try_catch_async([&] {
RawBufferVector rawCertChain;
for (auto &e: certificateChainVector) {
+ if(!e || e->empty())
+ return observer->ReceivedError(CKM_API_ERROR_INPUT_PARAM);
rawCertChain.push_back(e->getDER());
}
RawBufferVector rawCertChain;
for (auto &e: certChain) {
+ if (!e || e->empty()) {
+ LogError("Empty certificate");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
rawCertChain.push_back(e->getDER());
}
int retCode = CKM_API_SUCCESS;
int ocspStatus = CKM_API_OCSP_STATUS_INTERNAL_ERROR;
- for (auto &e: rawChain) {
- certChain.push_back(CertificateImpl(e, DataFormat::FORM_DER));
- if (certChain.rbegin()->empty()) {
- LogDebug("Error in parsing certificates!");
- retCode = CKM_API_ERROR_INPUT_PARAM;
- break;
+ if(rawChain.size() < 2) {
+ LogError("Certificate chain should contain at least 2 certificates");
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } else {
+ for (auto &e: rawChain) {
+ certChain.push_back(CertificateImpl(e, DataFormat::FORM_DER));
+ if (certChain.rbegin()->empty()) {
+ LogDebug("Error in parsing certificates!");
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ break;
+ }
}
}
X509_STACK_PTR trustedCerts = create_x509_stack();
// skip first 2 certificates
- for (auto it=certificateChain.cbegin()+2; it != certificateChain.cend(); it++)
+ for (auto it=certificateChain.cbegin()+2; it < certificateChain.cend(); it++)
{
if (it->empty()) {
LogError("Error. Broken certificate chain.");
sk_X509_push(trustedCerts.get(), it->getX509());
}
- for (unsigned int i=0; i < certificateChain.size() -1; i++) {// except root certificate
+ for (int i=0; i < static_cast<int>(certificateChain.size())-1; i++) {// except root certificate
if (certificateChain[i].empty() || certificateChain[i+1].empty()) {
LogError("Error. Broken certificate chain.");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;