verify cert (openssl only)

a505ae39 · Oleg Korshul · c3898019 · a505ae39 · a505ae39 · a505ae39
Commit a505ae39 authored Jun 16, 2017 by Oleg Korshul
5 changed files
--- a/DesktopEditor/xmlsec/src/include/XmlCertificate.h
+++ b/DesktopEditor/xmlsec/src/include/XmlCertificate.h
@@ -12,6 +12,7 @@
 #define OPEN_SSL_WARNING_ERR        1
 #define OPEN_SSL_WARNING_ALL_OK     2
 #define OPEN_SSL_WARNING_PASS       4
+#define OPEN_SSL_WARNING_NOVERIFY   8

 class ICertificate;
 class Q_DECL_EXPORT ICertificateSelectDialogOpenSsl
@@ -102,6 +103,7 @@ public:

    virtual std::string GetDate()               = 0;
    virtual std::string GetId()                 = 0;
+    virtual int VerifySelf()                    = 0;

 public:
    virtual std::string Sign(const std::string& sXml)                                   = 0;

--- a/DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp
+++ b/DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp
@@ -248,7 +248,13 @@ public:
        std::string sSignatureValue = U_TO_UTF8((m_node.ReadValueString(L"SignatureValue")));

        if (!m_cert->Verify(sSignatureCalcValue, sSignatureValue, nSignatureMethod))
-            m_valid = OOXML_SIGNATURE_INVALID;                
+            m_valid = OOXML_SIGNATURE_INVALID;
+        else
+        {
+            int nCertVerify = m_cert->VerifySelf();
+            if (OPEN_SSL_WARNING_NOVERIFY == nCertVerify)
+                m_valid = OOXML_SIGNATURE_INVALID;
+        }
    }

    XmlUtils::CXmlNode GetObjectById(std::string sId)

--- a/DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h
+++ b/DesktopEditor/xmlsec/src/src/XmlSigner_mscrypto.h
@@ -131,6 +131,11 @@ public:
        return GetNumber();
    }

+    virtual int VerifySelf()
+    {
+        return OPEN_SSL_WARNING_OK;
+    }
+
 public:
    virtual std::string Sign(const std::string& sXml)
    {

--- a/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp
+++ b/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.cpp
@@ -328,6 +328,7 @@ public:
            RELEASEARRAYOBJECTS(pData);
            return (NULL == m_cert) ? false : true;
        }
+
        return false;
    }

@@ -424,6 +425,27 @@ public:
        m_pDialog = pDialog;
    }

+    int VerifySelf()
+    {
+        if (NULL == m_cert)
+            return OPEN_SSL_WARNING_NOVERIFY;
+
+        X509_STORE_CTX* ctx = X509_STORE_CTX_new();
+        X509_STORE* store = X509_STORE_new();
+
+        X509_STORE_add_cert(store, m_cert);
+        X509_STORE_CTX_init(ctx, store, m_cert, NULL);
+
+        int status = X509_verify_cert(ctx);
+        int nErr = X509_STORE_CTX_get_error(ctx);
+        std::string sErr(X509_verify_cert_error_string(nErr));
+
+        X509_STORE_free(store);
+        X509_STORE_CTX_free(ctx);
+
+        return (1 == status) ? OPEN_SSL_WARNING_OK : OPEN_SSL_WARNING_NOVERIFY;
+    }
+
 protected:
    tm ASN1_GetTimeT(ASN1_TIME* time)
    {
@@ -716,6 +738,11 @@ std::string CCertificate_openssl::GetId()
    return m_internal->GetId();
 }

+int CCertificate_openssl::VerifySelf()
+{
+    return m_internal->VerifySelf();
+}
+
 std::string CCertificate_openssl::Sign(const std::string& sXml)
 {
    return m_internal->Sign(sXml);

--- a/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h
+++ b/DesktopEditor/xmlsec/src/src/XmlSigner_openssl.h
@@ -26,6 +26,8 @@ public:

    virtual std::string GetId();

+    virtual int VerifySelf();
+
 public:
    virtual std::string Sign(const std::string& sXml);