void bdoc::Signature::checkSigningCertificate(bdoc::X509CertStore *store) const
{
    X509Cert signingCert = getSigningCertificate();

    if (store == NULL) {
        THROW_STACK_EXCEPTION(
            "Unable to verify signing certificate %s",
            signingCert.getSubject().c_str());
    }
    X509_STORE *st = NULL;
    st = store->getCertStore();

    int res = signingCert.verify(st);

    X509_STORE_free(st);
    st = NULL;

    if (!res) {
        THROW_STACK_EXCEPTION(
            "Unable to verify signing certificate %s",
            signingCert.getSubject().c_str());
    }

}
/// Check if signing certificate was issued by trusted party.
/// @throws SignatureException on a problem with signing certificate
void digidoc::SignatureBES::checkSigningCertificate() const throw(SignatureException)
{
    try
    {
        X509Cert signingCert = getSigningCertificate();
        std::vector<digidoc::X509Cert::KeyUsage> usage = signingCert.getKeyUsage();
        if( find( usage.begin(), usage.end(), digidoc::X509Cert::NonRepudiation ) == usage.end() )
            THROW_SIGNATUREEXCEPTION("Signing certificate does not contain NonRepudiation key usage flag %s", signingCert.getSubject().c_str());
        if( signingCert.verify() <= 0 )
            THROW_SIGNATUREEXCEPTION("Unable to verify signing certificate %s", signingCert.getSubject().c_str());
    }
    catch( const IOException &e )
    {
        THROW_SIGNATUREEXCEPTION_CAUSE( e, "Unable to verify signing certificate" );
    }
}
/// Check if signing certificate was issued by trusted party.
/// @throws SignatureException on a problem with signing certificate
void digidoc::SignatureBES::checkSigningCertificate() const throw(SignatureException)
{
    X509Cert signingCert = getSigningCertificate();

    bool valid = false;
    try
    {
        valid = signingCert.verify();
    }
    catch( const IOException &e )
    {
        THROW_SIGNATUREEXCEPTION_CAUSE( e, "Unable to verify signing certificate" );
    }
    if(!valid)
    {
        THROW_SIGNATUREEXCEPTION("Unable to verify signing certificate %s", signingCert.getSubject().c_str());
    }
}
Exemple #4
0
/**
 * Add certificate under CertificateValues element
 * @param certId id attribute of EncapsulatedX509Certificate
 * @param x509 value of EncapsulatedX509Certificate
 */
void digidoc::SignatureTM::addCertificateValue(const std::string& certId, const X509Cert& x509)
{
    DEBUG("digidoc::SignatureTM::setCertificateValue(%s, X509Cert{%ld,%s})", certId.c_str(), x509.getSerial(), x509.getSubject().c_str());
    //CertificateValues
    std::vector<unsigned char> certBytes = x509.encodeDER();
    xades::CertificateValuesType::EncapsulatedX509CertificateType certData(
        xml_schema::Base64Binary(&certBytes[0], certBytes.size()));
    certData.id(xml_schema::Id(certId.c_str()));
    unsignedSignatureProperties()->certificateValues()[0].encapsulatedX509Certificate().push_back(certData);
}