diff options
author | lloyd <[email protected]> | 2010-10-07 18:59:19 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-10-07 18:59:19 +0000 |
commit | d1740672b8f9e0b5be1cd3d9f5da9ffd76c7c300 (patch) | |
tree | a02523711e9e6021ab762a1a36b0b9ac4be0375b /src/cert/x509ca | |
parent | f8165e1fcdefebd9bd60449e93c4a7fc70179ad5 (diff) |
Fix CRL reason codes and updating of CRLs. Add tests for both cases.
Diffstat (limited to 'src/cert/x509ca')
-rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 34 |
1 files changed, 5 insertions, 29 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index be7849ec4..4379488e9 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -1,6 +1,6 @@ /* * X.509 Certificate Authority -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -151,36 +151,12 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl, RandomNumberGenerator& rng, u32bit next_update) const { - std::vector<CRL_Entry> already_revoked = crl.get_revoked(); - std::vector<CRL_Entry> all_revoked; + std::vector<CRL_Entry> revoked = crl.get_revoked(); - if(!crl.check_signature(cert.subject_public_key())) - throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided"); + std::copy(new_revoked.begin(), new_revoked.end(), + std::back_inserter(revoked)); - std::set<SecureVector<byte> > removed_from_crl; - for(u32bit j = 0; j != new_revoked.size(); ++j) - { - if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY) - removed_from_crl.insert(new_revoked[j].serial_number()); - else - all_revoked.push_back(new_revoked[j]); - } - - for(u32bit j = 0; j != already_revoked.size(); ++j) - { - std::set<SecureVector<byte> >::const_iterator i; - i = removed_from_crl.find(already_revoked[j].serial_number()); - - if(i == removed_from_crl.end()) - all_revoked.push_back(already_revoked[j]); - } - std::sort(all_revoked.begin(), all_revoked.end()); - - std::vector<CRL_Entry> cert_list; - std::unique_copy(all_revoked.begin(), all_revoked.end(), - std::back_inserter(cert_list)); - - return make_crl(cert_list, crl.crl_number() + 1, next_update, rng); + return make_crl(revoked, crl.crl_number() + 1, next_update, rng); } /* |