rucades 0.3.0 → 0.4.0

data/ext/rucades/rucades_version.cpp

@@ -13,9 +13,9 @@ using namespace CryptoPro::PKI::CAdES;
 
 namespace rucades {
 pre_rb_Version::pre_rb_Version(void):
-      m_pCppCadesImpl(boost::shared_ptr<CPPVersionObject>(new CPPVersionObject())) { }
+      m_pCppCadesImpl(NS_SHARED_PTR::shared_ptr<CPPVersionObject>(new CPPVersionObject())) { }
 
-pre_rb_Version::pre_rb_Version(boost::shared_ptr<CPPVersionObject> other):
+pre_rb_Version::pre_rb_Version(NS_SHARED_PTR::shared_ptr<CPPVersionObject> other):
       m_pCppCadesImpl(other) { }
 
 unsigned int pre_rb_Version::major_version(void)

data/ext/rucades/rucades_version.h

@@ -10,10 +10,10 @@
 namespace rucades {
 class pre_rb_Version {
   protected:
-    boost::shared_ptr<CryptoPro::PKI::CAdES::CPPVersionObject> m_pCppCadesImpl;
+    NS_SHARED_PTR::shared_ptr<CryptoPro::PKI::CAdES::CPPVersionObject> m_pCppCadesImpl;
   public:
     pre_rb_Version(void);
-    pre_rb_Version(boost::shared_ptr<CryptoPro::PKI::CAdES::CPPVersionObject> other);
+    pre_rb_Version(NS_SHARED_PTR::shared_ptr<CryptoPro::PKI::CAdES::CPPVersionObject> other);
     unsigned int major_version(void);
     unsigned int minor_version(void);
     unsigned int build_version(void);

data/ext/rucades/stdafx.h

@@ -1,7 +1,3 @@
-// stdafx.h : include file for standard system include files,
-// or project specific include files that are used frequently, but
-// are changed infrequently
-//
 #pragma once
 
 #define CRYPT_SIGN_MESSAGE_PARA_HAS_CMS_FIELDS
@@ -9,115 +5,32 @@
 #define CMSG_SIGNED_ENCODE_INFO_HAS_CMS_FIELDS
 #define CERT_PARA_HAS_EXTRA_FIELDS
 
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-// Windows Header Files:
-#ifdef _WIN32
-#define RETURN_ATL_STRING RETURN_ATL_STRING_W
-#define RETURN_ATL_STRINGL RETURN_ATL_STRINGL_W
-#endif
+#define IS_CADES_VERSION_GREATER_EQUAL(major, minor, build) \
+    (CPRO_CADES_VERSION_MAJOR > (major) || \
+    (CPRO_CADES_VERSION_MAJOR == (major) && CPRO_CADES_VERSION_MINOR > (minor)) || \
+    (CPRO_CADES_VERSION_MAJOR == (major) && CPRO_CADES_VERSION_MINOR == (minor) && CPRO_CADES_VERSION_BUILD >= (build)))
 
+#define IGNORE_LEGACY_FORMAT_MESSAGE_MSG
 
-#include "boost/shared_ptr.hpp"
 #include <iostream>
-#include <memory> //Этот хедер тут нужен что бы компилить с новыми версиями libstdc++
-                  //в них есть конфликт с __in и __out макросами которые определены в MS хедерах.
-
-#ifdef UNIX
 #include "CSP_WinDef.h"
 #include "CSP_WinError.h"
-#include <string>
-#include <stdarg.h>
-#include <atldef2.h>
-#define CADES_CLASS
-#define RETURN_ATL_STRING RETURN_ATL_STRING_A
-#define RETURN_ATL_STRINGL RETURN_ATL_STRINGL_A
-#endif //UNIX
 #include <WinCryptEx.h>
-
-#include "atltrace2.h"
-#include <atldef2.h>
-#include <atlenc.h>
 #include <atlcrypt2.h>
+#include "ocspcli_e.h"
+#include "tspcli_e.h"
+#include "cppcades.h"
 
