| \-\-XAdESEN | Optional |
diff --git a/src/ASiC_E.cpp b/src/ASiC_E.cpp
index ea6ca0d05..0ad265482 100644
--- a/src/ASiC_E.cpp
+++ b/src/ASiC_E.cpp
@@ -40,12 +40,10 @@ using namespace digidoc;
using namespace digidoc::util;
using namespace std;
-const string ASiC_E::BES_PROFILE = "BES";
-const string ASiC_E::EPES_PROFILE = "EPES";
-const string ASiC_E::ASIC_TM_PROFILE = "time-mark";
-const string ASiC_E::ASIC_TS_PROFILE = "time-stamp";
-const string ASiC_E::ASIC_TSA_PROFILE = ASIC_TS_PROFILE + "-archive";
-const string ASiC_E::ASIC_TMA_PROFILE = ASIC_TM_PROFILE + "-archive";
+const string_view ASiC_E::ASIC_TM_PROFILE = "time-mark";
+const string_view ASiC_E::ASIC_TS_PROFILE = "time-stamp";
+const string_view ASiC_E::ASIC_TSA_PROFILE = "time-stamp-archive";
+const string_view ASiC_E::ASIC_TMA_PROFILE = "time-mark-archive";
const string ASiC_E::MANIFEST_NAMESPACE = "urn:oasis:names:tc:opendocument:xmlns:manifest:1.0";
class ASiC_E::Private
@@ -76,7 +74,7 @@ ASiC_E::ASiC_E(const string &path)
ASiC_E::~ASiC_E()
{
- for_each(d->metadata.cbegin(), d->metadata.cend(), std::default_delete());
+ for_each(d->metadata.cbegin(), d->metadata.cend(), default_delete());
}
vector ASiC_E::metaFiles() const
@@ -360,7 +358,7 @@ Signature *ASiC_E::sign(Signer* signer)
try
{
s->setSignatureValue(signer->sign(s->signatureMethod(), s->dataToSign()));
- s->extendSignatureProfile(signer->profile().empty() ? ASiC_E::ASIC_TS_PROFILE : signer->profile());
+ s->extendSignatureProfile(signer->profile());
}
catch(const Exception& e)
{
diff --git a/src/ASiC_E.h b/src/ASiC_E.h
index c8079f8b6..f268c21e8 100644
--- a/src/ASiC_E.h
+++ b/src/ASiC_E.h
@@ -36,12 +36,10 @@ namespace digidoc
class ASiC_E final : public ASiContainer
{
public:
- static const std::string BES_PROFILE;
- static const std::string EPES_PROFILE;
- static const std::string ASIC_TM_PROFILE;
- static const std::string ASIC_TS_PROFILE;
- static const std::string ASIC_TMA_PROFILE;
- static const std::string ASIC_TSA_PROFILE;
+ static const std::string_view ASIC_TM_PROFILE;
+ static const std::string_view ASIC_TS_PROFILE;
+ static const std::string_view ASIC_TMA_PROFILE;
+ static const std::string_view ASIC_TSA_PROFILE;
static const std::string MANIFEST_NAMESPACE;
~ASiC_E() final;
diff --git a/src/Conf.h b/src/Conf.h
index 9a44917b7..0463c58f0 100644
--- a/src/Conf.h
+++ b/src/Conf.h
@@ -56,9 +56,9 @@ class DIGIDOCPP_EXPORT Conf
virtual std::string TSUrl() const;
virtual std::string verifyServiceUri() const;
- virtual std::string PKCS12Cert() const;
- virtual std::string PKCS12Pass() const;
- virtual bool PKCS12Disable() const;
+ DIGIDOCPP_DEPRECATED virtual std::string PKCS12Cert() const;
+ DIGIDOCPP_DEPRECATED virtual std::string PKCS12Pass() const;
+ DIGIDOCPP_DEPRECATED virtual bool PKCS12Disable() const;
virtual bool TSLAllowExpired() const;
virtual bool TSLAutoUpdate() const;
diff --git a/src/SiVaContainer.cpp b/src/SiVaContainer.cpp
index a28ff2201..4f1676e00 100644
--- a/src/SiVaContainer.cpp
+++ b/src/SiVaContainer.cpp
@@ -53,8 +53,8 @@ using namespace std;
using namespace xercesc;
using json = nlohmann::json;
-static std::string base64_decode(const XMLCh *in) {
- static constexpr std::array T{
+static string base64_decode(const XMLCh *in) {
+ static constexpr array T{
0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64,
0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64,
0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x3E, 0x64, 0x64, 0x64, 0x3F,
@@ -65,7 +65,7 @@ static std::string base64_decode(const XMLCh *in) {
0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x64, 0x64, 0x64, 0x64, 0x64
};
- std::string out;
+ string out;
int value = 0;
int bits = -8;
for(; in; ++in)
@@ -185,7 +185,7 @@ SiVaContainer::SiVaContainer(const string &path, const string &ext, bool useHash
{"document", move(b64)},
{"signaturePolicy", "POLv4"}
}).dump();
- Connect::Result r = Connect(CONF(verifyServiceUri), "POST", 0, {}, CONF(verifyServiceCerts)).exec({
+ Connect::Result r = Connect(CONF(verifyServiceUri), "POST", 0, CONF(verifyServiceCerts)).exec({
{"Content-Type", "application/json;charset=UTF-8"}
}, (const unsigned char*)req.c_str(), req.size());
@@ -327,7 +327,7 @@ unique_ptr SiVaContainer::openInternal(const string &path)
}
}
-std::unique_ptr SiVaContainer::parseDDoc(bool useHashCode)
+unique_ptr SiVaContainer::parseDDoc(bool useHashCode)
{
namespace xml = xsd::cxx::xml;
using cpXMLCh = const XMLCh*;
diff --git a/src/SignatureXAdES_B.cpp b/src/SignatureXAdES_B.cpp
