From 14ce6b8765f47db4f2cc4ab4d2eff64486792e62 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Thu, 25 Aug 2016 14:00:33 +0100
Subject: Allow reading of certificate chains from strings.

This also makes the Certificate constructor throw if it finds
extra stuff after a certificate it is loading.
---
 src/certificate.cc | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'src/certificate.cc')

diff --git a/src/certificate.cc b/src/certificate.cc
index a30b77cd..fbe3a80d 100644
--- a/src/certificate.cc
+++ b/src/certificate.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2012-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2012-2016 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -64,7 +64,6 @@ static string const end_certificate = "-----END CERTIFICATE-----";
 Certificate::Certificate (X509* c)
 	: _certificate (c)
 	, _public_key (0)
-	, _extra_data (false)
 {
 
 }
@@ -76,7 +75,10 @@ Certificate::Certificate (string cert)
 	: _certificate (0)
 	, _public_key (0)
 {
-	_extra_data = read_string (cert);
+	string const s = read_string (cert);
+	if (!s.empty ()) {
+		throw MiscError ("unexpected data after certificate");
+	}
 }
 
 /** Copy constructor.
@@ -85,7 +87,6 @@ Certificate::Certificate (string cert)
 Certificate::Certificate (Certificate const & other)
 	: _certificate (0)
 	, _public_key (0)
-	, _extra_data (other._extra_data)
 {
 	if (other._certificate) {
 		read_string (other.certificate (true));
@@ -94,9 +95,9 @@ Certificate::Certificate (Certificate const & other)
 
 /** Read a certificate from a string.
  *  @param cert String to read.
- *  @return true if there is extra stuff after the end of the certificate, false if not.
+ *  @return remaining part of the input string after the certificate which was read.
  */
-bool
+string
 Certificate::read_string (string cert)
 {
 	/* Reformat cert so that it has line breaks every 64 characters.
@@ -176,11 +177,16 @@ Certificate::read_string (string cert)
 
 	BIO_free (bio);
 
-	/* See if there are any non-blank lines after the certificate that we read */
-	while (i != lines.end() && i->empty()) {
+	string extra;
+
+	while (i != lines.end()) {
+		if (!i->empty()) {
+			extra += *i + "\n";
+		}
 		++i;
 	}
-	return i != lines.end();
+
+	return extra;
 }
 
 /** Destructor */
@@ -204,7 +210,6 @@ Certificate::operator= (Certificate const & other)
 	_certificate = 0;
 	RSA_free (_public_key);
 	_public_key = 0;
-	_extra_data = other._extra_data;
 
 	read_string (other.certificate (true));
 
-- 
cgit v1.2.3