diff --git a/ccsrc/Framework/include/converter.hh b/ccsrc/Framework/include/converter.hh
index 7f2adeb95c0c3b21cb2fd96f6d1c20f0199e4fc4..cdb29e94bc4cfa2d5adcff218c8198d93ce6091b 100644
--- a/ccsrc/Framework/include/converter.hh
+++ b/ccsrc/Framework/include/converter.hh
@@ -366,6 +366,15 @@ public:
*/
std::vector<std::string> split_arguments_line(const std::string& p_value);
+ /*!
+ * \brief Replace string or character into the the provided string
+ * \param[in] p_value The original string value
+ * \param[in] p_from The pattern to be replaced
+ * \param[in] p_to The new pattern
+ * \return The modified string
+ */
+ std::string replace(const std::string& p_value, const std::string& p_from, const std::string& p_to);
+
/*!
* \brief Convert the provided buffer into a Base64
* \param[in] p_value The buffer value
diff --git a/ccsrc/Framework/src/converter.cc b/ccsrc/Framework/src/converter.cc
index 0b2f376fea4df9c80abafdaec532f356cbbb1b81..9df0ad962ba26aa7ebd97530983c22be8d3ecfc5 100644
--- a/ccsrc/Framework/src/converter.cc
+++ b/ccsrc/Framework/src/converter.cc
@@ -187,6 +187,16 @@ static std::string insert_linebreaks(std::string str, size_t distance) {
return str;
}
+std::string converter::replace(const std::string& p_value, const std::string& p_from, const std::string& p_to) {
+ size_t start_pos = 0;
+ std::string str(p_value);
+ while((start_pos = str.find(p_from, start_pos)) != std::string::npos) {
+ str.replace(start_pos, p_from.length(), p_to);
+ start_pos += p_to.length(); // Handles case where 'p_to' is a substring of 'p_from'
+ }
+ return str;
+}
+
std::vector<unsigned char> converter::buffer_to_base64(const std::vector<unsigned char> &p_value, const bool p_is_url) {
const std::string& base64_enc_map_ = converter::base64_enc_map[(p_is_url) ? 1 : 0];
const unsigned char trailing_char = (p_is_url) ? '.' : '=';
diff --git a/ccsrc/security/include/certs_cache.hh b/ccsrc/security/include/certs_cache.hh
index 70e24a3f6b92f332face82f492268b72ff1f6d9a..085872aada5248338fd515f195ac50aff7165fad 100644
--- a/ccsrc/security/include/certs_cache.hh
+++ b/ccsrc/security/include/certs_cache.hh
@@ -85,6 +85,11 @@ public: /*! \publicsection */
void dump() const;
+ const std::string cert_to_string(const std::string& p_certificate_id);
+
+ int publickey_to_string(const EVP_PKEY* p_public_kep, std::vector<unsigned char>& p_buffer);
+
+
private: /*! \privatesection */
/*!
