Branch: Tag:

2015-02-27

2015-02-27 16:49:39 by Martin Nilsson <nilsson@opera.com>

Allow verify_certificate_chain to have certificate objects in its chain argument.

1384:    if (stringp (cert))    cert = .PKCS.Signature.decode_signed(cert, x509_types);    -  TBSCertificate tbs = TBSCertificate()->init(cert[0]); +  TBSCertificate tbs=TBSCertificate([object(.PKCS.Signature.Signed)]cert->tbs);       // FIXME: The re-encoding and algorithm checks are more appropriate    // in verify_certificate, but the full certificate doesn't reach
1647:   //!   //! @param cert_chain   //! An array of certificates, with the relative-root last. Each - //! certificate should be a DER-encoded certificate. + //! certificate should be a DER-encoded certificate, or decoded as a + //! @[Standards.PKCS.Signature.Signed] object.   //! @param authorities   //! A mapping from (DER-encoded) names to verifiers.   //! @param require_trust
1656:   //!   //! See @[Standards.PKCS.Certificate.get_dn_string] for converting the   //! RDN to an X500 style string. - mapping verify_certificate_chain(array(string) cert_chain, + mapping verify_certificate_chain(array(string|.PKCS.Signature.Signed) cert_chain,    mapping(string:Verifier|array(Verifier)) authorities,    int|void require_trust)   {
1675:    array chain_obj = allocate(len);    array chain_cert = allocate(len);    -  foreach(cert_chain; int idx; string c) +  foreach(cert_chain; int idx; string|.PKCS.Signature.Signed c)    { -  object cert = Standards.PKCS.Signature.decode_signed(c); -  TBSCertificate tbs = decode_certificate(cert); +  .PKCS.Signature.Signed cert; +  if( stringp(c) ) +  cert = .PKCS.Signature.decode_signed(c); +  TBSCertificate tbs = decode_certificate(c);    if(!tbs)    FATAL(CERT_INVALID);