micord/ervu-sign-module
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-8890. Открытие сертификата для подписи вынесено в инициализацию

Browse source 
(cherry picked from commit 3807bc745778c423bf107ccf818bd55807824ef5)
This commit is contained in:
Наиля Алашкова 2025-02-07 12:19:45 +03:00
parent 40746f2bd2
commit 57297d574f
3 changed files with 79 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

95
src/utils/cryptopro.c
View file

@ -14,6 +14,7 @@ static int sign_hash_data(const cryptopro_context_t *ctx, const str_t *data, /*o
static int reverse_sign(const str_t *sign, /*out*/ str_t *sign_reversed);
static HCERTSTORE cert_open_store();
static void cert_close_store(HCERTSTORE hStoreHandle);
static PCCERT_CONTEXT get_signer_cert(const cryptopro_context_t *ctx, HCERTSTORE hStoreHandle);
@ -227,35 +228,65 @@ log_sign_hash_data_last_error()
}
}
int
open_signer_cert(cryptopro_context_t *ctx)
{
LOG_TRACE("open_signer_cert enter");
ctx->cert_store = cert_open_store();
if (ctx->cert_store == NULL) {
goto error;
}
ctx->signer_cert = get_signer_cert(ctx, ctx->cert_store);
if (ctx->signer_cert == NULL) {
goto error;
}
LOG_TRACE("open_signer_cert exit");
return 0;
error:
LOG_ERROR("open_signer_cert exit with error. Last error code: 0x%08x",
cp_function_list.GetLastError());
close_signer_cert(ctx);
return -1;
}
void
close_signer_cert(cryptopro_context_t *ctx)
{
LOG_TRACE("close_signer_cert enter");
if (ctx->signer_cert) {
cp_function_list.CertFreeCertificateContext(ctx->signer_cert);
ctx->signer_cert = NULL;
}
cert_close_store(ctx->cert_store);
ctx->cert_store = NULL;
LOG_TRACE("close_signer_cert exit");
}
static int
sign_hash_data(const cryptopro_context_t *ctx, const str_t *data, /*out*/ str_t *sign)
{
int rc = -1;
HCERTSTORE hStoreHandle;
PCCERT_CONTEXT pSignerCert = NULL;
BOOL bReleaseContext = FALSE;
HCRYPTPROV hCryptProv;
HCRYPTHASH hash = 0;
BYTE *pbSignedMessageBlob;
DWORD cbSignedMessageBlob;
hStoreHandle = cert_open_store();
if (hStoreHandle == NULL) {
goto exit;
}
pSignerCert = get_signer_cert(ctx, hStoreHandle);
if (pSignerCert == NULL) {
goto exit;
}
if (!verify_cert_chain(pSignerCert)) {
if (!verify_cert_chain(ctx->signer_cert)) {
goto exit;
}
if (!cp_function_list.CryptAcquireCertificatePrivateKey(
pSignerCert,
CRYPT_ACQUIRE_SILENT_FLAG,
ctx->signer_cert,
CRYPT_ACQUIRE_SILENT_FLAG | CRYPT_ACQUIRE_CACHE_FLAG,
NULL,
&hCryptProv,
NULL,
@ -301,15 +332,6 @@ exit:
cp_function_list.CryptReleaseContext(hCryptProv, 0);
}
if (pSignerCert) {
cp_function_list.CertFreeCertificateContext(pSignerCert);
}
if (hStoreHandle) {
if (!cp_function_list.CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_CHECK_FLAG)) {
LOG_ERROR("CertCloseStore() failed");
}
}
if (rc) {
log_sign_hash_data_last_error();
@ -348,7 +370,7 @@ cert_open_store()
hStoreHandle = cp_function_list.CertOpenStore(CERT_STORE_PROV_SYSTEM,
0,
0,
CERT_SYSTEM_STORE_CURRENT_USER,
CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG,
L"MY");
if (hStoreHandle == NULL) {
@ -357,10 +379,25 @@ cert_open_store()
}
LOG_DEBUG("The MY store is open");
LOG_TRACE("cert_open_store exit");
return hStoreHandle;
}
static void
cert_close_store(HCERTSTORE hStoreHandle)
{
LOG_TRACE("cert_close_store enter");
if (hStoreHandle) {
if (!cp_function_list.CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_CHECK_FLAG)) {
LOG_ERROR("CertCloseStore() failed");
}
}
LOG_TRACE("cert_close_store exit");
}
static PCCERT_CONTEXT
get_cert_by_thumbprint(HCERTSTORE hStoreHandle, const str_t* thumbprint)
{
@ -681,11 +718,7 @@ exit:
cp_function_list.CertFreeCertificateContext(certificate);
}
if (hStoreHandle) {
if (!cp_function_list.CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_CHECK_FLAG)) {
LOG_ERROR("CertCloseStore() failed");
}
}
cert_close_store(hStoreHandle);
if (rc == 0) {
LOG_TRACE("cryptopro_verify exit");