bool SecurityHelper::verifyDataObject(DataObjectRef& dObj, CertificateRef& cert) const { RSA *key; // Cannot verify without signature if (!dObj->getSignature()) { HAGGLE_ERR("No signature in data object, cannot verify\n"); return false; } writeErrors("(not this): "); key = cert->getPubKey(); if (RSA_verify(NID_sha1, dObj->getId(), sizeof(DataObjectId_t), const_cast<unsigned char *>(dObj->getSignature()), dObj->getSignatureLength(), key) != 1) { char *raw; size_t len; writeErrors(""); dObj->getRawMetadataAlloc((unsigned char **)&raw, &len); if (raw) { HAGGLE_DBG("Signature is invalid:\n%s\n", raw); free(raw); } dObj->setSignatureStatus(DataObject::SIGNATURE_INVALID); return false; } HAGGLE_DBG("Signature is valid\n"); dObj->setSignatureStatus(DataObject::SIGNATURE_VALID); return true; }
void WriteResult::_check(bool throwSoftErrors) { if (hasWriteErrors()) throw OperationException(writeErrors().back()); if (throwSoftErrors && hasWriteConcernErrors()) { throw OperationException(writeConcernErrors().front()); } }
bool Certificate::verifySignature(RSA *key) { bool res = false; if (!key) return false; if (verified) return true; EVP_PKEY *pkey = EVP_PKEY_new(); if (!pkey) { HAGGLE_ERR("Could not allocate EVP_PKEY\n"); writeErrors(""); return false; } EVP_PKEY_set1_RSA(pkey, key); res = verifySignature(pkey); EVP_PKEY_free(pkey); return res; }
bool Certificate::sign(EVP_PKEY *key) { bool res = false; if (key && X509_sign(x, key, EVP_sha1())) hasSignature = res = true; else { writeErrors(""); } return res; }
bool Certificate::verifySignature(EVP_PKEY *key) { bool res = false; if (!key) return false; if (verified) return true; // X509 apparently returns 0 or -1 on failure, and 1 on success: if (X509_verify(x, key) == 1) { verified = res = true; } else { writeErrors(""); } return res; }
int Certificate::writePEM(FILE *fp) { int res = 0; if (!x) return -4; if (!fp) return -5; res = PEM_write_X509(fp, x); if (res == 0) { writeErrors(""); res = -6; } else res = 0; return res; }