aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/cert/pkcs10/pkcs10.cpp7
-rw-r--r--src/cert/x509ca/x509_ca.cpp5
-rw-r--r--src/cert/x509cert/x509_obj.cpp15
-rw-r--r--src/cert/x509cert/x509_obj.h8
4 files changed, 23 insertions, 12 deletions
diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp
index 81bb58555..d2a7b668d 100644
--- a/src/cert/pkcs10/pkcs10.cpp
+++ b/src/cert/pkcs10/pkcs10.cpp
@@ -6,11 +6,11 @@
*/
#include <botan/pkcs10.h>
+#include <botan/x509_ext.h>
+#include <botan/x509cert.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/parsing.h>
-#include <botan/x509stor.h>
-#include <botan/x509_ext.h>
#include <botan/oids.h>
#include <botan/pem.h>
@@ -84,8 +84,7 @@ void PKCS10_Request::force_decode()
cert_req_info.verify_end();
- X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key());
- if(sig_check != VERIFIED)
+ if(!this->check_signature(subject_public_key()))
throw Decoding_Error("PKCS #10 request: Bad signature detected");
}
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index ea7f3a405..be7849ec4 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -6,7 +6,6 @@
*/
#include <botan/x509_ca.h>
-#include <botan/x509stor.h>
#include <botan/pubkey.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
@@ -155,9 +154,7 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
std::vector<CRL_Entry> already_revoked = crl.get_revoked();
std::vector<CRL_Entry> all_revoked;
- X509_Store store;
- store.add_cert(cert, true);
- if(store.add_crl(crl) != VERIFIED)
+ if(!crl.check_signature(cert.subject_public_key()))
throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided");
std::set<SecureVector<byte> > removed_from_crl;
diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp
index ffee74f12..27aaea3bf 100644
--- a/src/cert/x509cert/x509_obj.cpp
+++ b/src/cert/x509cert/x509_obj.cpp
@@ -145,6 +145,15 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const
/*
* Check the signature on an object
*/
+bool X509_Object::check_signature(Public_Key* pub_key) const
+ {
+ std::auto_ptr<Public_Key> key(pub_key);
+ return check_signature(*key);
+ }
+
+/*
+* Check the signature on an object
+*/
bool X509_Object::check_signature(Public_Key& pub_key) const
{
try {
@@ -195,15 +204,13 @@ void X509_Object::do_decode()
}
catch(Decoding_Error& e)
{
- const std::string what = e.what();
throw Decoding_Error(PEM_label_pref + " decoding failed (" +
- what.substr(23, std::string::npos) + ")");
+ e.what() + ")");
}
catch(Invalid_Argument& e)
{
- const std::string what = e.what();
throw Decoding_Error(PEM_label_pref + " decoding failed (" +
- what.substr(7, std::string::npos) + ")");
+ e.what() + ")");
}
}
diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h
index 28ee95073..60c7c4db8 100644
--- a/src/cert/x509cert/x509_obj.h
+++ b/src/cert/x509cert/x509_obj.h
@@ -61,6 +61,14 @@ class BOTAN_DLL X509_Object
bool check_signature(class Public_Key& key) const;
/**
+ * Check the signature on this data
+ * @param key the public key purportedly used to sign this data
+ * the pointer will be deleted after use
+ * @return true if the signature is valid, otherwise false
+ */
+ bool check_signature(class Public_Key* key) const;
+
+ /**
* Encode this to a pipe
* @deprecated use BER_encode or PEM_encode instead
* @param out the pipe to write to