[nstool] Added PkiValidator::addCertificate()

programs/nstool/source/PkiValidator.cpp

@@ -28,6 +28,14 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
 }
 
 void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs)
+{
+	for (size_t i = 0; i < certs.size(); i++)
+	{
+		addCertificate(certs[i]);
+	}
+}
+
+void PkiValidator::addCertificate(const es::SignedData<es::CertificateBody>& cert)
 {
 	std::string cert_ident;
 	es::sign::SignatureAlgo cert_sign_algo;
@@ -36,37 +44,34 @@ void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::Certificat
 
 	try 
 	{	
-		for (size_t i = 0; i < certs.size(); i++)
+		makeCertIdent(cert, cert_ident);
-		{
-			makeCertIdent(certs[i], cert_ident);
 
 		if (doesCertExist(cert_ident) == true)
 		{
 			throw fnd::Exception(kModuleName, "Certificate already exists");
 		}
 
-			cert_sign_algo = es::sign::getSignatureAlgo(certs[i].getSignature().getSignType());
+		cert_sign_algo = es::sign::getSignatureAlgo(cert.getSignature().getSignType());
-			cert_hash_algo = es::sign::getHashAlgo(certs[i].getSignature().getSignType());
+		cert_hash_algo = es::sign::getHashAlgo(cert.getSignature().getSignType());
 
 		// get cert hash
 		switch (cert_hash_algo)
 		{
 		case (es::sign::HASH_ALGO_SHA1):
 			cert_hash.alloc(crypto::sha::kSha1HashLen);
-				crypto::sha::Sha1(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data());
+			crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
 			break;
 		case (es::sign::HASH_ALGO_SHA256):
 			cert_hash.alloc(crypto::sha::kSha256HashLen);
-				crypto::sha::Sha256(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data());
+			crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
 			break;
 		default:
 			throw fnd::Exception(kModuleName, "Unrecognised hash type");
 		}
 
-			validateSignature(certs[i].getBody().getIssuer(), certs[i].getSignature().getSignType(), certs[i].getSignature().getSignature(), cert_hash);
+		validateSignature(cert.getBody().getIssuer(), cert.getSignature().getSignType(), cert.getSignature().getSignature(), cert_hash);
 
-			mCertificateBank.addElement(certs[i]);
+		mCertificateBank.addElement(cert);
-		}
 	}
 	catch (const fnd::Exception& e) 
 	{

programs/nstool/source/PkiValidator.h

@@ -14,6 +14,7 @@ public:
 
 	void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
 	void addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs);
+	void addCertificate(const es::SignedData<es::CertificateBody>& cert);
 	void clearCertificates();
 
 	void validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;