#ifndef __DIGI_DOC_LIB_H__ #define __DIGI_DOC_LIB_H__ //================================================== // FILE: DigiDocLib.h // PROJECT: Digi Doc // DESCRIPTION: Digi Doc functions for creating // and reading signed documents. // AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia //================================================== // Copyright (C) AS Sertifitseerimiskeskus // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 2.1 of the License, or (at your option) any later version. // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details.ode // GNU Lesser General Public Licence is available at // http://www.gnu.org/copyleft/lesser.html //==========< HISTORY >============================= // 10.02.2004 Integrated // 02.01.2004 Veiko Sinivee // Added support for format 1.3 // 29.10.2003 Aare Amenberg // Added some function headers // (needed for compiling COM) // 1.0 09.04.2002 Veiko Sinivee // Supports XML format (Type: SK-XML-1.0) //================================================== #ifdef __cplusplus extern "C" { #endif #include <openssl/x509.h> #include <openssl/ocsp.h> #include <DigiDocMem.h> #include <DigiDocDefs.h> #include <DigiDocError.h> //==========< data structures >==================== // supported format and version combination typedef struct FormatAndVer_st { char* szFormat; char* szVersion; } FormatAndVer; // contains timestamp data typedef struct Timestamp_st { int year; int mon; int day; int hour; int min; int sec; int tz; } Timestamp; // contains the signed attributes of each document file entry typedef struct DocInfo_st { char* szDocId; // document id char* szDigestType; // digest method used byte* szDigest; // digest value int nDigestLen; // digest value length byte* szMimeDigest; // digest value int nMimeDigestLen; // digest value length } DocInfo; typedef struct SignatureProductionPlace_st { char* szCity; char* szStateOrProvince; char* szPostalCode; char* szCountryName; } SignatureProductionPlace; typedef struct SignerRole_st { int nClaimedRoles; char** pClaimedRoles; int nCertifiedRoles; char** pCertifiedRoles; } SignerRole; // signature info for each user signature typedef struct SignatureInfo_st { char* szId; // signature id int nDocs; // number of separate documents signed DocInfo** pDocs; // info for each signed document char* szTimeStamp; // signature timestamp in format "YYYY-MM-DDTHH:MM:SSZ" byte* szSigPropDigest; // signed properties digest int nSigPropDigestLen; // length of signed properties digest byte* szSigPropRealDigest; // signed properties digest as read from file int nSigPropRealDigestLen; // length of signed properties digest as read from file byte* szSigInfoRealDigest; // signed properties digest as read from file int nSigInfoRealDigestLen; // length of signed properties digest as read from file char* szSigType; // signature type used byte* szSigValue; // signature value short nSigLen; // signature value length X509* pX509Cert; // X509Cert certificate (used internally for data during loading) char* szIssuerSerial; // certificates serial number (signed value) byte* szCertDigest; // signed properties digest int nCertDigestLen; // length of signed properties digest SignatureProductionPlace sigProdPlace; SignerRole signerRole; byte* szOrigContent; int nOrigContentLen; } SignatureInfo; // data file entry for each data file typedef struct DataFile_st { char* szId; // data file id char* szFileName; // signed doc file name char* szMimeType; // date file mime type char* szContentType; // DETATCHED, EMBEDDED or EMBEDDED_BASE64 long nSize; // file size (unencoded) char* szDigestType; // digest type byte* szDigest; // digest value int nDigestLen; // digest value length byte* szWrongDigest; // bad digest calculated in earlier buggy version int nWrongDigestLen; // digest value length byte* szDetachedDigest; // detached files digest value int nDetachedDigestLen; // digest