Fix TSL loading with expired lists

Ticket: IB-3660
open-eid · Jan 16, 2015 · dce77ea · dce77ea
1 parent 2d50a5f
commit dce77ea
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 36 deletions.
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -106,7 +106,6 @@ XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v010101.xsd
 # --namespace-map https://uri.etsi.org/02231/v2\#=digidoc::tsl
 # --namespace-map https://uri.etsi.org/01903/v1.3.2\#=digidoc::xades )
 list( APPEND xsd_SRCS xml/AdditionalInformationType.cpp )
-add_definitions( -DTSL_URL=\"${TSL_URL}\" )
 add_executable( embedfile embedfile.cpp )
 add_custom_command( OUTPUT tslcert1.cpp tslcert2.cpp
  COMMAND $<TARGET_FILE:embedfile> ${TSL_CERT1} tslcert1 tslcert1.cpp
@@ -207,7 +206,7 @@ add_library(digidocpp SHARED
 )
 
 set_target_properties(digidocpp PROPERTIES
- COMPILE_DEFINITIONS "PKCS11_MODULE=\"${PKCS11_MODULE}\";TSA_URL=\"${TSA_URL}\";${digidocpp_DEFS}"
+ COMPILE_DEFINITIONS "PKCS11_MODULE=\"${PKCS11_MODULE}\";TSA_URL=\"${TSA_URL}\";TSL_URL=\"${TSL_URL}\";${digidocpp_DEFS}"
  VERSION ${MAJOR_VER}.${MINOR_VER}.${RELEASE_VER}
  SOVERSION 0
  PUBLIC_HEADER "${PUBLIC_HEADER}"

diff --git a/src/crypto/TSL.cpp b/src/crypto/TSL.cpp
@@ -239,48 +239,49 @@ TSL::Result TSL::parse(const string &url, const vector<X509Cert> &certs,
  result = { tsl.certs(), tsl.isExpired() };
  if(result.expired)
  THROW("TSL is expired");
- bool onlineDigest = CONF(TSLOnlineDigest);
+
  size_t pos = url.find_last_of("/.");
- if(onlineDigest && pos != string::npos)
+ if((CONF(TSLOnlineDigest)) && pos != string::npos)
  tsl.validateRemoteDigest(url.substr(0, pos) + ".sha2", timeout);
+
  DEBUG("TSL %s signature is valid", territory.c_str());
  } catch(const Exception &e) {
  ERR("TSL %s status: %s", territory.c_str(), e.msg().c_str());
- bool autoupdate = CONF(TSLAutoUpdate);
- if(!autoupdate)
- return result;
-
- string tmp = path + ".tmp";
- try
+ if((CONF(TSLAutoUpdate)))
  {
- ofstream file(File::encodeName(tmp).c_str(), ofstream::binary);
- Connect::Result r = Connect(url, "GET", timeout).exec();
- if(r.isRedirect())
- r = Connect(r.headers["Location"], "GET", timeout).exec();
- file << r.content;
- file.close();
- }
- catch(const Exception &)
- {
- ERR("TSL: Failed to download %s list", tsl.territory().c_str());
- return result;
+ string tmp = path + ".tmp";
+ try
+ {
+ ofstream file(File::encodeName(tmp).c_str(), ofstream::binary);
+ Connect::Result r = Connect(url, "GET", timeout).exec();
+ if(r.isRedirect())
+ r = Connect(r.headers["Location"], "GET", timeout).exec();
+ file << r.content;
+ file.close();
+
+ tsl = TSL(tmp);
+ try {
+ tsl.validate(certs);
+ ofstream o(File::encodeName(path).c_str(), ofstream::binary);
+ ifstream i(File::encodeName(tmp).c_str(), ifstream::binary);
+ o << i.rdbuf();
+ o.close();
+ i.close();
+ File::removeFile(tmp);
+
+ result = { tsl.certs(), tsl.isExpired() };
+ DEBUG("TSL %s signature is valid", territory.c_str());
+ } catch(const Exception &) {
+ ERR("TSL %s signature is invalid", territory.c_str());
+ }
+ }
+ catch(const Exception &)
+ {
+ ERR("TSL: Failed to download %s list", tsl.territory().c_str());
+ }
  }
-
- tsl = TSL(tmp);
- try {
- tsl.validate(certs);
- ofstream o(File::encodeName(path).c_str(), ofstream::binary);
- ifstream i(File::encodeName(tmp).c_str(), ifstream::binary);
- o << i.rdbuf();
- o.close();
- i.close();
- File::removeFile(tmp);
- result = { tsl.certs(), tsl.isExpired() };
- DEBUG("TSL %s signature is valid", territory.c_str());
- } catch(const Exception &) {
- ERR("TSL %s signature is invalid", territory.c_str());
+ if(!result.expired)
  return result;
- }
  }
 
  if(tsl.pointers().empty())