// Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides
if(homedir.empty())
// Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides
if(homedir.empty())
for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
delete i->second;
for(map<string, publickey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
delete i->second;
for(map<string, publickey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
if(!line.compare(0, 9, "-----END ")) {
fides::publickey *key = new publickey();
key->from_string(pem);
if(!line.compare(0, 9, "-----END ")) {
fides::publickey *key = new publickey();
key->from_string(pem);
// loop over all keys whose certificates need to be checked
for(i = tocheck.begin(); i != tocheck.end(); ++i) {
// loop over all keys whose certificates need to be checked
for(i = tocheck.begin(); i != tocheck.end(); ++i) {
// If we already know this certificate, drop it.
if(certs.find(cert->fingerprint()) != certs.end()) {
// If we already know this certificate, drop it.
if(certs.find(cert->fingerprint()) != certs.end()) {
return;
}
// If the certificate does not validate, drop it.
if(!cert->validate()) {
// TODO: this should not happen, be wary of DoS attacks
return;
}
// If the certificate does not validate, drop it.
if(!cert->validate()) {
// TODO: this should not happen, be wary of DoS attacks
others = find_certificates(cert->signer, string("^a[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
others = find_certificates(cert->signer, string("^a[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
// TODO: this should not happen, be wary of DoS attacks
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
// TODO: this should not happen, be wary of DoS attacks
// save new cert first
certificate_save(cert, certdir + hexencode(cert->fingerprint()));
certs[cert->fingerprint()] = cert;
// save new cert first
certificate_save(cert, certdir + hexencode(cert->fingerprint()));
certs[cert->fingerprint()] = cert;
others = find_certificates(cert->signer, string("^t[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
others = find_certificates(cert->signer, string("^t[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
// TODO: this should not happen, be wary of DoS attacks
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
// TODO: this should not happen, be wary of DoS attacks
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
others = find_certificates(cert->signer, string("^") + cert->statement + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
others = find_certificates(cert->signer, string("^") + cert->statement + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
// TODO: this should not happen, be wary of DoS attacks
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
// TODO: this should not happen, be wary of DoS attacks
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
certs[cert->fingerprint()] = cert;
certificate_save(cert, certdir + hexencode(cert->fingerprint()));
}
certs[cert->fingerprint()] = cert;
certificate_save(cert, certdir + hexencode(cert->fingerprint()));
}