value length int nAttributes; // number of other attributes char* szCharset; // datafile initial codepage char** pAttNames; // other attribute names char** pAttValues; // other attribute values byte* szContent; long nContentLen; } DataFile; typedef struct NotaryInfo_sk { char* szId; // Notary id char* szSigId; // signature id that is notaried char* szNotType; // notary info type (OCSP-1.0) char* timeProduced; // producedAt char* szRespIdType; // responder id type char* szRespId; // responder id value int nRespIdLen; // responder id value length char* thisUpdate; // thisUpdate (nextUpdate is allways NULL) char* nextUpdate; // next update time char* szDigestType; // digest method used byte* szIssuerNameHash; // issuer hash value int nIssuerNameHashLen; // issuer hash value length byte* szIssuerKeyHash; int nIssuerKeyHashLen; byte* szUserSign; // verified signature hash value (OCSP Nonce) int nUserSignLen; // signature hash value length // notaries personal signature char* szSigType; // signature type used byte* szSigValue; // signature value short nSigLen; // signature value length X509* pX509Cert; // X509Cert certificate (used internally for data during loading) char* szIssuerSerial; // certificates serial number (signed value) byte* szCertDigest; // signed properties digest (used internally for data during loading) int nCertDigestLen; // length of signed properties digest byte* szOcspDigest; // OCSP response digest int nOcspDigestLen; // OCSP response digest length void* pOcspResponse; // actual OCSP response } NotaryInfo; typedef struct SignedDoc_st { char* szFormat; // data format name char* szFormatVer; // data format version int nDataFiles; DataFile** pDataFiles; int nSignatures; SignatureInfo** pSignatures; int nNotaries; NotaryInfo** pNotaries; } SignedDoc; // structure used to report paths of data files typedef struct FilePath_st { char* szFileName; char* szPath; } FilePath; //==========< admin functions >==================== // returns the library name EXP_OPTION const char* getLibName(); // returns the library version EXP_OPTION const char* getLibVersion(); // returns an array of supported formats terminated by NULL EXP_OPTION const char** getSupportedFormats(); // returns an array of supported formats and versions terminated by NULL EXP_OPTION FormatAndVer* getSupportedFormatsAndVersions(); // returns the GUI version EXP_OPTION const char* getGUIVersion(); // sets the GUI version EXP_OPTION void setGUIVersion(const char* szVer); // initializes error library EXP_OPTION void initDigiDocLib(); // cleanup of error library EXP_OPTION void finalizeDigiDocLib(); // trim leading and trailing whitespace EXP_OPTION char* trim(char* src); // converts timestamp string to it's components EXP_OPTION int convertStringToTimestamp(const SignedDoc* pSigDoc, const char* szTimestamp, Timestamp* pTimestamp); // converts timestamp to string EXP_OPTION int convertTimestampToString(const SignedDoc* pSigDoc, const Timestamp* pTimestamp, char* szTimestamp); // creates new timestamp object EXP_OPTION int Timestamp_new(Timestamp **, int year,int month,int day,int hour,int minute,int second,int timezone); // frees this timestamp object EXP_OPTION void Timestamp_free(Timestamp* pTimestamp); // converts timestamp string to time_t value EXP_OPTION time_t convertStringToTimeT(const SignedDoc* pSigDoc, const char* szTimestamp); // Sets a string element of a struct to a new value int setString(char** dest, const char* value, int valLen); EXP_OPTION int checkFileExists(const char* szFileName); int ddocPullUrl(const char* url, DigiDocMemBuf* pSendData, DigiDocMemBuf* pRecvData, const char* proxyHost, const char* proxyPort); //-------------------------------------------------- // sends an OCSP_REQUES object to remore server and // retrieves the OCSP_RESPONSE object // resp - buffer to store the new responses pointer // req - request objects pointer // url - OCSP responder URL // ip_addr - senders ip address if known or 0 //-------------------------------------------------- int sendOCSPRequest(OCSP_RESPONSE** resp, OCSP_REQUEST *req, char* url, char* proxyHost, char* proxyPort, unsigned long ip_addr); // Cheks a combination of format and version for validity int ddocCheckFormatAndVer(const char* format, const char* version); EXP_OPTION int ddocConvertFileName(char* dest, int destlen, const char* src); //-------------------------------------------------- // Converts timestamp (time_t) value to a struct // tm value. Caller must provide address of tm struct. // This function is used because loacltime() is not // thread-safe and win32 has no equvalent of localtime_r(). // pTime - time_t value address // pTmStruct - struct tm address // bLocal - 1=localtime_r, 0=gmtime_r // returns error code or ERR_OK //-------------------------------------------------- EXP_OPTION int ddocLocalTime(time_t* pTime, struct tm* pTmStruct, int bLocal); //==========< general crypto fucntions >============ // calculates input files digest. // supports only SHA1 EXP_OPTION int calculateFileDigest(const char* szFileName, int nDigestType, byte* pDigestBuf, int* nDigestLen, long* lFileLen); // calculate file size EXP_OPTION int calculateFileSize(const char* szFileName, long* lFileLen); // calculates files RSA+SHA1 signature EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType, byte* pSigBuf, int* nSigLen, const char *keyfile, const char* passwd); // verifies files signature EXP_OPTION int verifyFileSignature(const char* szFileName, int nDigestType, byte* pSigBuf, int nSigLen, const char *certfile); // sign some arbitrary daya EXP_OPTION int signData(const byte* data, int dlen, byte* pSigBuf, int* nSigLen, int nDigestType, const char *keyfile, const char* passwd); // calculate digest over some arbitrary data EXP_OPTION int calculateDigest(const byte* data, int nDataLen, int nDigestType, byte* pDigestBuf, int* nDigestLen); // Base64 encode some data EXP_OPTION void encode(const byte* raw, int rawlen, byte* buf, int* buflen); // Base64 decode some data EXP_OPTION void decode(const byte* raw, int rawlen, byte* buf, int* buflen); // Decodes binary (DER) OCSP_RESPONSE data and returns a OCSP_RESPONSE object EXP_OPTION int ddocDecodeOCSPResponseData(OCSP_RESPONSE **ppResp, const byte* data, int len); // Decodes base64 (PEM) OCSP_RESPONSE data and returns a OCSP_RESPONSE object EXP_OPTION int ddocDecodeOCSPResponsePEMData(OCSP_RESPONSE **ppResp, const byte* data, int len); //-------------------------------------------------- // Prepares a new signature for signing and calculates // the final hash value to sign. // pSigDoc - signed document object // ppSigInfo - pointer for address of newly allocated signature // manifest - manifest or role // city - signers address , city // state - signers address , state or province // zip - signers address , postal code // country - signers address , country name // id - id for new signature. Optional, use NULL for default // return returns error code or ERR_OK //-------------------------------------------------- EXP_OPTION int ddocPrepareSignature(SignedDoc* pSigDoc, SignatureInfo** ppSigInfo, const char* manifest, const char* city, const char* state, const char* zip, const char* country, X509* pCert, const char* id); //-------------------------------------------------- // Returns the hash to be signed with or without ASN1 // prefix and with or without base64 encoding // pSigInfo - signature address // pBuf - buffer for hash value with or without prefix // pBufLen - pointer to buffer length // b64 - return base64 encode 1/0 // bWithAsn1Prefix - return with or without ASN1 prefix 1/0 // return returns error code or ERR_OK //-------------------------------------------------- EXP_OPTION int ddocGetSignedHash(SignatureInfo* pSigInfo, char* pBuf, int* pBufLen, int