我用C++写了一个安卓APK的认证。
主要就是解析里面的CERT.RSA
解析:
PKCS7 *p7 = NULL;
BIO *in = BIO_new(BIO_s_file());
STACK_OF(X509) *certs = NULL;
int i;
BIO_read_filename(in, rsa_path);
p7 = d2i_PKCS7_bio(in, NULL);
if(p7) {
i = OBJ_obj2nid(p7->type);
} else {
BIO_free(in);
break;
}
if(i == NID_pkcs7_signed) {
certs = p7->d.sign->cert;
} else if(i == NID_pkcs7_signedAndEnveloped) {
certs = p7->d.signed_and_enveloped->cert;
}
BIO_free(in);
if(sk_X509_num(certs) != 1) {
PKCS7_free(p7);
break;
}
认证:
BIO *p7bio = NULL;
int res = 0;
char buf[1024*4] = {0};
STACK_OF(PKCS7_SIGNER_INFO) *sk;
PKCS7_SIGNER_INFO *si;
X509 * x509;
int i;
PKCS7 *pkcs7 = (PKCS7 *)m_pkcs7;
p7bio = PKCS7_dataDecode(pkcs7, 0, 0, 0);
//这里得到的p7bio是空的!!!!为什么
//这段代码是我从网上面找到的
for (;;)
{
i=BIO_read(p7bio,buf,sizeof(buf));
if (i <= 0)
break;
}
// We can now verify signatures
sk = PKCS7_get_signer_info(pkcs7);
if (sk == NULL)
{
goto end;
}
else
{
if (sk_PKCS7_SIGNER_INFO_num(sk) == 0)
{
goto end;
}
/* Ok, first we need to, for each subject entry,
* see if we can verify */
for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
{
si = sk_PKCS7_SIGNER_INFO_value(sk, i);
x509 = X509_find_by_issuer_and_serial(pkcs7->d.sign->cert,si->issuer_and_serial->issuer,si->issuer_and_serial->serial);
int ret;
ret = PKCS7_signatureVerify(p7bio, pkcs7, si, x509);
if (ret <= 0)
goto end;
}
}
res = 1;
end:
if (p7bio)
BIO_free_all(p7bio);
return res;