[nstool] Added PkiValidator::addCertificate()

This commit is contained in:
jakcron 2018-08-05 23:15:36 +08:00
parent e9b3c7296a
commit b911b5984b
2 changed files with 36 additions and 30 deletions

View file

@ -28,6 +28,14 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
}
void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs)
{
for (size_t i = 0; i < certs.size(); i++)
{
addCertificate(certs[i]);
}
}
void PkiValidator::addCertificate(const es::SignedData<es::CertificateBody>& cert)
{
std::string cert_ident;
es::sign::SignatureAlgo cert_sign_algo;
@ -36,37 +44,34 @@ void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::Certificat
try
{
for (size_t i = 0; i < certs.size(); i++)
makeCertIdent(cert, cert_ident);
if (doesCertExist(cert_ident) == true)
{
makeCertIdent(certs[i], cert_ident);
if (doesCertExist(cert_ident) == true)
{
throw fnd::Exception(kModuleName, "Certificate already exists");
}
cert_sign_algo = es::sign::getSignatureAlgo(certs[i].getSignature().getSignType());
cert_hash_algo = es::sign::getHashAlgo(certs[i].getSignature().getSignType());
// get cert hash
switch (cert_hash_algo)
{
case (es::sign::HASH_ALGO_SHA1):
cert_hash.alloc(crypto::sha::kSha1HashLen);
crypto::sha::Sha1(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data());
break;
case (es::sign::HASH_ALGO_SHA256):
cert_hash.alloc(crypto::sha::kSha256HashLen);
crypto::sha::Sha256(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data());
break;
default:
throw fnd::Exception(kModuleName, "Unrecognised hash type");
}
validateSignature(certs[i].getBody().getIssuer(), certs[i].getSignature().getSignType(), certs[i].getSignature().getSignature(), cert_hash);
mCertificateBank.addElement(certs[i]);
throw fnd::Exception(kModuleName, "Certificate already exists");
}
cert_sign_algo = es::sign::getSignatureAlgo(cert.getSignature().getSignType());
cert_hash_algo = es::sign::getHashAlgo(cert.getSignature().getSignType());
// get cert hash
switch (cert_hash_algo)
{
case (es::sign::HASH_ALGO_SHA1):
cert_hash.alloc(crypto::sha::kSha1HashLen);
crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
break;
case (es::sign::HASH_ALGO_SHA256):
cert_hash.alloc(crypto::sha::kSha256HashLen);
crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
break;
default:
throw fnd::Exception(kModuleName, "Unrecognised hash type");
}
validateSignature(cert.getBody().getIssuer(), cert.getSignature().getSignType(), cert.getSignature().getSignature(), cert_hash);
mCertificateBank.addElement(cert);
}
catch (const fnd::Exception& e)
{

View file

@ -14,6 +14,7 @@ public:
void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
void addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs);
void addCertificate(const es::SignedData<es::CertificateBody>& cert);
void clearCertificates();
void validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;