Botan 3.12.0
Crypto and TLS for C&
Functions
ffi_cert.cpp File Reference
Foreign Function Interface
#include <botan/ffi.h>
#include <botan/assert.h>
#include <botan/internal/ffi_cert.h>
#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_rng.h>
#include <botan/internal/ffi_util.h>
#include <memory>

Go to the source code of this file.

Functions

int botan_x509_cert_allowed_extended_usage_oid (botan_x509_cert_t cert, botan_asn1_oid_t oid)
int botan_x509_cert_allowed_extended_usage_str (botan_x509_cert_t cert, const char *oid)
int botan_x509_cert_allowed_usage (botan_x509_cert_t cert, unsigned int key_usage)
int botan_x509_cert_destroy (botan_x509_cert_t cert)
int botan_x509_cert_dup (botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
int botan_x509_cert_excluded_name_constraints (botan_x509_cert_t cert, size_t index, botan_x509_general_name_t *constraint)
int botan_x509_cert_excluded_name_constraints_count (botan_x509_cert_t cert, size_t *count)
int botan_x509_cert_get_authority_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_fingerprint (botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_issuer_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_issuer_dn_count (botan_x509_cert_t cert, const char *key, size_t *count)
int botan_x509_cert_get_path_length_constraint (botan_x509_cert_t cert, size_t *path_limit)
int botan_x509_cert_get_public_key (botan_x509_cert_t cert, botan_pubkey_t *key)
int botan_x509_cert_get_public_key_bits (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_serial_number (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_subject_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_subject_dn_count (botan_x509_cert_t cert, const char *key, size_t *count)
int botan_x509_cert_get_subject_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_time_expires (botan_x509_cert_t cert, char out[], size_t *out_len)
int botan_x509_cert_get_time_starts (botan_x509_cert_t cert, char out[], size_t *out_len)
int botan_x509_cert_hostname_match (botan_x509_cert_t cert, const char *hostname)
int botan_x509_cert_is_ca (botan_x509_cert_t cert)
int botan_x509_cert_issuer_alternative_names (botan_x509_cert_t cert, size_t index, botan_x509_general_name_t *alt_name)
int botan_x509_cert_issuer_alternative_names_count (botan_x509_cert_t cert, size_t *count)
int botan_x509_cert_load (botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
int botan_x509_cert_load_file (botan_x509_cert_t *cert_obj, const char *cert_path)
int botan_x509_cert_not_after (botan_x509_cert_t cert, uint64_t *time_since_epoch)
int botan_x509_cert_not_before (botan_x509_cert_t cert, uint64_t *time_since_epoch)
int botan_x509_cert_permitted_name_constraints (botan_x509_cert_t cert, size_t index, botan_x509_general_name_t *constraint)
int botan_x509_cert_permitted_name_constraints_count (botan_x509_cert_t cert, size_t *count)
int botan_x509_cert_serial_number (botan_x509_cert_t cert, botan_mp_t *serial_number)
int botan_x509_cert_subject_alternative_names (botan_x509_cert_t cert, size_t index, botan_x509_general_name_t *alt_name)
int botan_x509_cert_subject_alternative_names_count (botan_x509_cert_t cert, size_t *count)
int botan_x509_cert_to_string (botan_x509_cert_t cert, char out[], size_t *out_len)
const char * botan_x509_cert_validation_status (int code)
int botan_x509_cert_verify (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
