summaryrefslogtreecommitdiff
path: root/libdigidoc/DigiDocVerify.h
diff options
context:
space:
mode:
Diffstat (limited to 'libdigidoc/DigiDocVerify.h')
-rw-r--r--libdigidoc/DigiDocVerify.h178
1 files changed, 178 insertions, 0 deletions
diff --git a/libdigidoc/DigiDocVerify.h b/libdigidoc/DigiDocVerify.h
new file mode 100644
index 0000000..891e2b7
--- /dev/null
+++ b/libdigidoc/DigiDocVerify.h
@@ -0,0 +1,178 @@
+#ifndef __DIGIDOC_VERIFY_H__
+#define __DIGIDOC_VERIFY_H__
+//==================================================
+// FILE: DigiDocVerify.h
+// PROJECT: Digi Doc
+// DESCRIPTION: DigiDoc verification routines
+// AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia
+//==================================================
+// Copyright (C) AS Sertifitseerimiskeskus
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation; either
+// version 2.1 of the License, or (at your option) any later version.
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// Lesser General Public License for more details.
+// GNU Lesser General Public Licence is available at
+// http://www.gnu.org/copyleft/lesser.html
+//==========< HISTORY >=============================
+// 26.04.2006 Veiko Sinivee
+// Creation
+//==================================================
+
+#include "DigiDocDefs.h"
+#include "DigiDocObj.h"
+#include "DigiDocMem.h"
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+
+//==========< XML generation routines >========================
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Holds info of an xml element used in signature format
+typedef struct XmlElemDef_st {
+ char* szTag; // element tag
+ char bMultiple; // 'Y' if multiple elements allowed, 'N' if not
+ void** pChildren; // list of children terminated by NULL
+} XmlElemDef;
+
+// Holds info of an xml element used in signature format
+typedef struct XmlElemInfo_st {
+ char* szId; // element tag
+ char* szTag; // element tag
+ void* pParent; // parent emenent info if exists
+ void** pChildren; // list of children terminated by NULL
+} XmlElemInfo;
+
+int XmlElemInfo_new(XmlElemInfo **ppXi, const char* id, const char* tag);
+
+void XmlElemInfo_free(XmlElemInfo* pXi);
+
+int XmlElemInfo_countChildren(XmlElemInfo* pXi);
+
+int XmlElemInfo_addChild(XmlElemInfo* pParent, XmlElemInfo* pChild);
+
+XmlElemInfo* XmlElemInfo_getRootElem(XmlElemInfo* pElem);
+
+// verifies files signature
+EXP_OPTION int verifyFileSignature(const char* szFileName, int nDigestType,
+ byte* pSigBuf, int nSigLen,
+ const char *certfile);
+
+
+// Compares two byte arrays and returns 0 for OK
+EXP_OPTION int compareByteArrays(const byte* dig1, int len1, const byte* dig2, int len2);
+
+// verifies one doc's check digests in this signature
+EXP_OPTION int verifySigDocDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
+ const DocInfo* pDocInfo, const char* szDataFile);
+// verifies the mime digest of this doc in this signature
+EXP_OPTION int verifySigDocMimeDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
+ const DocInfo* pDocInfo, const char* szFileName);
+
+// verifies this one signature
+EXP_OPTION int verifySignatureInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
+ const char* signerCA, const char* szDataFile, int bUseCA);
+
+// verifies the whole document (returns on first err)
+EXP_OPTION int verifySigDoc(const SignedDoc* pSigDoc, const char* signerCA,
+ const char** caFiles, const char* caPath, const char* notCert,
+ const char* szDataFile, int bUseCA);
+
+
+// Verifies the certificates signed attributes
+EXP_OPTION int verifySigCert(const SignatureInfo* pSigInfo);
+
+
+// Verfies NotaryInfo signature
+EXP_OPTION int verifyNotaryInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
+ const NotaryInfo* pNotInfo,
+ const char ** caFiles, const char *CApath, const char* notCertFile);
+
+// Verifies the certificates signed attributes
+EXP_OPTION int verifyNotCert(const SignatureInfo* pSigInfo, const NotaryInfo* pNotInfo);
+
+// Verfies NotaryInfo digest
+EXP_OPTION int verifyNotaryDigest(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo);
+
+// verifies signed doc
+EXP_OPTION int verifySigDocCERT(const SignedDoc* pSigDoc, const void* signerCA,
+ const X509** caCerts,
+ const char* caPath, const X509* notCert,
+ const char* szDataFile, int bUseCA);
+
+
+// Verifies this signature
+ EXP_OPTION int verifySignatureInfoCERT(const SignedDoc* pSigDoc,
+ const SignatureInfo* pSigInfo,
+ const void* signerCACert, const char* szDataFile, int bUseCA);
+
+// Checks if the cert has been signed by this CA-cert
+EXP_OPTION int isCertSignedByCERT(const X509* cert, const X509* caCert);
+
+
+// Verfies NotaryInfo signature
+EXP_OPTION int verifyNotaryInfoCERT(const SignedDoc* pSigDoc,
+ const SignatureInfo* pSigInfo,
+ const NotaryInfo* pNotInfo,
+ const X509** caCerts,
+ const char *CApath, const X509* notCert);
+
+//--------------------------------------------------
+// Verfies NotaryInfo signature
+// pSigDoc - signed doc object
+// pNotInfo - NotaryInfo object
+// caCerts - CA certificate pointer array terminated with NULL
+// CApath - path to (directory) all certs
+// notCertFile - Notary (e.g. OCSP responder) cert file
+// pSigCa - signers ca cert
+//--------------------------------------------------
+EXP_OPTION int verifyNotaryInfoCERT2(const SignedDoc* pSigDoc,
+ const SignatureInfo* pSigInfo,
+ const NotaryInfo* pNotInfo,
+ const X509** caCerts, const char *CApath,
+ const X509* notCert, const X509* pSigCa);
+
+EXP_OPTION int verifySigDocSigPropDigest(const SignatureInfo* pSigInfo);
+
+// Calculates the digest of NotaryInfo
+EXP_OPTION int calculateNotaryInfoDigest(const SignedDoc* pSigDoc,
+ const NotaryInfo* pNotInfo, byte* digBuf, int* digLen);
+
+int readTagContents(char** data, const char* fileName,
+ const char* tagName, int nAttrs,
+ const char** attNames, const char** attValues,
+ int withTags);
+
+ X509_ALGOR* setSignAlgorithm(const EVP_MD * type);
+
+int setup_verifyCERT(X509_STORE **newX509_STORE,
+ const char *CApath,
+ const X509** certs);
+
+EXP_OPTION int verifyEstIDSignature(const byte* digest, int digestLen, int nDigestType,
+ byte* pSigBuf, int nSigLen, X509* cert);
+EXP_OPTION int verifyEstIDSignature2(const byte* digest, int digestLen, int nDigestType,
+ byte* pSigBuf, int nSigLen, X509* cert);
+
+//===========================================================
+// Checks and records the knowledge if one signature had
+// missing xmlns problem
+// pSigDoc - signed doc data
+// returns 1 if at least one signature had this problem
+//============================================================
+EXP_OPTION int checkDdocWrongDigests(const SignedDoc* pSigDoc);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // __DIGIDOC_VERIFY_H__
+
+