Poco::OSP::BundleSign

class BundleVerifier

Library: OSP/BundleSign
Package: BundleSign
Header: Poco/OSP/BundleSign/BundleVerifier.h

Description

The BundleVerifier class is used to verify the signature of a signed bundle.

Member Summary

Member Functions: digestFromHex, extractCertificate, firstSigner, listSigners, nibble, verify

Types Aliases

CertificatePtr

using CertificatePtr = Poco::SharedPtr < Poco::Crypto::X509Certificate >;

Enumerations

VerificationResult

BUNDLE_VERIFICATION_OK

Bundle verification was successful.

BUNDLE_VERIFICATION_NO_SIGNATURE

No signature was found for the given signer.

BUNDLE_VERIFICATION_INVALID_SIGNATURE

The signature files found in the bundle are not valid.

BUNDLE_VERIFICATION_FAILED

Bundle verification failed.

Constructors

BundleVerifier

explicit BundleVerifier(
    const std::string & bundlePath
);

Creates a BundleVerifier for verifying the bundle given by bundlePath. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.

Destructor

~BundleVerifier

~BundleVerifier();

Destroys the BundleVerifier.

Member Functions

extractCertificate

CertificatePtr extractCertificate(
    const std::string & alias
) const;

Extracts the X509 certificate for the signer given by alias from the bundle's signature file.

If the bundle does not contain a certificate for the given alias, returns 0.

firstSigner

std::string firstSigner() const;

Returns the alias name of the signer of the bundle.

If the bundle has more than one signature, the alias name of the first signer found is returned.

If the bundle does not contain any signatures, returns an empty string.

listSigners

void listSigners(
    std::vector < std::string > & aliases
) const;

Fills the given vectors with the alias names of all signers of the bundle.

The list is built by searching for <alias>.sf files in the bundle's META-INF directory.

verify

VerificationResult verify(
    const std::string & alias,
    const Poco::Crypto::X509Certificate & certificate,
    std::vector < std::string > & messages
);

Verifies the bundle, using the signature from the signer given by alias, as well as the signer's public key extracted from the given certificate.

First, checks whether a signature from the given signer exists in the bundle. Second, verifies the integrity of the signature file, using the public key from the certificate. Third, computes the SHA1/SHA2 digests for all files in the bundle, and checks that the signatures match the signatures in the bundle's signature file.

Return values:

Note that verify() can also throw a Poco::Exception if a low-level error occurs.

digestFromHex protected static

static void digestFromHex(
    const std::string & hex,
    Poco::DigestEngine::Digest & digest
);

nibble protected static

static int nibble(
    char ch
);