diff options
| author | Jack Lloyd <[email protected]> | 2017-12-19 10:04:47 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-12-19 10:04:47 -0500 |
| commit | 584587969d10c903bf08f4e4580ecde83cbf62a2 (patch) | |
| tree | d2906642a49fba5b89ad59a0102f75446fdb0488 /src/lib/x509/x509_obj.h | |
| parent | 1e9db1f1d3d4d04368a7f7da490230deb5b6431e (diff) | |
Expose a function returning a status code for verifing X509 objects
The versions returning bool just tell us if it could be verified but
don't indicate the problem, everything got binned into "signature error"
during verification. Now in the event that the params were invalid, or
the signature algorithm couldn't be found, report that as a specific error.
See GH #1362
Diffstat (limited to 'src/lib/x509/x509_obj.h')
| -rw-r--r-- | src/lib/x509/x509_obj.h | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/lib/x509/x509_obj.h b/src/lib/x509/x509_obj.h index c9ff0f761..72ba0f534 100644 --- a/src/lib/x509/x509_obj.h +++ b/src/lib/x509/x509_obj.h @@ -10,6 +10,7 @@ #include <botan/asn1_obj.h> #include <botan/alg_id.h> +#include <botan/cert_status.h> #include <vector> namespace Botan { @@ -59,9 +60,17 @@ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object * @return signed X509 object */ static std::vector<uint8_t> make_signed(class PK_Signer* signer, - RandomNumberGenerator& rng, - const AlgorithmIdentifier& alg_id, - const secure_vector<uint8_t>& tbs); + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const secure_vector<uint8_t>& tbs); + + /** + * Check the signature on this data + * @param key the public key purportedly used to sign this data + * @return status of the signature - OK if verified or otherwise an indicator of + * the problem preventing verification. + */ + Certificate_Status_Code verify_signature(const Public_Key& key) const; /** * Check the signature on this data @@ -73,7 +82,8 @@ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object /** * Check the signature on this data * @param key the public key purportedly used to sign this data - * the pointer will be deleted after use + * the object will be deleted after use (this should have + * been a std::unique_ptr<Public_Key>) * @return true if the signature is valid, otherwise false */ bool check_signature(const Public_Key* key) const; |