign(m_cert,privkeyEd25519,EVP_md_null()))
+				return false;
+
+			int resultverifyx509 = X509_verify(m_cert, pkey);
+			std::string sErr = ERR_error_string(ERR_get_error(),NULL);
+
+			BIO* inputbio = BIO_new(BIO_s_mem());
+			BIO_write(inputbio, sPublicK, 322);
+			PKCS7* pkcs7 = PKCS7_sign(m_cert, privkeyEd25519, NULL, inputbio, PKCS7_DETACHED | PKCS7_BINARY);
+			BIO_free(inputbio);
+			sErr = ERR_error_string(ERR_get_error(), NULL);
+
+			EVP_PKEY_free(pubkeyEd25519);
+			EVP_PKEY_free(privkeyEd25519);
+			//EVP_PKEY_free(pkey);
+			X509_free(m_cert);
+
+			return true;
+	}
+
 	bool Generate(const std::string& key_alg, const std::map<std::wstring, std::wstring>& props = std::map<std::wstring, std::wstring>())
 	{
 		EVP_PKEY_CTX* pctx = nullptr;
@ -520,12 +578,33 @@ public:
 	virtual bool SignPKCS7(unsigned char* pData, unsigned int nSize,
 						   unsigned char*& pDataDst, unsigned int& nSizeDst)
 	{
+		if (m_alg == OOXML_HASH_ALG_ED25519)
+		{
+			EVP_PKEY_CTX* pkctx = nullptr;
+			EVP_MD_CTX* pCtx = EVP_MD_CTX_new();
+			EVP_DigestSignInit(pCtx, &pkctx, NULL, NULL, m_key);
+
+			size_t nSignatureLen = 0;
+			unsigned char* pSignature = NULL;
+			EVP_DigestSign(pCtx, NULL, &nSignatureLen, pData, (size_t)nSize);
+			pSignature = (unsigned char*)OPENSSL_zalloc(nSignatureLen);
+			size_t nSignatureLen2 = EVP_PKEY_size(m_key);
+			EVP_DigestSign(pCtx, pSignature, &nSignatureLen,  pData, (size_t)nSize);
+
+			pDataDst = pSignature;
+			nSizeDst = nSignatureLen;
+
+			return true;
+		}
 		BIO* inputbio = BIO_new(BIO_s_mem());
 		BIO_write(inputbio, pData, nSize);
 		PKCS7* pkcs7 = PKCS7_sign(m_cert, m_key, NULL, inputbio, PKCS7_DETACHED | PKCS7_BINARY);
 		BIO_free(inputbio);
 		if (!pkcs7)
+		{
+			std::string sErr(ERR_error_string(ERR_get_error(), NULL));
 			return false;
+		}

 		BIO* outputbio = BIO_new(BIO_s_mem());
 		i2d_PKCS7_bio(outputbio, pkcs7);
--- a/DesktopEditor/xmlsec/src/test/test.pro
+++ b/DesktopEditor/xmlsec/src/test/test.pro
@ -9,6 +9,7 @@ CONFIG   -= app_bundle
 CORE_ROOT_DIR = $$PWD/../../../..
 PWD_ROOT_DIR = $$PWD
 include($$CORE_ROOT_DIR/Common/base.pri)
+include($$CORE_ROOT_DIR/Common/3dParty/icu/icu.pri)

 ADD_DEPENDENCY(kernel, ooxmlsignature)

--- a/PdfFile/SrcWriter/EncryptDictionary.cpp
+++ b/PdfFile/SrcWriter/EncryptDictionary.cpp
@ -218,7 +218,8 @@ namespace PdfWriter

        Add("Type", "Sig");
        Add("Filter", "Adobe.PPKLite");
-        Add("SubFilter", "adbe.pkcs7.detached");
+		Add("SubFilter", "adbe.pkcs7.detached");
+		//Add("SubFilter", "ETSI.CAdES.detached");

        unsigned int unDigestLength = 15000;
        BYTE* pDigest = new BYTE[unDigestLength];
--- a/PdfFile/test/test.cpp
+++ b/PdfFile/test/test.cpp
@ -97,7 +97,16 @@ int main()
        std::string sCertificateFilePassword = "123456";
        std::string sPrivateFilePassword = "";

-        pCertificate = NSCertificate::FromFiles(wsPrivateKeyFile, sPrivateFilePassword, wsCertificateFile, sCertificateFilePassword);
+		//pCertificate = NSCertificate::FromFiles(wsPrivateKeyFile, sPrivateFilePassword, wsCertificateFile, sCertificateFilePassword);
+
+		std::map<std::wstring, std::wstring> properties;
+		properties.insert(std::make_pair(L"email", L"sign@onlyoffice.com"));
+		properties.insert(std::make_pair(L"phone", L"+00000000000"));
+		std::wstring sNameTest = L"NameTest";
+		std::wstring sValueTest = L"ValueTest";
+		properties.insert(std::make_pair(sNameTest, sValueTest));
+
+		pCertificate = NSCertificate::GenerateByAlg("ed25519", properties);
    }

    if (false)
@ -110,7 +119,7 @@ int main()
        return 0;
    }

-    if (true)
+	if (false)
    {
        double dPageDpiX, dPageDpiY, dWidth, dHeight;
        int i = 0;
@ -131,7 +140,7 @@ int main()
        return 0;
    }

-    if (false)
+	if (true)
    {
        pdfFile.CreatePdf(true);
        double dPageDpiX, dPageDpiY, dWidth, dHeight;