Пример проверки удостоверяющей подписи с помощью низкоуровневых функций КриптоПро ЭЦП SDK
C++
HCRYPTMSG hMsg = CryptMsgOpenToDecode(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0, 0, 0, 0, 0);
if (!hMsg)
{
std::cout << "CryptMsgOpenToDecode() failed" << std::endl;
return;
}
if (!CryptMsgUpdate(
hMsg,
&storeBlob[0],
storeBlob.size(),
TRUE))
{
CryptMsgClose(hMsg);
std::cout << "CryptMsgUpdate() failed" << std::endl;
return;
}
HCERTSTORE hMsgStore = CertOpenStore(
CERT_STORE_PROV_MSG,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0, 0, hMsg);
if (!hMsgStore) {
std::cout << "CertOpenStore() failed" << std::endl;
return;
}
if (!CryptMsgClose(hMsg))
{
std::cout << "CryptMsgClose() failed" << std::endl;
return;
}
hMsg = CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,0,0,0,0);
if(!hMsg)
{
std::cout << "CryptMsgOpenToDecode() failed" << std::endl;
return;
}
if(!CryptMsgUpdate(hMsg,&message[0],(DWORD)message.size(),TRUE))
{
CryptMsgClose(hMsg);
std::cout << "CryptMsgUpdate() failed" << std::endl;
return;
}
DWORD size = 0;
if(!CryptMsgGetParam(hMsg,CMSG_ENCODED_SIGNER,0,0,&size))
{
CryptMsgClose(hMsg);
std::cout << "CryptMsgGetParam() failed" << std::endl;
return;
}
std::vector<BYTE> encodedSigner(size);
if(!CryptMsgGetParam(hMsg,CMSG_ENCODED_SIGNER,0,&encodedSigner[0],&size))
{
CryptMsgClose(hMsg);
std::cout << "CryptMsgGetParam() failed" << std::endl;
return;
}
size = 0;
if(!CryptMsgGetParam(hMsg,CMSG_SIGNER_UNAUTH_ATTR_PARAM,0,0,&size))
{
CryptMsgClose(hMsg);
std::cout << "CryptMsgGetParam() failed" << std::endl;
return;
}
std::vector<BYTE> unsignedAttrsData(size);
if(!CryptMsgGetParam(hMsg,CMSG_SIGNER_UNAUTH_ATTR_PARAM,0,&unsignedAttrsData[0],&size))
{
CryptMsgClose(hMsg);
std::cout << "CryptMsgGetParam() failed" << std::endl;
return;
}
PCRYPT_ATTRIBUTES pAttrs = reinterpret_cast<PCRYPT_ATTRIBUTES>(&unsignedAttrsData[0]);
std::vector<BYTE> countersignature;
for( DWORD i = 0; i < pAttrs->cAttr; ++i)
{
if( std::string(szOID_RSA_counterSign) == pAttrs->rgAttr[i].pszObjId )
{
if(!pAttrs->rgAttr[i].cValue)
{
CryptMsgClose(hMsg);
std::cout << "No values in countersignature attribute." << std::endl;
return;
}
countersignature.resize(pAttrs->rgAttr[i].rgValue[0].cbData);
memcpy(&countersignature[0],
pAttrs->rgAttr[i].rgValue[0].pbData,countersignature.size());
break;
}
}
if(countersignature.empty())
{
CryptMsgClose(hMsg);
std::cout << "No countersignature found in message." << std::endl;
return;
}
CADES_VERIFICATION_PARA counterSignVerifyPara = { sizeof(counterSignVerifyPara) };
counterSignVerifyPara.dwCadesType = CADES_BES;
counterSignVerifyPara.hStore = hMsgStore;
if (!CadesMsgVerifyCountersignatureEncoded(0, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&encodedSigner[0], (DWORD)encodedSigner.size(),
&countersignature[0], (DWORD)countersignature.size(), 0,
&counterSignVerifyPara, 0))
{
CryptMsgClose(hMsg);
std::cout << "Countersignature is not verified." << std::endl;
return;
}
else
std::cout << "Countersignature is valid." << std::endl;
if(!CryptMsgClose(hMsg))
{
std::cout << "CryptMsgGetParam() failed" << std::endl;
return;
}
// Конец проверки удостоверяющей подписи