index 1c8da3840..b439165a7 100644
--- a/src/SignatureXAdES_B.cpp
+++ b/src/SignatureXAdES_B.cpp
@@ -61,11 +61,8 @@ const string SignatureXAdES_B::XADES_NAMESPACE = "http://uri.etsi.org/01903/v1.3
const string SignatureXAdES_B::XADESv141_NAMESPACE = "http://uri.etsi.org/01903/v1.4.1#";
const string SignatureXAdES_B::ASIC_NAMESPACE = "http://uri.etsi.org/02918/v1.2.1#";
const string SignatureXAdES_B::OPENDOCUMENT_NAMESPACE = "urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0";
-const string SignatureXAdES_B::POLICY_BDOC_2_1_OID = "urn:oid:1.3.6.1.4.1.10015.1000.3.2.1";
const map SignatureXAdES_B::policylist = {
- {SignatureXAdES_B::POLICY_BDOC_2_1_OID,{
- "BDOC – FORMAT FOR DIGITAL SIGNATURES",
- "https://www.sk.ee/repository/bdoc-spec21.pdf",
+ {"urn:oid:1.3.6.1.4.1.10015.1000.3.2.1",{ // https://www.sk.ee/repository/bdoc-spec21.pdf
// SHA-1
{ 0x80,0x81,0xe2,0x69,0xeb,0x44,0x13,0xde,0x20,0x6e,0x40,0x91,0xca,0x04,0x3d,0x5a,
0xca,0x71,0x51,0xdc},
@@ -85,9 +82,7 @@ const map SignatureXAdES_B::policylist = {
0xa6,0x7b,0x18,0x86,0x04,0xd8,0x20,0x9b,0xf8,0x54,0x4e,0xb0,0x5f,0xb3,0x67,0x58,
0x39,0xb9,0xef,0xfe,0xf7,0x75,0x7d,0x34,0x5e,0x39,0xa8,0xa5,0xbf,0x4a,0xa1,0xd7}
}},
- {"urn:oid:1.3.6.1.4.1.10015.1000.3.2.3",{
- "BDOC – FORMAT FOR DIGITAL SIGNATURES",
- "http://id.ee/public/bdoc-spec212-eng.pdf",
+ {"urn:oid:1.3.6.1.4.1.10015.1000.3.2.3",{ // http://id.ee/public/bdoc-spec212-eng.pdf
// SHA-1
{ 0x0b,0x2d,0x60,0x6b,0x17,0x9b,0x3b,0x92,0x9c,0x3f,0x79,0xf5,0x92,0x5c,0x84,0xc8,
0xeb,0xef,0x31,0xc6},
@@ -125,12 +120,14 @@ static Base64Binary toBase64(const vector &v)
SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *bdoc, Signer *signer)
: bdoc(bdoc)
{
+ X509Cert c = signer->cert();
string nr = "S" + to_string(id);
// Signature->SignedInfo
auto signedInfo = make_unique(
make_unique(/*URI_ID_EXC_C14N_NOC*/URI_ID_C14N11_NOC),
- make_unique(URI_ID_RSA_SHA256));
+ make_unique(X509Crypto(c).isRSAKey() ?
+ Digest::toRsaUri(signer->method()) : Digest::toEcUri(signer->method())));
// Signature->SignatureValue
auto signatureValue = make_unique();
@@ -146,38 +143,6 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *bdoc, Signer *
auto signedProperties = make_unique();
signedProperties->signedSignatureProperties(make_unique());
signedProperties->id(nr + "-SignedProperties");
- // Signature->Object->QualifyingProperties->SignedProperties->SignedSignatureProperties->SignaturePolicyIdentifierType
- if(signer->profile().find(ASiC_E::ASIC_TM_PROFILE) != string::npos ||
- signer->profile().find(ASiC_E::EPES_PROFILE) != string::npos)
- {
- auto p = policylist.cbegin();
- auto identifierid = make_unique(p->first);
- identifierid->qualifier(QualifierType::OIDAsURN);
-
- auto identifier = make_unique(std::move(identifierid));
- identifier->description(p->second.DESCRIPTION.data());
-
- string digestUri = Conf::instance()->digestUri();
- const vector *data = &p->second.SHA256;
- if(Conf::instance()->digestUri() == URI_SHA224) data = &p->second.SHA224;
- else if(Conf::instance()->digestUri() == URI_SHA256) data = &p->second.SHA256;
- else if(Conf::instance()->digestUri() == URI_SHA384) data = &p->second.SHA384;
- else if(Conf::instance()->digestUri() == URI_SHA512) data = &p->second.SHA512;
- auto policyDigest = make_unique(make_unique(digestUri), toBase64(*data));
-
- auto policyId = make_unique(std::move(identifier), std::move(policyDigest));
-
- auto uri = make_unique();
- uri->sPURI(p->second.URI.data());
-
- auto qualifiers = make_unique();
- qualifiers->sigPolicyQualifier().push_back(std::move(uri));
- policyId->sigPolicyQualifiers(std::move(qualifiers));
-
- auto policyidentifier = make_unique();
- policyidentifier->signaturePolicyId(std::move(policyId));
- signedProperties->signedSignatureProperties()->signaturePolicyIdentifier(std::move(policyidentifier));
- }
// Signature->Object->QualifyingProperties
auto qualifyingProperties = make_unique("#" + nr);
@@ -190,7 +155,6 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *bdoc, Signer *
signature->object().push_back(std::move(object));
//Fill XML-DSIG/XAdES properties
- X509Cert c = signer->cert();
setKeyInfo(c);
if(signer->usingENProfile())
{
@@ -204,8 +168,6 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *bdoc, Signer *
setSignatureProductionPlace(signer->city(), signer->stateOrProvince(), signer->postalCode(), signer->countryName());
setSignerRoles(signer->signerRoles());
}
- signature->signedInfo().signatureMethod(make_unique(X509Crypto(c).isRSAKey() ?
