Skip to content

Commit 016163e

Browse files
committed
Do not throw when failed to parse OCSP
IB-9019 Signed-off-by: Raul Metsma <raul@metsma.ee>
1 parent b669a48 commit 016163e

1 file changed

Lines changed: 14 additions & 8 deletions

File tree

src/SignatureXAdES_LT.cpp

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232

3333
#include <algorithm>
3434
#include <ctime>
35+
#include <optional>
3536

3637
using namespace digidoc;
3738
using namespace std;
@@ -130,18 +131,19 @@ void SignatureXAdES_LT::validate(const string &policy) const
130131
vector<Exception> ocspExceptions;
131132
for(auto resp = ocspValues/"EncapsulatedOCSPValue"; resp; resp++)
132133
{
133-
OCSP ocsp(resp);
134+
optional<OCSP> ocsp;
134135
try {
135-
ocsp.verifyResponse(signingCertificate());
136-
foundSignerOCSP = true;
136+
ocsp.emplace(resp);
137+
ocsp->verifyResponse(signingCertificate());
137138
} catch(const Exception &e) {
138139
ocspExceptions.push_back(e);
139140
continue;
140141
}
142+
foundSignerOCSP = true;
141143

142144
if(profile().find(ASiC_E::ASIC_TM_PROFILE) != string::npos)
143145
{
144-
vector<string> policies = ocsp.responderCert().certificatePolicies();
146+
vector<string> policies = ocsp->responderCert().certificatePolicies();
145147
const set<string> trusted = CONF(OCSPTMProfiles);
146148
if(!any_of(policies.cbegin(), policies.cend(), [&](const string &policy) { return trusted.find(policy) != trusted.cend(); }))
147149
{
@@ -150,11 +152,11 @@ void SignatureXAdES_LT::validate(const string &policy) const
150152
}
151153
DEBUG("OCSP Responder contains valid TM OID");
152154

153-
string method = Digest::digestInfoUri(ocsp.nonce());
155+
string method = Digest::digestInfoUri(ocsp->nonce());
154156
if(method.empty())
155157
THROW("Nonce digest method is missing");
156158
vector<unsigned char> digest = Digest(method).result(signatureValue());
157-
vector<unsigned char> respDigest = Digest::digestInfoDigest(ocsp.nonce());
159+
vector<unsigned char> respDigest = Digest::digestInfoDigest(ocsp->nonce());
158160
if(digest != respDigest)
159161
{
160162
DEBUGMEM("Calculated signature HASH", digest.data(), digest.size());
@@ -164,7 +166,7 @@ void SignatureXAdES_LT::validate(const string &policy) const
164166
}
165167
else
166168
{
167-
tm producedAt = ocsp.producedAt();
169+
tm producedAt = ocsp->producedAt();
168170
string producedAt_s = util::date::to_string(producedAt);
169171
time_t producedAt_t = util::date::mkgmtime(producedAt);
170172
tm timeStampTime = TimeStamp().time();
@@ -276,5 +278,9 @@ OCSP SignatureXAdES_LT::getOCSPResponseValue() const
276278
}
277279
}
278280
// Return first OCSP response when chains are not complete and validation fails
279-
return {ocspValues/"EncapsulatedOCSPValue"};
281+
try {
282+
return OCSP(ocspValues/"EncapsulatedOCSPValue");
283+
} catch(const Exception &) {
284+
return {};
285+
}
280286
}

0 commit comments

Comments
 (0)