22 #include "../../log.h"
23 #include "../cert/X509Cert.h"
24 #include "../Digest.h"
25 #include "../../Conf.h"
26 #include "../../util/File.h"
33 #include <cryptuiapi.h>
38 __in PCCERT_CONTEXT pCertContext,
39 __in HWND hWndSelCertDlg,
40 __in
void *pvCallbackData
69 #define CryptUIDlgSelectCertificate CryptUIDlgSelectCertificateW
78 LPCWSTR pszProperty, PBYTE pbInput, DWORD cbInput, DWORD dwFlags );
80 VOID *pPaddingInfo, PBYTE pbHashValue, DWORD cbHashValue, PBYTE pbSignature,
81 DWORD cbSignature, DWORD *pcbResult, DWORD dwFlags );
86 static BOOL WINAPI
CertFilter(PCCERT_CONTEXT cert_context,
87 BOOL* is_initial_selected_cert,
void* callback_data);
95 NCRYPT_KEY_HANDLE
key;
102 using namespace digidoc;
105 BOOL *,
void *callback_data)
107 int *counter =
static_cast<int*
>(callback_data);
108 X509Cert cert( std::vector<unsigned char>(cert_context->pbCertEncoded,
109 cert_context->pbCertEncoded+cert_context->cbCertEncoded));
110 std::vector<digidoc::X509Cert::KeyUsage> usage = cert.
getKeyUsage();
128 d->h = LoadLibraryW(L
"ncrypt.dll");
131 setSelectFirst(selectFirst);
136 d->f_NCryptSignHash =
s_NCryptSignHash(GetProcAddress(d->h,
"NCryptSignHash"));
165 HCERTSTORE store = CertOpenSystemStore(0, L
"MY");
169 PCCERT_CONTEXT cert_context = 0;
172 PCCERT_CONTEXT find = 0;
173 while(find = CertFindCertificateInStore(store, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, find))
176 CertGetIntendedKeyUsage(X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, find->pCertInfo, &keyUsage, 1);
177 if(keyUsage & CERT_NON_REPUDIATION_KEY_USAGE)
197 DWORD flags = CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG|CRYPT_ACQUIRE_COMPARE_KEY_FLAG;
201 CryptAcquireCertificatePrivateKey( cert_context, flags, 0, &
d->
key, &spec, &ncrypt );
205 d->
cert =
X509Cert( std::vector<unsigned char>(cert_context->pbCertEncoded,
206 cert_context->pbCertEncoded+cert_context->cbCertEncoded));
207 CertFreeCertificateContext( cert_context );
233 DEBUG(
"sign(digest = {type=%s,digest=%p,length=%d}, signature={signature=%p,length=%d})",
234 OBJ_nid2sn(digest.type), digest.digest, digest.length, signature.signature, signature.length);
239 BCRYPT_PKCS1_PADDING_INFO padInfo;
240 padInfo.pszAlgId = 0;
243 case NID_sha1: padInfo.pszAlgId = NCRYPT_SHA1_ALGORITHM;
break;
244 case NID_sha224: padInfo.pszAlgId = L
"SHA224";
break;
245 case NID_sha256: padInfo.pszAlgId = NCRYPT_SHA256_ALGORITHM;
break;
246 case NID_sha384: padInfo.pszAlgId = NCRYPT_SHA384_ALGORITHM;
break;
247 case NID_sha512: padInfo.pszAlgId = NCRYPT_SHA512_ALGORITHM;
break;
252 SECURITY_STATUS err = 0;
257 signature.signature, signature.length, (DWORD*)&signature.length, BCRYPT_PAD_PKCS1);
261 case ERROR_SUCCESS:
break;
262 case SCARD_W_CANCELLED_BY_USER:
264 SignException
e(__FILE__, __LINE__,
"PIN acquisition canceled.");
270 std::ostringstream s;
271 s <<
"Failed to login to token: " << err;
272 SignException
e(__FILE__, __LINE__, s.str());
282 if( result == NID_sha1 )
286 for( std::vector<std::string>::iterator
i = pol.begin();
i != pol.end(); ++
i )
288 if(
i->find(
"1.3.6.1.4.1.10015.1.2.", 22) == 0 ||
289 i->find(
"1.3.6.1.4.1.10015.3.2.", 22) == 0)