From a505ae391d8821dcb55fbd52871af3273f6101df Mon Sep 17 00:00:00 2001 From: Oleg Korshul Date: Fri, 16 Jun 2017 15:07:35 +0300 Subject: [PATCH] verify cert (openssl only) --- .../xmlsec/src/include/XmlCertificate.h | 2 ++ .../xmlsec/src/src/OOXMLVerifier.cpp | 8 +++++- .../xmlsec/src/src/XmlSigner_mscrypto.h | 5 ++++ .../xmlsec/src/src/XmlSigner_openssl.cpp | 27 +++++++++++++++++++ .../xmlsec/src/src/XmlSigner_openssl.h | 2 ++ 5 files changed, 43 insertions(+), 1 deletion(-) diff --git a/DesktopEditor/xmlsec/src/include/XmlCertificate.h b/DesktopEditor/xmlsec/src/include/XmlCertificate.h index 5093971320..cc332c71f8 100644 --- a/DesktopEditor/xmlsec/src/include/XmlCertificate.h +++ b/DesktopEditor/xmlsec/src/include/XmlCertificate.h @@ -12,6 +12,7 @@ #define OPEN_SSL_WARNING_ERR 1 #define OPEN_SSL_WARNING_ALL_OK 2 #define OPEN_SSL_WARNING_PASS 4 +#define OPEN_SSL_WARNING_NOVERIFY 8 class ICertificate; class Q_DECL_EXPORT ICertificateSelectDialogOpenSsl @@ -102,6 +103,7 @@ public: virtual std::string GetDate() = 0; virtual std::string GetId() = 0; + virtual int VerifySelf() = 0; public: virtual std::string Sign(const std::string& sXml) = 0; diff --git a/DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp b/DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp index 22a1ff4671..f6c6df0c9d 100644 --- a/DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp +++ b/DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp @@ -248,7 +248,13 @@ public: std::string sSignatureValue = U_TO_UTF8((m_node.ReadValueString(L"SignatureValue"))); if (!m_cert->Verify(sSignatureCalcValue, sSignatureValue, nSignatureMethod)) - m_valid = OOXML_SIGNATURE_INVALID; + m_valid = OOXML_SIGNATURE_INVALID; + else + { + int nCertVerify = m_cert->VerifySelf(); + if (OPEN_SSL_WARNING_NOVERIFY == nCertVerify) + m_valid = OOXML_SIGNATURE_INVALID; + } } XmlUtils::CXmlNode GetObjectById(std::string sId) diff --git a/DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h b/DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h index 93b48ca606..b4f5ce8c19 100644 --- a/DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h +++ b/DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h @@ -131,6 +131,11 @@ public: return GetNumber(); } + virtual int VerifySelf() + { + return OPEN_SSL_WARNING_OK; + } + public: virtual std::string Sign(const std::string& sXml) { diff --git a/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp b/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp index 1ed5382bbc..1ce6b0938a 100644 --- a/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp +++ b/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp @@ -328,6 +328,7 @@ public: RELEASEARRAYOBJECTS(pData); return (NULL == m_cert) ? false : true; } + return false; } @@ -424,6 +425,27 @@ public: m_pDialog = pDialog; } + int VerifySelf() + { + if (NULL == m_cert) + return OPEN_SSL_WARNING_NOVERIFY; + + X509_STORE_CTX* ctx = X509_STORE_CTX_new(); + X509_STORE* store = X509_STORE_new(); + + X509_STORE_add_cert(store, m_cert); + X509_STORE_CTX_init(ctx, store, m_cert, NULL); + + int status = X509_verify_cert(ctx); + int nErr = X509_STORE_CTX_get_error(ctx); + std::string sErr(X509_verify_cert_error_string(nErr)); + + X509_STORE_free(store); + X509_STORE_CTX_free(ctx); + + return (1 == status) ? OPEN_SSL_WARNING_OK : OPEN_SSL_WARNING_NOVERIFY; + } + protected: tm ASN1_GetTimeT(ASN1_TIME* time) { @@ -716,6 +738,11 @@ std::string CCertificate_openssl::GetId() return m_internal->GetId(); } +int CCertificate_openssl::VerifySelf() +{ + return m_internal->VerifySelf(); +} + std::string CCertificate_openssl::Sign(const std::string& sXml) { return m_internal->Sign(sXml); diff --git a/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h b/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h index 4fcda0a6e2..8b88ece583 100644 --- a/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h +++ b/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h @@ -26,6 +26,8 @@ public: virtual std::string GetId(); + virtual int VerifySelf(); + public: virtual std::string Sign(const std::string& sXml);