ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-16 06:08:13 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

SignedNetworkMap verification fix (#2255)

Browse Source 
* SignedNetworkMap verification fix

SignedNetworkMap verification should also include cert path validation,
which was probably moved away by accident, because docs say about the
exception CertPathValidatorException.
This commit is contained in:
Katarzyna Streich
2017-12-14 12:06:44 +00:00
committed by GitHub
parent 70b6944c96
commit 0df846148d
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
node-api/src/main/kotlin/net/corda/nodeapi/internal/NetworkMap.kt
View File

@ -7,6 +7,7 @@ import net.corda.core.identity.Party
import net.corda.core.serialization.CordaSerializable
import net.corda.core.serialization.SerializedBytes
import net.corda.core.serialization.deserialize
import net.corda.nodeapi.internal.crypto.X509Utilities
import java.security.SignatureException
import java.security.cert.CertPathValidatorException
import java.security.cert.X509Certificate
@ -63,9 +64,11 @@ class SignedNetworkMap(val raw: SerializedBytes<NetworkMap>, val sig: DigitalSig
* @throws CertPathValidatorException if the certificate path is invalid.
* @throws SignatureException if the signature is invalid.
*/
@Throws(SignatureException::class)
fun verified(): NetworkMap {
@Throws(SignatureException::class, CertPathValidatorException::class)
fun verified(trustedRoot: X509Certificate): NetworkMap {
sig.by.publicKey.verify(raw.bytes, sig)
// Assume network map cert is under the default trust root.
X509Utilities.validateCertificateChain(trustedRoot, sig.by, trustedRoot)
return raw.deserialize()
}
}