mirror of
https://github.com/jakcron/nstool
synced 2024-11-15 02:06:40 +00:00
[nstool] Added PkiValidator::addCertificate()
This commit is contained in:
parent
e9b3c7296a
commit
b911b5984b
2 changed files with 36 additions and 30 deletions
|
@ -28,6 +28,14 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
|
|||
}
|
||||
|
||||
void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs)
|
||||
{
|
||||
for (size_t i = 0; i < certs.size(); i++)
|
||||
{
|
||||
addCertificate(certs[i]);
|
||||
}
|
||||
}
|
||||
|
||||
void PkiValidator::addCertificate(const es::SignedData<es::CertificateBody>& cert)
|
||||
{
|
||||
std::string cert_ident;
|
||||
es::sign::SignatureAlgo cert_sign_algo;
|
||||
|
@ -36,37 +44,34 @@ void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::Certificat
|
|||
|
||||
try
|
||||
{
|
||||
for (size_t i = 0; i < certs.size(); i++)
|
||||
makeCertIdent(cert, cert_ident);
|
||||
|
||||
if (doesCertExist(cert_ident) == true)
|
||||
{
|
||||
makeCertIdent(certs[i], cert_ident);
|
||||
|
||||
if (doesCertExist(cert_ident) == true)
|
||||
{
|
||||
throw fnd::Exception(kModuleName, "Certificate already exists");
|
||||
}
|
||||
|
||||
cert_sign_algo = es::sign::getSignatureAlgo(certs[i].getSignature().getSignType());
|
||||
cert_hash_algo = es::sign::getHashAlgo(certs[i].getSignature().getSignType());
|
||||
|
||||
// get cert hash
|
||||
switch (cert_hash_algo)
|
||||
{
|
||||
case (es::sign::HASH_ALGO_SHA1):
|
||||
cert_hash.alloc(crypto::sha::kSha1HashLen);
|
||||
crypto::sha::Sha1(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data());
|
||||
break;
|
||||
case (es::sign::HASH_ALGO_SHA256):
|
||||
cert_hash.alloc(crypto::sha::kSha256HashLen);
|
||||
crypto::sha::Sha256(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data());
|
||||
break;
|
||||
default:
|
||||
throw fnd::Exception(kModuleName, "Unrecognised hash type");
|
||||
}
|
||||
|
||||
validateSignature(certs[i].getBody().getIssuer(), certs[i].getSignature().getSignType(), certs[i].getSignature().getSignature(), cert_hash);
|
||||
|
||||
mCertificateBank.addElement(certs[i]);
|
||||
throw fnd::Exception(kModuleName, "Certificate already exists");
|
||||
}
|
||||
|
||||
cert_sign_algo = es::sign::getSignatureAlgo(cert.getSignature().getSignType());
|
||||
cert_hash_algo = es::sign::getHashAlgo(cert.getSignature().getSignType());
|
||||
|
||||
// get cert hash
|
||||
switch (cert_hash_algo)
|
||||
{
|
||||
case (es::sign::HASH_ALGO_SHA1):
|
||||
cert_hash.alloc(crypto::sha::kSha1HashLen);
|
||||
crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
||||
break;
|
||||
case (es::sign::HASH_ALGO_SHA256):
|
||||
cert_hash.alloc(crypto::sha::kSha256HashLen);
|
||||
crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
||||
break;
|
||||
default:
|
||||
throw fnd::Exception(kModuleName, "Unrecognised hash type");
|
||||
}
|
||||
|
||||
validateSignature(cert.getBody().getIssuer(), cert.getSignature().getSignType(), cert.getSignature().getSignature(), cert_hash);
|
||||
|
||||
mCertificateBank.addElement(cert);
|
||||
}
|
||||
catch (const fnd::Exception& e)
|
||||
{
|
||||
|
|
|
@ -14,6 +14,7 @@ public:
|
|||
|
||||
void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
|
||||
void addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs);
|
||||
void addCertificate(const es::SignedData<es::CertificateBody>& cert);
|
||||
void clearCertificates();
|
||||
|
||||
void validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;
|
||||
|
|
Loading…
Reference in a new issue