int botan_x509_cert_verify_with_crl (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const botan_x509_crl_t *crls, size_t crls_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
int botan_x509_cert_view_as_string (botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
int botan_x509_cert_view_binary_values (botan_x509_cert_t cert, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_bin_fn view_fn)
int botan_x509_cert_view_binary_values_count (botan_x509_cert_t cert, botan_x509_value_type value_type, size_t *count)
int botan_x509_cert_view_public_key_bits (botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
int botan_x509_cert_view_string_values (botan_x509_cert_t cert, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_str_fn view_fn)
int botan_x509_cert_view_string_values_count (botan_x509_cert_t cert, botan_x509_value_type value_type, size_t *count)
int botan_x509_crl_create (botan_x509_crl_t *crl_obj, botan_rng_t rng, botan_x509_cert_t ca_cert, botan_privkey_t ca_key, uint64_t issue_time, uint32_t next_update, const char *hash_fn, const char *padding)
int botan_x509_crl_destroy (botan_x509_crl_t crl)
int botan_x509_crl_entries (botan_x509_crl_t crl, size_t index, botan_x509_crl_entry_t *entry)
int botan_x509_crl_entries_count (botan_x509_crl_t crl, size_t *count)
int botan_x509_crl_entry_create (botan_x509_crl_entry_t *entry, botan_x509_cert_t cert, int reason_code)
int botan_x509_crl_entry_destroy (botan_x509_crl_entry_t entry)
int botan_x509_crl_entry_reason (botan_x509_crl_entry_t entry, int *reason_code)
int botan_x509_crl_entry_revocation_date (botan_x509_crl_entry_t entry, uint64_t *time_since_epoch)
int botan_x509_crl_entry_serial_number (botan_x509_crl_entry_t entry, botan_mp_t *serial_number)
int botan_x509_crl_entry_view_serial_number (botan_x509_crl_entry_t entry, botan_view_ctx ctx, botan_view_bin_fn view)
int botan_x509_crl_load (botan_x509_crl_t *crl_obj, const uint8_t crl_bits[], size_t crl_bits_len)
int botan_x509_crl_load_file (botan_x509_crl_t *crl_obj, const char *crl_path)
int botan_x509_crl_next_update (botan_x509_crl_t crl, uint64_t *time_since_epoch)
int botan_x509_crl_this_update (botan_x509_crl_t crl, uint64_t *time_since_epoch)
int botan_x509_crl_update (botan_x509_crl_t *crl_obj, botan_x509_crl_t last_crl, botan_rng_t rng, botan_x509_cert_t ca_cert, botan_privkey_t ca_key, uint64_t issue_time, uint32_t next_update, const botan_x509_crl_entry_t *new_entries, size_t new_entries_len, const char *hash_fn, const char *padding)
int botan_x509_crl_verify_signature (botan_x509_crl_t crl, botan_pubkey_t key)
int botan_x509_crl_view_binary_values (botan_x509_crl_t crl_obj, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_bin_fn view_fn)
int botan_x509_crl_view_binary_values_count (botan_x509_crl_t crl_obj, botan_x509_value_type value_type, size_t *count)
int botan_x509_crl_view_string_values (botan_x509_crl_t crl_obj, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_str_fn view)
int botan_x509_crl_view_string_values_count (botan_x509_crl_t crl_obj, botan_x509_value_type value_type, size_t *count)
int botan_x509_general_name_destroy (botan_x509_general_name_t name)
int botan_x509_general_name_get_type (botan_x509_general_name_t name, unsigned int *type)
int botan_x509_general_name_view_binary_value (botan_x509_general_name_t name, botan_view_ctx ctx, botan_view_bin_fn view)
int botan_x509_general_name_view_string_value (botan_x509_general_name_t name, botan_view_ctx ctx, botan_view_str_fn view)
int botan_x509_is_revoked (botan_x509_crl_t crl, botan_x509_cert_t cert)

