Hey I'm using this code to verify my PKCS#7 signed object and extract it from
the S/MIME
This code works perfectly if I test it with boost and send a mock SMIME to it.
This mock up is generated with OpenSSL.
But I'm trying to verify a S/MIME with the same structure that has been
generated by Bouncy Castle in Java.
Every time I try this I get a error that is thrown by the verify_callback
function saying the certifcates can't be verified ! But I'm using the same
certifcates as with OpenSSL !
Any body any advise on how to fix this ?
Thanks a lot !
Regards,
Niels Stevens
//X509_STORE setup.
int verify_callback(int ok, X509_STORE_CTX *stor)
{
//userfriendly error handlin =>
X509_verify_cert_error_string(stor->error)
if (!ok)
cout <<
X509_verify_cert_error_string(stor->error) << endl;
//throw CCToolsException(QObject::tr("Error
with certificate store !").toLatin1(), SC_ERROR_UNKNOWN );
return ok;
}
X509_STORE * create_store()
{
X509_STORE *store = NULL;
X509 *caCert = NULL;
BIO *cc = NULL;
/* create the cert store and set the verify callback */
if (!(store = X509_STORE_new()))
{
KILL_STORE(store);
throw CCToolsException(QObject::tr("Error creating
X509_STORE_CTX object!").toLatin1(), SC_ERROR_UNKNOWN);
}
X509_STORE_set_verify_cb_func(store, verify_callback);
if(!(cc = BIO_new(BIO_s_mem())) ||
!(BIO_puts(cc, ZETES_CA)) ||
!(caCert = PEM_read_bio_X509(cc, NULL, NULL, NULL)) ||
!(X509_STORE_add_cert(store,caCert)))
{
KILL_BIO(cc);
throw CCToolsException(QObject::tr("Error adding cert
to X509_STORE_CTX object!").toLatin1(), SC_ERROR_UNKNOWN);
}
X509_free(caCert);
KILL_BIO(cc);
if (X509_STORE_set_default_paths(store) != 1)
{
KILL_STORE(store);
throw CCToolsException(QObject::tr("Error loading the
system-wide CA certificates!").toLatin1(), SC_ERROR_UNKNOWN);
}
return store;
}
const bool CCToolsLocal::validateChallengeSignature(const std::string&
message)
{
X509_STORE *rootStore = NULL;
BIO *in = NULL;
BIO *pkcs7_bio = NULL;
PKCS7 *pkcs7 = NULL;
BUF_MEM *bptr = NULL;
std:string json_domain;
authenticationFlag = false;
cout << message << endl;
if (!(rootStore = create_store()))
{
KILL_STORE(rootStore);
return false;
}
cout << "store created succes" << endl;
if (!(in = BIO_new(BIO_s_mem())) ||
!(BIO_puts(in, message.c_str())))
{
KILL_BIO(in);
KILL_STORE(rootStore);
return false;
}
cout << "bio's created succes" << endl;
//used to set mem bio react like file bio
BIO_set_mem_eof_return(in, 0);
if (!(pkcs7 = SMIME_read_PKCS7(in, &pkcs7_bio)))
{
//char buf[200];
//ERR_error_string(ERR_peek_last_error(),buf);
//cout << buf << endl;
KILL_BIO(in);
KILL_BIO(pkcs7_bio);
KILL_STORE(rootStore);
return false;
}
cout << "Smime_read_pkcs7 succes" << endl;
BIO *json_bio = BIO_new(BIO_s_mem());
if (PKCS7_verify(pkcs7, NULL, rootStore, pkcs7_bio, json_bio,
0) != 1)
{
char buf[200];
ERR_error_string(ERR_peek_last_error(),buf);
cout << buf << endl;
KILL_BIO(in);
KILL_BIO(pkcs7_bio);
KILL_BIO(json_bio);
KILL_STORE(rootStore);
return false;
}
