diff options
| author | Carl Hetherington <cth@carlh.net> | 2015-07-12 20:54:06 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2015-07-12 20:54:06 +0100 |
| commit | 43d2c7aef17adceb04f84109b432a830f00d1bd1 (patch) | |
| tree | 66f27488ad79f0f900cf3a636b7c8ec0d763cbbb /src/certificates.cc | |
| parent | a09bbf5f06a9ed2f5011999c0a6eef78b9e1ca56 (diff) | |
Move CertificateChain into the right header.
Diffstat (limited to 'src/certificates.cc')
| -rw-r--r-- | src/certificates.cc | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/src/certificates.cc b/src/certificates.cc index e5acdd25..37b57767 100644 --- a/src/certificates.cc +++ b/src/certificates.cc @@ -316,139 +316,3 @@ dcp::operator<< (ostream& s, Certificate const & c) s << c.certificate(); return s; } - -/** @return Root certificate */ -Certificate -CertificateChain::root () const -{ - DCP_ASSERT (!_certificates.empty()); - return _certificates.front (); -} - -/** @return Leaf certificate */ -Certificate -CertificateChain::leaf () const -{ - DCP_ASSERT (_certificates.size() >= 2); - return _certificates.back (); -} - -/** @return Certificates in order from root to leaf */ -CertificateChain::List -CertificateChain::root_to_leaf () const -{ - return _certificates; -} - -/** @return Certificates in order from leaf to root */ -CertificateChain::List -CertificateChain::leaf_to_root () const -{ - List c = _certificates; - c.reverse (); - return c; -} - -/** Add a certificate to the end of the chain. - * @param c Certificate to add. - */ -void -CertificateChain::add (Certificate c) -{ - _certificates.push_back (c); -} - -/** Remove a certificate from the chain. - * @param c Certificate to remove. - */ -void -CertificateChain::remove (Certificate c) -{ - _certificates.remove (c); -} - -/** Remove the i'th certificate in the list, as listed - * from root to leaf. - */ -void -CertificateChain::remove (int i) -{ - List::iterator j = _certificates.begin (); - while (j != _certificates.end () && i > 0) { - --i; - ++j; - } - - if (j != _certificates.end ()) { - _certificates.erase (j); - } -} - -/** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate - * signs the leaf and so on). - * @return true if it's ok, false if not. - */ -bool -CertificateChain::valid () const -{ - X509_STORE* store = X509_STORE_new (); - if (!store) { - return false; - } - - for (List::const_iterator i = _certificates.begin(); i != _certificates.end(); ++i) { - - List::const_iterator j = i; - ++j; - if (j == _certificates.end ()) { - break; - } - - if (!X509_STORE_add_cert (store, i->x509 ())) { - X509_STORE_free (store); - return false; - } - - X509_STORE_CTX* ctx = X509_STORE_CTX_new (); - if (!ctx) { - X509_STORE_free (store); - return false; - } - - X509_STORE_set_flags (store, 0); - if (!X509_STORE_CTX_init (ctx, store, j->x509 (), 0)) { - X509_STORE_CTX_free (ctx); - X509_STORE_free (store); - return false; - } - - int v = X509_verify_cert (ctx); - X509_STORE_CTX_free (ctx); - - if (v == 0) { - X509_STORE_free (store); - return false; - } - } - - X509_STORE_free (store); - return true; -} - -/** @return true if the chain is now in order from root to leaf, - * false if no correct order was found. - */ -bool -CertificateChain::attempt_reorder () -{ - List original = _certificates; - _certificates.sort (); - do { - if (valid ()) { - return true; - } - } while (std::next_permutation (_certificates.begin(), _certificates.end ())); - - _certificates = original; - return false; -} |