- Digest::toRsaUri(signer->method()) : Digest::toEcUri(signer->method()) ));
setSigningTime(time(nullptr));
string digestMethod = Conf::instance()->digestUri();
@@ -364,26 +326,26 @@ string SignatureXAdES_B::policy() const
*/
string SignatureXAdES_B::profile() const
{
- string base = policy().empty() ? ASiC_E::BES_PROFILE : ASiC_E::EPES_PROFILE;
+ string base = policy().empty() ? "BES" : "EPES";
try {
- const QualifyingPropertiesType::UnsignedPropertiesOptional &up = qualifyingProperties().unsignedProperties();
+ auto up = qualifyingProperties().unsignedProperties();
if(!up)
return base;
- const UnsignedPropertiesType::UnsignedSignaturePropertiesOptional &usp = up->unsignedSignatureProperties();
+ auto usp = up->unsignedSignatureProperties();
if(!usp)
return base;
if(!usp->signatureTimeStamp().empty())
{
if(!usp->archiveTimeStampV141().empty())
- return base + "/" + ASiC_E::ASIC_TSA_PROFILE;
- return base + "/" + ASiC_E::ASIC_TS_PROFILE;
+ return (base + '/').append(ASiC_E::ASIC_TSA_PROFILE);
+ return (base + '/').append(ASiC_E::ASIC_TS_PROFILE);
}
if(!usp->revocationValues().empty())
{
if(!usp->archiveTimeStampV141().empty())
- return base + "/" + ASiC_E::ASIC_TMA_PROFILE;
- return base + "/" + ASiC_E::ASIC_TM_PROFILE;
+ return (base + '/').append(ASiC_E::ASIC_TMA_PROFILE);
+ return (base + '/').append(ASiC_E::ASIC_TM_PROFILE);
}
}
catch(const Exception &) {}
diff --git a/src/SignatureXAdES_B.h b/src/SignatureXAdES_B.h
index b42cf2f1c..bbadcd9bb 100644
--- a/src/SignatureXAdES_B.h
+++ b/src/SignatureXAdES_B.h
@@ -81,7 +81,6 @@ namespace digidoc
static const std::string XADES_NAMESPACE;
static const std::string XADESv141_NAMESPACE;
static const std::string OPENDOCUMENT_NAMESPACE;
- static const std::string POLICY_BDOC_2_1_OID;
dsig::SignatureType *signature = nullptr;
std::unique_ptr asicsignature;
std::unique_ptr odfsignature;
@@ -93,7 +92,6 @@ namespace digidoc
struct Policy
{
- const std::string_view DESCRIPTION, URI;
const std::vector SHA1, SHA224, SHA256, SHA384, SHA512;
};
static const std::map policylist;
diff --git a/src/SignatureXAdES_LT.cpp b/src/SignatureXAdES_LT.cpp
index 3c984af00..37a30a863 100644
--- a/src/SignatureXAdES_LT.cpp
+++ b/src/SignatureXAdES_LT.cpp
@@ -60,7 +60,7 @@ SignatureXAdES_LT::SignatureXAdES_LT(istream &sigdata, ASiContainer *bdoc, bool
THROW("Could not find certificate issuer '%s' in certificate store.",
cert.issuerName().c_str());
- OCSP ocsp(cert, issuer, {}, " format: " + bdoc->mediaType());
+ OCSP ocsp(cert, issuer);
addOCSPValue(id().replace(0, 1, "N"), ocsp);
}
} catch(const Exception &) {
@@ -106,7 +106,7 @@ string SignatureXAdES_LT::trustedSigningTime() const
*
* @throws SignatureException if signature is not valid
*/
-void SignatureXAdES_LT::validate(const std::string &policy) const
+void SignatureXAdES_LT::validate(const string &policy) const
{
Exception exception(EXCEPTION_PARAMS("Signature validation"));
try {
@@ -147,7 +147,7 @@ void SignatureXAdES_LT::validate(const std::string &policy) const
{
vector policies = ocsp.responderCert().certificatePolicies();
const set trusted = CONF(OCSPTMProfiles);
- if(!std::any_of(policies.cbegin(), policies.cend(), [&](const string &policy) { return trusted.find(policy) != trusted.cend(); }))
+ if(!any_of(policies.cbegin(), policies.cend(), [&](const string &policy) { return trusted.find(policy) != trusted.cend(); }))
{
EXCEPTION_ADD(exception, "OCSP Responder does not meet TM requirements");
break;
@@ -210,17 +210,12 @@ void SignatureXAdES_LT::validate(const std::string &policy) const
*
* @throws SignatureException
*/
-void SignatureXAdES_LT::extendSignatureProfile(const std::string &profile)
+void SignatureXAdES_LT::extendSignatureProfile(const string &profile)
{
SignatureXAdES_T::extendSignatureProfile(profile);
- if(profile == ASiC_E::BES_PROFILE || profile == ASiC_E::EPES_PROFILE)
+ if(profile.find(ASiC_E::ASIC_TS_PROFILE) == string::npos)
return;
- // Calculate NONCE value.
- Digest calc;
- vector nonce = Digest::addDigestInfo(calc.result(getSignatureValue()), calc.uri());
- DEBUGMEM("OID + Calculated signature HASH (nonce):", nonce.data(), nonce.size());
-
// Get issuer certificate from certificate store.
X509Cert cert = signingCertificate();
X509Cert issuer = X509CertStore::instance()->findIssuer(cert, X509CertStore::CA);
@@ -230,9 +225,7 @@ void SignatureXAdES_LT::extendSignatureProfile(const std::string &profile)
THROW("Could not find certificate issuer '%s' in certificate store or from AIA.",
cert.issuerName().c_str());
- string userAgent = " format: " + bdoc->mediaType() + " profile: " +
- (profile.find(ASiC_E::ASIC_TM_PROFILE) != string::npos ? "ASiC_E_BASELINE_LT_TM" : "ASiC_E_BASELINE_LT");
- OCSP ocsp(cert, issuer, nonce, userAgent);
+ OCSP ocsp(cert, issuer);
ocsp.verifyResponse(cert);
addCertificateValue(id() + "-CA-CERT", issuer);
diff --git a/src/SignatureXAdES_LTA.cpp b/src/SignatureXAdES_LTA.cpp
index 9aa0a762a..b8dd13b4c 100644
--- a/src/SignatureXAdES_LTA.cpp
+++ b/src/SignatureXAdES_LTA.cpp
@@ -41,6 +41,8 @@ DIGIDOCPP_WARNING_DISABLE_MSVC(4005)
#include
DIGIDOCPP_WARNING_POP
+#include
+
using namespace digidoc;
using namespace digidoc::dsig;