* \fn int load_certificate(const std::string& p_certificate_name, const std::string& p_private_key_name, const std::string& p_private_key_passwd, const certs_db_record** p_record);
diff --git a/ccsrc/security/include/certs_db_record.hh b/ccsrc/security/include/certs_db_record.hh
index 302b0f89a1e7f7c43b570d4c6bf851b6a656f916..772493ad5036dfc67b1795af403826151fa08f08 100644
--- a/ccsrc/security/include/certs_db_record.hh
+++ b/ccsrc/security/include/certs_db_record.hh
@@ -62,5 +62,6 @@ public: /*! \publicsection */
inline const EVP_PKEY* private_key() const { return _private_key; };
inline const EVP_PKEY* public_key() const { return ::X509_get_pubkey(_certificate); };
inline const X509_NAME* subject_name() const { return ::X509_get_subject_name(_certificate); };
+ inline const X509_NAME* issuer() const { return ::X509_get_issuer_name(_certificate); };
inline const std::string& pem() const { return _pem; };
}; // End of class certs_db_record
diff --git a/ccsrc/security/include/security_services.hh b/ccsrc/security/include/security_services.hh
index 55befe0acc9b95566bad23b0a01248c72fce13a5..f8c7bf072b81cf98fafe5ec5f5914cc78a65525d 100644
--- a/ccsrc/security/include/security_services.hh
+++ b/ccsrc/security/include/security_services.hh
@@ -45,10 +45,7 @@ public: /*! \publicsection */
* \fn int do_sign(const OCTETSTRING& p_encoded_message, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem);
* \brief Sign message
* \param[in] p_encoded_message The raw message to be signed
- * \param[in] p_encoded_message The raw message to be signed
- * \param[in] p_encoded_message The raw message to be signed
- * \param[in] p_encoded_message The raw message to be signed
- * \param[in] p_encoded_message The raw message to be signed
+ * \param[in] TODO The raw message to be signed
* \return 0 on success, -1 otherwise
*/
int do_sign(const OCTETSTRING& p_encoded_message, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_signed_canonicalized);
@@ -59,5 +56,5 @@ public: /*! \publicsection */
* \param[in] TODO
* \return true on success, false otherwise
*/
- bool do_sign_verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate);
+ bool do_sign_verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, const CHARSTRING& p_debug_message);
};
\ No newline at end of file
diff --git a/ccsrc/security/src/certs_cache.cc b/ccsrc/security/src/certs_cache.cc
index c41d7b06f6b07841525ec14d954ccce3f3517d50..761fbb0302fe1b2f9ed08a2dde3dd3a18b8b095b 100644
--- a/ccsrc/security/src/certs_cache.cc
+++ b/ccsrc/security/src/certs_cache.cc
@@ -72,10 +72,10 @@ int certs_cache::load_certificate(const std::string& p_certificate_name, const s
*p_record = it->second.get();
// Mapping certificate id/certificate name
_certificates_idx.insert(std::pair<std::string, const std::string>(certificate_id, p_certificate_name));
- std::string sn(512, (char)0x00);
+ std::string sn(256, (char)0x00);
const X509_NAME* subject = (*p_record)->subject_name();
::X509_NAME_oneline(subject, sn.data(), sn.length());
- loggers::get_instance().log("certs_cache::load_certificate: sn: '%s'", sn.c_str());
+ loggers::get_instance().log("certs_cache::load_certificate: sn: '%s'", sn.c_str());
_certificates_subject.insert(std::pair<std::string, const std::string>(sn, certificate_id));
} else {
// Certificate is on the DB, load it
@@ -191,7 +191,7 @@ int certs_cache::store_certificate(const std::string& p_certificate_name, const
*p_record = it->second.get();
// Mapping certificate id/certificate name
_certificates_idx.insert(std::pair<std::string, const std::string>(p_certificate_id, p_certificate_name));
- std::string sn(512, (char)0x00);
+ std::string sn(256, (char)0x00);
const X509_NAME* subject = (*p_record)->subject_name();
::X509_NAME_oneline(subject, sn.data(), sn.length());
loggers::get_instance().log("certs_cache::store_certificate: sn: '%s'", sn.c_str());
