# HG changeset patch # User William Ehlhardt # Date 1186462430 0 # Node ID 8275c3cbc9daa47e9b036b5596423c3814bf8c3e # Parent daa68185a01827783c8e0456d7cdf7048d91abaf - Add purple_certificate_check_signature_chain diff -r daa68185a018 -r 8275c3cbc9da libpurple/certificate.c --- a/libpurple/certificate.c Tue Aug 07 04:31:01 2007 +0000 +++ b/libpurple/certificate.c Tue Aug 07 04:53:50 2007 +0000 @@ -167,6 +167,40 @@ return (scheme->signed_by)(crt, issuer); } +gboolean +purple_certificate_check_signature_chain(GList *chain) +{ + GList *cur; + PurpleCertificate *crt, *issuer; + + g_return_val_if_fail(chain, FALSE); + + /* If this is a single-certificate chain, say that it is valid */ + if (chain->next == NULL) { + return TRUE; + } + + /* Load crt with the first certificate */ + crt = (PurpleCertificate *)(chain->data); + /* And start with the second certificate in the chain */ + for ( cur = chain->next; cur; cur = cur->next ) { + + issuer = (PurpleCertificate *)(cur->data); + + /* Check the signature for this link */ + if (! purple_certificate_signed_by(crt, issuer) ) { + return FALSE; + } + + /* The issuer is now the next crt whose signature is to be + checked */ + crt = issuer; + } + + /* If control reaches this point, the chain is valid */ + return TRUE; +} + PurpleCertificate * purple_certificate_import(PurpleCertificateScheme *scheme, const gchar *filename) { diff -r daa68185a018 -r 8275c3cbc9da libpurple/certificate.h --- a/libpurple/certificate.h Tue Aug 07 04:31:01 2007 +0000 +++ b/libpurple/certificate.h Tue Aug 07 04:53:50 2007 +0000 @@ -424,6 +424,20 @@ purple_certificate_signed_by(PurpleCertificate *crt, PurpleCertificate *issuer); /** + * Check that a certificate chain is valid + * + * Uses purple_certificate_signed_by() to verify that each PurpleCertificate + * in the chain carries a valid signature from the next. A single-certificate + * chain is considered to be valid. + * + * @param chain List of PurpleCertificate instances comprising the chain, + * in the order certificate, issuer, issuer's issuer, etc. + * @return TRUE if the chain is valid. See description. + */ +gboolean +purple_certificate_check_signature_chain(GList *chain); + +/** * Imports a PurpleCertificate from a file * * @param scheme Scheme to import under