aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-10-07 18:59:19 +0000
committerlloyd <[email protected]>2010-10-07 18:59:19 +0000
commitd1740672b8f9e0b5be1cd3d9f5da9ffd76c7c300 (patch)
treea02523711e9e6021ab762a1a36b0b9ac4be0375b /src/cert
parentf8165e1fcdefebd9bd60449e93c4a7fc70179ad5 (diff)
Fix CRL reason codes and updating of CRLs. Add tests for both cases.
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/x509ca/x509_ca.cpp34
-rw-r--r--src/cert/x509cert/x509_ext.cpp2
-rw-r--r--src/cert/x509crl/crl_ent.cpp8
-rw-r--r--src/cert/x509crl/crl_ent.h5
4 files changed, 7 insertions, 42 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index be7849ec4..4379488e9 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Certificate Authority
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -151,36 +151,12 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
RandomNumberGenerator& rng,
u32bit next_update) const
{
- std::vector<CRL_Entry> already_revoked = crl.get_revoked();
- std::vector<CRL_Entry> all_revoked;
+ std::vector<CRL_Entry> revoked = crl.get_revoked();
- if(!crl.check_signature(cert.subject_public_key()))
- throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided");
+ std::copy(new_revoked.begin(), new_revoked.end(),
+ std::back_inserter(revoked));
- std::set<SecureVector<byte> > removed_from_crl;
- for(u32bit j = 0; j != new_revoked.size(); ++j)
- {
- if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY)
- removed_from_crl.insert(new_revoked[j].serial_number());
- else
- all_revoked.push_back(new_revoked[j]);
- }
-
- for(u32bit j = 0; j != already_revoked.size(); ++j)
- {
- std::set<SecureVector<byte> >::const_iterator i;
- i = removed_from_crl.find(already_revoked[j].serial_number());
-
- if(i == removed_from_crl.end())
- all_revoked.push_back(already_revoked[j]);
- }
- std::sort(all_revoked.begin(), all_revoked.end());
-
- std::vector<CRL_Entry> cert_list;
- std::unique_copy(all_revoked.begin(), all_revoked.end(),
- std::back_inserter(cert_list));
-
- return make_crl(cert_list, crl.crl_number() + 1, next_update, rng);
+ return make_crl(revoked, crl.crl_number() + 1, next_update, rng);
}
/*
diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp
index 8c3f66de8..616644e5c 100644
--- a/src/cert/x509cert/x509_ext.cpp
+++ b/src/cert/x509cert/x509_ext.cpp
@@ -34,6 +34,7 @@ Certificate_Extension* Extensions::get_extension(const OID& oid)
X509_EXTENSION("X509v3.SubjectAlternativeName", Subject_Alternative_Name);
X509_EXTENSION("X509v3.CRLNumber", CRL_Number);
X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies);
+ X509_EXTENSION("X509v3.ReasonCode", CRL_ReasonCode);
return 0;
}
@@ -109,6 +110,7 @@ void Extensions::decode_from(BER_Decoder& from_source)
extensions.clear();
BER_Decoder sequence = from_source.start_cons(SEQUENCE);
+
while(sequence.more_items())
{
OID oid;
diff --git a/src/cert/x509crl/crl_ent.cpp b/src/cert/x509crl/crl_ent.cpp
index bdc35b038..d566637f6 100644
--- a/src/cert/x509crl/crl_ent.cpp
+++ b/src/cert/x509crl/crl_ent.cpp
@@ -58,14 +58,6 @@ bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2)
}
/*
-* Compare two CRL_Entrys
-*/
-bool operator<(const CRL_Entry& a1, const CRL_Entry& a2)
- {
- return (a1.expire_time().cmp(a2.expire_time()) < 0);
- }
-
-/*
* DER encode a CRL_Entry
*/
void CRL_Entry::encode_into(DER_Encoder& der) const
diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h
index ec90750db..b3e696a86 100644
--- a/src/cert/x509crl/crl_ent.h
+++ b/src/cert/x509crl/crl_ent.h
@@ -69,11 +69,6 @@ BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&);
*/
BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&);
-/**
-* Order two entries based on the revocation date.
-*/
-BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&);
-
}
#endif