bool SecurityHelper::verifyDataObject(DataObjectRef& dObj, CertificateRef& cert) const
{
RSA *key;
// Cannot verify without signature
if (!dObj->getSignature()) {
HAGGLE_ERR("No signature in data object, cannot verify\n");
return false;
}
writeErrors("(not this): ");
key = cert->getPubKey();
if (RSA_verify(NID_sha1, dObj->getId(), sizeof(DataObjectId_t),
const_cast<unsigned char *>(dObj->getSignature()), dObj->getSignatureLength(), key) != 1) {
char *raw;
size_t len;
writeErrors("");
dObj->getRawMetadataAlloc((unsigned char **)&raw, &len);
if (raw) {
HAGGLE_DBG("Signature is invalid:\n%s\n", raw);
free(raw);
}
dObj->setSignatureStatus(DataObject::SIGNATURE_INVALID);
return false;
}
HAGGLE_DBG("Signature is valid\n");
dObj->setSignatureStatus(DataObject::SIGNATURE_VALID);
return true;
}
void WriteResult::_check(bool throwSoftErrors) {
if (hasWriteErrors())
throw OperationException(writeErrors().back());
if (throwSoftErrors && hasWriteConcernErrors()) {
throw OperationException(writeConcernErrors().front());
}
}
bool Certificate::verifySignature(RSA *key)
{
bool res = false;
if (!key)
return false;
if (verified)
return true;
EVP_PKEY *pkey = EVP_PKEY_new();
if (!pkey) {
HAGGLE_ERR("Could not allocate EVP_PKEY\n");
writeErrors("");
return false;
}
EVP_PKEY_set1_RSA(pkey, key);
res = verifySignature(pkey);
EVP_PKEY_free(pkey);
return res;
}
bool Certificate::sign(EVP_PKEY *key)
{
bool res = false;
if (key && X509_sign(x, key, EVP_sha1()))
hasSignature = res = true;
else {
writeErrors("");
}
return res;
}
bool Certificate::verifySignature(EVP_PKEY *key)
{
bool res = false;
if (!key)
return false;
if (verified)
return true;
// X509 apparently returns 0 or -1 on failure, and 1 on success:
if (X509_verify(x, key) == 1) {
verified = res = true;
} else {
writeErrors("");
}
return res;
}
int Certificate::writePEM(FILE *fp)
{
int res = 0;
if (!x)
return -4;
if (!fp)
return -5;
res = PEM_write_X509(fp, x);
if (res == 0) {
writeErrors("");
res = -6;
} else
res = 0;
return res;
}