@@ -207,3 +207,53 @@ void certs_cache::dump() const {
const certs_db_record *p = it->second.get();
} // End of 'for' statement
} // End of method dump
+
+const std::string certs_cache::cert_to_string(const std::string& p_certificate_id) {
+ loggers::get_instance().log(">>> certs_cache::cert_to_string: '%s'", p_certificate_id.c_str());
+
+ const certs_db_record* record;
+ if (load_certificate(p_certificate_id, &record) == -1) {
+ loggers::get_instance().warning("certs_cache::cert_to_string: Failed to load certificate");
+ return std::string(::ERR_error_string(::ERR_get_error(), nullptr));;
+ }
+
+ BIO* bio = ::BIO_new(::BIO_s_mem());
+ if (bio == nullptr) {
+ loggers::get_instance().warning("certs_cache::cert_to_string: Failed to dunp certificate");
+ return std::string(::ERR_error_string(::ERR_get_error(), nullptr));
+ }
+
+ if (::PEM_write_bio_X509(bio, (X509*)record->certificate()) == 0) {
+ ::BIO_free(bio);
+ loggers::get_instance().warning("certs_cache::cert_to_string: Failed to dunp certificate");
+ return std::string(::ERR_error_string(::ERR_get_error(), nullptr));
+ }
+
+ size_t len = ::BIO_get_mem_data(bio, nullptr);
+ std::string s(len, 0x00);
+ ::BIO_read(bio, s.data(), len);
+ ::BIO_free(bio);
+ loggers::get_instance().log("certs_cache::cert_to_string: dump: '%s'", s.c_str());
+
+ return s;
+}
+
+int certs_cache::publickey_to_string(const EVP_PKEY* p_public_kep, std::vector<unsigned char>& p_buffer) {
+ loggers::get_instance().log(">>> certs_cache::publickey_to_string: '%p'", p_public_kep);
+
+ unsigned char buffer[512];
+ unsigned char* ptr = &buffer[0];
+ int ret = ::i2d_PublicKey((EVP_PKEY*)p_public_kep, &ptr);
+ loggers::get_instance().log("certs_cache::publickey_to_string: ret: '%d'", ret);
+ if (ret < 0) {
+ loggers::get_instance().warning("certs_cache::publickey_to_string: Failed to dunp certificate");
+ p_buffer.clear();
+ return -1;
+ }
+
+ p_buffer.assign((unsigned char*)buffer, (unsigned char*)(buffer + ret));
+ loggers::get_instance().log("certs_cache::publickey_to_string: p_buffer len: '%d'", p_buffer.size());
+ loggers::get_instance().log("certs_cache::publickey_to_string: dump: '%s'", converter::get_instance().bytes_to_hexa(p_buffer).c_str());
+
+ return 0;
+}
\ No newline at end of file
diff --git a/ccsrc/security/src/security_externals.cc b/ccsrc/security/src/security_externals.cc
index 452ce0847508e7287e0ceab409ca3eeb8f6b2dfe..bc7446e3fc032bdeb055f0c1699ca79e13594809 100644
--- a/ccsrc/security/src/security_externals.cc
+++ b/ccsrc/security/src/security_externals.cc
@@ -80,10 +80,10 @@ INTEGER LibSecurity__Signature::fx__sign(const OCTETSTRING& p_encoded_message, c
return 0;
}
-BOOLEAN LibSecurity__Signature::fx__do__sign__verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate) {
+BOOLEAN LibSecurity__Signature::fx__do__sign__verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, const CHARSTRING& p_debug_message) {
loggers::get_instance().log(">>> fx__do__sign__verify");
- if (!_security_services->do_sign_verify(p_message, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate)) {
+ if (!_security_services->do_sign_verify(p_message, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate, p_debug_message)) {
loggers::get_instance().log("fx__do__sign__verify: Failed to verify message signature");
return false;
}
diff --git a/ccsrc/security/src/securty_services.cc b/ccsrc/security/src/securty_services.cc
index cca8948cb8e7a8aa39f4c19e1f41fa372b290ba9..aded5e9309913b7ded2a4ef676ef6f70eb0d2ef8 100644
--- a/ccsrc/security/src/securty_services.cc
+++ b/ccsrc/security/src/securty_services.cc
@@ -63,12 +63,12 @@ int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARS
loggers::get_instance().warning("security_services::do_sign: Failed to retrieve certificate");
return -1;
}