-#define _ATL_APARTMENT_THREADED
-// some CString constructors will be explicit
-#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS
-// turns off ATL's hiding of some common and often safely ignored warning messages
-#define _ATL_ALL_WARNINGS
-
-#include <atlbase.h>
-#ifdef _WIN32
-#include <atlcom.h>
-#endif //_WIN32
-#pragma warning(push)
-#pragma warning(disable : 4127)
-#include <atlstr.h>
-#pragma warning(pop)
-#include "errormsg.h"
-
-#ifndef UNIX
-#pragma warning(push)
-#pragma warning(disable : 4005)
+#ifndef NS_SHARED_PTR
+#define NS_SHARED_PTR boost
+#include "boost/shared_ptr.hpp"
 #endif
 
-#define RETURN_ATL_STRING_W(atlstr)                   \
-    {                                                 \
-        char *str;                                    \
-        int len = 0;                                  \
-        len = atlstr.GetLength();                     \
-        str = (char *)ecalloc(len + 1, sizeof(char)); \
-        wcstombs(str, atlstr, len);                   \
-        str[len] = '\0';                              \
-        RETURN_STRING(str, 0)                         \
-    }
-
-#define RETURN_ATL_STRINGL_W(atlstr)              \
-    {                                             \
-        char *str;                                \
-        int len = 0;                              \
-        len = atlstr.GetLength();                 \
-        str = (char *)ecalloc(len, sizeof(char)); \
-        wcstombs(str, atlstr, len);               \
-        RETURN_STRINGL(str, len, 0)               \
-    }
-
-#define RETURN_ATL_STRING_A(atlstr)                   \
-    {                                                 \
-        char *str;                                    \
-        int len = 0;                                  \
-        len = atlstr.GetLength();                     \
-        str = (char *)ecalloc(len + 1, sizeof(char)); \
-        memcpy(str, atlstr, len);                     \
-        str[len] = '\0';                              \
-        RETURN_STRING(str, 0)                         \
-    }
-
-#define RETURN_ATL_STRINGL_A(atlstr)              \
-    {                                             \
-        char *str;                                \
-        int len = 0;                              \
-        len = atlstr.GetLength();                 \
-        str = (char *)ecalloc(len, sizeof(char)); \
-        memcpy(str, atlstr, len);                 \
-        RETURN_STRINGL(str, len, 0)               \
-    }
-
-#define RETURN_PROXY_STRING(prstr)                    \
-    {                                                 \
-        char *str;                                    \
-        int len = 0;                                  \
-        len = strlen(prstr.c_str());                  \
-        str = (char *)ecalloc(len + 1, sizeof(char)); \
-        strncpy(str, prstr.c_str(), len + 1);         \
-        RETURN_STRING(str, 0)                         \
-    }
-
-#ifdef UNIX //разные макросы ибо на линуксе нет  _vscwprintf() который нужен внутри AppendFormat().
+#include "CSP_WinCrypt.h"
 
 #ifdef MAKELANGID
 #undef MAKELANGID
 #endif //MAKELANGID
-
 #define MAKELANGID(a, b) 0x409 //English U.S.
 
 #define RETURN_NULL_WITH_EXCEPTION(err)                                                      \
@@ -144,28 +57,6 @@
         return -1;                                                                           \
     } while (0)
 
-#else
-#define RETURN_NULL_WITH_EXCEPTION(err)                                                      \
-    do                                                                                       \
-    {                                                                                        \
-        CAtlStringW message = GetErrorMessage(HRESULT_FROM_WIN32(err),                       \
-                                              MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US)); \
-        message.AppendFormat(L" (0x%08X)", err);                                             \
-        PyErr_SetString(PyExc_Exception, CW2A(message, CP_UTF8));                            \
-        return NULL;                                                                         \
-    } while (0)
-
-#define RETURN_MINUS_1_WITH_EXCEPTION(err)                                                   \
-    do                                                                                       \
-    {                                                                                        \
-        CAtlStringW message = GetErrorMessage(HRESULT_FROM_WIN32(err),                       \
-                                              MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US)); \
-        message.AppendFormat(L" (0x%08X)", err);                                             \
-        PyErr_SetString(PyExc_Exception, CW2A(message, CP_UTF8));                            \
-        return -1;                                                                           \
-    } while (0)
-
-#endif //UNIX
 