b64, int bWithAsn1Prefix); //==========< XML generating functions >================= // thse functions generate certain XML form info, that // is used as input data for either signing or digesting // generates current timestamp in format: DD.MM.YYYY HH:MM:SS EXP_OPTION int createTimestamp(const SignedDoc* pSigDoc, char* buf); // creates XML <SignedInfo> block (actually signed info) EXP_OPTION char* createXMLSignedInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo); // creates XML mime type <SinatureProperty> block for signing EXP_OPTION int createMimeType(char* buf, const char* mime, const char* sigId, const char* docId); //==========< memory mgmt functions >================= // Get the filename part of full file name EXP_OPTION const char* getSimpleFileName(const char* szFileName); // Get the absolute filename with path EXP_OPTION int getFullFileName(const char* szFileName, char* szDest, int len); // Get the path part of full file name EXP_OPTION int getFileNamePath(const char* szFileName, char* szPath); // creates a new <SignedDoc> structure EXP_OPTION int SignedDoc_new(SignedDoc **newSignedDoc, const char* format, const char* version); // cleanup signed doc data EXP_OPTION void SignedDoc_free(SignedDoc* pSigDoc); // returns the number of data files EXP_OPTION int getCountOfDataFiles(const SignedDoc* pSigDoc); // returns the n-th DataFile object EXP_OPTION DataFile* getDataFile(const SignedDoc* pSigDoc, int nIdx); // returns the last DataFile object EXP_OPTION DataFile* ddocGetLastDataFile(const SignedDoc* pSigDoc); // Retrieve and convert DataFile Filename atribute and convert int ddocGetDataFileFilename(SignedDoc* pSigDoc, const char* szDocId, void** ppBuf, int* pLen); // returns the DataFile object with the given id EXP_OPTION DataFile* getDataFileWithId(const SignedDoc* pSigDoc, const char* id); // add a <DataFile> block to <SignedDoc> // use NULL for any parameter you don't have the value // use NULL for id if you want to auto-calculate it (recommended!!!) EXP_OPTION int DataFile_new(DataFile **newDataFile, SignedDoc* pSigDoc, const char* id, const char* filename, const char* contentType, const char* mime, long size, const byte* digest, int digLen, const char* digType, const char* szCharset); // cleanup DataFile memory EXP_OPTION void DataFile_free(DataFile* pDataFile); // Removes this DataFile from signed doc and frees it's memory EXP_OPTION int DataFile_delete(SignedDoc* pSigDoc, const char* id); // Returns number of DataFile attributes EXP_OPTION int getCountOfDataFileAttributes(const DataFile* pDataFile); // Adds an attribute to data file EXP_OPTION int addDataFileAttribute(DataFile* pDataFile, const char* name, const char* value); // Gets an attribute of a data file EXP_OPTION int getDataFileAttribute(DataFile* pDataFile, int idx, char** name, char** value); // get datafile cahed data int ddocGetDataFileCachedData(SignedDoc* pSigDoc, const char* szDocId, void** ppBuf, long* pLen); // apppends DataFile content to cache void ddocAppendDataFileData(DataFile* pDf, int maxLen, void* data, int len); // calculates file size and digest and store in the // given DataFile object EXP_OPTION int calculateDataFileSizeAndDigest(SignedDoc* pSigDoc, const char* id, const char* filename, int digType); // returns the number of signatures EXP_OPTION int getCountOfSignatures(const SignedDoc* pSigDoc); // Returns the desired SignatureInfo object EXP_OPTION SignatureInfo* getSignature(const SignedDoc* pSigDoc, int nIdx); // Returns the last SignatureInfo object EXP_OPTION SignatureInfo* ddocGetLastSignature(const SignedDoc* pSigDoc); // Returns the SignatureInfo object with the given id EXP_OPTION SignatureInfo* getSignatureWithId(const SignedDoc* pSigDoc, const char* id); // Adds a new SignedInfo element to a SignedDoc element and initializes it EXP_OPTION int SignatureInfo_new(SignatureInfo **newSignatureInfo, SignedDoc* pSigDoc, const char* id); // Sets the signature production place info (use NULL for unknown attributes) EXP_OPTION int setSignatureProductionPlace(SignatureInfo* pSigInfo, const char* city, const char* state, const char* zip, const char* country); // Adds a signer role EXP_OPTION int addSignerRole(SignatureInfo* pSigInfo, int nCertified, const char* role, int rLen, int encode); // Returns the number of signer roles EXP_OPTION int getCountOfSignerRoles(SignatureInfo* pSigInfo, int nCertified); // Returns the desired signer role EXP_OPTION const char* getSignerRole(SignatureInfo* pSigInfo, int nCertified, int nIdx); // Removes this SignatureInfo from signed doc and frees it's memory EXP_OPTION int SignatureInfo_delete(SignedDoc* pSigDoc, const char* id); // cleanup SignatureInfo memory EXP_OPTION void SignatureInfo_free(SignatureInfo* pSigInfo); // Adds a new DocInfo element to a SignatureInfo element and initializes it EXP_OPTION int addDocInfo(DocInfo **newDocInfo, SignatureInfo* pSigInfo, const char* docId, const char* digType, const byte* digest, int digLen, const byte* mimeDig, int mimeDigLen); // cleanup DocInfo memory EXP_OPTION void DocInfo_free(DocInfo* pDocInfo); // Returns number of DocInfos EXP_OPTION int getCountOfDocInfos(const SignatureInfo* pSigInfo); // Returns the desired DocInfo EXP_OPTION DocInfo* getDocInfo(const SignatureInfo* pSigInfo, int idx); // Returns the last DocInfo EXP_OPTION DocInfo* ddocGetLastDocInfo(const SignatureInfo* pSigInfo); // Returns the DocInfo object with the given id EXP_OPTION DocInfo* getDocInfoWithId(const SignatureInfo* pSigInfo, const char* id); // Sets the DocInfo objects document digest and digest type EXP_OPTION void setDocInfoDigest(DocInfo* pDocInfo, const byte* digest, int digLen, const char* digType); // Sets the DocInfo objects mime digest and mime type EXP_OPTION void setDocInfoMimeDigest(DocInfo* pDocInfo, const byte* mimeDig, int mimeDigLen); // Adds all DocInfo elements in this file to a SignatureInfo element EXP_OPTION int addAllDocInfos(SignedDoc* pSigDoc, SignatureInfo* pSigInfo); // Calculates and stores a signature for this SignatureInfo object EXP_OPTION int calculateSigInfoSignature(const SignedDoc* pSigDoc, SignatureInfo* pSigInfo, int nSigType, const char* keyfile, const char* passwd, const char* certfile); // returns the number of signatures EXP_OPTION int getCountOfNotaryInfos(const SignedDoc* pSigDoc); // Returns the desired NotaryInfo object EXP_OPTION NotaryInfo* getNotaryInfo(const SignedDoc* pSigDoc, int nIdx); // Returns the last NotaryInfo object EXP_OPTION NotaryInfo* ddocGetLastNotaryInfo(const SignedDoc* pSigDoc); // Returns the NotaryInfo object with the given id EXP_OPTION NotaryInfo* getNotaryWithId(const SignedDoc* pSigDoc, const char* id); // Returns the NotaryInfo object that corresponds to the given signature EXP_OPTION NotaryInfo* getNotaryWithSigId(const SignedDoc* pSigDoc, const char* sigId); // Returns the NotaryInfo object that corresponds to the given signature // ore creates a new one EXP_OPTION NotaryInfo* getOrCreateNotaryWithSigId(SignedDoc* pSigDoc, const char* sigId); // Adds a new NotaryInfo element to a SignedDoc element and initializes it partly EXP_OPTION int NotaryInfo_new(NotaryInfo** newNotaryInfo, SignedDoc* pSigDoc, const SignatureInfo* pSigInfo); // the same as above, but reads response and cert from file EXP_OPTION int NotaryInfo_new_file(NotaryInfo** newNotaryInfo, SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, const char* ocspRespFile, const char* notaryCertFile); // cleanup NotaryInfo memory EXP_OPTION void NotaryInfo_free(NotaryInfo* pNotary); // Removes this NotaryInfo from signed doc and frees it's memory EXP_OPTION int NotaryInfo_delete(SignedDoc* pSigDoc, const char* id); // creates xml form of <SignedProperties> EXP_OPTION