API tools faq
paste
Advertisement
anivaros

Проверка ЭЦП и УЭЦП

anivaros
Jun 9th, 2012
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Objective C 10.73 KB | None | 0 0
raw download clone embed print report
  1. - (DWORD) verifyEnhancedDetachedSignature:(const char *)signatureFilename ofInputFile:(const char *)inFilename {
  2.     printf("\nRunning function: verifyEnhancedDetachedSignature\n");
  3.     memset(&verficationPara, 0, sizeof(CADES_VERIFICATION_PARA));
  4.    
  5.     if (!inFilename || !signatureFilename) {
  6.         return [self handleError:"No input file was specified" errorCode:ERROR_NO_INPUT_FILE];
  7.     }
  8.    
  9.    
  10.     tbs = fopen (inFilename, "rb");
  11.     if (!tbs) {
  12.         return [self handleError:"Cannot open message file" errorCode:ERROR_CANT_OPEN_MESSAGE_FILE];
  13.     }
  14.    
  15.     signature = fopen (signatureFilename, "rb");
  16.     if (!signature) {
  17.         return [self handleError:"Cannot open signature file" errorCode:ERROR_CANT_OPEN_SIGNATURE_FILE];
  18.     }
  19.    
  20.     tbs_len = 0;
  21.     while (!feof(tbs)) {
  22.         int r = 0;
  23.         BYTE tmp[1024];
  24.         r = fread (tmp, 1, 1024, tbs);
  25.         tbs_mem = (BYTE *)realloc(tbs_mem, tbs_len+r);
  26.         memcpy (&tbs_mem[tbs_len], tmp, r);
  27.         tbs_len += r;
  28.     }
  29.     fclose (tbs);
  30.     tbs = NULL;
  31.    
  32.    
  33.     if (signature) {
  34.         signature_len = 0;
  35.         while (!feof(signature)) {
  36.             int r = 0;
  37.             BYTE tmp[1024];
  38.             r = fread (tmp, 1, 1024, signature);
  39.             signature_mem = (BYTE *)realloc (signature_mem, signature_len+r);
  40.             memcpy (&signature_mem [signature_len], tmp, r);
  41.             signature_len += r;
  42.         }
  43.         fclose (signature);
  44.         signature = NULL;
  45.     }
  46.     DWORD dwSigners = CryptGetMessageSignerCount(TYPE_DER, signature_mem, signature_len);
  47.     printf("Count of signers: %d\n",dwSigners);
  48.    
  49.     //--------------------------------------------------------------------
  50.     // Open a message for decoding.
  51.     if (hMsg) CryptMsgClose(hMsg);
  52.     if (!(hMsg = CryptMsgOpenToDecode(
  53.                                 TYPE_DER,      // Encoding type.
  54.                                 CMSG_DETACHED_FLAG,                     // Flags.
  55.                                 0,                     // Use the default message type.
  56.                                 hCryptProv,            // Cryptographic provider.
  57.                                 NULL,                  // Recipient information.
  58.                                 NULL))){                 // Stream information.
  59.         return [self handleError:"CryptMsgOpenToDecode() failed" errorCode:0];
  60.     }
  61.     printf("The message to decode is open. \n");
  62.     //--------------------------------------------------------------------
  63.     // Update the message with an encoded blob.
  64.     // Both pbEncodedBlob, the encoded data,
  65.     // and cbEnclodeBlob, the length of the encoded data,
  66.     // must be available.
  67.    
  68.     if (!CryptMsgUpdate(
  69.                        hMsg,                 // Handle to the message
  70.                        signature_mem,        // Pointer to the encoded blob
  71.                        signature_len,        // Size of the encoded blob
  72.                        TRUE)){               // Last call)
  73.         return [self handleError:"CryptMsgUpdate() signature failed" errorCode:0];
  74.     }
  75.    
  76.     if (CryptMsgUpdate(
  77.                        hMsg,                 // Handle to the message
  78.                        tbs_mem,        // Pointer to the encoded blob
  79.                        tbs_len,        // Size of the encoded blob
  80.                        TRUE)){               // Last call)
  81.     }
  82.     printf("The encoded blob has been added to the message. \n");
  83.    
  84.     //--------------------------------------------------------------------
  85.     // Get the size of the content.
  86.  