 #define HR_SETTER_ERRORCHECK_RETURN(expr)             \
     __pragma(warning(push))                           \
@@ -188,3 +79,198 @@
             RETURN_NULL_WITH_EXCEPTION(stdafx_hr); \
         }                                          \
     } while (0)
+
+static const ATL::CAtlStringW GetErrorMessage(HRESULT hr, DWORD dwLangId) {
+    UNUSED(dwLangId);
+    ATL::CAtlStringW ret;
+    switch (hr) {
+    case TSPCLI_ERROR_HTTP:
+    case OCSPCLI_ERROR_HTTP:
+        ret = L"HTTP error occurred while sending request.";
+        break;
+    case TSPCLI_ERROR_PolicyDeniedAuthType:
+    case OCSPCLI_ERROR_PolicyDeniedAuthType:
+        ret = L"Specified authentication type prohibited by group policy.";
+        break;
+    case TSPCLI_ERROR_PolicyDeniedProxyAuthType:
+    case OCSPCLI_ERROR_PolicyDeniedProxyAuthType:
+        ret = L"Specified proxy authentication type prohibited by group policy.";
+        break;
+    case TSPCLI_ERROR_PolicyDeniedURL:
+        ret = L"Specified time-stamp authority prohibited by group policy.";
+        break;
+    case OCSPCLI_ERROR_PolicyDeniedURL:
+        ret = L"Specified OCSP server authority prohibited by group policy.";
+        break;
+    case TSPCLI_ERROR_PolicyDeniedNonce:
+        ret = L"Nonce usage prohibited by group policy.";
+        break;
+    case TSPCLI_ERROR_PolicyDeniedHashAlg:
+        ret = L"Specified hash algorithm prohibited by group policy.";
+        break;
+    case TSPCLI_ERROR_PolicyDeniedPolicyID:
+        ret = L"Specified PolicyID prohibited by group policy.";
+        break;
+    case TSPCLI_ERROR_IncorrectNonce:
+        ret = L" The values of request's and stamp's \"Nonce\" fields are not equal.";
+        break;
+    case TSPCLI_ERROR_AddressIsEmpty:
+        ret = L"The URL of TSP service is not specified.";
+        break;
+    case TSPCLI_ERROR_ExpiredStamp:
+        ret = L"The time stamp is expired (ProducedAt value).";
+        break;
+    case TSPCLI_ERROR_DataHashIsEmpty:
+        ret = L"Request does not contain data hash.";
+        break;
+    case TSPCLI_ERROR_UnsuccessfullResponse:
+        ret = L"TSA response is unsuccessful.";
+        break;
+    case 0xC2100140: // TSPCLI_ERROR_LicenseExpired
+        ret = L"No TSP Client license has been entered or TSP Client license is expired.";
+        break;
+    case OCSPCLI_ERROR_PolicyDeniedSignedRequest:
+        ret = L"Signed OCSP requests prohibited by group policy.";
+        break;
+    case OCSPCLI_ERROR_PolicyDeniedUnsignedRequest:
+        ret = L"Unsigned OCSP requests prohibited by group policy.";
+        break;
+    case OCSPCLI_ERROR_IncorrectNonce:
+        ret = L"The values of OCSP-request's and response's \"Nonce\" extensions are not equal.";
+        break;
+    case OCSPCLI_ERROR_AddressIsEmpty:
+        ret = L"The URL of OCSP service is not specified.";
+        break;
+    case OCSPCLI_ERROR_ExpiredResponse:
+        ret = L"OCSP-response is expired by ProducedAt or by NextUpdate.";
+        break;
+    case OCSPCLI_ERROR_ExpiredThisUpdate:
+        ret = L"ThisUpdate value of single response is expired.";
+        break;
+    case OCSPCLI_ERROR_IncorrectNextUpdate:
+        ret = L" NextUpdate value of single response is less than ThisUpdate.";
+        break;
+    case OCSPCLI_ERROR_ReqRespNotMatch:
+        ret = L"OCSP-response does not contain requested certificate status.";
+        break;
+    case OCSPCLI_ERROR_CertStatusIsRevoked:
+        ret = L"Certificate is revoked.";
+        break;
+    case OCSPCLI_ERROR_CertStatusIsUnknown:
+        ret = L"Certificate status is unknown.";
+        break;
+    case OCSPCLI_ERROR_UnsuccessfullResponse:
+        ret = L"OCSP-response is unsuccessful.";
+        break;
+    case OCSPCLI_ERROR_PolicyDeniedExtension:
+        ret = L"Encountered extension (AcceptableTypes or Nonce) prohibited by group policy.";
+        break;
+    case ERROR_BAD_CONFIGURATION:
+        ret = L"The configuration data or license for this product is corrupt or not present.";
+        break;
+    case 0x8007064a: // License info isn't present
