Allow to set multiple service certificates (#419)

IB-7091 Signed-off-by: Raul Metsma <raul@metsma.ee>
open-eid · Jul 1, 2021 · fe7da1b · fe7da1b
1 parent a2fea2d
commit fe7da1b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/cmake b/cmake
diff --git a/libdigidocpp.i b/libdigidocpp.i
@@ -175,6 +175,7 @@ extern "C"
 // ignore X509Cert and implement later cert as ByteVector
 %ignore digidoc::Conf::TSLCerts;
 %ignore digidoc::ConfV2::verifyServiceCert;
+%ignore digidoc::ConfV4::verifyServiceCerts;
 %ignore digidoc::Signer::cert;
 %ignore digidoc::Signature::signingCertificate;
 %ignore digidoc::Signature::OCSPCertificate;

diff --git a/src/libdigidocpp.i.h b/src/libdigidocpp.i.h
@@ -54,7 +54,8 @@ class SWIGEXPORT DigiDocConf: public digidoc::XmlConfCurrent
     std::string TSLCache() const override { return cache.empty() ? digidoc::XmlConfCurrent::TSLCache() : cache; }
     std::vector<X509Cert> TSLCerts() const override { return tslCerts.empty() ? digidoc::XmlConfCurrent::TSLCerts() : tslCerts; };
     std::string TSLUrl() const override { return tslUrl.empty() ? digidoc::XmlConfCurrent::TSLUrl() : tslUrl; }
-    X509Cert verifyServiceCert() const override { return !serviceCert ? digidoc::XmlConfCurrent::verifyServiceCert() : serviceCert; }
+    X509Cert verifyServiceCert() const override { return serviceCerts.empty() ? digidoc::XmlConfCurrent::verifyServiceCert() : serviceCerts.front(); }
+    std::vector<X509Cert> verifyServiceCerts() const override { return serviceCerts.empty() ? digidoc::XmlConfCurrent::verifyServiceCerts() : serviceCerts; }
     std::string verifyServiceUri() const override { return serviceUrl.empty() ? digidoc::XmlConfCurrent::verifyServiceUri() : serviceUrl; }
     std::string xsdPath() const override { return cache.empty() ? digidoc::XmlConfCurrent::xsdPath() : cache; }
 
@@ -68,7 +69,7 @@ class SWIGEXPORT DigiDocConf: public digidoc::XmlConfCurrent
     void addTSLCert(const std::vector<unsigned char> &cert)
     {
         if(!cert.empty())
-            tslCerts.push_back(X509Cert(cert, X509Cert::Der));
+            tslCerts.emplace_back(cert, X509Cert::Der);
     }
     void setTSLUrl(std::string url) { tslUrl = std::move(url); }
     void setOCSPUrls(std::map<std::string,std::string> urls) { OCSPUrls = urls; }
@@ -79,7 +80,16 @@ class SWIGEXPORT DigiDocConf: public digidoc::XmlConfCurrent
         if(_TMProfiles.empty())
             TMProfiles.clear();
     }
-    void setVerifyServiceCert(const std::vector<unsigned char> &cert) { serviceCert = X509Cert(cert.data(), cert.size(), X509Cert::Der); }
+    void setVerifyServiceCert(const std::vector<unsigned char> &cert)
+    {
+        if(cert.empty()) serviceCerts.clear();
+        else serviceCerts = { X509Cert(cert, X509Cert::Der) };
+    }
+    void addVerifyServiceCert(const std::vector<unsigned char> &cert)
+    {
+        if(!cert.empty())
+            serviceCerts.emplace_back(cert, X509Cert::Der);
+    }
     void setVerifyServiceUri(std::string url) { serviceUrl = std::move(url); }
 
 private:
@@ -88,7 +98,7 @@ class SWIGEXPORT DigiDocConf: public digidoc::XmlConfCurrent
     std::vector<X509Cert> tslCerts;
     std::set<std::string> TMProfiles;
     std::map<std::string,std::string> OCSPUrls;
-    X509Cert serviceCert;
+    std::vector<X509Cert> serviceCerts;
 };
 
 static void initializeLib(const std::string &appName, const std::string &path)
+0 −7		modules/VersionInfo.cmake
+0 −24		modules/win81.exe.manifest