enumerator = this->sections->create_enumerator(this->sections);
while (enumerator->enumerate(enumerator, (void**)§ion))
{
- if (section->certuribase && cert->issued_by(cert, section->cert))
+ if (section->certuribase && cert->issued_by(cert, section->cert, NULL))
{
chunk_t hash, encoded;
{
return FALSE;
}
- if (!parsed->issued_by(parsed, ca_cert))
+ if (!parsed->issued_by(parsed, ca_cert, NULL))
{
return FALSE;
}
{
return FALSE;
}
- if (!parsed->issued_by(parsed, ca_cert))
+ if (!parsed->issued_by(parsed, ca_cert, NULL))
{
return FALSE;
}
pts_t *pts;
pts = attestation_state->get_pts(attestation_state);
-
+
switch (attr->get_type(attr))
{
case TCG_PTS_PROTO_CAPS:
KEY_ANY, aik->get_issuer(aik), FALSE);
while (e->enumerate(e, &issuer))
{
- if (aik->issued_by(aik, issuer))
+ if (aik->issued_by(aik, issuer, NULL))
{
trusted = TRUE;
break;
break;
}
status = comp->verify(comp, pts, evidence);
-
+
switch (status)
{
default:
* Check if this certificate is issued and signed by a specific issuer.
*
* @param issuer issuer's certificate
+ * @param scheme receives signature scheme used during verification
* @return TRUE if certificate issued by issuer and trusted
*/
- bool (*issued_by)(certificate_t *this, certificate_t *issuer);
+ bool (*issued_by)(certificate_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme);
/**
* Get the public key associated to this certificate.
}
}
/* no cache hit, check and cache signature */
- if (subject->issued_by(subject, issuer))
+ if (subject->issued_by(subject, issuer, NULL))
{
cache(this, subject, issuer);
return TRUE;
}
METHOD(certificate_t, issued_by, bool,
- private_openssl_crl_t *this, certificate_t *issuer)
+ private_openssl_crl_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
chunk_t fingerprint, tbs;
public_key_t *key;
openssl_asn1_str2chunk(this->crl->signature));
free(tbs.ptr);
key->destroy(key);
+ if (valid && scheme)
+ {
+ *scheme = this->scheme;
+ }
return valid;
}
}
METHOD(certificate_t, issued_by, bool,
- private_openssl_x509_t *this, certificate_t *issuer)
+ private_openssl_x509_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
public_key_t *key;
bool valid;
openssl_asn1_str2chunk(this->x509->signature));
free(tbs.ptr);
key->destroy(key);
+ if (valid && scheme)
+ {
+ *scheme = this->scheme;
+ }
return valid;
}
hasher->allocate_hash(hasher, this->encoding, &this->hash);
hasher->destroy(hasher);
- if (issued_by(this, &this->public.x509.interface))
+ if (issued_by(this, &this->public.x509.interface, NULL))
{
this->flags |= X509_SELF_SIGNED;
}
}
METHOD(certificate_t, issued_by,bool,
- private_pgp_cert_t *this, certificate_t *issuer)
+ private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme)
{
/* TODO: check signature blobs for a valid signature */
return FALSE;
}
METHOD(certificate_t, issued_by, bool,
- private_pubkey_cert_t *this, certificate_t *issuer)
+ private_pubkey_cert_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
+ if (scheme)
+ {
+ *scheme = SIGN_UNKNOWN;
+ }
return equals(this, issuer);
}
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ac_t *this, certificate_t *issuer)
+ private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
}
valid = key->verify(key, scheme, this->certificateInfo, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
/* check if the certificate is self-signed */
if (this->public.interface.interface.issued_by(
&this->public.interface.interface,
- &this->public.interface.interface))
+ &this->public.interface.interface,
+ NULL))
{
this->flags |= X509_SELF_SIGNED;
}
}
METHOD(certificate_t, issued_by, bool,
- private_x509_cert_t *this, certificate_t *issuer)
+ private_x509_cert_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
}
valid = key->verify(key, scheme, this->tbsCertificate, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
}
METHOD(certificate_t, issued_by, bool,
- private_x509_crl_t *this, certificate_t *issuer)
+ private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
}
valid = key->verify(key, scheme, this->tbsCertList, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ocsp_request_t *this, certificate_t *issuer)
+ private_x509_ocsp_request_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
DBG1(DBG_LIB, "OCSP request validation not implemented!");
return FALSE;
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ocsp_response_t *this, certificate_t *issuer)
+ private_x509_ocsp_response_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
}
valid = key->verify(key, scheme, this->tbsResponseData, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
}
METHOD(certificate_t, issued_by, bool,
- private_x509_pkcs10_t *this, certificate_t *issuer)
+ private_x509_pkcs10_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
+ bool valid;
if (&this->public.interface.interface != issuer)
{
{
return FALSE;
}
- return key->verify(key, scheme, this->certificationRequestInfo,
- this->signature);
+ valid = key->verify(key, scheme, this->certificationRequestInfo,
+ this->signature);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
+ return valid;
}
METHOD(certificate_t, get_public_key, public_key_t*,
if (success)
{
/* check if the certificate request is self-signed */
- if (issued_by(this, &this->public.interface.interface))
+ if (issued_by(this, &this->public.interface.interface, NULL))
{
this->self_signed = TRUE;
}
{
ca = cert;
}
- if (cert->issued_by(cert, ca))
+ if (cert->issued_by(cert, ca, NULL))
{
if (cert->get_validity(cert, NULL, NULL, NULL))
{
projects / thirdparty / strongswan.git / commitdiff
