Add a (clunky) function X509_Object::hash_used_for_signature that

returns the hash function that was used to create the
signature. Useful for a future X509 path validator that inform the
user which hash(es) they are relying on and/or allowing the ability to
reject hashes which are undesirable (MD2, MD5, etc)

2 files changed, 26 insertions, 0 deletions

diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp
index 41bbbef6b..13193f09c 100644
--- a/src/cert/x509cert/x509_obj.cpp
+++ b/src/cert/x509cert/x509_obj.cpp
@@ -143,6 +143,27 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const
    }
 
 /*
+* Return the hash used in generating the signature
+*/
+std::string X509_Object::hash_used_for_signature() const
+   {
+   std::vector<std::string> sig_info =
+      split_on(OIDS::lookup(sig_algo.oid), '/');
+
+   if(sig_info.size() != 2)
+      throw Internal_Error("Invalid name format found for " +
+                           sig_algo.oid.as_string());
+
+   std::vector<std::string> pad_and_hash =
+      parse_algorithm_name(sig_info[1]);
+
+   if(pad_and_hash.size() != 2)
+      throw Internal_Error("Invalid name format " + sig_info[1]);
+
+   return pad_and_hash[1];
+   }
+
+/*
 * Check the signature on an object
 */
 bool X509_Object::check_signature(Public_Key* pub_key) const
diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h
index 86c1d6ce7..6579565f9 100644
--- a/src/cert/x509cert/x509_obj.h
+++ b/src/cert/x509cert/x509_obj.h
@@ -40,6 +40,11 @@ class BOTAN_DLL X509_Object
       AlgorithmIdentifier signature_algorithm() const;
 
       /**
+      * @return hash algorithm that was used to generate signature
+      */
+      std::string hash_used_for_signature() const;
+
+      /**
       * Create a signed X509 object.
       * @param signer the signer used to sign the object
       * @param rng the random number generator to use