Function Documentation

◆ botan_x509_cert_allowed_extended_usage_oid()

int botan_x509_cert_allowed_extended_usage_oid ( botan_x509_cert_t cert,
botan_asn1_oid_t oid )

Check if the certificate allows the specified extended usage OID. See RFC 5280 Section 4.2.1.12 for OIDs to query for this. If no extended key usage extension is found in the certificate, this always returns "not success".

This is similar to botan_x509_cert_allowed_extended_usage_str but takes an OID object instead of a string describing the OID.

Definition at line 598 of file ffi_cert.cpp.

598 {
599#if defined(BOTAN_HAS_X509_CERTIFICATES)
600 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int { return c.has_ex_constraint(safe_get(oid)) ? 1 : 0; });
601#else
602 BOTAN_UNUSED(cert, oid);
603 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
604#endif
605}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_FFI_ERROR_NOT_IMPLEMENTED
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition ffi.h:140
BOTAN_FFI_VISIT
#define BOTAN_FFI_VISIT(obj, lambda)
Definition ffi_util.h:158
Botan_FFI::safe_get
T & safe_get(botan_struct< T, M > *p)
Definition ffi_util.h:79

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

◆ botan_x509_cert_allowed_extended_usage_str()

int botan_x509_cert_allowed_extended_usage_str ( botan_x509_cert_t cert,
const char * oid )

Check if the certificate allows the specified extended usage OID. See RFC 5280 Section 4.2.1.12 for OIDs to query for this. If no extended key usage extension is found in the certificate, this always returns "not success".

Typical OIDs to check for:

  • "PKIX.ServerAuth"
  • "PKIX.ClientAuth"
  • "PKIX.CodeSigning"
  • "PKIX.OCSPSigning"

The oid parameter can be either a canonical OID string or identifiers as indicated in the examples above.

Definition at line 583 of file ffi_cert.cpp.

583 {
584#if defined(BOTAN_HAS_X509_CERTIFICATES)
585 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
586 if(Botan::any_null_pointers(oid)) {
587 return BOTAN_FFI_ERROR_NULL_POINTER;
588 }
589
590 return c.has_ex_constraint(oid) ? 1 : 0;
591 });
592#else
593 BOTAN_UNUSED(cert, oid);
594 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
595#endif
596}
BOTAN_FFI_ERROR_NULL_POINTER
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition ffi.h:133
Botan::any_null_pointers
bool any_null_pointers(Ptrs... ptr)
Definition mem_utils.h:54

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_allowed_usage()

int botan_x509_cert_allowed_usage ( botan_x509_cert_t cert,
unsigned int key_usage )

Definition at line 568 of file ffi_cert.cpp.

568 {
569#if defined(BOTAN_HAS_X509_CERTIFICATES)
570 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
571 const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
572 if(c.allowed_usage(k)) {
573 return BOTAN_FFI_SUCCESS;
574 }
575 return 1;
576 });
577#else
578 BOTAN_UNUSED(cert, key_usage);
579 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
580#endif
581}
Botan::Key_Constraints
Definition pkix_enums.h:118
BOTAN_FFI_SUCCESS
@ BOTAN_FFI_SUCCESS
Definition ffi.h:116

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_destroy()

int botan_x509_cert_destroy ( botan_x509_cert_t cert)
Returns
0 if success, error if invalid object handle

Definition at line 607 of file ffi_cert.cpp.

607 {
608#if defined(BOTAN_HAS_X509_CERTIFICATES)
609 return BOTAN_FFI_CHECKED_DELETE(cert);
610#else
611 BOTAN_UNUSED(cert);
612 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
613#endif
614}
BOTAN_FFI_CHECKED_DELETE
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition ffi_util.h:188

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_cert_dup()

int botan_x509_cert_dup ( botan_x509_cert_t * cert_obj,
botan_x509_cert_t cert )

Definition at line 194 of file ffi_cert.cpp.

194 {
195 if(cert_obj == nullptr) {
196 return BOTAN_FFI_ERROR_NULL_POINTER;
197 }
198
199#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
200
201 return ffi_guard_thunk(__func__, [=]() -> int {
202 auto c = std::make_unique<Botan::X509_Certificate>(safe_get(cert));
203 return ffi_new_object(cert_obj, std::move(c));
204 });
205
206#else
207 BOTAN_UNUSED(cert);
208 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
209#endif
210}
Botan_FFI::ffi_new_object
BOTAN_FFI_ERROR ffi_new_object(T *obj, Args &&... args)
Definition ffi_util.h:178
Botan_FFI::ffi_guard_thunk
int ffi_guard_thunk(const char *func_name, T thunk)
Definition ffi_util.h:95

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), and Botan_FFI::safe_get().

◆ botan_x509_cert_excluded_name_constraints()

int botan_x509_cert_excluded_name_constraints ( botan_x509_cert_t cert,
size_t index,
botan_x509_general_name_t * constraint )

Extracts "excluded" name constraints from a given cert one-by-one. Returns BOTAN_FFI_ERROR_OUT_OF_RANGE if the given index is larger than the available number of "excluded" name constraints.

