问题描述
- OPENSSL PKCS7 认证哪位大神会啊!!!
- 我用C++写了一个安卓APK的认证。
主要就是解析里面的CERT.RSA
解析:
PKCS7 *p7 = NULL;
BIO *in = BIO_new(BIO_s_file());
STACK_OF(X509) *certs = NULL;
int i;BIO_read_filename(in rsa_path); p7 = d2i_PKCS7_bio(in NULL); if(p7) { i = OBJ_obj2nid(p7->type); } else { BIO_free(in); break; } if(i == NID_pkcs7_signed) { certs = p7->d.sign->cert; } else if(i == NID_pkcs7_signedAndEnveloped) { certs = p7->d.signed_and_enveloped->cert; } BIO_free(in); if(sk_X509_num(certs) != 1) { PKCS7_free(p7); break; }
认证:
BIO *p7bio = NULL;
int res = 0;
char buf[1024*4] = {0};
STACK_OF(PKCS7_SIGNER_INFO) *sk;
PKCS7_SIGNER_INFO *si;
X509 * x509;
int i;PKCS7 *pkcs7 = (PKCS7 *)m_pkcs7;p7bio = PKCS7_dataDecode(pkcs7 0 0 0); //这里得到的p7bio是空的!!!!为什么 //这段代码是我从网上面找到的for (;;){ i=BIO_read(p7biobufsizeof(buf)); if (i <= 0) break;}// We can now verify signaturessk = PKCS7_get_signer_info(pkcs7);if (sk == NULL){ goto end;}else{ if (sk_PKCS7_SIGNER_INFO_num(sk) == 0) { goto end; } /* Ok first we need to for each subject entry * see if we can verify */ for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) { si = sk_PKCS7_SIGNER_INFO_value(sk i); x509 = X509_find_by_issuer_and_serial(pkcs7->d.sign->certsi->issuer_and_serial->issuersi->issuer_and_serial->serial); int ret; ret = PKCS7_signatureVerify(p7bio pkcs7 si x509); if (ret <= 0) goto end; }}res = 1;
end:
if (p7bio)
BIO_free_all(p7bio);
return res;
解决方案
m_pkcs7数据是否正确。
解决方案二:
获取m_pkcs7
bool Certificate::parse(const char *rsa_path) {
bool ret = false;
do {
if(m_pkcs7) {
clear();
}
PKCS7 *p7 = NULL;
BIO *in = BIO_new(BIO_s_file());
STACK_OF(X509) *certs = NULL;
int i;
BIO_read_filename(in rsa_path); p7 = d2i_PKCS7_bio(in NULL); if(p7) { i = OBJ_obj2nid(p7->type); } else { BIO_free(in); break; } if(i == NID_pkcs7_signed) { certs = p7->d.sign->cert; } else if(i == NID_pkcs7_signedAndEnveloped) { certs = p7->d.signed_and_enveloped->cert; } BIO_free(in); if(sk_X509_num(certs) != 1) { PKCS7_free(p7); break; } m_rsa_path = rsa_path; m_certs = certs; m_pkcs7 = p7; ret = true;}while(0);return ret;
}
验证:
bool Certificate::VerifyPkcs7Signature() {
if(m_pkcs7 == NULL) {
return false;
}
BIO *p7bio = NULL;
int res = 0;
char buf[1024*4] = {0};
STACK_OF(PKCS7_SIGNER_INFO) *sk;
PKCS7_SIGNER_INFO *si;
X509 * x509;
int i;
PKCS7 *pkcs7 = (PKCS7 *)m_pkcs7;// p7bio = PKCS7_dataInit(pkcs7NULL);p7bio = PKCS7_dataDecode(pkcs7 0 0 0);// We now have to 'read' from p7bio to calculate digests etc.do { i = BIO_read(p7bio buf sizeof(buf)); //we can now verify signatures sk = PKCS7_get_signer_info(pkcs7); if(sk == NULL) { break; } if(0 == sk_PKCS7_SIGNER_INFO_num(sk)) { break; } for(i = 0; i < sk_PKCS7_SIGNER_INFO_num(sk); i++) { si = sk_PKCS7_SIGNER_INFO_value(sk i); x509 = X509_find_by_issuer_and_serial(pkcs7->d.sign->cert si->issuer_and_serial->issuer si->issuer_and_serial->serial); int ret = PKCS7_signatureVerify(p7bio pkcs7 si x509); if(ret < 0) { res = -1; break; } }}while(0);if(p7bio) { BIO_free_all(p7bio);}return res != 1;
}
你看看有什么问题
现在是能用了,但是不知道为什么PKCS7_dataDecode仍然是空。
如果你了解怎么用PKCS7来得到签名的话,我就真的谢谢你了!!!!
时间: 2024-08-26 02:53:25