/// Check if signing certificate was issued by trusted party.
/// @throws SignatureException on a problem with signing certificate
void digidoc::SignatureBES::checkSigningCertificate() const throw(SignatureException)
{
try
{
X509Cert signingCert = getSigningCertificate();
std::vector<digidoc::X509Cert::KeyUsage> usage = signingCert.getKeyUsage();
if( find( usage.begin(), usage.end(), digidoc::X509Cert::NonRepudiation ) == usage.end() )
THROW_SIGNATUREEXCEPTION("Signing certificate does not contain NonRepudiation key usage flag %s", signingCert.getSubject().c_str());
if( signingCert.verify() <= 0 )
THROW_SIGNATUREEXCEPTION("Unable to verify signing certificate %s", signingCert.getSubject().c_str());
}
catch( const IOException &e )
{
THROW_SIGNATUREEXCEPTION_CAUSE( e, "Unable to verify signing certificate" );
}
}
/// Check if signing certificate was issued by trusted party.
/// @throws SignatureException on a problem with signing certificate
void digidoc::SignatureBES::checkSigningCertificate() const throw(SignatureException)
{
X509Cert signingCert = getSigningCertificate();
bool valid = false;
try
{
valid = signingCert.verify();
}
catch( const IOException &e )
{
THROW_SIGNATUREEXCEPTION_CAUSE( e, "Unable to verify signing certificate" );
}
if(!valid)
{
THROW_SIGNATUREEXCEPTION("Unable to verify signing certificate %s", signingCert.getSubject().c_str());
}
}
void bdoc::Signature::checkSigningCertificate(bdoc::X509CertStore *store) const
{
X509Cert signingCert = getSigningCertificate();
if (store == NULL) {
THROW_STACK_EXCEPTION(
"Unable to verify signing certificate %s",
signingCert.getSubject().c_str());
}
X509_STORE *st = NULL;
st = store->getCertStore();
int res = signingCert.verify(st);
X509_STORE_free(st);
st = NULL;
if (!res) {
THROW_STACK_EXCEPTION(
"Unable to verify signing certificate %s",
signingCert.getSubject().c_str());
}
}