Definition at line 847 of file ffi_cert.cpp.

849 {
850#if defined(BOTAN_HAS_X509_CERTIFICATES)
851 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) {
852 if(Botan::any_null_pointers(constraint)) {
853 return BOTAN_FFI_ERROR_NULL_POINTER;
854 }
855
856 const auto& constraints = c.name_constraints().excluded();
857 if(index >= constraints.size()) {
858 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
859 }
860
861 return ffi_new_object(constraint, std::make_unique<Botan::GeneralName>(constraints[index].base()));
862 });
863#else
864 BOTAN_UNUSED(cert, index, constraint);
865 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
866#endif
867}
Botan::NameConstraints::excluded
const std::vector< GeneralSubtree > & excluded() const
Definition pkix_types.h:456
Botan::X509_Certificate
Definition x509cert.h:32
Botan::X509_Certificate::name_constraints
const NameConstraints & name_constraints() const
Definition x509cert.cpp:473
BOTAN_FFI_ERROR_OUT_OF_RANGE
@ BOTAN_FFI_ERROR_OUT_OF_RANGE
Definition ffi.h:138

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan::NameConstraints::excluded(), Botan_FFI::ffi_new_object(), and Botan::X509_Certificate::name_constraints().

◆ botan_x509_cert_excluded_name_constraints_count()

int botan_x509_cert_excluded_name_constraints_count ( botan_x509_cert_t cert,
size_t * count )

Definition at line 869 of file ffi_cert.cpp.

869 {
870#if defined(BOTAN_HAS_X509_CERTIFICATES)
871 if(Botan::any_null_pointers(count)) {
872 return BOTAN_FFI_ERROR_NULL_POINTER;
873 }
874
875 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *count = c.name_constraints().excluded().size(); });
876#else
877 BOTAN_UNUSED(cert, count);
878 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
879#endif
880}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_get_authority_key_id()

int botan_x509_cert_get_authority_key_id ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 701 of file ffi_cert.cpp.

701 {
702#if defined(BOTAN_HAS_X509_CERTIFICATES)
703 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.authority_key_id()); });
704#else
705 BOTAN_UNUSED(cert, out, out_len);
706 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
707#endif
708}
Botan_FFI::write_vec_output
int write_vec_output(uint8_t out[], size_t *out_len, std::span< const uint8_t > buf)
Definition ffi_util.h:264

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_fingerprint()

int botan_x509_cert_get_fingerprint ( botan_x509_cert_t cert,
const char * hash,
uint8_t out[],
size_t * out_len )

Definition at line 685 of file ffi_cert.cpp.

685 {
686 if(hash == nullptr) {
687 return BOTAN_FFI_ERROR_NULL_POINTER;
688 }
689#if defined(BOTAN_HAS_X509_CERTIFICATES)
690 // TODO(Botan4) change the type of out and remove this cast
691
692 return BOTAN_FFI_VISIT(cert, [=](const auto& c) {
693 return write_str_output(reinterpret_cast<char*>(out), out_len, c.fingerprint(hash));
694 });
695#else
696 BOTAN_UNUSED(cert, hash, out, out_len);
697 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
698#endif
699}
Botan_FFI::write_str_output
int write_str_output(char out[], size_t *out_len, const std::string &str)
Definition ffi_util.h:268

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_issuer_dn()

int botan_x509_cert_get_issuer_dn ( botan_x509_cert_t cert,
const char * key,
size_t index,
uint8_t out[],
size_t * out_len )

Enumerates the names of the given key in the issuer DN. If index is out of bounds, BOTAN_FFI_ERROR_BAD_PARAMETER is returned.

TODO(Botan4) use BOTAN_FFI_ERROR_OUT_OF_RANGE instead of BAD_PARAMETER TODO(Botan4) this should use char for the out param

Definition at line 481 of file ffi_cert.cpp.

