certificate_t->issued_by takes an argument to receive signature scheme
This commit is contained in:
parent
439d0742e9
commit
a37f2d2006
|
@ -348,7 +348,7 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void,
|
|||
enumerator = this->sections->create_enumerator(this->sections);
|
||||
while (enumerator->enumerate(enumerator, (void**)§ion))
|
||||
{
|
||||
if (section->certuribase && cert->issued_by(cert, section->cert))
|
||||
if (section->certuribase && cert->issued_by(cert, section->cert, NULL))
|
||||
{
|
||||
chunk_t hash, encoded;
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ bool test_cert_x509()
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (!parsed->issued_by(parsed, ca_cert))
|
||||
if (!parsed->issued_by(parsed, ca_cert, NULL))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ bool test_cert_x509()
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (!parsed->issued_by(parsed, ca_cert))
|
||||
if (!parsed->issued_by(parsed, ca_cert, NULL))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
@ -44,7 +44,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
|
|||
pts_t *pts;
|
||||
|
||||
pts = attestation_state->get_pts(attestation_state);
|
||||
|
||||
|
||||
switch (attr->get_type(attr))
|
||||
{
|
||||
case TCG_PTS_PROTO_CAPS:
|
||||
|
@ -169,7 +169,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
|
|||
KEY_ANY, aik->get_issuer(aik), FALSE);
|
||||
while (e->enumerate(e, &issuer))
|
||||
{
|
||||
if (aik->issued_by(aik, issuer))
|
||||
if (aik->issued_by(aik, issuer, NULL))
|
||||
{
|
||||
trusted = TRUE;
|
||||
break;
|
||||
|
@ -289,7 +289,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
|
|||
break;
|
||||
}
|
||||
status = comp->verify(comp, pts, evidence);
|
||||
|
||||
|
||||
switch (status)
|
||||
{
|
||||
default:
|
||||
|
|
|
@ -143,9 +143,11 @@ struct certificate_t {
|
|||
* Check if this certificate is issued and signed by a specific issuer.
|
||||
*
|
||||
* @param issuer issuer's certificate
|
||||
* @param scheme receives signature scheme used during verification
|
||||
* @return TRUE if certificate issued by issuer and trusted
|
||||
*/
|
||||
bool (*issued_by)(certificate_t *this, certificate_t *issuer);
|
||||
bool (*issued_by)(certificate_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme);
|
||||
|
||||
/**
|
||||
* Get the public key associated to this certificate.
|
||||
|
|
|
@ -165,7 +165,7 @@ METHOD(cert_cache_t, issued_by, bool,
|
|||
}
|
||||
}
|
||||
/* no cache hit, check and cache signature */
|
||||
if (subject->issued_by(subject, issuer))
|
||||
if (subject->issued_by(subject, issuer, NULL))
|
||||
{
|
||||
cache(this, subject, issuer);
|
||||
return TRUE;
|
||||
|
|
|
@ -225,7 +225,8 @@ METHOD(certificate_t, has_subject_or_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_openssl_crl_t *this, certificate_t *issuer)
|
||||
private_openssl_crl_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
{
|
||||
chunk_t fingerprint, tbs;
|
||||
public_key_t *key;
|
||||
|
@ -270,6 +271,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
openssl_asn1_str2chunk(this->crl->signature));
|
||||
free(tbs.ptr);
|
||||
key->destroy(key);
|
||||
if (valid && scheme)
|
||||
{
|
||||
*scheme = this->scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
|
|
@ -350,7 +350,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_openssl_x509_t *this, certificate_t *issuer)
|
||||
private_openssl_x509_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
{
|
||||
public_key_t *key;
|
||||
bool valid;
|
||||
|
@ -393,6 +394,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
openssl_asn1_str2chunk(this->x509->signature));
|
||||
free(tbs.ptr);
|
||||
key->destroy(key);
|
||||
if (valid && scheme)
|
||||
{
|
||||
*scheme = this->scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
@ -975,7 +980,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
|
|||
hasher->allocate_hash(hasher, this->encoding, &this->hash);
|
||||
hasher->destroy(hasher);
|
||||
|
||||
if (issued_by(this, &this->public.x509.interface))
|
||||
if (issued_by(this, &this->public.x509.interface, NULL))
|
||||
{
|
||||
this->flags |= X509_SELF_SIGNED;
|
||||
}
|
||||
|
|
|