  87.     if (!(ret = CryptMsgGetParam(
  88.                            hMsg,                  // Handle to the message
  89.                            CMSG_CONTENT_PARAM,    // Parameter type
  90.                            0,                     // Index
  91.                            NULL,                  // Address for returned info
  92.                            &cbDecoded))){           // Size of the returned info
  93.         return [self handleError:"CryptMsgGetParam() CMSG_CONTENT_PARAM failed" errorCode:0];
  94.     }
  95.     printf("The message parameter (CMSG_CONTENT_PARAM) has been acquired. Message size: %d\n", cbDecoded);
  96.    
  97.     //--------------------------------------------------------------------
  98.     // Allocate memory.
  99.    
  100.     pbDecoded = (BYTE *) malloc(cbDecoded);
  101.     if (!pbDecoded){
  102.         return [self handleError:"Decode memory allocation failed" errorCode:ERROR_MEMORY_ALLOCATION_FAILED];
  103.     }
  104.     //--------------------------------------------------------------------
  105.     // Get a pointer to the content.
  106.    
  107.     if (!(ret = CryptMsgGetParam(
  108.                            hMsg,                 // Handle to the message
  109.                            CMSG_CONTENT_PARAM,   // Parameter type
  110.                            0,                    // Index
  111.                            pbDecoded,            // Address for returned
  112.                            &cbDecoded))){          // Size of the returned
  113.         return [self handleError:"Decode CMSG_CONTENT_PARAM #2 failed" errorCode:0];
  114.     }
  115.     printf("The message param (CMSG_CONTENT_PARAM) updated. Length is %lu.\n",(unsigned long)cbDecoded);
  116.     //--------------------------------------------------------------------
  117.     // Verify the signature.
  118.     // First, get the signer CERT_INFO from the message.
  119.    
  120.     //--------------------------------------------------------------------
  121.     // Get the size of memory required.
  122.    
  123.     if (!pUserCert) {
  124.         if (!(ret = CryptMsgGetParam(
  125.                                hMsg,                         // Handle to the message
  126.                                CMSG_SIGNER_CERT_INFO_PARAM,  // Parameter type
  127.                                0,                            // Index
  128.                                NULL,                        // Address for returned
  129.                                &cbSignerCertInfo))){          // Size of the returned
  130.             return [self handleError:"No user certificate found in message." errorCode:0];
  131.         }
  132.         printf("Try to get user cert. OK. Length %d.\n",cbSignerCertInfo);
  133.     }
  134.    
  135.     if (pUserCert) {
  136.         hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, TYPE_DER, 0, CERT_STORE_CREATE_NEW_FLAG,NULL);
  137.         if (!hCertStore){
  138.             return [self handleError:"Cannot create temporary store in memory." errorCode:0];
  139.         }
  140.         if (pUserCert) {
  141.             ret = CertAddCertificateContextToStore(hCertStore, pUserCert, CERT_STORE_ADD_ALWAYS, NULL);
  142.             pSignerCertInfo = pUserCert->pCertInfo;
  143.         }
  144.         else
  145.             ret = 0;
  146.         if (!ret){
  147.             return [self handleError:"Cannot add user certificate to store." errorCode:0];
  148.         }
  149.     }
  150.    
  151.     //--------------------------------------------------------------------
  152.     // Allocate memory.
  153.    
  154.     if (!pUserCert) {
  155.         pSignerCertInfo = (PCERT_INFO) malloc(cbSignerCertInfo);
  156.         if (!pSignerCertInfo){
  157.             return [self handleError:"Verify memory allocation failed" errorCode:ERROR_MEMORY_ALLOCATION_FAILED];
  158.         }
  159.     }
  160.    
  161.     //--------------------------------------------------------------------
  162.     // Get the message certificate information (CERT_INFO
  163.     // structure).
  164.    
  165.     if (! pUserCert) {
  166.         if (!(ret = CryptMsgGetParam(
  167.                                hMsg,                         // Handle to the message
  168.                                CMSG_SIGNER_CERT_INFO_PARAM,  // Parameter type
  169.                                0,                            // Index
  170.                                pSignerCertInfo,              // Address for returned
  171.                                      &cbSignerCertInfo))){           // Size of the returned
  172.             return [self handleError:"Verify SIGNER_CERT_INFO #2 failed" errorCode:0];
  173.         }
  174.         printf("The signer info has been returned. \n");
  175.     }
  176.     //--------------------------------------------------------------------
  177.     // Open a certificate store in memory using CERT_STORE_PROV_MSG,
  178.     // which initializes it with the certificates from the message.