using namespace digidoc::util;
@@ -50,7 +52,7 @@ using namespace xml_schema;
using namespace std;
void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
- std::string_view canonicalizationMethod) const
+ string_view canonicalizationMethod) const
{
try {
stringstream ofs;
@@ -70,14 +72,14 @@ void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
safeBuffer m_errStr;
m_errStr.sbXMLChIn((const XMLCh*)u"");
- XMLByte buf[1024];
+ std::array buf{};
DSIGReferenceList *list = sig->getReferenceList();
for(size_t i = 0; i < list->getSize(); ++i)
{
XSECBinTXFMInputStream *stream = list->item(i)->makeBinInputStream();
- for(XMLSize_t size = stream->readBytes(buf, 1024); size > 0;
- size = stream->readBytes(buf, 1024))
- digest->update(buf, size);
+ for(XMLSize_t size = stream->readBytes(buf.data(), buf.size()); size > 0;
+ size = stream->readBytes(buf.data(), buf.size()))
+ digest->update(buf.data(), size);
delete stream;
}
}
@@ -113,7 +115,7 @@ void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
THROW("Failed to calculate digest");
}
- for(auto name: {u"SignedInfo", u"SignatureValue", u"KeyInfo"})
+ for(const auto *name: {u"SignedInfo", u"SignatureValue", u"KeyInfo"})
{
try {
calcDigestOnNode(digest, URI_ID_DSIG, name, canonicalizationMethod);
@@ -122,7 +124,7 @@ void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
}
}
- for(auto name: {
+ for(const auto *name: {
u"SignatureTimeStamp",
u"CounterSignature",
u"CompleteCertificateRefs",
@@ -149,15 +151,15 @@ void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
//ds:Object
}
-void SignatureXAdES_LTA::extendSignatureProfile(const std::string &profile)
+void SignatureXAdES_LTA::extendSignatureProfile(const string &profile)
{
SignatureXAdES_LT::extendSignatureProfile(profile);
- if(profile != ASiC_E::ASIC_TSA_PROFILE && profile != ASiC_E::ASIC_TMA_PROFILE)
+ if(profile != ASiC_E::ASIC_TSA_PROFILE)
return;
Digest calc;
calcArchiveDigest(&calc, signature->signedInfo().canonicalizationMethod().algorithm());
- TS tsa(CONF(TSUrl), calc, " Profile: " + profile);
+ TS tsa(CONF(TSUrl), calc);
vector der = tsa;
auto &usp = unsignedSignatureProperties();
auto ts = make_unique();
@@ -165,10 +167,9 @@ void SignatureXAdES_LTA::extendSignatureProfile(const std::string &profile)
ts->canonicalizationMethod(signature->signedInfo().canonicalizationMethod());
ts->encapsulatedTimeStamp().push_back(make_unique(
Base64Binary(der.data(), der.size(), der.size(), false)));
- usp.archiveTimeStampV141().push_back(move(ts));
- usp.contentOrder().push_back(UnsignedSignaturePropertiesType::ContentOrderType(
- UnsignedSignaturePropertiesType::archiveTimeStampV141Id,
- usp.archiveTimeStampV141().size() - 1));
+ usp.archiveTimeStampV141().push_back(std::move(ts));
+ usp.contentOrder().emplace_back(UnsignedSignaturePropertiesType::archiveTimeStampV141Id,
+ usp.archiveTimeStampV141().size() - 1);
sigdata_.clear();
}
@@ -222,7 +223,7 @@ void SignatureXAdES_LTA::validate(const string &policy) const
if(ts.encapsulatedTimeStamp().empty())
THROW("Missing EncapsulatedTimeStamp");
- verifyTS(ts, exception, [this](Digest *digest, std::string_view canonicalizationMethod) {
+ verifyTS(ts, exception, [this](Digest *digest, string_view canonicalizationMethod) {
calcArchiveDigest(digest, canonicalizationMethod);
});
} catch(const Exception &e) {
diff --git a/src/SignatureXAdES_T.cpp b/src/SignatureXAdES_T.cpp
index 43ec5e7df..cb4ce2ee8 100644
--- a/src/SignatureXAdES_T.cpp
+++ b/src/SignatureXAdES_T.cpp
@@ -80,7 +80,7 @@ void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)
calcDigestOnNode(&calc, URI_ID_DSIG, u"SignatureValue",
signature->signedInfo().canonicalizationMethod().algorithm());
- TS tsa(CONF(TSUrl), calc, " Profile: " + profile);
+ TS tsa(CONF(TSUrl), calc);
vector der = tsa;
auto &usp = unsignedSignatureProperties();
auto ts = make_unique();
@@ -88,7 +88,7 @@ void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)
ts->canonicalizationMethod(signature->signedInfo().canonicalizationMethod());
ts->encapsulatedTimeStamp().push_back(make_unique(
Base64Binary(der.data(), der.size(), der.size(), false)));
- usp.signatureTimeStamp().push_back(move(ts));
+ usp.signatureTimeStamp().push_back(std::move(ts));
usp.contentOrder().emplace_back(UnsignedSignaturePropertiesType::ContentOrderType(
UnsignedSignaturePropertiesType::signatureTimeStampId,
usp.signatureTimeStamp().size() - 1));
@@ -198,7 +198,7 @@ void SignatureXAdES_T::validate(const std::string &policy) const
{
verifyTS(sigAndRefsTS, exception, [this](Digest *digest, std::string_view canonicalizationMethod) {
calcDigestOnNode(digest, URI_ID_DSIG, u"SignatureValue", canonicalizationMethod);
- for(auto name: {
+ for(const auto *name: {
u"SignatureTimeStamp",
u"CompleteCertificateRefs",
u"CompleteRevocationRefs",
@@ -230,7 +230,7 @@ UnsignedSignaturePropertiesType &SignatureXAdES_T::unsignedSignatureProperties()
}
TS SignatureXAdES_T::verifyTS(const xades::XAdESTimeStampType ×tamp, digidoc::Exception &exception,
- std::function &&calcDigest) const
+ std::function &&calcDigest)
{
const GenericTimeStampType::EncapsulatedTimeStampType &bin = timestamp.encapsulatedTimeStamp().front();
