]> WPIA git - cassiopeia.git/commitdiff
projects / cassiopeia.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 11750de)
fix: be able to load CAs without private key
authorFelix Dörre <felix@dogcraft.de>
Tue, 28 Feb 2017 13:01:36 +0000 (14:01 +0100)
committerFelix Dörre <felix@dogcraft.de>
Wed, 1 Mar 2017 07:42:53 +0000 (08:42 +0100)
this is needed for the signer-client to load CAs when
he does not have the according private key.

Change-Id: Ib1a9c6fd9cde6ec3af1414f2b22faa22d1fa6fea

src/crypto/CRL.cpp patch | blob | history
src/crypto/simpleOpensslSigner.cpp patch | blob | history
src/crypto/sslUtil.cpp patch | blob | history

diff --git a/src/crypto/CRL.cpp b/src/crypto/CRL.cpp
index d48bc89315f8445fd1c3d865fdc9b85adc5b3b77..01f8af5320b73def166310920010e24362458b1a 100644 (file)
--- a/src/crypto/CRL.cpp
+++ b/src/crypto/CRL.cpp
@@ -58,6 +58,10 @@ std::string CRL::revoke( std::string serial, std::string time ) {
 }
 
 void CRL::sign( std::shared_ptr<CAConfig> ca ) {
+    if(!ca->caKey){
+        throw new std::invalid_argument("Cannot sign CRL with CA " + ca->name + " because it has no private key.");
+    }
+
     // Updating necessary CRL props
     std::shared_ptr<ASN1_TIME> tmptm( ASN1_TIME_new(), ASN1_TIME_free );
 
diff --git a/src/crypto/simpleOpensslSigner.cpp b/src/crypto/simpleOpensslSigner.cpp
index cad772c4e102b9007c33e80cc921ee0af77c86d2..6987d2c4e84085c25c3349f5c334e42e82475dbe 100644 (file)
--- a/src/crypto/simpleOpensslSigner.cpp
+++ b/src/crypto/simpleOpensslSigner.cpp
@@ -86,6 +86,9 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
         logger::error( "ERROR: Signing CA specified in profile could not be loaded." );
         throw std::runtime_error("CA-key not found");
     }
+    if(!ca->caKey){
+        throw std::runtime_error("Cannot sign certificate with CA " + ca->name + " because it has no private key.");
+    }
 
     logger::note( "FINE: Key for Signing CA is correctly loaded." );
 
diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp
index 9d06a881d73d1e136180ca4f3a7932e3093e0d00..d7fddfe40fd4a54557e907cfe16bacdd212acfeb 100644 (file)
--- a/src/crypto/sslUtil.cpp
+++ b/src/crypto/sslUtil.cpp
@@ -197,9 +197,6 @@ CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name
     }
 
     caKey = loadPkeyFromFile( path + "/ca.key" );
-    if (!caKey) {
-        throw new std::invalid_argument("ca name: " + name + " contains unreadable key.");
-    }
 
     ASN1_TIME* tm = X509_get_notBefore( ca.get() ); // tm MUST NOT be free'd; duplicate for owning copy.
     notBefore = std::shared_ptr<ASN1_TIME>( ASN1_STRING_dup(tm), ASN1_TIME_free );
WPIA Certificate Signing Software