diff options
-rw-r--r-- | src/cert/pkcs10/pkcs10.cpp | 7 | ||||
-rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 5 | ||||
-rw-r--r-- | src/cert/x509cert/x509_obj.cpp | 15 | ||||
-rw-r--r-- | src/cert/x509cert/x509_obj.h | 8 |
4 files changed, 23 insertions, 12 deletions
diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp index 81bb58555..d2a7b668d 100644 --- a/src/cert/pkcs10/pkcs10.cpp +++ b/src/cert/pkcs10/pkcs10.cpp @@ -6,11 +6,11 @@ */ #include <botan/pkcs10.h> +#include <botan/x509_ext.h> +#include <botan/x509cert.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/parsing.h> -#include <botan/x509stor.h> -#include <botan/x509_ext.h> #include <botan/oids.h> #include <botan/pem.h> @@ -84,8 +84,7 @@ void PKCS10_Request::force_decode() cert_req_info.verify_end(); - X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key()); - if(sig_check != VERIFIED) + if(!this->check_signature(subject_public_key())) throw Decoding_Error("PKCS #10 request: Bad signature detected"); } diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index ea7f3a405..be7849ec4 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -6,7 +6,6 @@ */ #include <botan/x509_ca.h> -#include <botan/x509stor.h> #include <botan/pubkey.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -155,9 +154,7 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl, std::vector<CRL_Entry> already_revoked = crl.get_revoked(); std::vector<CRL_Entry> all_revoked; - X509_Store store; - store.add_cert(cert, true); - if(store.add_crl(crl) != VERIFIED) + if(!crl.check_signature(cert.subject_public_key())) throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided"); std::set<SecureVector<byte> > removed_from_crl; diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp index ffee74f12..27aaea3bf 100644 --- a/src/cert/x509cert/x509_obj.cpp +++ b/src/cert/x509cert/x509_obj.cpp @@ -145,6 +145,15 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const /* * Check the signature on an object */ +bool X509_Object::check_signature(Public_Key* pub_key) const + { + std::auto_ptr<Public_Key> key(pub_key); + return check_signature(*key); + } + +/* +* Check the signature on an object +*/ bool X509_Object::check_signature(Public_Key& pub_key) const { try { @@ -195,15 +204,13 @@ void X509_Object::do_decode() } catch(Decoding_Error& e) { - const std::string what = e.what(); throw Decoding_Error(PEM_label_pref + " decoding failed (" + - what.substr(23, std::string::npos) + ")"); + e.what() + ")"); } catch(Invalid_Argument& e) { - const std::string what = e.what(); throw Decoding_Error(PEM_label_pref + " decoding failed (" + - what.substr(7, std::string::npos) + ")"); + e.what() + ")"); } } diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 28ee95073..60c7c4db8 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -61,6 +61,14 @@ class BOTAN_DLL X509_Object bool check_signature(class Public_Key& key) const; /** + * Check the signature on this data + * @param key the public key purportedly used to sign this data + * the pointer will be deleted after use + * @return true if the signature is valid, otherwise false + */ + bool check_signature(class Public_Key* key) const; + + /** * Encode this to a pipe * @deprecated use BER_encode or PEM_encode instead * @param out the pipe to write to |