vladislav_larionov

Untitled

Oct 5th, 2022 (edited)
174
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 3.47 KB | None | 0 0
  1. #include "gincertificatemanager.h"
  2. #include "logmessagehelper.h"
  3.  
  4. #include <QDir>
  5. #include <QStandardPaths>
  6. #include <QTextStream>
  7. #include <QDebug>
  8. #include <QFile>
  9. #include <QDirIterator>
  10. #include <QJsonObject>
  11. #include <QJsonDocument>
  12.  
  13. #include <iomanip>
  14. #include <memory>
  15. #include <openssl/pkcs12.h>
  16. #include <openssl/err.h>
  17. #include <openssl/pem.h>
  18. #include <openssl/engine.h>
  19. #include <openssl/evp.h>
  20.  
  21. #include <openssl/x509.h>
  22. #include <openssl/x509_vfy.h>
  23.  
  24. #define CHECK(returnCode)      \
  25.     if (!(returnCode)) {       \
  26.         checkForError(); \
  27.     }
  28.  
  29. bool GinCertificateManager::checkForError() const {
  30.     unsigned long errorCode = ERR_get_error();
  31.     if (errorCode != 0) {
  32.         QString libraryError = QString::fromLatin1(ERR_lib_error_string(errorCode));
  33.         QString functionError = QString::fromLatin1(ERR_func_error_string(errorCode));
  34.         qDebug() << "libraryError: " << libraryError << ", functionError: " << functionError;
  35.         QString reason = QString::fromLatin1(ERR_reason_error_string(errorCode));
  36.         qDebug() << "reason: " << reason;
  37.         return true;
  38.     }
  39.     return false;
  40. }
  41.  
  42. bool GinCertificateManager::verifyAnswer(const QString& ginCertRaw, const QString& ginIssuerCertRaw, const QString& request, const QString& signature) {
  43.     qDebug() << "in verifyAnswer";
  44.     if (!setCerts(ginCertRaw, ginIssuerCertRaw)) {
  45.         return false;
  46.     }
  47.     X509 *ginCertificate = qStringCertToX509(this->ginCert);
  48.     if (ginCertificate == nullptr) {
  49.         return false;
  50.     }
  51.     X509 *issuerCertificate = qStringCertToX509(this->ginIssuerCert);
  52.     if (issuerCertificate == nullptr) {
  53.         return false;
  54.     }
  55.     X509* rootCertificate = getRootCert(ginCertificate);
  56.     if (rootCertificate == nullptr)
  57.         return false;
  58.     QByteArray sign = signature.split(".")[2].toUtf8();
  59.     QByteArray signDecodedBase = QByteArray::fromBase64(sign);
  60.  
  61.     QByteArray data = QString(request).remove(0, 1).toUtf8().toBase64();
  62.     qDebug() << "signDecodedBase";
  63.     verifySignature(ginCertificate, data, signDecodedBase);
  64.     verifySignature(issuerCertificate, data, signDecodedBase);
  65.     verifySignature(rootCertificate, data, signDecodedBase);
  66.     qDebug() << "sign";
  67.     verifySignature(ginCertificate, data, sign);
  68.     verifySignature(issuerCertificate, data, sign);
  69.     verifySignature(rootCertificate, data, sign);
  70. }
  71.  
  72. ENGINE *GinCertificateManager::loadEngine() {
  73.     OPENSSL_add_all_algorithms_conf();
  74.     ERR_load_crypto_strings();
  75.     ENGINE *e = nullptr;
  76.     CHECK(e = ENGINE_by_id("gost"));
  77.     CHECK(ENGINE_init(e));
  78.     CHECK(ENGINE_set_default(e, ENGINE_METHOD_ALL));
  79.     OpenSSL_add_all_algorithms();
  80.     return e;
  81. }
  82.  
  83. bool GinCertificateManager::verifySignature(X509* cert, QByteArray data, QByteArray signature) {
  84.     qDebug() << "signature.length(): " << signature.length();
  85.     const EVP_MD *algorithm = nullptr;
  86.     int res, digestId;
  87.     EVP_MD_CTX *mctx = EVP_MD_CTX_create();
  88.  
  89.     CHECK(EVP_PKEY_get_default_digest_nid(X509_get_pubkey(cert), &digestId));
  90.     CHECK(algorithm = EVP_get_digestbynid(digestId));
  91.     CHECK(EVP_DigestVerifyInit(mctx, nullptr, algorithm, loadEngine(), X509_get_pubkey(cert)));
  92.     CHECK(EVP_DigestVerifyUpdate(mctx, data.constData(), data.length()));
  93.     res = EVP_DigestVerifyFinal(mctx, reinterpret_cast<const unsigned char*>(signature.constData()),
  94.                                 signature.length());
  95.     qDebug() << res;
  96.     CHECK(res == 1);
  97.     return res == 1;
  98. }
  99.  
Add Comment
Please, Sign In to add comment