2
0

cms_ver.c 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
  1. /*
  2. * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Simple S/MIME verification example */
  10. #include <openssl/pem.h>
  11. #include <openssl/cms.h>
  12. #include <openssl/err.h>
  13. /*
  14. * print any signingTime attributes.
  15. * signingTime is when each party purportedly signed the message.
  16. */
  17. static void print_signingTime(CMS_ContentInfo *cms)
  18. {
  19. STACK_OF(CMS_SignerInfo) *sis;
  20. CMS_SignerInfo *si;
  21. X509_ATTRIBUTE *attr;
  22. ASN1_TYPE *t;
  23. ASN1_UTCTIME *utctime;
  24. ASN1_GENERALIZEDTIME *gtime;
  25. BIO *b;
  26. int i, loc;
  27. b = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
  28. sis = CMS_get0_SignerInfos(cms);
  29. for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
  30. si = sk_CMS_SignerInfo_value(sis, i);
  31. loc = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1);
  32. attr = CMS_signed_get_attr(si, loc);
  33. t = X509_ATTRIBUTE_get0_type(attr, 0);
  34. if (t == NULL)
  35. continue;
  36. switch (t->type) {
  37. case V_ASN1_UTCTIME:
  38. utctime = t->value.utctime;
  39. ASN1_UTCTIME_print(b, utctime);
  40. break;
  41. case V_ASN1_GENERALIZEDTIME:
  42. gtime = t->value.generalizedtime;
  43. ASN1_GENERALIZEDTIME_print(b, gtime);
  44. break;
  45. default:
  46. fprintf(stderr, "unrecognized signingTime type\n");
  47. break;
  48. }
  49. BIO_printf(b, ": signingTime from SignerInfo %i\n", i);
  50. }
  51. BIO_free(b);
  52. return;
  53. }
  54. int main(int argc, char **argv)
  55. {
  56. BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
  57. X509_STORE *st = NULL;
  58. X509 *cacert = NULL;
  59. CMS_ContentInfo *cms = NULL;
  60. int ret = EXIT_FAILURE;
  61. OpenSSL_add_all_algorithms();
  62. ERR_load_crypto_strings();
  63. /* Set up trusted CA certificate store */
  64. st = X509_STORE_new();
  65. if (st == NULL)
  66. goto err;
  67. /* Read in CA certificate */
  68. tbio = BIO_new_file("cacert.pem", "r");
  69. if (tbio == NULL)
  70. goto err;
  71. cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
  72. if (cacert == NULL)
  73. goto err;
  74. if (!X509_STORE_add_cert(st, cacert))
  75. goto err;
  76. /* Open message being verified */
  77. in = BIO_new_file("smout.txt", "r");
  78. if (in == NULL)
  79. goto err;
  80. /* parse message */
  81. cms = SMIME_read_CMS(in, &cont);
  82. if (cms == NULL)
  83. goto err;
  84. print_signingTime(cms);
  85. /* File to output verified content to */
  86. out = BIO_new_file("smver.txt", "w");
  87. if (out == NULL)
  88. goto err;
  89. if (!CMS_verify(cms, NULL, st, cont, out, 0)) {
  90. fprintf(stderr, "Verification Failure\n");
  91. goto err;
  92. }
  93. printf("Verification Successful\n");
  94. ret = EXIT_SUCCESS;
  95. err:
  96. if (ret != EXIT_SUCCESS) {
  97. fprintf(stderr, "Error Verifying Data\n");
  98. ERR_print_errors_fp(stderr);
  99. }
  100. X509_STORE_free(st);
  101. CMS_ContentInfo_free(cms);
  102. X509_free(cacert);
  103. BIO_free(in);
  104. BIO_free(out);
  105. BIO_free(tbio);
  106. return ret;
  107. }