bool SecurityHelper::verifyDataObject(DataObjectRef& dObj, CertificateRef& cert) const
{
RSA *key;
// Cannot verify without signature
if (!dObj->getSignature()) {
HAGGLE_ERR("No signature in data object, cannot verify\n");
return false;
}
writeErrors("(not this): ");
key = cert->getPubKey();
if (RSA_verify(NID_sha1, dObj->getId(), sizeof(DataObjectId_t),
const_cast<unsigned char *>(dObj->getSignature()), dObj->getSignatureLength(), key) != 1) {
char *raw;
size_t len;
writeErrors("");
dObj->getRawMetadataAlloc((unsigned char **)&raw, &len);
if (raw) {
HAGGLE_DBG("Signature is invalid:\n%s\n", raw);
free(raw);
}
dObj->setSignatureStatus(DataObject::SIGNATURE_INVALID);
return false;
}
HAGGLE_DBG("Signature is valid\n");
dObj->setSignatureStatus(DataObject::SIGNATURE_VALID);
return true;
}
bool SecurityHelper::signDataObject(DataObjectRef& dObj, RSA *key)
{
unsigned char *signature;
if (!key || !dObj)
return false;
unsigned int siglen = RSA_size(key);
signature = (unsigned char *)malloc(siglen);
if (!signature)
return false;
printf("signing data object, siglen=%u\n", siglen);
memset(signature, 0, siglen);
if (RSA_sign(NID_sha1, dObj->getId(), sizeof(DataObjectId_t), signature, &siglen, key) != 1) {
free(signature);
return false;
}
dObj->setSignature(getManager()->getKernel()->getThisNode()->getIdStr(), signature, siglen);
// Assume that our own signature is valid
dObj->setSignatureStatus(DataObject::SIGNATURE_VALID);
// Do not free the allocated signature as it is now owned by the data object...
return true;
}