TS tsa((const unsigned char*)bin.data(), bin.size());
diff --git a/src/SignatureXAdES_T.h b/src/SignatureXAdES_T.h
index 5766b15a1..33fbbae2d 100644
--- a/src/SignatureXAdES_T.h
+++ b/src/SignatureXAdES_T.h
@@ -47,8 +47,8 @@ class SignatureXAdES_T: public SignatureXAdES_B
xades::UnsignedSignaturePropertiesType& unsignedSignatureProperties() const;
TS TimeStamp() const;
- TS verifyTS(const xades::XAdESTimeStampType ×tamp, Exception &exception,
- std::function &&calcDigest) const;
+ static TS verifyTS(const xades::XAdESTimeStampType ×tamp, Exception &exception,
+ std::function &&calcDigest);
private:
DISABLE_COPY(SignatureXAdES_T);
diff --git a/src/XmlConf.cpp b/src/XmlConf.cpp
index 1ccfeb8e1..59d69c53c 100644
--- a/src/XmlConf.cpp
+++ b/src/XmlConf.cpp
@@ -102,9 +102,6 @@ class XmlConf::Private
XmlConfParam proxyPort{"proxy.port"};
XmlConfParam proxyUser{"proxy.user"};
XmlConfParam proxyPass{"proxy.pass"};
- XmlConfParam PKCS12Cert{"pkcs12.cert"};
- XmlConfParam PKCS12Pass{"pkcs12.pass"};
- XmlConfParam PKCS12Disable{"pkcs12.disable", false};
XmlConfParam TSUrl{"ts.url"};
XmlConfParam TSLAutoUpdate{"tsl.autoupdate", true};
XmlConfParam TSLCache{"tsl.cache"};
@@ -170,9 +167,6 @@ void XmlConf::Private::init(const string& path, bool global)
proxyPort.setValue(p, global) ||
proxyUser.setValue(p, global) ||
proxyPass.setValue(p, global) ||
- PKCS12Cert.setValue(p, global) ||
- PKCS12Pass.setValue(p, global) ||
- PKCS12Disable.setValue(p, global) ||
TSUrl.setValue(p, global) ||
TSLAutoUpdate.setValue(p, global) ||
TSLCache.setValue(p, global) ||
@@ -375,36 +369,35 @@ XmlConfV5* XmlConfV5::instance() { return dynamic_cast(Conf::instanc
+#define GET1EX(TYPE, PROP, VALUE) \
+TYPE XmlConf::PROP() const { return VALUE; } \
+TYPE XmlConfV2::PROP() const { return VALUE; } \
+TYPE XmlConfV3::PROP() const { return VALUE; } \
+TYPE XmlConfV4::PROP() const { return VALUE; } \
+TYPE XmlConfV5::PROP() const { return VALUE; }
+
#define GET1(TYPE, PROP) \
-TYPE XmlConf::PROP() const { return d->PROP.value(Conf::PROP()); } \
-TYPE XmlConfV2::PROP() const { return d->PROP.value(Conf::PROP()); } \
-TYPE XmlConfV3::PROP() const { return d->PROP.value(Conf::PROP()); } \
-TYPE XmlConfV4::PROP() const { return d->PROP.value(Conf::PROP()); } \
-TYPE XmlConfV5::PROP() const { return d->PROP.value(Conf::PROP()); }
+GET1EX(TYPE, PROP, d->PROP.value(Conf::PROP()))
+
+#define SET1EX(TYPE, SET, VALUE) \
+void XmlConf::SET(TYPE value) { VALUE; } \
+void XmlConfV2::SET(TYPE value) { VALUE; } \
+void XmlConfV3::SET(TYPE value) { VALUE; } \
+void XmlConfV4::SET(TYPE value) { VALUE; } \
+void XmlConfV5::SET(TYPE value) { VALUE; }
#define SET1(TYPE, SET, PROP) \
-void XmlConf::SET(TYPE PROP) \
-{ d->setUserConf(d->PROP, Conf::PROP(), PROP); } \
-void XmlConfV2::SET(TYPE PROP) \
-{ d->setUserConf(d->PROP, ConfV2::PROP(), PROP); } \
-void XmlConfV3::SET(TYPE PROP) \
-{ d->setUserConf(d->PROP, ConfV3::PROP(), PROP); } \
-void XmlConfV4::SET(TYPE PROP) \
-{ d->setUserConf(d->PROP, ConfV4::PROP(), PROP); } \
-void XmlConfV5::SET(TYPE PROP) \
-{ d->setUserConf(d->PROP, ConfV5::PROP(), PROP); }
+SET1EX(TYPE, SET, d->setUserConf(d->PROP, Conf::PROP(), value))
+
+#define SET1CONSTEX(TYPE, SET, VALUE) \
+void XmlConf::SET(const TYPE &value) { VALUE; } \
+void XmlConfV2::SET(const TYPE &value) { VALUE; } \
+void XmlConfV3::SET(const TYPE &value) { VALUE; } \
+void XmlConfV4::SET(const TYPE &value) { VALUE; } \
+void XmlConfV5::SET(const TYPE &value) { VALUE; }
#define SET1CONST(TYPE, SET, PROP) \
-void XmlConf::SET(const TYPE &(PROP)) \
-{ d->setUserConf(d->PROP, Conf::PROP(), PROP); } \
-void XmlConfV2::SET(const TYPE &(PROP)) \
-{ d->setUserConf(d->PROP, ConfV2::PROP(), PROP); } \
-void XmlConfV3::SET(const TYPE &(PROP)) \
-{ d->setUserConf(d->PROP, ConfV3::PROP(), PROP); } \
-void XmlConfV4::SET(const TYPE &(PROP)) \
-{ d->setUserConf(d->PROP, ConfV4::PROP(), PROP); } \
-void XmlConfV5::SET(const TYPE &(PROP)) \
-{ d->setUserConf(d->PROP, ConfV5::PROP(), PROP); }
+SET1CONSTEX(TYPE, SET, d->setUserConf(d->PROP, Conf::PROP(), value))
GET1(int, logLevel)
GET1(string, logFile)
@@ -415,9 +408,9 @@ GET1(string, proxyUser)
GET1(string, proxyPass)
GET1(bool, proxyForceSSL)
GET1(bool, proxyTunnelSSL)
-GET1(string, PKCS12Cert)
-GET1(string, PKCS12Pass)
-GET1(bool, PKCS12Disable)
+GET1EX(string, PKCS12Cert, Conf::PKCS12Cert())
+GET1EX(string, PKCS12Pass, Conf::PKCS12Cert())
+GET1EX(bool, PKCS12Disable, Conf::PKCS12Disable())
GET1(string, TSUrl)
GET1(bool, TSLAutoUpdate)
GET1(string, TSLCache)
@@ -628,7 +621,7 @@ SET1CONST(string, setProxyPass, proxyPass)
* @fn void digidoc::XmlConfV5::setPKCS12Cert(const std::string &cert)
* @copydoc digidoc::XmlConf::setPKCS12Cert(const std::string &cert)
*/
-SET1CONST(string, setPKCS12Cert, PKCS12Cert)
+SET1CONSTEX(string, setPKCS12Cert, {})
/**
* @fn void digidoc::XmlConf::setPKCS12Pass(const std::string &pass)
@@ -653,7 +646,7 @@ SET1CONST(string, setPKCS12Cert, PKCS12Cert)
* @fn void digidoc::XmlConfV5::setPKCS12Pass(const std::string &pass)
* @copydoc digidoc::XmlConf::setPKCS12Pass(const std::string &pass)
*/
-SET1CONST(string, setPKCS12Pass, PKCS12Pass)
+SET1CONSTEX(string, setPKCS12Pass, {})
/**
