verify cert (openssl only)

DesktopEditor/xmlsec/src/include/XmlCertificate.h

@@ -12,6 +12,7 @@
 #define OPEN_SSL_WARNING_ERR        1
 #define OPEN_SSL_WARNING_ALL_OK     2
 #define OPEN_SSL_WARNING_PASS       4
+#define OPEN_SSL_WARNING_NOVERIFY   8
 
 class ICertificate;
 class Q_DECL_EXPORT ICertificateSelectDialogOpenSsl
@@ -102,6 +103,7 @@ public:
 
     virtual std::string GetDate()               = 0;
     virtual std::string GetId()                 = 0;
+    virtual int VerifySelf()                    = 0;
 
 public:
     virtual std::string Sign(const std::string& sXml)                                   = 0;

DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp

@@ -248,7 +248,13 @@ public:
         std::string sSignatureValue = U_TO_UTF8((m_node.ReadValueString(L"SignatureValue")));
 
         if (!m_cert->Verify(sSignatureCalcValue, sSignatureValue, nSignatureMethod))
-            m_valid = OOXML_SIGNATURE_INVALID;                
+            m_valid = OOXML_SIGNATURE_INVALID;
+        else
+        {
+            int nCertVerify = m_cert->VerifySelf();
+            if (OPEN_SSL_WARNING_NOVERIFY == nCertVerify)
+                m_valid = OOXML_SIGNATURE_INVALID;
+        }
     }
 
     XmlUtils::CXmlNode GetObjectById(std::string sId)

DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h

@@ -131,6 +131,11 @@ public:
         return GetNumber();
     }
 
+    virtual int VerifySelf()
+    {
+        return OPEN_SSL_WARNING_OK;
+    }
+
 public:
     virtual std::string Sign(const std::string& sXml)
     {

DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp

@@ -328,6 +328,7 @@ public:
             RELEASEARRAYOBJECTS(pData);
             return (NULL == m_cert) ? false : true;
         }
+
         return false;
     }
 
@@ -424,6 +425,27 @@ public:
         m_pDialog = pDialog;
     }
 
+    int VerifySelf()
+    {
+        if (NULL == m_cert)
+            return OPEN_SSL_WARNING_NOVERIFY;
+
+        X509_STORE_CTX* ctx = X509_STORE_CTX_new();
+        X509_STORE* store = X509_STORE_new();
+
+        X509_STORE_add_cert(store, m_cert);
+        X509_STORE_CTX_init(ctx, store, m_cert, NULL);
+
+        int status = X509_verify_cert(ctx);
+        int nErr = X509_STORE_CTX_get_error(ctx);
+        std::string sErr(X509_verify_cert_error_string(nErr));
+
+        X509_STORE_free(store);
+        X509_STORE_CTX_free(ctx);
+
+        return (1 == status) ? OPEN_SSL_WARNING_OK : OPEN_SSL_WARNING_NOVERIFY;
+    }
+
 protected:
     tm ASN1_GetTimeT(ASN1_TIME* time)
     {
@@ -716,6 +738,11 @@ std::string CCertificate_openssl::GetId()
     return m_internal->GetId();
 }
 
+int CCertificate_openssl::VerifySelf()
+{
+    return m_internal->VerifySelf();
+}
+
 std::string CCertificate_openssl::Sign(const std::string& sXml)
 {
     return m_internal->Sign(sXml);

DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h

@@ -26,6 +26,8 @@ public:
 
     virtual std::string GetId();
 
+    virtual int VerifySelf();
+
 public:
     virtual std::string Sign(const std::string& sXml);