summaryrefslogtreecommitdiff
path: root/node/CertificateOfMembership.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'node/CertificateOfMembership.cpp')
-rw-r--r--node/CertificateOfMembership.cpp33
1 files changed, 15 insertions, 18 deletions
diff --git a/node/CertificateOfMembership.cpp b/node/CertificateOfMembership.cpp
index 55537fd9..7b99f2c7 100644
--- a/node/CertificateOfMembership.cpp
+++ b/node/CertificateOfMembership.cpp
@@ -17,6 +17,9 @@
*/
#include "CertificateOfMembership.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Topology.hpp"
+#include "Switch.hpp"
namespace ZeroTier {
@@ -182,7 +185,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other) c
bool CertificateOfMembership::sign(const Identity &with)
{
- uint64_t *const buf = new uint64_t[_qualifierCount * 3];
+ uint64_t buf[ZT_NETWORK_COM_MAX_QUALIFIERS * 3];
unsigned int ptr = 0;
for(unsigned int i=0;i<_qualifierCount;++i) {
buf[ptr++] = Utils::hton(_qualifiers[i].id);
@@ -193,38 +196,32 @@ bool CertificateOfMembership::sign(const Identity &with)
try {
_signature = with.sign(buf,ptr * sizeof(uint64_t));
_signedBy = with.address();
- delete [] buf;
return true;
} catch ( ... ) {
_signedBy.zero();
- delete [] buf;
return false;
}
}
-bool CertificateOfMembership::verify(const Identity &id) const
+int CertificateOfMembership::verify(const RuntimeEnvironment *RR) const
{
- if (!_signedBy)
- return false;
- if (id.address() != _signedBy)
- return false;
+ if ((!_signedBy)||(_qualifierCount > ZT_NETWORK_COM_MAX_QUALIFIERS))
+ return -1;
- uint64_t *const buf = new uint64_t[_qualifierCount * 3];
+ const Identity id(RR->topology->getIdentity(_signedBy));
+ if (!id) {
+ RR->sw->requestWhois(_signedBy);
+ return 1;
+ }
+
+ uint64_t buf[ZT_NETWORK_COM_MAX_QUALIFIERS * 3];
unsigned int ptr = 0;
for(unsigned int i=0;i<_qualifierCount;++i) {
buf[ptr++] = Utils::hton(_qualifiers[i].id);
buf[ptr++] = Utils::hton(_qualifiers[i].value);
buf[ptr++] = Utils::hton(_qualifiers[i].maxDelta);
}
-
- bool valid = false;
- try {
- valid = id.verify(buf,ptr * sizeof(uint64_t),_signature);
- delete [] buf;
- } catch ( ... ) {
- delete [] buf;
- }
- return valid;
+ return (id.verify(buf,ptr * sizeof(uint64_t),_signature) ? 0 : -1);
}
} // namespace ZeroTier
generated by cgit v1.2.3 (git 2.39.1) at 2026-01-08 11:58:27 +0000