Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "gincertificatemanager.h"
- #include "logmessagehelper.h"
- #include <QDir>
- #include <QStandardPaths>
- #include <QTextStream>
- #include <QDebug>
- #include <QFile>
- #include <QDirIterator>
- #include <QJsonObject>
- #include <QJsonDocument>
- #include <iomanip>
- #include <memory>
- #include <openssl/pkcs12.h>
- #include <openssl/err.h>
- #include <openssl/pem.h>
- #include <openssl/engine.h>
- #include <openssl/evp.h>
- #include <openssl/x509.h>
- #include <openssl/x509_vfy.h>
- #define CHECK(returnCode) \
- if (!(returnCode)) { \
- checkForError(); \
- }
- bool GinCertificateManager::checkForError() const {
- unsigned long errorCode = ERR_get_error();
- if (errorCode != 0) {
- QString libraryError = QString::fromLatin1(ERR_lib_error_string(errorCode));
- QString functionError = QString::fromLatin1(ERR_func_error_string(errorCode));
- qDebug() << "libraryError: " << libraryError << ", functionError: " << functionError;
- QString reason = QString::fromLatin1(ERR_reason_error_string(errorCode));
- qDebug() << "reason: " << reason;
- return true;
- }
- return false;
- }
- bool GinCertificateManager::verifyAnswer(const QString& ginCertRaw, const QString& ginIssuerCertRaw, const QString& request, const QString& signature) {
- qDebug() << "in verifyAnswer";
- if (!setCerts(ginCertRaw, ginIssuerCertRaw)) {
- return false;
- }
- X509 *ginCertificate = qStringCertToX509(this->ginCert);
- if (ginCertificate == nullptr) {
- return false;
- }
- X509 *issuerCertificate = qStringCertToX509(this->ginIssuerCert);
- if (issuerCertificate == nullptr) {
- return false;
- }
- X509* rootCertificate = getRootCert(ginCertificate);
- if (rootCertificate == nullptr)
- return false;
- QByteArray sign = signature.split(".")[2].toUtf8();
- QByteArray signDecodedBase = QByteArray::fromBase64(sign);
- QByteArray data = QString(request).remove(0, 1).toUtf8().toBase64();
- qDebug() << "signDecodedBase";
- verifySignature(ginCertificate, data, signDecodedBase);
- verifySignature(issuerCertificate, data, signDecodedBase);
- verifySignature(rootCertificate, data, signDecodedBase);
- qDebug() << "sign";
- verifySignature(ginCertificate, data, sign);
- verifySignature(issuerCertificate, data, sign);
- verifySignature(rootCertificate, data, sign);
- }
- ENGINE *GinCertificateManager::loadEngine() {
- OPENSSL_add_all_algorithms_conf();
- ERR_load_crypto_strings();
- ENGINE *e = nullptr;
- CHECK(e = ENGINE_by_id("gost"));
- CHECK(ENGINE_init(e));
- CHECK(ENGINE_set_default(e, ENGINE_METHOD_ALL));
- OpenSSL_add_all_algorithms();
- return e;
- }
- bool GinCertificateManager::verifySignature(X509* cert, QByteArray data, QByteArray signature) {
- qDebug() << "signature.length(): " << signature.length();
- const EVP_MD *algorithm = nullptr;
- int res, digestId;
- EVP_MD_CTX *mctx = EVP_MD_CTX_create();
- CHECK(EVP_PKEY_get_default_digest_nid(X509_get_pubkey(cert), &digestId));
- CHECK(algorithm = EVP_get_digestbynid(digestId));
- CHECK(EVP_DigestVerifyInit(mctx, nullptr, algorithm, loadEngine(), X509_get_pubkey(cert)));
- CHECK(EVP_DigestVerifyUpdate(mctx, data.constData(), data.length()));
- res = EVP_DigestVerifyFinal(mctx, reinterpret_cast<const unsigned char*>(signature.constData()),
- signature.length());
- qDebug() << res;
- CHECK(res == 1);
- return res == 1;
- }
Add Comment
Please, Sign In to add comment