482 {
483 if(key == nullptr) {
484 return BOTAN_FFI_ERROR_NULL_POINTER;
485 }
486#if defined(BOTAN_HAS_X509_CERTIFICATES)
487 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
488 auto issuer_info = c.issuer_info(key);
489 if(index < issuer_info.size()) {
490 // TODO(Botan4) change the type of out and remove this cast
491 return write_str_output(reinterpret_cast<char*>(out), out_len, c.issuer_info(key).at(index));
492 } else {
493 return BOTAN_FFI_ERROR_BAD_PARAMETER; // TODO(Botan4): use BOTAN_FFI_ERROR_OUT_OF_RANGE
494 }
495 });
496#else
497 BOTAN_UNUSED(cert, key, index, out, out_len);
498 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
499#endif
500}
BOTAN_FFI_ERROR_BAD_PARAMETER
@ BOTAN_FFI_ERROR_BAD_PARAMETER
Definition ffi.h:134

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_issuer_dn_count()

int botan_x509_cert_get_issuer_dn_count ( botan_x509_cert_t cert,
const char * key,
size_t * count )

Definition at line 502 of file ffi_cert.cpp.

502 {
503#if defined(BOTAN_HAS_X509_CERTIFICATES)
504 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
505 if(Botan::any_null_pointers(count)) {
506 return BOTAN_FFI_ERROR_NULL_POINTER;
507 }
508
509 *count = c.issuer_info(key).size();
510 return BOTAN_FFI_SUCCESS;
511 });
512#else
513 BOTAN_UNUSED(cert, key, count);
514 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
515#endif
516}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_get_path_length_constraint()

int botan_x509_cert_get_path_length_constraint ( botan_x509_cert_t cert,
size_t * path_limit )

Retrieves the path length constraint from the certificate. If no such constraint is present, BOTAN_FFI_ERROR_NO_VALUE is returned.

Definition at line 443 of file ffi_cert.cpp.

443 {
444#if defined(BOTAN_HAS_X509_CERTIFICATES)
445 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
446 if(Botan::any_null_pointers(path_limit)) {
447 return BOTAN_FFI_ERROR_NULL_POINTER;
448 }
449
450 if(const auto path_len = c.path_length_constraint()) {
451 *path_limit = path_len.value();
452 return BOTAN_FFI_SUCCESS;
453 } else {
454 return BOTAN_FFI_ERROR_NO_VALUE;
455 }
456 });
457#else
458 BOTAN_UNUSED(cert, path_limit);
459 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
460#endif
461}
BOTAN_FFI_ERROR_NO_VALUE
@ BOTAN_FFI_ERROR_NO_VALUE
Definition ffi.h:122

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_get_public_key()

int botan_x509_cert_get_public_key ( botan_x509_cert_t cert,
botan_pubkey_t * key )

Definition at line 463 of file ffi_cert.cpp.

463 {
464 if(key == nullptr) {
465 return BOTAN_FFI_ERROR_NULL_POINTER;
466 }
467
468 *key = nullptr;
469
470#if defined(BOTAN_HAS_X509_CERTIFICATES)
471 return ffi_guard_thunk(__func__, [=]() -> int {
472 auto public_key = safe_get(cert).subject_public_key();
473 return ffi_new_object(key, std::move(public_key));
474 });
475#else
476 BOTAN_UNUSED(cert);
477 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
478#endif
479}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), and Botan_FFI::safe_get().

◆ botan_x509_cert_get_public_key_bits()

int botan_x509_cert_get_public_key_bits ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 719 of file ffi_cert.cpp.

719 {
720 return copy_view_bin(out, out_len, botan_x509_cert_view_public_key_bits, cert);
721}
botan_x509_cert_view_public_key_bits
int botan_x509_cert_view_public_key_bits(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
Definition ffi_cert.cpp:723
Botan_FFI::copy_view_bin
int copy_view_bin(uint8_t out[], size_t *out_len, Fn fn, Args... args)
Definition ffi_util.h:214

References botan_x509_cert_view_public_key_bits(), and Botan_FFI::copy_view_bin().

◆ botan_x509_cert_get_serial_number()

int botan_x509_cert_get_serial_number ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 660 of file ffi_cert.cpp.