+ loggers::get_instance().log("security_services::do_sign: certificate dump: '%s'", _certs_db->cert_to_string(certificate_id).c_str());
X509_NAME* sn = X509_get_subject_name((X509*)certificate);
std::string subject(512, (char)0x00);
::X509_NAME_oneline(sn, (char*)subject.c_str(), subject.length());
loggers::get_instance().log("security_services::do_sign: X509_NAME_oneline: '%s'", subject.c_str());
p_x509_certificate_subject = CHARSTRING(subject.c_str());
- X509_free((X509*)certificate);
std::string str;
if (_certs_db->get_certificate_pem(certificate_id, str) != 0) {
@@ -80,7 +80,7 @@ int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARS
// Compute the digest
sha256 digest;
digest.generate(char2oct(CHARSTRING(canonicalized.c_str())), p_digest);
- loggers::get_instance().log_msg("security_services::do_sign: p_digest: ", p_digest);
+ loggers::get_instance().log_msg("security_services::do_sign: digest: ", p_digest);
// Retrive the private key
const EVP_PKEY* private_key;
@@ -114,26 +114,53 @@ int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARS
::EVP_MD_CTX_free(ctx);
return -1;
}
+ if (signature_length != ::EVP_PKEY_size(private_key)) {
+ loggers::get_instance().warning("security_services::do_sign: Wrong signature length");
+ ::EVP_MD_CTX_free(ctx);
+ return -1;
+ }
loggers::get_instance().log("security_services::do_sign: signature_length: %d", signature_length);
std::vector<unsigned char> s(signature_length, 0x00);
- unsigned char* val = s.data();
- if (::EVP_DigestSignFinal(ctx, val, &signature_length) != 1) {
+ if (::EVP_DigestSignFinal(ctx, s.data(), &signature_length) != 1) {
loggers::get_instance().warning("security_services::do_sign: EVP_DigestSignUpdate failed, error 0x%lx", ::ERR_get_error());
::EVP_MD_CTX_free(ctx);
s.clear();
return -1;
}
+ ::EVP_MD_CTX_free(ctx);
+
+ // Ensure that the signature round-trips
+ // Retrive the public key
+ const EVP_PKEY* public_key;
+ if (_certs_db->get_private_key(certificate_id, &public_key) == 1) {
+ loggers::get_instance().warning("security_services::do_sign: Failed to retrieve private key");
+ return -1;
+ }
+ loggers::get_instance().log("security_services::do_sign: public_key: '%p'", public_key);
+ std::vector<unsigned char> buffer;
+ _certs_db->publickey_to_string(public_key, buffer);
+ ctx = ::EVP_MD_CTX_new();
+ if (!::EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, (EVP_PKEY*)public_key) ||
+ !::EVP_DigestVerifyUpdate(ctx, (const unsigned char*)canonicalized.c_str(), canonicalized.length()) ||
+ !::EVP_DigestVerifyFinal(ctx, s.data(), s.size())) {
+ loggers::get_instance().warning("security_services::do_sign: Failed to verify signature, error 0x%lx", ::ERR_get_error());
+ ::EVP_MD_CTX_free(ctx);
+ s.clear();
+ return -1;
+ }
+ ::EVP_MD_CTX_free(ctx);
+ loggers::get_instance().log("security_services::do_sign: signature was verified with public key");
p_signature = OCTETSTRING(signature_length, s.data());
- ::EVP_MD_CTX_free(ctx);
loggers::get_instance().log_msg("<<< security_services::do_sign: signature: ", p_signature);
return 0;
}
-bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate) {
- loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_message: ", p_message);
+bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, const CHARSTRING& p_debug_message) {
+ loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_message: ", p_message);
+ loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_debug_message: ", p_debug_message);
loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_canonicalization_method: ", p_canonicalization_method);
loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_subject_name: ", p_subject_name);
loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_signature_method: ", p_signature_method);
@@ -151,13 +178,20 @@ bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVER
if (_certs_db->get_certificate_by_subject_name(sn, &certificate) != 0) {
loggers::get_instance().warning("security_services::do_sign_verify: Failed to retrieve certificate");
// Use provided certificate if any
- size_t i = sn.find_first_of("CN=");
+ loggers::get_instance().log("security_services::do_sign_verify: sn='%s'", sn.c_str());
+ size_t i = sn.find("CN=");
if (i == std::string::npos) {
loggers::get_instance().warning("security_services::do_sign_verify: Failed to extract certificate name");
return false;
}
- size_t j = sn.find_first_of(",");
- std::string certificate_name = sn.substr(i + 3, j - i - 3);
+ size_t j = sn.find(",", i + 3);
+ std::string certificate_name;
+ if (j == std::string::npos) {
+ certificate_name = sn.substr(i + 3);
+ } else {
+ certificate_name = sn.substr(i + 3, j - i - 3);
+ }
+ certificate_name = converter::get_instance().replace(certificate_name, "-", "_");
loggers::get_instance().log("security_services::do_sign_verify: certificate name: '%s'", certificate_name.c_str());
const certs_db_record* record;
if (_certs_db->store_certificate(certificate_name, std::string(static_cast<const char*>(unichar2char(p_certificate))), certificate_id, &record) == -1) {
@@ -166,6 +200,7 @@ bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVER
}
loggers::get_instance().log("security_services::do_sign_verify: certificate id: '%s'", record->certificate_id().c_str());
}
+ loggers::get_instance().log("security_services::do_sign_verify: certificate dump: '%s'", _certs_db->cert_to_string(certificate_id).c_str());
// Retrive the public key
const EVP_PKEY* public_key;
@@ -174,7 +209,9 @@ bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVER
loggers::get_instance().warning("security_services::do_sign_verify: Failed to retrieve public key");
return false;
}
- loggers::get_instance().log("security_services::do_sign: public_key: '%p'", public_key);
+ loggers::get_instance().log("security_services::do_sign_verify: public_key: '%p'", public_key);
+ std::vector<unsigned char> buffer;
+ _certs_db->publickey_to_string(public_key, buffer);
// Create signing context
EVP_MD_CTX* ctx = ::EVP_MD_CTX_new();
@@ -185,46 +222,41 @@ bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVER
std::string signature_method(static_cast<const char*>(unichar2char(p_signature_method))); // E.g. http://www.w3.org/2000/09/xmldsig#rsa-sha1
const EVP_MD *md;
if (signature_method.find("sha1") != std::string::npos) {
- md = EVP_sha1();
+ loggers::get_instance().log("security_services::do_sign_verify: signature method: sha1");
+ md = EVP_sha1();
} else if (signature_method.find("sha256") != std::string::npos) {
+ loggers::get_instance().log("security_services::do_sign_verify: signature method: sha256");
md = EVP_sha256();
} else if (signature_method.find("sha384") != std::string::npos) {
+ loggers::get_instance().log("security_services::do_sign_verify: signature method: sha384");
md = EVP_sha384();
} else {
+ loggers::get_instance().error("security_services::do_sign_verify: Unsupported signature method");
return false;
}
- if (::EVP_DigestVerifyInit(ctx, NULL, md, NULL, (EVP_PKEY*)public_key) != 1) { // FIXME Add parameter to chose the digest algorithm
+ // Check signature
+ if (::EVP_DigestVerifyInit(ctx, NULL, md, NULL, (EVP_PKEY*)public_key) != 1) {
loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyInit failed, error 0x%lx", ::ERR_get_error());
::EVP_MD_CTX_free(ctx);
return false;
}
+ if(::EVP_DigestVerifyUpdate(ctx, (const char*)p_message, p_message.lengthof()) != 1) {
+ loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyUpdate failed, error 0x%lx - %s", ::ERR_get_error(), ::ERR_error_string(::ERR_get_error(), nullptr));
+ ::EVP_MD_CTX_free(ctx);
+ return false;
+ }
std::string signature_value(static_cast<const char*>(unichar2char(p_signature_value)));
// Remove CR/LF if any