+        ret = L"The configuration data or license for this product is corrupt or not present.";
+        break;
+    case CRYPT_E_REVOKED:
+        ret = L"The certificate is revoked.";
+        break;
+    case ERROR_NO_DATA_DETECTED:
+        ret = L"The data you supplied have zero length.";
+        break;
+    case CRYPT_E_NO_REVOCATION_CHECK:
+        ret = L"The revocation function was unable to check revocation for the certificate.";
+        break;
+    case 0x8007006E:
+        ret = L"The system cannot open the device or file specified.";
+        break;
+    case NTE_BAD_ALGID:
+    case CRYPT_E_OID_FORMAT: //       oid       UNIX
+        ret = L"Invalid algorithm specified.";
+        break;
+    case REGDB_E_CLASSNOTREG:
+        ret = L"Class not registered.";
+        break;
+    case OLE_E_BLANK:
+        ret = L"Uninitialized object.";
+        break;
+    case CAPICOM_E_STORE_NOT_OPENED:
+        ret = L"The Store object does not represent an opened certificate store.";
+        break;
+    case E_INVALIDARG:
+        ret = L"The parameter is incorrect.";
+        break;
+    case 0x80070002: // returned by OpenStore(Existing) if no store
+        ret = L"The system cannot find the file specified.";
+        break;
+    case E_NOT_VALID_STATE:
+        ret = L"The group or resource is not in the correct state to perform the requested operation.";
+        break;
+    case E_NOTIMPL:
+        ret = L"Not implemented.";
+        break;
+    case ERROR_ALREADY_EXISTS:
+        ret = L"Cannot create a file when that file already exists.";
+        break;
+    case 0x800700B7: // ERROR_ALREADY_EXISTS in HRESULT variant
+        ret = L"Cannot create a file when that file already exists.";
+        break;
+    case NS_E_CURL_INVALIDSCHEME:
+        ret = L"The URL contains an invalid scheme.";
+        break;
+    case SCARD_W_WRONG_CHV:
+        ret = L"The private key cannot be accessed because the wrong PIN was presented.";
+        break;
+    case CRYPT_E_NOT_FOUND:
+        ret = L"Cannot find object or property.";
+        break;
+    case NTE_BAD_SIGNATURE:
+        ret = L"Invalid Signature.";
+        break;
+    case ERROR_DS_INSUFF_ACCESS_RIGHTS:
+        ret = L"Insufficient access rights to perform the operation.";
+        break;
+    case 0x800705B9: // ERROR_XML_PARSE_ERROR in HRESULT variant
+        ret = L"The system was unable to parse the requested XML data.";
+        break;
+    case 0x800705BA: // ERROR_XMLDSIG_ERROR in HRESULT variant
+        ret = L"An error was encountered while processing an XML digital signature.";
+        break;
+    case 0x800B010E: // CERT_E_REVOCATION_FAILURE
+        ret = L"The revocation process could not continue - the certificate(s) could not be checked.";
+        break;
+    case OCSPCLI_ERROR_ResponseWithUnallowedExtension:
+        ret = L"OCSP-response contains unallowed critical extension.";
+        break;
+    case NTE_EXISTS:
+        ret = L"Object already exists.";
+        break;
+    case CRYPT_E_HASH_VALUE:
+        ret = L"The hash value is not correct";
+        break;
+    case OCSPCLI_ERROR_ResponseWithIncorrectTimeStamp:
+        ret = L"OCSP Responder time is out of sync with Time Stamping Authority";
+        break;
+    case OCSPCLI_ERROR_UntrustedSitesDisabled:
+        ret = L"Untrusted sites disabled";
+        break;
+    case 0xC2110140: // OCSPCLI_ERROR_LicenseExpired
+        ret = L"No OCSP Client license has been entered or OCSP Client license is expired";
+        break;
+    case SCARD_E_CARD_UNSUPPORTED:
+        ret = L"Wrong name format or an attempt is made to open container of another CSP.";
+        break;
+    case NTE_PERM:
+        ret = L"Access denied";
+        break;
+    case CERT_E_UNTRUSTEDROOT:
+        ret = L"A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider";
+        break;
+    case CRYPT_E_NO_DECRYPT_CERT:
+        ret = L"Cannot find the certificate and private key to use for decryption";
+        break;
+    default:
+        ret = L"Internal error.";
+        break;
+    }
+    return ret;
+}