660 {
661#if defined(BOTAN_HAS_X509_CERTIFICATES)
662 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.serial_number()); });
663#else
664 BOTAN_UNUSED(cert, out, out_len);
665 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
666#endif
667}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_subject_dn()

int botan_x509_cert_get_subject_dn ( botan_x509_cert_t cert,
const char * key,
size_t index,
uint8_t out[],
size_t * out_len )

Enumerates the names of the given key in the subject DN. If index is out of bounds, BOTAN_FFI_ERROR_BAD_PARAMETER is returned.

TODO(Botan4) use BOTAN_FFI_ERROR_OUT_OF_RANGE instead of BAD_PARAMETER TODO(Botan4) this should use char for the out param

Definition at line 518 of file ffi_cert.cpp.

519 {
520 if(key == nullptr) {
521 return BOTAN_FFI_ERROR_NULL_POINTER;
522 }
523#if defined(BOTAN_HAS_X509_CERTIFICATES)
524 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
525 auto subject_info = c.subject_info(key);
526 if(index < subject_info.size()) {
527 // TODO(Botan4) change the type of out and remove this cast
528 return write_str_output(reinterpret_cast<char*>(out), out_len, c.subject_info(key).at(index));
529 } else {
530 return BOTAN_FFI_ERROR_BAD_PARAMETER; // TODO(Botan4): use BOTAN_FFI_ERROR_OUT_OF_RANGE
531 }
532 });
533#else
534 BOTAN_UNUSED(cert, key, index, out, out_len);
535 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
536#endif
537}

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_subject_dn_count()

int botan_x509_cert_get_subject_dn_count ( botan_x509_cert_t cert,
const char * key,
size_t * count )

Definition at line 539 of file ffi_cert.cpp.

539 {
540#if defined(BOTAN_HAS_X509_CERTIFICATES)
541 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
542 if(Botan::any_null_pointers(count)) {
543 return BOTAN_FFI_ERROR_NULL_POINTER;
544 }
545
546 *count = c.subject_info(key).size();
547 return BOTAN_FFI_SUCCESS;
548 });
549#else
550 BOTAN_UNUSED(cert, key, count);
551 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
552#endif
553}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_get_subject_key_id()

int botan_x509_cert_get_subject_key_id ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 710 of file ffi_cert.cpp.

710 {
711#if defined(BOTAN_HAS_X509_CERTIFICATES)
712 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.subject_key_id()); });
713#else
714 BOTAN_UNUSED(cert, out, out_len);
715 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
716#endif
717}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_time_expires()

int botan_x509_cert_get_time_expires ( botan_x509_cert_t cert,
char out[],
size_t * out_len )

Definition at line 626 of file ffi_cert.cpp.

626 {
627#if defined(BOTAN_HAS_X509_CERTIFICATES)
628 return BOTAN_FFI_VISIT(cert,
629 [=](const auto& c) { return write_str_output(out, out_len, c.not_after().to_string()); });
630#else
631 BOTAN_UNUSED(cert, out, out_len);
632 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
633#endif
634}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_time_starts()

int botan_x509_cert_get_time_starts ( botan_x509_cert_t cert,
char out[],
size_t * out_len )

Definition at line 616 of file ffi_cert.cpp.

616 {
617#if defined(BOTAN_HAS_X509_CERTIFICATES)
618 return BOTAN_FFI_VISIT(cert,
619 [=](const auto& c) { return write_str_output(out, out_len, c.not_before().to_string()); });
620#else
621 BOTAN_UNUSED(cert, out, out_len);
622 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
623#endif
624}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_hostname_match()

int botan_x509_cert_hostname_match ( botan_x509_cert_t cert,
const char * hostname )

Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.

Definition at line 960 of file ffi_cert.cpp.

960 {
961 if(hostname == nullptr) {
962 return BOTAN_FFI_ERROR_NULL_POINTER;
963 }
964
965#if defined(BOTAN_HAS_X509_CERTIFICATES)
966 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.matches_dns_name(hostname) ? 0 : -1; });
967#else
968 BOTAN_UNUSED(cert);
969 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
970#endif
971}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_is_ca()

int botan_x509_cert_is_ca ( botan_x509_cert_t cert)

Returns 1 iff the cert is a CA certificate

Definition at line 434 of file ffi_cert.cpp.

