void bdoc::Signature::checkSigningCertificate(bdoc::X509CertStore *store) const
{
X509Cert signingCert = getSigningCertificate();
if (store == NULL) {
THROW_STACK_EXCEPTION(
"Unable to verify signing certificate %s",
signingCert.getSubject().c_str());
}
X509_STORE *st = NULL;
st = store->getCertStore();
int res = signingCert.verify(st);
X509_STORE_free(st);
st = NULL;
if (!res) {
THROW_STACK_EXCEPTION(
"Unable to verify signing certificate %s",
signingCert.getSubject().c_str());
}
}
/// Check if signing certificate was issued by trusted party.
/// @throws SignatureException on a problem with signing certificate
void digidoc::SignatureBES::checkSigningCertificate() const throw(SignatureException)
{
try
{
X509Cert signingCert = getSigningCertificate();
std::vector<digidoc::X509Cert::KeyUsage> usage = signingCert.getKeyUsage();
if( find( usage.begin(), usage.end(), digidoc::X509Cert::NonRepudiation ) == usage.end() )
THROW_SIGNATUREEXCEPTION("Signing certificate does not contain NonRepudiation key usage flag %s", signingCert.getSubject().c_str());
if( signingCert.verify() <= 0 )
THROW_SIGNATUREEXCEPTION("Unable to verify signing certificate %s", signingCert.getSubject().c_str());
}
catch( const IOException &e )
{
THROW_SIGNATUREEXCEPTION_CAUSE( e, "Unable to verify signing certificate" );
}
}
/// Check if signing certificate was issued by trusted party.
/// @throws SignatureException on a problem with signing certificate
void digidoc::SignatureBES::checkSigningCertificate() const throw(SignatureException)
{
X509Cert signingCert = getSigningCertificate();
bool valid = false;
try
{
valid = signingCert.verify();
}
catch( const IOException &e )
{
THROW_SIGNATUREEXCEPTION_CAUSE( e, "Unable to verify signing certificate" );
}
if(!valid)
{
THROW_SIGNATUREEXCEPTION("Unable to verify signing certificate %s", signingCert.getSubject().c_str());
}
}
/**
* Add certificate under CertificateValues element
* @param certId id attribute of EncapsulatedX509Certificate
* @param x509 value of EncapsulatedX509Certificate
*/
void digidoc::SignatureTM::addCertificateValue(const std::string& certId, const X509Cert& x509)
{
DEBUG("digidoc::SignatureTM::setCertificateValue(%s, X509Cert{%ld,%s})", certId.c_str(), x509.getSerial(), x509.getSubject().c_str());
//CertificateValues
std::vector<unsigned char> certBytes = x509.encodeDER();
xades::CertificateValuesType::EncapsulatedX509CertificateType certData(
xml_schema::Base64Binary(&certBytes[0], certBytes.size()));
certData.id(xml_schema::Id(certId.c_str()));
unsignedSignatureProperties()->certificateValues()[0].encapsulatedX509Certificate().push_back(certData);
}