  179.    
  180.     if (! hCertStore) {
  181.         hCertStore = CertOpenStore(
  182.                                      CERT_STORE_PROV_MSG,        // Store provider type
  183.                                      TYPE_DER,          // Encoding type
  184.                                      hCryptProv,                 // Cryptographic provider
  185.                                      0,                          // Flags
  186.                                      hMsg);                      // Handle to the message
  187.         if (hCertStore)
  188.             printf("The message certificate store be used for verifying\n");
  189.     }
  190.    
  191.     if (! hCertStore) {
  192.         return [self handleError:"Cannot open certificate store form message\n" errorCode:0];
  193.     }
  194.     //--------------------------------------------------------------------
  195.     // Find the signer's certificate in the store.
  196.    
  197.     if((pSignerCertContext = CertGetSubjectCertificateFromStore(
  198.                                                                hCertStore,       // Handle to store
  199.                                                                TYPE_DER,   // Encoding type
  200.                                                                 pSignerCertInfo))){   // Pointer to retrieved CERT_CONTEXT{
  201.         DWORD errCode = 0;
  202.         DWORD err;
  203.         printf("A signer certificate has been retrieved. \n");
  204.         err=VerifyCertificate(pSignerCertContext,&errCode);
  205.         if (err){
  206.             printf("Subject cert verification failed: err=%x\n",err);
  207.             return [self handleError:"Subject cert verification failed" errorCode:err];
  208.         }
  209.         if (errCode){
  210.             printf("Subject cert BAD: errCode=%x\n",errCode);
  211.             return [self handleError:"Subject cert BAD" errorCode:errCode];
  212.         }
  213.     } else {
  214.         return [self handleError:"Verify GetSubjectCert failed" errorCode:0];
  215.     }
  216.     //--------------------------------------------------------------------
  217.     // Use the CERT_INFO from the signer certificate to verify
  218.     // the signature.
  219.  
  220.     for( DWORD i = 0; i < dwSigners; i++) {
  221.         verficationPara.dwCadesType = CADES_X_LONG_TYPE_1;
  222.         pInfo = NULL;
  223.         if (!CadesMsgVerifySignature(hMsg, i, &verficationPara, &pInfo)) {
  224.             [self handleError:"CadesMsgVerifySignature() (enhanced) failed" errorCode:0];
  225.         }
  226.         if (pInfo->dwStatus == CADES_VERIFY_SUCCESS) {
  227.             printf("Enhanced Signature №%d was VERIFIED.\n",i);
  228.             ret = 0;
  229.         } else {
  230.             printf("The enhansed signature was NOT VEIFIED.\n");
  231.             printf("Status: %x.\n", pInfo->dwStatus);
  232.             CSP_BOOL bResult = false;
  233.             if (!CadesMsgIsType(hMsg, i, CADES_BES, &bResult)) {
  234.                 return [self handleError:"CadesMsgIsType() failed" errorCode:0];
  235.             }
  236.             if (bResult == false) {
  237.                 return [self handleError:"Message is not Cades-BES message" errorCode:0];
  238.             }
  239.             verficationPara.dwCadesType = CADES_BES;
  240.  
  241.             pInfo = NULL;
  242.             if (!CadesMsgVerifySignature(hMsg, i, &verficationPara, &pInfo)){
  243.                 [self handleError:"CadesMsgVerifySignature() failed" errorCode:0];
  244.             }
  245.             if (pInfo->dwStatus == CADES_VERIFY_SUCCESS || pInfo->dwStatus == CADES_VERIFY_NO_VALID_SIGNATURE_TIMESTAMP || pInfo->dwStatus ==  CADES_VERIFY_NO_VALID_CADES_C_TIMESTAMP) {
  246.                 printf("Signature №%d was VERIFIED.\n",i);
  247.                 printf("Status: %x.\n", pInfo->dwStatus);
  248.                 ret = 0x80070490L;
  249.             } else {
  250.                 printf("Signature №%d was NOT VEIFIED.\n",i);
  251.                 printf("Status: %x.\n", pInfo->dwStatus);
  252.                 return [self handleError:"The signature was NOT VEIFIED.\n" errorCode:0];
  253.             }
  254.            
  255.         }
  256.     }
  257.     printf("All signatures was VEIFIED.\n");
  258.     return ret;
  259. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!