Hey everybody,
I have the next problem, I created a C++ library that checks a SMIME and it's
PKCS7 content.
I used some boost test to test it in C++ and it worked perfectly .
Now I want to check my SMIME that I created using Bouncy Castle in Java, also
their I used JUnit test to verify the SMIME no problem.
The problem start if I try to verify the SMIME (generated in Java) in C++. I
used a cout to check the SMIME in C++ and I could manually verify the SMIME in
the commandline
This is the code that I use could anyone spot a problem ?
//X509_STORE setup.
int verify_callback(int ok, X509_STORE_CTX *stor)
{
//userfriendly error handlin =>
X509_verify_cert_error_string(stor->error)
if (!ok)
cout <<
X509_verify_cert_error_string(stor->error) << endl;
//throw CCToolsException(QObject::tr("Error
with certificate store !").toLatin1(), SC_ERROR_UNKNOWN );
return ok;
}
X509_STORE * create_store()
{
X509_STORE *store = NULL;
X509 *caCert = NULL;
BIO *cc = NULL;
/* create the cert store and set the verify callback */
if (!(store = X509_STORE_new()))
{
KILL_STORE(store);
throw CCToolsException(QObject::tr("Error creating
X509_STORE_CTX object!").toLatin1(), SC_ERROR_UNKNOWN);
}
X509_STORE_set_verify_cb_func(store, verify_callback);
if(!(cc = BIO_new(BIO_s_mem())) || !(BIO_puts(cc, ZETES_CA)) ||
!(caCert = PEM_read_bio_X509(cc, NULL, NULL, NULL)) ||
!(X509_STORE_add_cert(store,caCert)))
{
KILL_BIO(cc);
throw CCToolsException(QObject::tr("Error adding cert
to X509_STORE_CTX object!").toLatin1(), SC_ERROR_UNKNOWN);
}
X509_free(caCert);
KILL_BIO(cc);
if (X509_STORE_set_default_paths(store) != 1)
{
KILL_STORE(store);
throw CCToolsException(QObject::tr("Error loading the
system-wide CA certificates!").toLatin1(), SC_ERROR_UNKNOWN);
}
return store;
}
const bool CCToolsLocal::validateChallengeSignature(const std::string&
message)
{
X509_STORE *rootStore = NULL;
BIO *in
= NULL;
BIO *pkcs7_bio
= NULL;
PKCS7 *pkcs7
=NULL;
BUF_MEM *bptr
= NULL;
//vars for reading commonName from usercert in pkcs7 object
X509 *userCert
= NULL;
STACK_OF(PKCS7_SIGNER_INFO) *stack_pkcs7_si = NULL;
PKCS7_SIGNER_INFO *pkcs7_si = NULL;
X509_NAME *subject
= NULL;
int position
= 0;
X509_NAME_ENTRY *entry = NULL;
ASN1_STRING *asn1Data = NULL;
unsigned char *entryString = NULL;
std:string json_domain;
authenticationFlag = false;
cout << message << endl;
if (!(rootStore = create_store()))
{
KILL_STORE(rootStore);
return false;
}
cout << "store created succes" << endl;
if (!(in = BIO_new(BIO_s_mem())) ||
!(BIO_puts(in, message.c_str())))
{
KILL_BIO(in);
KILL_STORE(rootStore);
return false;
}
cout << "bio's created succes" << endl;
//used to set mem bio react like file bio
BIO_set_mem_eof_return(in, 0);
if (!(pkcs7 = SMIME_read_PKCS7(in, &pkcs7_bio)))
{
//char buf[200];
//ERR_error_string(ERR_peek_last_error(),buf);
KILL_BIO(in);
KILL_BIO(pkcs7_bio);
KILL_STORE(rootStore);
return false;
}
cout << "Smime_read_pkcs7 succes" << endl;
BIO *json_bio = BIO_new(BIO_s_mem());
if (PKCS7_verify(pkcs7, NULL, rootStore, pkcs7_bio, json_bio,
0) != 1)
{
KILL_BIO(in);
KILL_BIO(pkcs7_bio);
KILL_BIO(json_bio);
KILL_STORE(rootStore);
return false;
}
cout << "pkcs7_verify succes" << endl;
I can only read the pkcs7 but not verify it.
Regards,
Niels Stevens