char* createXMLSignedProperties(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, int nWithEscapes); // Calculates <SignedProperties> digest EXP_OPTION int calculateSignedPropertiesDigest(SignedDoc* pSigDoc, SignatureInfo* pSigInfo); // Calculates <SignedInfo> digest EXP_OPTION int calculateSignedInfoDigest(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, byte* digBuf, int* digLen); // Sets the signatures certificate and calculates EXP_OPTION int setSignatureCertFile(SignatureInfo* pSigInfo, const char* certFile); // Sets the signatures certificate and calculates it's digest EXP_OPTION int setSignatureCert(SignatureInfo* pSigInfo, X509* cert); // Sets the signature value EXP_OPTION int setSignatureValue(SignatureInfo* pSigInfo, byte* szSignature, int sigLen); // Sets the signature value from a file that contains // the base64 encoded signature value EXP_OPTION int setSignatureValueFromFile(SignatureInfo* pSigInfo, char* szSigFile); //==========< encoding functions >================= // writes the signed doc to a file EXP_OPTION int createSignedDoc(SignedDoc* pSigDoc, const char* szOldFile, const char* szSigDocFile); //================< verification functions> ================================= //-------------------------------------------------- // Frees file paths array // pPaths - FilePaths array // nPaths - number of paths //-------------------------------------------------- EXP_OPTION void FilePaths_free(FilePath* pPaths, int nPaths); //-------------------------------------------------- // Finds all detatched files and returns their // names. The user can now set the path portion. // Allocaes new memory that caller must free // with FilePaths_free() // pSigDoc - signed document // pPaths - pointer to FilePaths array // nPaths - pointer to number of paths //-------------------------------------------------- EXP_OPTION int findDetatchedDataFiles(SignedDoc* pSigDoc, FilePath** pPaths, int* nPaths); // Compares two byte arrays and returns 0 for OK EXP_OPTION int compareByteArrays(const byte* dig1, int len1, const byte* dig2, int len2); // verifies one doc's check digests in this signature EXP_OPTION int verifySigDocDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, const DocInfo* pDocInfo, const char* szFileName, const char* szDataFile); // verifies the mime digest of this doc in this signature EXP_OPTION int verifySigDocMimeDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, const DocInfo* pDocInfo, const char* szFileName); // Verifies the SignedProperties digest EXP_OPTION int verifySigDocSigPropDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, const char* szDataFile); // verifies this one signature EXP_OPTION int verifySignatureInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, const char* signerCA, const char* szDataFile, int bUseCA, FilePath* pPaths, int nPaths); // verifies the whole document (returns on first err) EXP_OPTION int verifySigDoc(const SignedDoc* pSigDoc, const char* signerCA, const char** caFiles, const char* caPath, const char* notCert, const char* szDataFile, int bUseCA, FilePath* pPaths, int nPaths); // Verifies the certificates signed attributes EXP_OPTION int verifySigCert(const SignatureInfo* pSigInfo); // Verfies NotaryInfo signature EXP_OPTION int verifyNotaryInfo(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo, const char ** caFiles, const char *CApath, const char* notCertFile); // Verifies the certificates signed attributes EXP_OPTION int verifyNotCert(const NotaryInfo* pNotInfo); // Verfies NotaryInfo digest EXP_OPTION int verifyNotaryDigest(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo); EXP_OPTION int writeOCSPRequest(SignedDoc* pSigDoc, const char* signerCertFile, const char* issuertCertFile, byte* nonce, int nlen, const char* szOutputFile); // Creates and sends an OCSP_REQUEST object // to the notary server, receives the response // and uses it to