From d1740672b8f9e0b5be1cd3d9f5da9ffd76c7c300 Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 7 Oct 2010 18:59:19 +0000 Subject: Fix CRL reason codes and updating of CRLs. Add tests for both cases. --- src/cert/x509ca/x509_ca.cpp | 34 +++++----------------------------- src/cert/x509cert/x509_ext.cpp | 2 ++ src/cert/x509crl/crl_ent.cpp | 8 -------- src/cert/x509crl/crl_ent.h | 5 ----- 4 files changed, 7 insertions(+), 42 deletions(-) (limited to 'src/cert') diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index be7849ec4..4379488e9 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -1,6 +1,6 @@ /* * X.509 Certificate Authority -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -151,36 +151,12 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl, RandomNumberGenerator& rng, u32bit next_update) const { - std::vector already_revoked = crl.get_revoked(); - std::vector all_revoked; + std::vector revoked = crl.get_revoked(); - if(!crl.check_signature(cert.subject_public_key())) - throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided"); + std::copy(new_revoked.begin(), new_revoked.end(), + std::back_inserter(revoked)); - std::set > removed_from_crl; - for(u32bit j = 0; j != new_revoked.size(); ++j) - { - if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY) - removed_from_crl.insert(new_revoked[j].serial_number()); - else - all_revoked.push_back(new_revoked[j]); - } - - for(u32bit j = 0; j != already_revoked.size(); ++j) - { - std::set >::const_iterator i; - i = removed_from_crl.find(already_revoked[j].serial_number()); - - if(i == removed_from_crl.end()) - all_revoked.push_back(already_revoked[j]); - } - std::sort(all_revoked.begin(), all_revoked.end()); - - std::vector cert_list; - std::unique_copy(all_revoked.begin(), all_revoked.end(), - std::back_inserter(cert_list)); - - return make_crl(cert_list, crl.crl_number() + 1, next_update, rng); + return make_crl(revoked, crl.crl_number() + 1, next_update, rng); } /* diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 8c3f66de8..616644e5c 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -34,6 +34,7 @@ Certificate_Extension* Extensions::get_extension(const OID& oid) X509_EXTENSION("X509v3.SubjectAlternativeName", Subject_Alternative_Name); X509_EXTENSION("X509v3.CRLNumber", CRL_Number); X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies); + X509_EXTENSION("X509v3.ReasonCode", CRL_ReasonCode); return 0; } @@ -109,6 +110,7 @@ void Extensions::decode_from(BER_Decoder& from_source) extensions.clear(); BER_Decoder sequence = from_source.start_cons(SEQUENCE); + while(sequence.more_items()) { OID oid; diff --git a/src/cert/x509crl/crl_ent.cpp b/src/cert/x509crl/crl_ent.cpp index bdc35b038..d566637f6 100644 --- a/src/cert/x509crl/crl_ent.cpp +++ b/src/cert/x509crl/crl_ent.cpp @@ -57,14 +57,6 @@ bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2) return !(a1 == a2); } -/* -* Compare two CRL_Entrys -*/ -bool operator<(const CRL_Entry& a1, const CRL_Entry& a2) - { - return (a1.expire_time().cmp(a2.expire_time()) < 0); - } - /* * DER encode a CRL_Entry */ diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h index ec90750db..b3e696a86 100644 --- a/src/cert/x509crl/crl_ent.h +++ b/src/cert/x509crl/crl_ent.h @@ -69,11 +69,6 @@ BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&); */ BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&); -/** -* Order two entries based on the revocation date. -*/ -BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&); - } #endif -- cgit v1.2.3