//signature_value.erase(std::remove(signature_value.begin(), signature_value.end(), '\r'), signature_value.end());
//signature_value.erase(std::remove(signature_value.begin(), signature_value.end(), '\n'), signature_value.end());
- loggers::get_instance().warning("security_services::do_sign_verify: Before B64 decoded: '%s'", signature_value.c_str());
+ loggers::get_instance().log("security_services::do_sign_verify: Before B64 decoded: '%s'", signature_value.c_str());
// Convert into bytes buffer
const std::vector<unsigned char> to_decode((const unsigned char*)signature_value.c_str(), static_cast<const unsigned char*>((const unsigned char*)signature_value.c_str() + signature_value.length()));
std::vector<unsigned char> b64 = converter::get_instance().base64_to_buffer(to_decode);
- loggers::get_instance().warning("security_services::do_sign_verify: B64 decoded: '%s'", converter::get_instance().bytes_to_hexa(b64, true).c_str());
-
-
- // EVP_ENCODE_CTX *ctx_ = ::EVP_ENCODE_CTX_new();
- // ::EVP_DecodeInit(ctx_);
- // std::vector<unsigned char> b64_(1024, 0x00);
- // int outl1 = 0;
- // int outl2 = 0;
- // ::EVP_DecodeUpdate(ctx_, b64_.data(), &outl1, to_decode.data(), to_decode.size());
- // ::EVP_DecodeFinal(ctx_, b64_.data(), &outl2);
- // ::EVP_ENCODE_CTX_free(ctx_);
- // b64_.resize(outl1 + outl2);
- // loggers::get_instance().log("security_services::do_sign_verify: B64_ decoded: '%s'", converter::get_instance().bytes_to_hexa(b64_, true).c_str());
-
-
-
- // Check signature
+ loggers::get_instance().log("security_services::do_sign_verify: B64 decoded: '%s'", converter::get_instance().bytes_to_hexa(b64, true).c_str());
+ loggers::get_instance().log("security_services::do_sign_verify: B64 decoded len: '%d'", b64.size());
if(::EVP_DigestVerifyFinal(ctx, b64.data(), b64.size()) != 1) {
- loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyFinal failed, error 0x%lx", ::ERR_get_error());
+ loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyFinal failed, error 0x%lx - %s", ::ERR_get_error(), ::ERR_error_string(::ERR_get_error(), nullptr));
::EVP_MD_CTX_free(ctx);
return false;
}
diff --git a/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn b/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn
index 198c03c601c1ecffa76468c24775868e974af266..52bf3c57ff55471aec23141aac7c46ea11798106 100644
--- a/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn
+++ b/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn
@@ -42,11 +42,12 @@ module LibSecurity_Signature {
in universal charstring p_digest_value,
in universal charstring p_signature_value,
in universal charstring p_subject_name,
- in universal charstring p_certificate
+ in universal charstring p_certificate,
+ in charstring p_debug_message
) return boolean {
- return fx_do_sign_verify(p_message, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate);
+ return fx_do_sign_verify(p_message, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate, p_debug_message);
}
- external function fx_do_sign_verify(in charstring p_message, in universal charstring p_canonicalization_method, in universal charstring p_signature_method, in universal charstring p_digest_method, in universal charstring p_digest_value, in universal charstring p_signature_value, in universal charstring p_subject_name, in universal charstring p_certificate) return boolean;
+ external function fx_do_sign_verify(in charstring p_message, in universal charstring p_canonicalization_method, in universal charstring p_signature_method, in universal charstring p_digest_method, in universal charstring p_digest_value, in universal charstring p_signature_value, in universal charstring p_subject_name, in universal charstring p_certificate, in charstring p_debug_message) return boolean;
} // End of LibSecurity_Signature
\ No newline at end of file