create a confirmation object. EXP_OPTION int getConfirmation(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, const X509** caCerts, const X509* pNotCert, char* pkcs12FileName, char* pkcs12Password, char* notaryURL, char* proxyHost, char* proxyPort); // another way to get OCSP confirmation by sending also callers ip address EXP_OPTION int getConfirmationWithIp(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, const X509** caCerts, const X509* pNotCert, char* pkcs12FileName, char* pkcs12Password, char* notaryURL, char* proxyHost, char* proxyPort, unsigned long ip); // use this if you passed NULL-s to getConfirmation() param notaryCert EXP_OPTION int finalizeAndVerifyNotary(SignedDoc* pSigDoc, NotaryInfo* pNotInf, const X509** caCerts, const X509* pNotCert); int readTagContents(char** data, const char* fileName, const char* tagName, int nAttrs, const char** attNames, const char** attValues, int withTags); //EXP_OPTION int signOCSPRequest(OCSP_REQUEST *req,const char* key) //void testXML1(const SignatureInfo* pSigInfo, const char* fileName); // verifies signed doc EXP_OPTION int verifySigDocCERT(const SignedDoc* pSigDoc, const void* signerCA, const X509** caCerts, const char* caPath, const X509* notCert, const char* szDataFile, int bUseCA, FilePath* pPaths, int nPaths); // Verifies this signature EXP_OPTION int verifySignatureInfoCERT(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, const void* signerCACert, const char* szDataFile, int bUseCA, FilePath* pPaths, int nPaths); // Checks if the cert has been signed by this CA-cert EXP_OPTION int isCertSignedByCERT(const X509* cert, const X509* caCert); // Verfies NotaryInfo signature EXP_OPTION int verifyNotaryInfoCERT(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo, const X509** caCerts, const char *CApath, const X509* notCert); // Calculates the digest of NotaryInfo EXP_OPTION int calculateNotaryInfoDigest(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo, byte* digBuf, int* digLen); //================< certficate info functions> ================================= int ReadOCSPResponse(OCSP_RESPONSE **newOCSP_RESPONSE, const char* szFileName); int initializeNotaryInfoWithOCSP(SignedDoc *pSigDoc, NotaryInfo *pNotary, OCSP_RESPONSE *resp, X509 *notCert, int initDigest); // Decodes a signature value void decodeSignatureValue(const char* b64val, int b64len, char* value, int* vlen); // Returns the user signatures certificate data EXP_OPTION X509* getSignCertData(const SignatureInfo* pSignInfo); // Returns the notary signatures certificate data EXP_OPTION X509* getNotCertData(const NotaryInfo* pNotInfo); // get OCSP in PEM form EXP_OPTION int getOcspPEM(OCSP_RESPONSE* pResp, int bHeaders, char** buf); //================< deprecated functions> ================================= // these functions are deprecated. Use the replacements in DigiDocCert.h // these functions will be removed in future releases! #ifdef WITH_DEPRECATED_FUNCTIONS // get signers id-code // USE: ddocCertGetSubjectPerCode(getSignCertData(pSignInfo), pMemBuf); EXP_OPTION int getSignerCode(const SignatureInfo* pSigInfo, char* buf); // get signers first name // USE: ddocCertGetSubjectFirstName(getSignCertData(pSignInfo), pMemBuf); EXP_OPTION int getSignerFirstName(const SignatureInfo* pSigInfo, char* buf); // get signers last name // USE: ddocCertGetSubjectLastName(getSignCertData(pSignInfo), pMemBuf); EXP_OPTION int getSignerLastName(const SignatureInfo* pSigInfo, char* buf); // get the whole signers CN in desired charset // USE: ddocCertGetSubjectCN(getSignCertData(pSignInfo), pMemBuf); EXP_OPTION int getSignerCN(const SignatureInfo* pSigInfo, char* buf, int bUTF8); #endif // WITH_DEPRECATED_FUNCTIONS //================================================================================== void CorrectCharacters(char *psText); #ifdef __cplusplus } #endif #endif // __DIGI_DOC_LIB_H__