diff options
author | lloyd <[email protected]> | 2010-10-07 18:59:19 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-10-07 18:59:19 +0000 |
commit | d1740672b8f9e0b5be1cd3d9f5da9ffd76c7c300 (patch) | |
tree | a02523711e9e6021ab762a1a36b0b9ac4be0375b /src/cert | |
parent | f8165e1fcdefebd9bd60449e93c4a7fc70179ad5 (diff) |
Fix CRL reason codes and updating of CRLs. Add tests for both cases.
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 34 | ||||
-rw-r--r-- | src/cert/x509cert/x509_ext.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509crl/crl_ent.cpp | 8 | ||||
-rw-r--r-- | src/cert/x509crl/crl_ent.h | 5 |
4 files changed, 7 insertions, 42 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index be7849ec4..4379488e9 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -1,6 +1,6 @@ /* * X.509 Certificate Authority -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -151,36 +151,12 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl, RandomNumberGenerator& rng, u32bit next_update) const { - std::vector<CRL_Entry> already_revoked = crl.get_revoked(); - std::vector<CRL_Entry> all_revoked; + std::vector<CRL_Entry> revoked = crl.get_revoked(); - if(!crl.check_signature(cert.subject_public_key())) - throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided"); + std::copy(new_revoked.begin(), new_revoked.end(), + std::back_inserter(revoked)); - std::set<SecureVector<byte> > removed_from_crl; - for(u32bit j = 0; j != new_revoked.size(); ++j) - { - if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY) - removed_from_crl.insert(new_revoked[j].serial_number()); - else - all_revoked.push_back(new_revoked[j]); - } - - for(u32bit j = 0; j != already_revoked.size(); ++j) - { - std::set<SecureVector<byte> >::const_iterator i; - i = removed_from_crl.find(already_revoked[j].serial_number()); - - if(i == removed_from_crl.end()) - all_revoked.push_back(already_revoked[j]); - } - std::sort(all_revoked.begin(), all_revoked.end()); - - std::vector<CRL_Entry> cert_list; - std::unique_copy(all_revoked.begin(), all_revoked.end(), - std::back_inserter(cert_list)); - - return make_crl(cert_list, crl.crl_number() + 1, next_update, rng); + return make_crl(revoked, crl.crl_number() + 1, next_update, rng); } /* diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 8c3f66de8..616644e5c 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -34,6 +34,7 @@ Certificate_Extension* Extensions::get_extension(const OID& oid) X509_EXTENSION("X509v3.SubjectAlternativeName", Subject_Alternative_Name); X509_EXTENSION("X509v3.CRLNumber", CRL_Number); X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies); + X509_EXTENSION("X509v3.ReasonCode", CRL_ReasonCode); return 0; } @@ -109,6 +110,7 @@ void Extensions::decode_from(BER_Decoder& from_source) extensions.clear(); BER_Decoder sequence = from_source.start_cons(SEQUENCE); + while(sequence.more_items()) { OID oid; diff --git a/src/cert/x509crl/crl_ent.cpp b/src/cert/x509crl/crl_ent.cpp index bdc35b038..d566637f6 100644 --- a/src/cert/x509crl/crl_ent.cpp +++ b/src/cert/x509crl/crl_ent.cpp @@ -58,14 +58,6 @@ bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2) } /* -* Compare two CRL_Entrys -*/ -bool operator<(const CRL_Entry& a1, const CRL_Entry& a2) - { - return (a1.expire_time().cmp(a2.expire_time()) < 0); - } - -/* * DER encode a CRL_Entry */ void CRL_Entry::encode_into(DER_Encoder& der) const diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h index ec90750db..b3e696a86 100644 --- a/src/cert/x509crl/crl_ent.h +++ b/src/cert/x509crl/crl_ent.h @@ -69,11 +69,6 @@ BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&); */ BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&); -/** -* Order two entries based on the revocation date. -*/ -BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&); - } #endif |