diff --git a/programs/nstool/source/PkiValidator.cpp b/programs/nstool/source/PkiValidator.cpp index 91cdfda..623f938 100644 --- a/programs/nstool/source/PkiValidator.cpp +++ b/programs/nstool/source/PkiValidator.cpp @@ -28,6 +28,14 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key) } void PkiValidator::addCertificates(const fnd::List>& certs) +{ + for (size_t i = 0; i < certs.size(); i++) + { + addCertificate(certs[i]); + } +} + +void PkiValidator::addCertificate(const es::SignedData& cert) { std::string cert_ident; es::sign::SignatureAlgo cert_sign_algo; @@ -35,38 +43,35 @@ void PkiValidator::addCertificates(const fnd::List cert_hash; try - { - for (size_t i = 0; i < certs.size(); i++) + { + makeCertIdent(cert, cert_ident); + + if (doesCertExist(cert_ident) == true) { - makeCertIdent(certs[i], cert_ident); - - if (doesCertExist(cert_ident) == true) - { - throw fnd::Exception(kModuleName, "Certificate already exists"); - } - - cert_sign_algo = es::sign::getSignatureAlgo(certs[i].getSignature().getSignType()); - cert_hash_algo = es::sign::getHashAlgo(certs[i].getSignature().getSignType()); - - // get cert hash - switch (cert_hash_algo) - { - case (es::sign::HASH_ALGO_SHA1): - cert_hash.alloc(crypto::sha::kSha1HashLen); - crypto::sha::Sha1(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data()); - break; - case (es::sign::HASH_ALGO_SHA256): - cert_hash.alloc(crypto::sha::kSha256HashLen); - crypto::sha::Sha256(certs[i].getBody().getBytes().data(), certs[i].getBody().getBytes().size(), cert_hash.data()); - break; - default: - throw fnd::Exception(kModuleName, "Unrecognised hash type"); - } - - validateSignature(certs[i].getBody().getIssuer(), certs[i].getSignature().getSignType(), certs[i].getSignature().getSignature(), cert_hash); - - mCertificateBank.addElement(certs[i]); + throw fnd::Exception(kModuleName, "Certificate already exists"); } + + cert_sign_algo = es::sign::getSignatureAlgo(cert.getSignature().getSignType()); + cert_hash_algo = es::sign::getHashAlgo(cert.getSignature().getSignType()); + + // get cert hash + switch (cert_hash_algo) + { + case (es::sign::HASH_ALGO_SHA1): + cert_hash.alloc(crypto::sha::kSha1HashLen); + crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); + break; + case (es::sign::HASH_ALGO_SHA256): + cert_hash.alloc(crypto::sha::kSha256HashLen); + crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); + break; + default: + throw fnd::Exception(kModuleName, "Unrecognised hash type"); + } + + validateSignature(cert.getBody().getIssuer(), cert.getSignature().getSignType(), cert.getSignature().getSignature(), cert_hash); + + mCertificateBank.addElement(cert); } catch (const fnd::Exception& e) { diff --git a/programs/nstool/source/PkiValidator.h b/programs/nstool/source/PkiValidator.h index 3ba54ec..c585c41 100644 --- a/programs/nstool/source/PkiValidator.h +++ b/programs/nstool/source/PkiValidator.h @@ -14,6 +14,7 @@ public: void setRootKey(const crypto::rsa::sRsa4096Key& root_key); void addCertificates(const fnd::List>& certs); + void addCertificate(const es::SignedData& cert); void clearCertificates(); void validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const;