diff options
author | lloyd <[email protected]> | 2010-09-20 22:04:03 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-09-20 22:04:03 +0000 |
commit | d1f04caf5ddc4e32c44ec0f1d46911d3a3856dd5 (patch) | |
tree | 13fe7ac40e5b4620c0364d7226dc1331c69e537f | |
parent | 1e085faeb6d2288941de6adf7ccbacf4452875f6 (diff) |
Add a (clunky) function X509_Object::hash_used_for_signature that
returns the hash function that was used to create the
signature. Useful for a future X509 path validator that inform the
user which hash(es) they are relying on and/or allowing the ability to
reject hashes which are undesirable (MD2, MD5, etc)
-rw-r--r-- | src/cert/x509cert/x509_obj.cpp | 21 | ||||
-rw-r--r-- | src/cert/x509cert/x509_obj.h | 5 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp index 41bbbef6b..13193f09c 100644 --- a/src/cert/x509cert/x509_obj.cpp +++ b/src/cert/x509cert/x509_obj.cpp @@ -143,6 +143,27 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const } /* +* Return the hash used in generating the signature +*/ +std::string X509_Object::hash_used_for_signature() const + { + std::vector<std::string> sig_info = + split_on(OIDS::lookup(sig_algo.oid), '/'); + + if(sig_info.size() != 2) + throw Internal_Error("Invalid name format found for " + + sig_algo.oid.as_string()); + + std::vector<std::string> pad_and_hash = + parse_algorithm_name(sig_info[1]); + + if(pad_and_hash.size() != 2) + throw Internal_Error("Invalid name format " + sig_info[1]); + + return pad_and_hash[1]; + } + +/* * Check the signature on an object */ bool X509_Object::check_signature(Public_Key* pub_key) const diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 86c1d6ce7..6579565f9 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -40,6 +40,11 @@ class BOTAN_DLL X509_Object AlgorithmIdentifier signature_algorithm() const; /** + * @return hash algorithm that was used to generate signature + */ + std::string hash_used_for_signature() const; + + /** * Create a signed X509 object. * @param signer the signer used to sign the object * @param rng the random number generator to use |