changeset 19077:8275c3cbc9da

- Add purple_certificate_check_signature_chain
author William Ehlhardt <williamehlhardt@gmail.com>
date Tue, 07 Aug 2007 04:53:50 +0000
parents daa68185a018
children 3987f76c0e4b
files libpurple/certificate.c libpurple/certificate.h
diffstat 2 files changed, 48 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/certificate.c	Tue Aug 07 04:31:01 2007 +0000
+++ b/libpurple/certificate.c	Tue Aug 07 04:53:50 2007 +0000
@@ -167,6 +167,40 @@
 	return (scheme->signed_by)(crt, issuer);
 }
 
+gboolean
+purple_certificate_check_signature_chain(GList *chain)
+{
+	GList *cur;
+	PurpleCertificate *crt, *issuer;
+
+	g_return_val_if_fail(chain, FALSE);
+	
+	/* If this is a single-certificate chain, say that it is valid */
+	if (chain->next == NULL) {
+		return TRUE;
+	}
+
+	/* Load crt with the first certificate */
+	crt = (PurpleCertificate *)(chain->data);
+	/* And start with the second certificate in the chain */
+	for ( cur = chain->next; cur; cur = cur->next ) {
+		
+		issuer = (PurpleCertificate *)(cur->data);
+		
+		/* Check the signature for this link */
+		if (! purple_certificate_signed_by(crt, issuer) ) {
+			return FALSE;
+		}
+
+		/* The issuer is now the next crt whose signature is to be
+		   checked */
+		crt = issuer;
+	}
+
+	/* If control reaches this point, the chain is valid */
+	return TRUE;
+}
+
 PurpleCertificate *
 purple_certificate_import(PurpleCertificateScheme *scheme, const gchar *filename)
 {
--- a/libpurple/certificate.h	Tue Aug 07 04:31:01 2007 +0000
+++ b/libpurple/certificate.h	Tue Aug 07 04:53:50 2007 +0000
@@ -424,6 +424,20 @@
 purple_certificate_signed_by(PurpleCertificate *crt, PurpleCertificate *issuer);
 
 /**
+ * Check that a certificate chain is valid
+ *
+ * Uses purple_certificate_signed_by() to verify that each PurpleCertificate
+ * in the chain carries a valid signature from the next. A single-certificate
+ * chain is considered to be valid.
+ *
+ * @param chain      List of PurpleCertificate instances comprising the chain,
+ *                   in the order certificate, issuer, issuer's issuer, etc.
+ * @return TRUE if the chain is valid. See description.
+ */
+gboolean
+purple_certificate_check_signature_chain(GList *chain);
+
+/**
  * Imports a PurpleCertificate from a file
  *
  * @param scheme      Scheme to import under