@ -114,7 +114,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by,bool,
|
||||
private_pgp_cert_t *this, certificate_t *issuer)
|
||||
private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme)
|
||||
{
|
||||
/* TODO: check signature blobs for a valid signature */
|
||||
return FALSE;
|
||||
|
|
|
@ -126,8 +126,13 @@ METHOD(certificate_t, equals, bool,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_pubkey_cert_t *this, certificate_t *issuer)
|
||||
private_pubkey_cert_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
{
|
||||
if (scheme)
|
||||
{
|
||||
*scheme = SIGN_UNKNOWN;
|
||||
}
|
||||
return equals(this, issuer);
|
||||
}
|
||||
|
||||
|
|
|
@ -701,7 +701,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_ac_t *this, certificate_t *issuer)
|
||||
private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
|
@ -750,6 +750,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
}
|
||||
valid = key->verify(key, scheme, this->certificateInfo, this->signature);
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
|
|
@ -1483,7 +1483,8 @@ end:
|
|||
/* check if the certificate is self-signed */
|
||||
if (this->public.interface.interface.issued_by(
|
||||
&this->public.interface.interface,
|
||||
&this->public.interface.interface))
|
||||
&this->public.interface.interface,
|
||||
NULL))
|
||||
{
|
||||
this->flags |= X509_SELF_SIGNED;
|
||||
}
|
||||
|
@ -1568,7 +1569,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_cert_t *this, certificate_t *issuer)
|
||||
private_x509_cert_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
|
@ -1612,6 +1614,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
}
|
||||
valid = key->verify(key, scheme, this->tbsCertificate, this->signature);
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
|
|
@ -442,7 +442,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_crl_t *this, certificate_t *issuer)
|
||||
private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
|
@ -490,6 +490,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
}
|
||||
valid = key->verify(key, scheme, this->tbsCertList, this->signature);
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
|
|
@ -364,7 +364,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_ocsp_request_t *this, certificate_t *issuer)
|
||||
private_x509_ocsp_request_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
{
|
||||
DBG1(DBG_LIB, "OCSP request validation not implemented!");
|
||||
return FALSE;
|
||||
|
|
|
@ -670,7 +670,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_ocsp_response_t *this, certificate_t *issuer)
|
||||
private_x509_ocsp_response_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
|
@ -722,6 +723,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
}
|
||||
valid = key->verify(key, scheme, this->tbsResponseData, this->signature);
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
|
|
@ -123,10 +123,12 @@ METHOD(certificate_t, has_subject, id_match_t,
|
|||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_pkcs10_t *this, certificate_t *issuer)
|
||||
private_x509_pkcs10_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
bool valid;
|
||||
|
||||
if (&this->public.interface.interface != issuer)
|
||||
{
|
||||
|
@ -150,8 +152,13 @@ METHOD(certificate_t, issued_by, bool,
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
return key->verify(key, scheme, this->certificationRequestInfo,
|
||||
this->signature);
|
||||
valid = key->verify(key, scheme, this->certificationRequestInfo,
|
||||
this->signature);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
METHOD(certificate_t, get_public_key, public_key_t*,
|
||||
|
@ -441,7 +448,7 @@ end:
|
|||
if (success)
|
||||
{
|
||||
/* check if the certificate request is self-signed */
|
||||
if (issued_by(this, &this->public.interface.interface))
|
||||
if (issued_by(this, &this->public.interface.interface, NULL))
|
||||
{
|
||||
this->self_signed = TRUE;
|
||||
}
|
||||
|
|
|
@ -77,7 +77,7 @@ static int verify()
|
|||
{
|
||||
ca = cert;
|
||||
}
|
||||
if (cert->issued_by(cert, ca))
|
||||
if (cert->issued_by(cert, ca, NULL))
|
||||
{
|
||||
if (cert->get_validity(cert, NULL, NULL, NULL))
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue