fenix/PDF4QT
1
0
Fork 0
mirror of https://github.com/JakubMelka/PDF4QT.git synced 2025-06-05 21:59:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Certificate verification bugfixing

Browse Source
This commit is contained in:
Jakub Melka
2020-06-15 19:07:01 +02:00
parent 783aa8d007
commit f602eb5a73
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
PdfForQtLib/sources/pdfsignaturehandler.cpp
View File

@ -315,6 +315,8 @@ void PDFPublicKeySignatureHandler::verifyCertificate(PDFSignatureVerificationRes
Q_ASSERT(store); Q_ASSERT(store);
Q_ASSERT(context); Q_ASSERT(context);
addTrustedCertificates(store);
STACK_OF(PKCS7_SIGNER_INFO)* signerInfo = PKCS7_get_signer_info(pkcs7); STACK_OF(PKCS7_SIGNER_INFO)* signerInfo = PKCS7_get_signer_info(pkcs7);
const int signerInfoCount = sk_PKCS7_SIGNER_INFO_num(signerInfo); const int signerInfoCount = sk_PKCS7_SIGNER_INFO_num(signerInfo);
STACK_OF(X509)* certificates = getCertificates(pkcs7); STACK_OF(X509)* certificates = getCertificates(pkcs7);
@ -332,7 +334,7 @@ void PDFPublicKeySignatureHandler::verifyCertificate(PDFSignatureVerificationRes
break; break;
} }
if (!X509_STORE_CTX_init(context, store, signer, nullptr)) if (!X509_STORE_CTX_init(context, store, signer, certificates))
{ {
result.addCertificateGenericError(); result.addCertificateGenericError();
break; break;
@ -344,6 +346,8 @@ void PDFPublicKeySignatureHandler::verifyCertificate(PDFSignatureVerificationRes
break; break;
} }
X509_STORE_CTX_set_flags(context, X509_V_FLAG_TRUSTED_FIRST);
int verificationResult = X509_verify_cert(context); int verificationResult = X509_verify_cert(context);
if (verificationResult <= 0) if (verificationResult <= 0)
{ {
@ -414,3 +418,32 @@ PDFSignatureVerificationResult PDFSignatureHandler_adbe_pkcs7_detached::verify()
} }
} // namespace pdf } // namespace pdf
#ifdef Q_OS_WIN
#include <Windows.h>
#include <wincrypt.h>
#pragma comment(lib, "crypt32.lib")
#endif
void pdf::PDFPublicKeySignatureHandler::addTrustedCertificates(X509_STORE* store) const
{
#ifdef Q_OS_WIN
HCERTSTORE certStore = CertOpenSystemStore(NULL, L"ROOT");
PCCERT_CONTEXT context = nullptr;
if (certStore)
{
while (context = CertEnumCertificatesInStore(certStore, context))
{
const unsigned char* pointer = context->pbCertEncoded;
X509* certificate = d2i_X509(nullptr, &pointer, context->cbCertEncoded);
if (certificate)
{
X509_STORE_add_cert(store, certificate);
X509_free(certificate);
}
}
CertCloseStore(certStore, CERT_CLOSE_STORE_FORCE_FLAG);
}
#endif
}

1
PdfForQtLib/sources/pdfsignaturehandler_impl.h
View File

@ -41,6 +41,7 @@ protected:
void initializeResult(PDFSignatureVerificationResult& result) const; void initializeResult(PDFSignatureVerificationResult& result) const;
void verifyCertificate(PDFSignatureVerificationResult& result) const; void verifyCertificate(PDFSignatureVerificationResult& result) const;
void verifySignature(PDFSignatureVerificationResult& result) const; void verifySignature(PDFSignatureVerificationResult& result) const;
void addTrustedCertificates(X509_STORE* store) const;
/// Return a list of certificates from PKCS7 object /// Return a list of certificates from PKCS7 object
static STACK_OF(X509)* getCertificates(PKCS7* pkcs7); static STACK_OF(X509)* getCertificates(PKCS7* pkcs7);