예제 #1
0
bool SecurityHelper::verifyDataObject(DataObjectRef& dObj, CertificateRef& cert) const
{
	RSA *key;
	
	// Cannot verify without signature
	if (!dObj->getSignature()) {
		HAGGLE_ERR("No signature in data object, cannot verify\n");
		return false;
	}	
	writeErrors("(not this): ");
	
	key = cert->getPubKey();

	if (RSA_verify(NID_sha1, dObj->getId(), sizeof(DataObjectId_t), 
		       const_cast<unsigned char *>(dObj->getSignature()), dObj->getSignatureLength(), key) != 1) {
		char *raw;
		size_t len;
		writeErrors("");
		dObj->getRawMetadataAlloc((unsigned char **)&raw, &len);
		if (raw) {
			HAGGLE_DBG("Signature is invalid:\n%s\n", raw);
			free(raw);
		}
		dObj->setSignatureStatus(DataObject::SIGNATURE_INVALID);

		return false;
	}
	
	HAGGLE_DBG("Signature is valid\n");
	dObj->setSignatureStatus(DataObject::SIGNATURE_VALID);

	return true;
}
예제 #2
0
bool SecurityHelper::signDataObject(DataObjectRef& dObj, RSA *key)
{
	unsigned char *signature;
	
	if (!key || !dObj) 
		return false;
	
	unsigned int siglen = RSA_size(key);
	
	signature = (unsigned char *)malloc(siglen);
	
	if (!signature)
		return false;

	printf("signing data object, siglen=%u\n", siglen);

	memset(signature, 0, siglen);
	
	if (RSA_sign(NID_sha1, dObj->getId(), sizeof(DataObjectId_t), signature, &siglen, key) != 1) {
		free(signature);
		return false;
	}
	
	dObj->setSignature(getManager()->getKernel()->getThisNode()->getIdStr(), signature, siglen);
	
	// Assume that our own signature is valid
	dObj->setSignatureStatus(DataObject::SIGNATURE_VALID);
	
	// Do not free the allocated signature as it is now owned by the data object...
	
	return true;
}