aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--checks/check.cpp1
-rw-r--r--checks/pk.cpp1
-rw-r--r--checks/x509.cpp2
-rw-r--r--src/cert/x509ca/x509_ca.cpp34
-rw-r--r--src/cert/x509cert/x509_ext.cpp2
-rw-r--r--src/cert/x509crl/crl_ent.cpp8
-rw-r--r--src/cert/x509crl/crl_ent.h5
7 files changed, 8 insertions, 45 deletions
diff --git a/checks/check.cpp b/checks/check.cpp
index cacc07cb0..ca9ec84e9 100644
--- a/checks/check.cpp
+++ b/checks/check.cpp
@@ -215,6 +215,7 @@ int run_test_suite(RandomNumberGenerator& rng)
errors += do_validation_tests(EXPECTED_FAIL_FILE, rng, false);
errors += do_bigint_tests(BIGINT_VALIDATION_FILE, rng);
errors += do_pk_validation_tests(PK_VALIDATION_FILE, rng);
+ do_x509_tests(rng);
//errors += do_cvc_tests(rng);
}
catch(std::exception& e)
diff --git a/checks/pk.cpp b/checks/pk.cpp
index eb93cc531..f38cf97a6 100644
--- a/checks/pk.cpp
+++ b/checks/pk.cpp
@@ -916,7 +916,6 @@ u32bit do_pk_validation_tests(const std::string& filename,
errors += do_ecdsa_tests(rng);
errors += do_ecdh_tests(rng);
do_pk_keygen_tests(rng);
- do_x509_tests(rng);
return errors;
}
diff --git a/checks/x509.cpp b/checks/x509.cpp
index 24d67dc1c..43d374411 100644
--- a/checks/x509.cpp
+++ b/checks/x509.cpp
@@ -220,7 +220,6 @@ void do_x509_tests(RandomNumberGenerator& rng)
if(store.validate_cert(user2_cert) != CERT_IS_REVOKED)
std::cout << "\nFAILED: User cert #2 was not revoked" << std::endl;
-#if 0
revoked.clear();
revoked.push_back(CRL_Entry(user1_cert, REMOVE_FROM_CRL));
X509_CRL crl3 = ca.update_crl(crl2, revoked, rng);
@@ -230,7 +229,6 @@ void do_x509_tests(RandomNumberGenerator& rng)
if(store.validate_cert(user1_cert) != VERIFIED)
std::cout << "\nFAILED: User cert #1 was not un-revoked" << std::endl;
-#endif
check_against_copy(ca_key, rng);
check_against_copy(user1_key, rng);
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index be7849ec4..4379488e9 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Certificate Authority
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -151,36 +151,12 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
RandomNumberGenerator& rng,
u32bit next_update) const
{
- std::vector<CRL_Entry> already_revoked = crl.get_revoked();
- std::vector<CRL_Entry> all_revoked;
+ std::vector<CRL_Entry> revoked = crl.get_revoked();
- if(!crl.check_signature(cert.subject_public_key()))
- throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided");
+ std::copy(new_revoked.begin(), new_revoked.end(),
+ std::back_inserter(revoked));
- std::set<SecureVector<byte> > removed_from_crl;
- for(u32bit j = 0; j != new_revoked.size(); ++j)
- {
- if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY)
- removed_from_crl.insert(new_revoked[j].serial_number());
- else
- all_revoked.push_back(new_revoked[j]);
- }
-
- for(u32bit j = 0; j != already_revoked.size(); ++j)
- {
- std::set<SecureVector<byte> >::const_iterator i;
- i = removed_from_crl.find(already_revoked[j].serial_number());
-
- if(i == removed_from_crl.end())
- all_revoked.push_back(already_revoked[j]);
- }
- std::sort(all_revoked.begin(), all_revoked.end());
-
- std::vector<CRL_Entry> cert_list;
- std::unique_copy(all_revoked.begin(), all_revoked.end(),
- std::back_inserter(cert_list));
-
- return make_crl(cert_list, crl.crl_number() + 1, next_update, rng);
+ return make_crl(revoked, crl.crl_number() + 1, next_update, rng);
}
/*
diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp
index 8c3f66de8..616644e5c 100644
--- a/src/cert/x509cert/x509_ext.cpp
+++ b/src/cert/x509cert/x509_ext.cpp
@@ -34,6 +34,7 @@ Certificate_Extension* Extensions::get_extension(const OID& oid)
X509_EXTENSION("X509v3.SubjectAlternativeName", Subject_Alternative_Name);
X509_EXTENSION("X509v3.CRLNumber", CRL_Number);
X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies);
+ X509_EXTENSION("X509v3.ReasonCode", CRL_ReasonCode);
return 0;
}
@@ -109,6 +110,7 @@ void Extensions::decode_from(BER_Decoder& from_source)
extensions.clear();
BER_Decoder sequence = from_source.start_cons(SEQUENCE);
+
while(sequence.more_items())
{
OID oid;
diff --git a/src/cert/x509crl/crl_ent.cpp b/src/cert/x509crl/crl_ent.cpp
index bdc35b038..d566637f6 100644
--- a/src/cert/x509crl/crl_ent.cpp
+++ b/src/cert/x509crl/crl_ent.cpp
@@ -58,14 +58,6 @@ bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2)
}
/*
-* Compare two CRL_Entrys
-*/
-bool operator<(const CRL_Entry& a1, const CRL_Entry& a2)
- {
- return (a1.expire_time().cmp(a2.expire_time()) < 0);
- }
-
-/*
* DER encode a CRL_Entry
*/
void CRL_Entry::encode_into(DER_Encoder& der) const
diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h
index ec90750db..b3e696a86 100644
--- a/src/cert/x509crl/crl_ent.h
+++ b/src/cert/x509crl/crl_ent.h
@@ -69,11 +69,6 @@ BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&);
*/
BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&);
-/**
-* Order two entries based on the revocation date.
-*/
-BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&);
-
}
#endif