1 /* fides.cc - Light-weight, decentralised trust and authorisation management
2 Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
4 Fides is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as
6 published by the Free Software Foundation; either version 2.1 of
7 the License, or (at your option) any later version.
9 Fides is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with this program; if not, see <http://www.gnu.org/licenses/>.
20 #include "certificate.h"
26 /// \class Certificate
28 /// \brief Representation of a certificate.
30 /// Construct a certificate from elements of an already existing certificate.
32 /// @param key Public key used to sign the certificate.
33 /// @param timestamp Timestamp of the certificate.
34 /// @param statement Statement of the certificate.
35 /// @param signature Signature of the certificate.
36 Certificate::Certificate(const PublicKey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
38 /// Verifies the signature of the certificate.
40 /// @return True if the signature is valid, false otherwise.
41 bool Certificate::validate() const {
42 string data = signer->fingerprint(256);
43 data += string((const char *)×tamp, sizeof timestamp);
45 return signer->verify(data, signature);
48 /// Construct a new certificate and sign it with the private key.
50 /// @param key Private key to sign the certificate with.
51 /// @param timestamp Timestamp of the certificate.
52 /// @param statement Statement of the certificate.
53 Certificate::Certificate(const PrivateKey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
54 string data = signer->fingerprint(256);
55 data += string((const char *)×tamp, sizeof timestamp);
57 signature = key->sign(data);
60 /// Get the fingerprint of this certificate.
62 /// @param bits Number of bits from the fingerprint to return.
63 /// The number will be rounded down to the nearest multiple of 8.
64 /// @return String containing the fingerprint.
65 string Certificate::fingerprint(unsigned int bits) const {
66 return signature.substr(signature.size() - bits / 8);
69 /// Write the certificate to a string.
71 /// @return String containing the certificate in textual format.
72 string Certificate::to_string() const {
73 string data = hexencode(signer->fingerprint());
76 snprintf(ts, sizeof ts, "%lu.%06lu", timestamp.tv_sec, timestamp.tv_usec);
79 data += b64encode(signature);