* @fn void digidoc::XmlConf::setTSUrl(const std::string &url)
@@ -728,7 +721,7 @@ SET1CONST(string, setVerifyServiceUri, verifyServiceUri)
* @fn void digidoc::XmlConfV5::setPKCS12Disable(bool disable)
* @copydoc digidoc::XmlConf::setPKCS12Disable(bool disable)
*/
-SET1(bool, setPKCS12Disable, PKCS12Disable)
+SET1EX(bool, setPKCS12Disable, {})
/**
* @fn void digidoc::XmlConf::setProxyTunnelSSL(bool enable)
diff --git a/src/XmlConf.h b/src/XmlConf.h
index 385459839..2aa554281 100644
--- a/src/XmlConf.h
+++ b/src/XmlConf.h
@@ -50,9 +50,9 @@ class DIGIDOCPP_EXPORT XmlConf: public Conf
std::string TSUrl() const override;
std::string verifyServiceUri() const override;
- std::string PKCS12Cert() const override;
- std::string PKCS12Pass() const override;
- bool PKCS12Disable() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Cert() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Pass() const override;
+ DIGIDOCPP_DEPRECATED bool PKCS12Disable() const override;
bool TSLAutoUpdate() const override;
std::string TSLCache() const override;
@@ -64,9 +64,9 @@ class DIGIDOCPP_EXPORT XmlConf: public Conf
virtual void setProxyUser( const std::string &user );
virtual void setProxyPass( const std::string &pass );
virtual void setProxyTunnelSSL( bool enable );
- virtual void setPKCS12Cert( const std::string &cert );
- virtual void setPKCS12Pass( const std::string &pass );
- virtual void setPKCS12Disable( bool disable );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Cert( const std::string &cert );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Pass( const std::string &pass );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Disable( bool disable );
virtual void setTSLOnlineDigest( bool enable );
virtual void setTSLTimeOut( int timeOut );
@@ -110,9 +110,9 @@ class DIGIDOCPP_EXPORT XmlConfV2: public ConfV2
X509Cert verifyServiceCert() const override;
std::string verifyServiceUri() const override;
- std::string PKCS12Cert() const override;
- std::string PKCS12Pass() const override;
- bool PKCS12Disable() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Cert() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Pass() const override;
+ DIGIDOCPP_DEPRECATED bool PKCS12Disable() const override;
bool TSLAutoUpdate() const override;
std::string TSLCache() const override;
@@ -124,9 +124,9 @@ class DIGIDOCPP_EXPORT XmlConfV2: public ConfV2
virtual void setProxyUser( const std::string &user );
virtual void setProxyPass( const std::string &pass );
virtual void setProxyTunnelSSL( bool enable );
- virtual void setPKCS12Cert( const std::string &cert );
- virtual void setPKCS12Pass( const std::string &pass );
- virtual void setPKCS12Disable( bool disable );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Cert( const std::string &cert );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Pass( const std::string &pass );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Disable( bool disable );
virtual void setTSLOnlineDigest( bool enable );
virtual void setTSLTimeOut( int timeOut );
@@ -166,9 +166,9 @@ class DIGIDOCPP_EXPORT XmlConfV3: public ConfV3
X509Cert verifyServiceCert() const override;
std::string verifyServiceUri() const override;
- std::string PKCS12Cert() const override;
- std::string PKCS12Pass() const override;
- bool PKCS12Disable() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Cert() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Pass() const override;
+ DIGIDOCPP_DEPRECATED bool PKCS12Disable() const override;
bool TSLAutoUpdate() const override;
std::string TSLCache() const override;
@@ -180,9 +180,9 @@ class DIGIDOCPP_EXPORT XmlConfV3: public ConfV3
virtual void setProxyUser( const std::string &user );
virtual void setProxyPass( const std::string &pass );
virtual void setProxyTunnelSSL( bool enable );
- virtual void setPKCS12Cert( const std::string &cert );
- virtual void setPKCS12Pass( const std::string &pass );
- virtual void setPKCS12Disable( bool disable );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Cert( const std::string &cert );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Pass( const std::string &pass );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Disable( bool disable );
virtual void setTSLOnlineDigest( bool enable );
virtual void setTSLTimeOut( int timeOut );
@@ -223,9 +223,9 @@ class DIGIDOCPP_EXPORT XmlConfV4: public ConfV4
std::vector verifyServiceCerts() const override;
std::string verifyServiceUri() const override;
- std::string PKCS12Cert() const override;
- std::string PKCS12Pass() const override;
- bool PKCS12Disable() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Cert() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Pass() const override;
+ DIGIDOCPP_DEPRECATED bool PKCS12Disable() const override;
bool TSLAutoUpdate() const override;
std::string TSLCache() const override;
@@ -237,9 +237,9 @@ class DIGIDOCPP_EXPORT XmlConfV4: public ConfV4
virtual void setProxyUser( const std::string &user );
virtual void setProxyPass( const std::string &pass );
virtual void setProxyTunnelSSL( bool enable );
- virtual void setPKCS12Cert( const std::string &cert );
- virtual void setPKCS12Pass( const std::string &pass );
