Пример проверки удостоверяющей подписи с помощью низкоуровневых функций КриптоПро ЭЦП SDK
C++
HCRYPTMSG hMsg = CryptMsgOpenToDecode( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, 0, 0, 0); if (!hMsg) { std::cout << "CryptMsgOpenToDecode() failed" << std::endl; return; } if (!CryptMsgUpdate( hMsg, &storeBlob[0], storeBlob.size(), TRUE)) { CryptMsgClose(hMsg); std::cout << "CryptMsgUpdate() failed" << std::endl; return; } HCERTSTORE hMsgStore = CertOpenStore( CERT_STORE_PROV_MSG, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, hMsg); if (!hMsgStore) { std::cout << "CertOpenStore() failed" << std::endl; return; } if (!CryptMsgClose(hMsg)) { std::cout << "CryptMsgClose() failed" << std::endl; return; } hMsg = CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,0,0,0,0); if(!hMsg) { std::cout << "CryptMsgOpenToDecode() failed" << std::endl; return; } if(!CryptMsgUpdate(hMsg,&message[0],(DWORD)message.size(),TRUE)) { CryptMsgClose(hMsg); std::cout << "CryptMsgUpdate() failed" << std::endl; return; } DWORD size = 0; if(!CryptMsgGetParam(hMsg,CMSG_ENCODED_SIGNER,0,0,&size)) { CryptMsgClose(hMsg); std::cout << "CryptMsgGetParam() failed" << std::endl; return; } std::vector<BYTE> encodedSigner(size); if(!CryptMsgGetParam(hMsg,CMSG_ENCODED_SIGNER,0,&encodedSigner[0],&size)) { CryptMsgClose(hMsg); std::cout << "CryptMsgGetParam() failed" << std::endl; return; } size = 0; if(!CryptMsgGetParam(hMsg,CMSG_SIGNER_UNAUTH_ATTR_PARAM,0,0,&size)) { CryptMsgClose(hMsg); std::cout << "CryptMsgGetParam() failed" << std::endl; return; } std::vector<BYTE> unsignedAttrsData(size); if(!CryptMsgGetParam(hMsg,CMSG_SIGNER_UNAUTH_ATTR_PARAM,0,&unsignedAttrsData[0],&size)) { CryptMsgClose(hMsg); std::cout << "CryptMsgGetParam() failed" << std::endl; return; } PCRYPT_ATTRIBUTES pAttrs = reinterpret_cast<PCRYPT_ATTRIBUTES>(&unsignedAttrsData[0]); std::vector<BYTE> countersignature; for( DWORD i = 0; i < pAttrs->cAttr; ++i) { if( std::string(szOID_RSA_counterSign) == pAttrs->rgAttr[i].pszObjId ) { if(!pAttrs->rgAttr[i].cValue) { CryptMsgClose(hMsg); std::cout << "No values in countersignature attribute." << std::endl; return; } countersignature.resize(pAttrs->rgAttr[i].rgValue[0].cbData); memcpy(&countersignature[0], pAttrs->rgAttr[i].rgValue[0].pbData,countersignature.size()); break; } } if(countersignature.empty()) { CryptMsgClose(hMsg); std::cout << "No countersignature found in message." << std::endl; return; } CADES_VERIFICATION_PARA counterSignVerifyPara = { sizeof(counterSignVerifyPara) }; counterSignVerifyPara.dwCadesType = CADES_BES; counterSignVerifyPara.hStore = hMsgStore; if (!CadesMsgVerifyCountersignatureEncoded(0, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &encodedSigner[0], (DWORD)encodedSigner.size(), &countersignature[0], (DWORD)countersignature.size(), 0, &counterSignVerifyPara, 0)) { CryptMsgClose(hMsg); std::cout << "Countersignature is not verified." << std::endl; return; } else std::cout << "Countersignature is valid." << std::endl; if(!CryptMsgClose(hMsg)) { std::cout << "CryptMsgGetParam() failed" << std::endl; return; } // Конец проверки удостоверяющей подписи