aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509ca
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-10-07 18:59:19 +0000
committerlloyd <[email protected]>2010-10-07 18:59:19 +0000
commitd1740672b8f9e0b5be1cd3d9f5da9ffd76c7c300 (patch)
treea02523711e9e6021ab762a1a36b0b9ac4be0375b /src/cert/x509ca
parentf8165e1fcdefebd9bd60449e93c4a7fc70179ad5 (diff)
Fix CRL reason codes and updating of CRLs. Add tests for both cases.
Diffstat (limited to 'src/cert/x509ca')
-rw-r--r--src/cert/x509ca/x509_ca.cpp34
1 files changed, 5 insertions, 29 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index be7849ec4..4379488e9 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Certificate Authority
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -151,36 +151,12 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
RandomNumberGenerator& rng,
u32bit next_update) const
{
- std::vector<CRL_Entry> already_revoked = crl.get_revoked();
- std::vector<CRL_Entry> all_revoked;
+ std::vector<CRL_Entry> revoked = crl.get_revoked();
- if(!crl.check_signature(cert.subject_public_key()))
- throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided");
+ std::copy(new_revoked.begin(), new_revoked.end(),
+ std::back_inserter(revoked));
- std::set<SecureVector<byte> > removed_from_crl;
- for(u32bit j = 0; j != new_revoked.size(); ++j)
- {
- if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY)
- removed_from_crl.insert(new_revoked[j].serial_number());
- else
- all_revoked.push_back(new_revoked[j]);
- }
-
- for(u32bit j = 0; j != already_revoked.size(); ++j)
- {
- std::set<SecureVector<byte> >::const_iterator i;
- i = removed_from_crl.find(already_revoked[j].serial_number());
-
- if(i == removed_from_crl.end())
- all_revoked.push_back(already_revoked[j]);
- }
- std::sort(all_revoked.begin(), all_revoked.end());
-
- std::vector<CRL_Entry> cert_list;
- std::unique_copy(all_revoked.begin(), all_revoked.end(),
- std::back_inserter(cert_list));
-
- return make_crl(cert_list, crl.crl_number() + 1, next_update, rng);
+ return make_crl(revoked, crl.crl_number() + 1, next_update, rng);
}
/*