r3184 - in trunk/libmcrypto: include/libmcrypto include/libmcrypto/gnutls include/libmcrypto/openssl source source/gnutls source/openssl

mikma at minisip.org mikma at minisip.org
Thu Feb 1 20:37:11 CET 2007 

Author: mikma
Date: 2007-02-01 20:37:10 +0100 (Thu, 01 Feb 2007)
New Revision: 3184

Modified:
   trunk/libmcrypto/include/libmcrypto/cert.h
   trunk/libmcrypto/include/libmcrypto/gnutls/cert.h
   trunk/libmcrypto/include/libmcrypto/openssl/cert.h
   trunk/libmcrypto/source/cert.cxx
   trunk/libmcrypto/source/gnutls/cert.cxx
   trunk/libmcrypto/source/openssl/cert.cxx
Log:
Move check_pk to priv_pk and rename check_cert. It makes it possible to
use a custom priv_pk implementation with stock openssl and gnutls certificate
classes.


Modified: trunk/libmcrypto/include/libmcrypto/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/cert.h	2007-02-01 16:19:47 UTC (rev 3183)
+++ trunk/libmcrypto/include/libmcrypto/cert.h	2007-02-01 19:37:10 UTC (rev 3184)
@@ -95,6 +95,8 @@
 
 		virtual const std::string &get_file() const = 0;
 
+		virtual bool check_cert( MRef<certificate *> cert)=0;
+
 		virtual int sign_data( unsigned char * data, int data_length, 
 				       unsigned char * sign,
 				       int * sign_length )=0;
@@ -178,8 +180,6 @@
 		std::string get_file();
 		std::string get_pk_file();
                    
-		virtual bool check_pk( MRef<priv_key *> pk)=0;
-
 		MRef<priv_key*> get_pk();
 		void set_pk( MRef<priv_key *> pk);
 		void set_pk( const std::string &file );

Modified: trunk/libmcrypto/include/libmcrypto/gnutls/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/cert.h	2007-02-01 16:19:47 UTC (rev 3183)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/cert.h	2007-02-01 19:37:10 UTC (rev 3184)
@@ -103,6 +103,8 @@
 
 		const std::string &get_file() const;
 
+		bool check_cert( MRef<certificate*> cert );
+
 		int sign_data( unsigned char * data, int data_length, 
 			       unsigned char * sign,
 			       int * sign_length );
@@ -156,8 +158,6 @@
 		std::string get_issuer();
 		std::string get_issuer_cn();
 
-		bool check_pk( MRef<priv_key*> pk );
-
 		gnutls_x509_crt_t get_certificate(){return cert;};
 
 	protected:

Modified: trunk/libmcrypto/include/libmcrypto/openssl/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/cert.h	2007-02-01 16:19:47 UTC (rev 3183)
+++ trunk/libmcrypto/include/libmcrypto/openssl/cert.h	2007-02-01 19:37:10 UTC (rev 3184)
@@ -76,6 +76,8 @@
 
 		const std::string &get_file() const;
 
+		bool check_cert( MRef<certificate *> cert);
+
 		int sign_data( unsigned char * data, int data_length, 
 			       unsigned char * sign,
 			       int * sign_length );
@@ -132,8 +134,6 @@
 		std::string get_issuer();
 		std::string get_issuer_cn();
 
-		bool check_pk( MRef<priv_key *> pk);
-
 		X509 * get_openssl_certificate(){return cert;};
 	private:
 		X509 * cert;

Modified: trunk/libmcrypto/source/cert.cxx
===================================================================
--- trunk/libmcrypto/source/cert.cxx	2007-02-01 16:19:47 UTC (rev 3183)
+++ trunk/libmcrypto/source/cert.cxx	2007-02-01 19:37:10 UTC (rev 3184)
@@ -88,7 +88,7 @@
 
 void certificate::set_pk( MRef<priv_key *> priv_key )
 {
-	if( !check_pk( priv_key ) ){
+	if( !priv_key->check_cert( this ) ){
 		cerr << "Private key does not match the certificate" << endl;
 		throw certificate_exception_pkey(
 			"The private key does not match the certificate" );

Modified: trunk/libmcrypto/source/gnutls/cert.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/cert.cxx	2007-02-01 16:19:47 UTC (rev 3183)
+++ trunk/libmcrypto/source/gnutls/cert.cxx	2007-02-01 19:37:10 UTC (rev 3184)
@@ -946,22 +946,23 @@
    pk_file = path;
 }
 
-bool gtls_certificate::check_pk( MRef<priv_key*> pk ){
-	MRef<gtls_priv_key*> gtls_pk =
-		dynamic_cast<gtls_priv_key*>( *pk );
 
-	if( !gtls_pk ){
+bool gtls_priv_key::check_cert( MRef<certificate*> cert ){
+	MRef<gtls_certificate*> gtls_cert =
+		dynamic_cast<gtls_certificate*>( *cert );
+
+	if( !gtls_cert ){
 		return false;
 	}
 
-	gnutls_x509_privkey_t privateKey = gtls_pk->get_private_key();
 	byte_t publicKeyId[20];
 	byte_t privateKeyId[20];
 	size_t idLength;
 
 	/* Check that the private key matches the certificate */
 	idLength = 20;
-	int ret = gnutls_x509_crt_get_key_id( cert, 0, publicKeyId, &idLength );
+	int ret = gnutls_x509_crt_get_key_id( gtls_cert->get_certificate(),
+					      0, publicKeyId, &idLength );
    
 	if( ret < 0 ){
 		throw certificate_exception("An error occured when computing the key id" );

Modified: trunk/libmcrypto/source/openssl/cert.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/cert.cxx	2007-02-01 16:19:47 UTC (rev 3183)
+++ trunk/libmcrypto/source/openssl/cert.cxx	2007-02-01 19:37:10 UTC (rev 3184)
@@ -559,13 +559,20 @@
 	pk_file = file;
 }
 
-bool ossl_certificate::check_pk( MRef<priv_key*> pk ){
-	MRef<ossl_priv_key*> ssl_pk =
-		dynamic_cast<ossl_priv_key*>( *pk );
 
+bool ossl_priv_key::check_cert( MRef<certificate*> cert ){
+	MRef<ossl_certificate*> ssl_cert =
+		dynamic_cast<ossl_certificate*>( *cert );
+
+	if( !ssl_cert ){
+		// Not an OpenSSL certificate!
+		return false;
+	}
+
 	/* Check that the private key matches the certificate */
 
-	if( X509_check_private_key( cert, ssl_pk->get_openssl_private_key() ) != 1 ){
+	if( X509_check_private_key( ssl_cert->get_openssl_certificate(),
+				    private_key ) != 1 ){
 		return false;
 	}

More information about the Minisip-devel mailing list