- virtual void setPKCS12Disable( bool disable );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Cert( const std::string &cert );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Pass( const std::string &pass );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Disable( bool disable );
virtual void setTSLOnlineDigest( bool enable );
virtual void setTSLTimeOut( int timeOut );
@@ -281,9 +281,9 @@ class DIGIDOCPP_EXPORT XmlConfV5: public ConfV5
std::vector verifyServiceCerts() const override;
std::string verifyServiceUri() const override;
- std::string PKCS12Cert() const override;
- std::string PKCS12Pass() const override;
- bool PKCS12Disable() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Cert() const override;
+ DIGIDOCPP_DEPRECATED std::string PKCS12Pass() const override;
+ DIGIDOCPP_DEPRECATED bool PKCS12Disable() const override;
bool TSLAutoUpdate() const override;
std::string TSLCache() const override;
@@ -295,9 +295,9 @@ class DIGIDOCPP_EXPORT XmlConfV5: public ConfV5
virtual void setProxyUser( const std::string &user );
virtual void setProxyPass( const std::string &pass );
virtual void setProxyTunnelSSL( bool enable );
- virtual void setPKCS12Cert( const std::string &cert );
- virtual void setPKCS12Pass( const std::string &pass );
- virtual void setPKCS12Disable( bool disable );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Cert( const std::string &cert );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Pass( const std::string &pass );
+ DIGIDOCPP_DEPRECATED virtual void setPKCS12Disable( bool disable );
virtual void setTSLOnlineDigest( bool enable );
virtual void setTSLTimeOut( int timeOut );
diff --git a/src/crypto/Connect.cpp b/src/crypto/Connect.cpp
index 4ec498328..67a659c5c 100644
--- a/src/crypto/Connect.cpp
+++ b/src/crypto/Connect.cpp
@@ -47,7 +47,7 @@ using namespace std;
throw ex; \
}
-Connect::Connect(const string &_url, const string &method, int timeout, const string &useragent, const std::vector &certs)
+Connect::Connect(const string &_url, const string &method, int timeout, const vector &certs)
: _method(method)
, _timeout(timeout)
{
@@ -168,7 +168,7 @@ Connect::Connect(const string &_url, const string &method, int timeout, const st
else
addHeader("Host", host + ":" + port);
if(!userAgent().empty())
- addHeader("User-Agent", "LIB libdigidocpp/" + string(FILE_VER_STR) + " APP " + userAgent() + useragent);
+ addHeader("User-Agent", "LIB libdigidocpp/" + string(FILE_VER_STR) + " APP " + userAgent());
if(usessl == 0)
sendProxyAuth();
}
@@ -184,7 +184,7 @@ void Connect::addHeader(const string &key, const string &value)
BIO_printf(d, "%s: %s\r\n", key.c_str(), value.c_str());
}
-std::string Connect::decompress(const std::string &encoding, const std::string &data)
+string Connect::decompress(const string &encoding, const string &data)
{
if(data.empty())
return data;
diff --git a/src/crypto/Connect.h b/src/crypto/Connect.h
index 7b92a91f2..4d8edeadb 100644
--- a/src/crypto/Connect.h
+++ b/src/crypto/Connect.h
@@ -60,7 +60,7 @@ class Connect
};
Connect(const std::string &url, const std::string &method = "POST",
- int timeout = 0, const std::string &useragent = {}, const std::vector &certs = {});
+ int timeout = 0, const std::vector &certs = {});
~Connect();
Result exec(std::initializer_list> headers,
const std::vector &data);
diff --git a/src/crypto/OCSP.cpp b/src/crypto/OCSP.cpp
index 4aebb113c..d1a474393 100644
--- a/src/crypto/OCSP.cpp
+++ b/src/crypto/OCSP.cpp
@@ -44,7 +44,7 @@ using namespace std;
/**
* Initialize OCSP certificate validator.
*/
-OCSP::OCSP(const X509Cert &cert, const X509Cert &issuer, const vector &nonce, const string &userAgent)
+OCSP::OCSP(const X509Cert &cert, const X509Cert &issuer)
{
if(!cert)
THROW("Can not check X.509 certificate, certificate is NULL pointer.");
@@ -68,10 +68,22 @@ OCSP::OCSP(const X509Cert &cert, const X509Cert &issuer, const vectorPKCS12Disable() && url.find("ocsp.sk.ee") != string::npos));
+ SCOPE(OCSP_REQUEST, req, OCSP_REQUEST_new());
+ if(!req)
+ THROW_OPENSSLEXCEPTION("Failed to create new OCSP request, out of memory?");
+
+ if(!OCSP_request_add0_id(req.get(), certId))
+ THROW_OPENSSLEXCEPTION("Failed to add certificate ID to OCSP request.");
+
+ SCOPE(ASN1_OCTET_STRING, st, ASN1_OCTET_STRING_new());
+ ASN1_OCTET_STRING_set(st.get(), nullptr, 20);
+ RAND_bytes(st->data, st->length);
+
+ SCOPE(X509_EXTENSION, ex, X509_EXTENSION_create_by_NID(nullptr, NID_id_pkix_OCSP_Nonce, 0, st.get()));
+ if(!OCSP_REQUEST_add_ext(req.get(), ex.get(), 0))
+ THROW_OPENSSLEXCEPTION("Failed to add NONCE to OCSP request.");
- Connect::Result result = Connect(url, "POST", 0, userAgent).exec({
+ Connect::Result result = Connect(url, "POST").exec({
{"Content-Type", "application/ocsp-request"},
{"Accept", "application/ocsp-response"},
{"Connection", "Close"},
@@ -146,54 +158,6 @@ bool OCSP::compareResponderCert(const X509Cert &cert) const
return false;
}
-/**
- * Creates OCSP request to check the certificate cert validity.
- *
- * @param certId OCSP_CERTID which validity will be checked.
- * @param nonce NONCE field value in OCSP request.
- * @return returns created OCSP request.