data/lib/rucades/version.rb

@@ -5,5 +5,5 @@
 # This file is a part of rucades
 
 module Rucades
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

data/samples/encrypt_decrypt.rb

@@ -9,17 +9,20 @@ certs = store.certificates
 
 raise "Certificates with private key not found" unless certs.any?
 
-signer = Rucades::Signer.new
-signer.certificate = certs[1]
-signer.check_certificate = true
-
-signed_data = Rucades::SignedData.new
-signed_data.content = "Test content to be signed"
-signature = signed_data.sign_cades(signer, Rucades::CADESCOM_CADES_BES)
-puts "============= Signature ============="
-puts signature
-puts "====================================="
-
-signed_data2 = Rucades::SignedData.new
-signed_data2.verify_cades(signature, Rucades::CADESCOM_CADES_BES)
-puts "******* Verified successfully ******"
+# hashed_data = Rucades::HashedData.new
+
+enveloped_data = Rucades::EnvelopedData.new
+enveloped_data.content = "Message to encrypt с русскими буквами"
+enveloped_data.recipients.add(certs[1])
+encrypted_message = enveloped_data.encrypt(Rucades::CADESCOM_ENCODE_BASE64)
+puts "============= Encrypted Message ============="
+puts encrypted_message
+puts "============================================="
+
+enveloped_data_dec = Rucades::EnvelopedData.new
+enveloped_data_dec.decrypt(encrypted_message)
+content = enveloped_data_dec.content
+
+raise "Incorrect value of EnvelopedData.decrypt result" unless content == "Message to encrypt с русскими буквами"
+
+puts "=========== Decrypted successfully =========="

data/samples/sign_verify.rb

@@ -9,20 +9,17 @@ certs = store.certificates
 
 raise "Certificates with private key not found" unless certs.any?
 
-# hashed_data = Rucades::HashedData.new
-
-enveloped_data = Rucades::EnvelopedData.new
-enveloped_data.content = "Message to encrypt с русскими буквами"
-enveloped_data.recipients.add(certs[1])
-encrypted_message = enveloped_data.encrypt(Rucades::CADESCOM_ENCODE_BASE64)
-puts "============= Encrypted Message ============="
-puts encrypted_message
-puts "============================================="
-
-enveloped_data_dec = Rucades::EnvelopedData.new
-enveloped_data_dec.decrypt(encrypted_message)
-content = enveloped_data_dec.content
-
-raise "Incorrect value of EnvelopedData.decrypt result" unless content == "Message to encrypt с русскими буквами"
-
-puts "=========== Decrypted successfully =========="
+signer = Rucades::Signer.new
+signer.certificate = certs[1]
+signer.check_certificate = true
+
+signed_data = Rucades::SignedData.new
+signed_data.content = "Test content to be signed"
+signature = signed_data.sign_cades(signer, Rucades::CADESCOM_CADES_BES)
+puts "============= Signature ============="
+puts signature
+puts "====================================="
+
+signed_data2 = Rucades::SignedData.new
+signed_data2.verify_cades(signature, Rucades::CADESCOM_CADES_BES)
+puts "******* Verified successfully ******"