Exemple #1
0
bool XmlSignature::addCertificateInfo(const X509Cert &cert)
{
    try
    {
        if (_signed)
        {
            DSIGKeyInfoX509 * keyInfoX509 = _signature->appendX509Data();

            XercesString base64Certificate{ cert.base64Encoded() };
            XercesString issuer{ cert.issuer() };
            XercesString serial{ cert.serial() };

            keyInfoX509->appendX509Certificate(base64Certificate);
            keyInfoX509->setX509IssuerSerial(issuer, serial);
        }
        else
        {
            _error = "addCertificateInfo() called prior to sign() method";

            return false;
        }
    }
    catch (XSECException &ex)
    {
        rethrowWithMessage(ex, "Failed to append certificate info");
    }

    return true;
}
Exemple #2
0
/**
 * Adds signing certificate to the signature XML. The DER encoded X.509 certificate is added to
 * Signature->KeyInfo->X509Data->X509Certificate. Certificate info is also added to
 * Signature->Object->QualifyingProperties->SignedProperties->SignedSignatureProperties->SigningCertificate.
 *
 * @param cert certificate that is used for signing the signature XML.
 */
void SignatureBES::setSigningCertificate(const X509Cert& x509)
{
    DEBUG("SignatureBES::setSigningCertificate()");
    // Estoniand ID-Card specific hack for older cards, they support only max SHA224
    string method = Conf::instance()->digestUri();
    X509Crypto key(x509);
    if(!key.rsaModulus().empty())
    {
        if(method != URI_SHA1 && method != URI_SHA224)
        {
            vector<string> pol = x509.certificatePolicies();
            for(vector<string>::const_iterator i = pol.begin(); i != pol.end(); ++i)
            {
                if((i->compare(0, 22, "1.3.6.1.4.1.10015.1.1.") == 0 ||
                    i->compare(0, 22, "1.3.6.1.4.1.10015.3.1.") == 0) &&
                    key.rsaModulus().size() <= 128)
                {
                     method = URI_SHA224;
                     break;
                }
            }
        }
        signature->signedInfo().signatureMethod(Uri(Digest::toRsaUri(method)));
    }
    else
        signature->signedInfo().signatureMethod(Uri(Digest::toEcUri(method)));

    // Signature->KeyInfo->X509Data->X509Certificate
    // BASE64 encoding of a DER-encoded X.509 certificate = PEM encoded.
    X509DataType x509Data;
    x509Data.x509Certificate().push_back(toBase64(x509));

    KeyInfoType keyInfo;
    keyInfo.x509Data().push_back(x509Data);
    signature->keyInfo(keyInfo);

    // Signature->Object->QualifyingProperties->SignedProperties->SignedSignatureProperties->SigningCertificate
    // Calculate digest of the X.509 certificate.
    auto_ptr<Digest> digest(new Digest());
    digest->update(x509);
    CertIDListType signingCertificate;
    signingCertificate.cert().push_back(CertIDType(
        DigestAlgAndValueType(DigestMethodType(digest->uri()), toBase64(digest->digest())),
        X509IssuerSerialType(x509.issuerName(), x509.serial())));

    getSignedSignatureProperties().signingCertificate(signingCertificate);
}
Exemple #3
0
/**
 * Adds signing certificate to the signature XML. The DER encoded X.509 certificate is added to
 * Signature->KeyInfo->X509Data->X509Certificate. Certificate info is also added to
 * Signature->Object->QualifyingProperties->SignedProperties->SignedSignatureProperties->SigningCertificate.
 *
 * @param cert certificate that is used for signing the signature XML.
 */
void SignatureBES::setSigningCertificate(const X509Cert& x509)
{
    DEBUG("SignatureBES::setSigningCertificate()");
    // Signature->KeyInfo->X509Data->X509Certificate
    // BASE64 encoding of a DER-encoded X.509 certificate = PEM encoded.
    X509DataType x509Data;
    x509Data.x509Certificate().push_back(toBase64(x509));

    KeyInfoType keyInfo;
    keyInfo.x509Data().push_back(x509Data);
    signature->keyInfo(keyInfo);

    // Signature->Object->QualifyingProperties->SignedProperties->SignedSignatureProperties->SigningCertificate
    // Calculate digest of the X.509 certificate.
    Digest digest;
    digest.update(x509);
    CertIDListType signingCertificate;
    signingCertificate.cert().push_back(CertIDType(
        DigestAlgAndValueType(DigestMethodType(digest.uri()), toBase64(digest.result())),
        X509IssuerSerialType(x509.issuerName(), x509.serial())));

    getSignedSignatureProperties().signingCertificate(signingCertificate);
}