aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-20 22:04:03 +0000
committerlloyd <[email protected]>2010-09-20 22:04:03 +0000
commitd1f04caf5ddc4e32c44ec0f1d46911d3a3856dd5 (patch)
tree13fe7ac40e5b4620c0364d7226dc1331c69e537f
parent1e085faeb6d2288941de6adf7ccbacf4452875f6 (diff)
Add a (clunky) function X509_Object::hash_used_for_signature that
returns the hash function that was used to create the signature. Useful for a future X509 path validator that inform the user which hash(es) they are relying on and/or allowing the ability to reject hashes which are undesirable (MD2, MD5, etc)
-rw-r--r--src/cert/x509cert/x509_obj.cpp21
-rw-r--r--src/cert/x509cert/x509_obj.h5
2 files changed, 26 insertions, 0 deletions
diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp
index 41bbbef6b..13193f09c 100644
--- a/src/cert/x509cert/x509_obj.cpp
+++ b/src/cert/x509cert/x509_obj.cpp
@@ -143,6 +143,27 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const
}
/*
+* Return the hash used in generating the signature
+*/
+std::string X509_Object::hash_used_for_signature() const
+ {
+ std::vector<std::string> sig_info =
+ split_on(OIDS::lookup(sig_algo.oid), '/');
+
+ if(sig_info.size() != 2)
+ throw Internal_Error("Invalid name format found for " +
+ sig_algo.oid.as_string());
+
+ std::vector<std::string> pad_and_hash =
+ parse_algorithm_name(sig_info[1]);
+
+ if(pad_and_hash.size() != 2)
+ throw Internal_Error("Invalid name format " + sig_info[1]);
+
+ return pad_and_hash[1];
+ }
+
+/*
* Check the signature on an object
*/
bool X509_Object::check_signature(Public_Key* pub_key) const
diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h
index 86c1d6ce7..6579565f9 100644
--- a/src/cert/x509cert/x509_obj.h
+++ b/src/cert/x509cert/x509_obj.h
@@ -40,6 +40,11 @@ class BOTAN_DLL X509_Object
AlgorithmIdentifier signature_algorithm() const;
/**
+ * @return hash algorithm that was used to generate signature
+ */
+ std::string hash_used_for_signature() const;
+
+ /**
* Create a signed X509 object.
* @param signer the signer used to sign the object
* @param rng the random number generator to use