434 {
435#if defined(BOTAN_HAS_X509_CERTIFICATES)
436 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.is_CA_cert() ? 1 : 0; });
437#else
438 BOTAN_UNUSED(cert);
439 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
440#endif
441}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_issuer_alternative_names()

int botan_x509_cert_issuer_alternative_names ( botan_x509_cert_t cert,
size_t index,
botan_x509_general_name_t * alt_name )

Provides access to all "issuer alternative names", where each entry is returned as a botan_x509_general_name_t. If the given index is not within range of the available entries, BOTAN_FFI_ERROR_OUT_OF_RANGE is returned. If cert does not contain an IssuerAlternativeNames extension, BOTAN_FFI_ERROR_NO_VALUE is returned.

Definition at line 921 of file ffi_cert.cpp.

923 {
924#if defined(BOTAN_HAS_X509_CERTIFICATES)
925 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) {
926 if(Botan::any_null_pointers(alt_name)) {
927 return BOTAN_FFI_ERROR_NULL_POINTER;
928 }
929
930 if(!c.v3_extensions().extension_set(Botan::OID::from_string("X509v3.IssuerAlternativeName"))) {
931 return BOTAN_FFI_ERROR_NO_VALUE;
932 }
933
934 if(auto name = extract_general_name_at(c.issuer_alt_name(), index)) {
935 return ffi_new_object(alt_name, std::make_unique<Botan::GeneralName>(std::move(name).value()));
936 }
937
938 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
939 });
940#else
941 BOTAN_UNUSED(cert, index, alt_name);
942 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
943#endif
944}
Botan::Extensions::extension_set
bool extension_set(const OID &oid) const
Definition x509_ext.cpp:211
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86
Botan::X509_Certificate::issuer_alt_name
const AlternativeName & issuer_alt_name() const
Definition x509cert.cpp:606
Botan::X509_Certificate::v3_extensions
const Extensions & v3_extensions() const
Definition x509cert.cpp:477

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan::Extensions::extension_set(), Botan_FFI::ffi_new_object(), Botan::OID::from_string(), Botan::X509_Certificate::issuer_alt_name(), and Botan::X509_Certificate::v3_extensions().

◆ botan_x509_cert_issuer_alternative_names_count()

int botan_x509_cert_issuer_alternative_names_count ( botan_x509_cert_t cert,
size_t * count )

Definition at line 946 of file ffi_cert.cpp.

946 {
947#if defined(BOTAN_HAS_X509_CERTIFICATES)
948 if(Botan::any_null_pointers(count)) {
949 return BOTAN_FFI_ERROR_NULL_POINTER;
950 }
951
952 return BOTAN_FFI_VISIT(
953 cert, [=](const Botan::X509_Certificate& c) { *count = count_general_names_in(c.issuer_alt_name()); });
954#else
955 BOTAN_UNUSED(cert, count);
956 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
957#endif
958}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan::X509_Certificate::issuer_alt_name().

◆ botan_x509_cert_load()

int botan_x509_cert_load ( botan_x509_cert_t * cert_obj,
const uint8_t cert_bits[],
size_t cert_bits_len )

Definition at line 212 of file ffi_cert.cpp.

212 {
213 if(cert_obj == nullptr || cert_bits == nullptr) {
214 return BOTAN_FFI_ERROR_NULL_POINTER;
215 }
216
217#if defined(BOTAN_HAS_X509_CERTIFICATES)
218 return ffi_guard_thunk(__func__, [=]() -> int {
219 Botan::DataSource_Memory bits(cert_bits, cert_bits_len);
220 auto c = std::make_unique<Botan::X509_Certificate>(bits);
221 return ffi_new_object(cert_obj, std::move(c));
222 });
223#else
224 BOTAN_UNUSED(cert_bits_len);
225 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
226#endif
227}
Botan::DataSource_Memory
Definition data_src.h:111

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_x509_cert_load_file()

int botan_x509_cert_load_file ( botan_x509_cert_t * cert_obj,
const char * cert_path )

Definition at line 177 of file ffi_cert.cpp.