- */
-OCSP_REQUEST* OCSP::createRequest(OCSP_CERTID *certId, const vector &nonce, bool signRequest)
-{
- SCOPE(OCSP_REQUEST, req, OCSP_REQUEST_new());
- if(!req)
- THROW_OPENSSLEXCEPTION("Failed to create new OCSP request, out of memory?");
-
- if(!OCSP_request_add0_id(req.get(), certId))
- THROW_OPENSSLEXCEPTION("Failed to add certificate ID to OCSP request.");
-
- SCOPE(ASN1_OCTET_STRING, st, ASN1_OCTET_STRING_new());
- if(nonce.empty())
- {
- ASN1_OCTET_STRING_set(st.get(), nullptr, 20);
- RAND_bytes(st->data, st->length);
- }
- else
- ASN1_OCTET_STRING_set(st.get(), nonce.data(), int(nonce.size()));
-
- SCOPE(X509_EXTENSION, ex, X509_EXTENSION_create_by_NID(nullptr, NID_id_pkix_OCSP_Nonce, 0, st.get()));
- if(!OCSP_REQUEST_add_ext(req.get(), ex.get(), 0))
- THROW_OPENSSLEXCEPTION("Failed to add NONCE to OCSP request.");
-
- if(signRequest)
- {
- X509 *signCert {};
- EVP_PKEY *signKey {};
- Conf *c = Conf::instance();
- OpenSSL::parsePKCS12(c->PKCS12Cert(), c->PKCS12Pass(), &signKey, &signCert);
- if(!signCert)
- THROW_OPENSSLEXCEPTION("Failed to parse PKCS12 certificate");
- if(!signKey)
- THROW_OPENSSLEXCEPTION("Failed to parse PKCS12 key");
- if(!OCSP_request_sign(req.get(), signCert, signKey, EVP_sha256(), nullptr, 0))
- THROW_OPENSSLEXCEPTION("Failed to sign OCSP request.");
- X509_free(signCert);
- EVP_PKEY_free(signKey);
- }
-
- return req.release();
-}
-
X509Cert OCSP::responderCert() const
{
if(!basic)
@@ -213,7 +177,7 @@ X509Cert OCSP::responderCert() const
return X509Cert();
}
-OCSP::operator std::vector() const
+OCSP::operator vector() const
{
return i2d(resp.get(), i2d_OCSP_RESPONSE);
}
diff --git a/src/crypto/OCSP.h b/src/crypto/OCSP.h
index e6f2b32b4..92a3dcd1a 100644
--- a/src/crypto/OCSP.h
+++ b/src/crypto/OCSP.h
@@ -20,13 +20,10 @@
#pragma once
#include
-#include
#include
using OCSP_RESPONSE = struct ocsp_response_st;
using OCSP_BASICRESP = struct ocsp_basic_response_st;
-using OCSP_CERTID = struct ocsp_cert_id_st;
-using OCSP_REQUEST = struct ocsp_request_st;
namespace digidoc
{
@@ -39,8 +36,7 @@ namespace digidoc
{
public:
- OCSP(const X509Cert &cert, const X509Cert &issuer,
- const std::vector &nonce, const std::string &userAgent);
+ OCSP(const X509Cert &cert, const X509Cert &issuer);
OCSP(const unsigned char *data = nullptr, size_t size = 0);
std::vector nonce() const;
@@ -52,7 +48,6 @@ namespace digidoc
private:
bool compareResponderCert(const X509Cert &cert) const;
- OCSP_REQUEST* createRequest(OCSP_CERTID *certId, const std::vector &nonce, bool signRequest);
std::shared_ptr resp;
std::shared_ptr basic;
diff --git a/src/crypto/OpenSSLHelpers.h b/src/crypto/OpenSSLHelpers.h
index 126a59392..1d810d22c 100644
--- a/src/crypto/OpenSSLHelpers.h
+++ b/src/crypto/OpenSSLHelpers.h
@@ -26,7 +26,6 @@
#include
#include
-#include
#ifndef RSA_PSS_SALTLEN_DIGEST
#define RSA_PSS_SALTLEN_DIGEST -1
@@ -42,16 +41,14 @@ namespace digidoc
template
std::vector i2d(T *obj, Func func)
{
- std::vector result;
if(!obj)
- return result;
+ return {};
int size = func(obj, nullptr);
if(size <= 0)
- return result;
- result.resize(size_t(size));
- unsigned char *p = result.data();
- if(func(obj, &p) <= 0)
- result.clear();
+ return {};
+ std::vector result(size_t(size), 0);
+ if(unsigned char *p = result.data(); func(obj, &p) <= 0)
+ return {};
return result;
}
@@ -82,22 +79,4 @@ class OpenSSLException : public Exception
#define THROW_OPENSSLEXCEPTION(...) throw OpenSSLException(EXCEPTION_PARAMS(__VA_ARGS__))
-class OpenSSL
-{
-public:
- static void parsePKCS12(const std::string &path, const std::string &pass, EVP_PKEY **key, X509 **cert)
- {
- SCOPE(BIO, bio, BIO_new_file(path.c_str(), "rb"));
- if(!bio)
- THROW_OPENSSLEXCEPTION("Failed to open PKCS12 certificate: %s.", path.c_str());
- SCOPE(PKCS12, p12, d2i_PKCS12_bio(bio.get(), nullptr));
- if(!p12)
- THROW_OPENSSLEXCEPTION("Failed to read PKCS12 certificate: %s.", path.c_str());
- if(!PKCS12_parse(p12.get(), pass.c_str(), key, cert, nullptr))
- THROW_OPENSSLEXCEPTION("Failed to parse PKCS12 certificate.");
- // Hack: clear PKCS12_parse error ERROR: 185073780 - error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
- OpenSSLException(EXCEPTION_PARAMS("ignore"));
- }
-};
-
}
diff --git a/src/crypto/PKCS12Signer.cpp b/src/crypto/PKCS12Signer.cpp
index 29cbdb89a..61c6bd149 100644
--- a/src/crypto/PKCS12Signer.cpp
+++ b/src/crypto/PKCS12Signer.cpp
@@ -24,6 +24,8 @@
#include "crypto/X509Cert.h"
#include "util/log.h"
+#include
+
#include
using namespace digidoc;
@@ -52,7 +54,14 @@ class PKCS12Signer::Private
PKCS12Signer::PKCS12Signer(const string &path, const string &pass)
: d(make_unique())
{
- OpenSSL::parsePKCS12(path, pass, &d->key, &d->cert);
+ auto bio = SCOPE_PTR(BIO, BIO_new_file(path.c_str(), "rb"));
+ if(!bio)
+ THROW_OPENSSLEXCEPTION("Failed to open PKCS12 certificate: %s.", path.c_str());
+ auto p12 = SCOPE_PTR(PKCS12, d2i_PKCS12_bio(bio.get(), nullptr));
+ if(!p12)
+ THROW_OPENSSLEXCEPTION("Failed to read PKCS12 certificate: %s.", path.c_str());
+ if(!PKCS12_parse(p12.get(), pass.c_str(), &d->key, &d->cert, nullptr))
+ THROW_OPENSSLEXCEPTION("Failed to parse PKCS12 certificate.");
}
PKCS12Signer::~PKCS12Signer()
diff --git a/src/crypto/Signer.cpp b/src/crypto/Signer.cpp
index 0abccd820..ea447a2d3 100644
--- a/src/crypto/Signer.cpp
+++ b/src/crypto/Signer.cpp
@@ -19,6 +19,7 @@
#include "Signer.h"
+#include "ASiC_E.h"
#include "Conf.h"
#include "crypto/Digest.h"
#include "crypto/OpenSSLHelpers.h"
@@ -26,6 +27,9 @@
#include
+#include
+#include |