CertID::CertID(const X509_Certificate& issuer,
const X509_Certificate& subject)
{
/*
In practice it seems some responders, including, notably,
ocsp.verisign.com, will reject anything but SHA-1 here
*/
std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-160"));
m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
m_issuer_dn_hash = unlock(hash->process(subject.raw_issuer_dn()));
m_subject_serial = BigInt::decode(subject.serial_number());
}
bool CertID::is_id_for(const X509_Certificate& issuer,
const X509_Certificate& subject) const
{
try
{
if(BigInt::decode(subject.serial_number()) != m_subject_serial)
return false;
std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.oid)));
if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
return false;
if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
return false;
}
catch(...)
{
return false;
}
return true;
}