177 {
178 if(cert_obj == nullptr || cert_path == nullptr) {
179 return BOTAN_FFI_ERROR_NULL_POINTER;
180 }
181
182#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
183
184 return ffi_guard_thunk(__func__, [=]() -> int {
185 auto c = std::make_unique<Botan::X509_Certificate>(cert_path);
186 return ffi_new_object(cert_obj, std::move(c));
187 });
188
189#else
190 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
191#endif
192}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_x509_cert_not_after()

int botan_x509_cert_not_after ( botan_x509_cert_t cert,
uint64_t * time_since_epoch )

Definition at line 648 of file ffi_cert.cpp.

648 {
649 if(time_since_epoch == nullptr) {
650 return BOTAN_FFI_ERROR_NULL_POINTER;
651 }
652#if defined(BOTAN_HAS_X509_CERTIFICATES)
653 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_after().time_since_epoch(); });
654#else
655 BOTAN_UNUSED(cert, time_since_epoch);
656 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
657#endif
658}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_not_before()

int botan_x509_cert_not_before ( botan_x509_cert_t cert,
uint64_t * time_since_epoch )

Definition at line 636 of file ffi_cert.cpp.

636 {
637 if(time_since_epoch == nullptr) {
638 return BOTAN_FFI_ERROR_NULL_POINTER;
639 }
640#if defined(BOTAN_HAS_X509_CERTIFICATES)
641 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_before().time_since_epoch(); });
642#else
643 BOTAN_UNUSED(cert, time_since_epoch);
644 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
645#endif
646}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_permitted_name_constraints()

int botan_x509_cert_permitted_name_constraints ( botan_x509_cert_t cert,
size_t index,
botan_x509_general_name_t * constraint )

Extracts "permitted" name constraints from a given cert one-by-one. Returns BOTAN_FFI_ERROR_OUT_OF_RANGE if the given index is larger than the available number of "permitted" name constraints.

Definition at line 812 of file ffi_cert.cpp.

814 {
815#if defined(BOTAN_HAS_X509_CERTIFICATES)
816 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) {
817 if(Botan::any_null_pointers(constraint)) {
818 return BOTAN_FFI_ERROR_NULL_POINTER;
819 }
820
821 const auto& constraints = c.name_constraints().permitted();
822 if(index >= constraints.size()) {
823 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
824 }
825
826 return ffi_new_object(constraint, std::make_unique<Botan::GeneralName>(constraints[index].base()));
827 });
828#else
829 BOTAN_UNUSED(cert, index, constraint);
830 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
831#endif
832}
Botan::NameConstraints::permitted
const std::vector< GeneralSubtree > & permitted() const
Definition pkix_types.h:449

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::ffi_new_object(), Botan::X509_Certificate::name_constraints(), and Botan::NameConstraints::permitted().

◆ botan_x509_cert_permitted_name_constraints_count()

int botan_x509_cert_permitted_name_constraints_count ( botan_x509_cert_t cert,
size_t * count )

Definition at line 834 of file ffi_cert.cpp.

834 {
835#if defined(BOTAN_HAS_X509_CERTIFICATES)
836 if(Botan::any_null_pointers(count)) {
837 return BOTAN_FFI_ERROR_NULL_POINTER;
838 }
839
840 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *count = c.name_constraints().permitted().size(); });
841#else
842 BOTAN_UNUSED(cert, count);
843 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
844#endif
845}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_serial_number()

int botan_x509_cert_serial_number ( botan_x509_cert_t cert,
botan_mp_t * serial_number )

Definition at line 669 of file ffi_cert.cpp.

669 {
670#if defined(BOTAN_HAS_X509_CERTIFICATES)
671 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) {
672 if(Botan::any_null_pointers(serial_number)) {
673 return BOTAN_FFI_ERROR_NULL_POINTER;
674 }
675
676 auto serial_bn = Botan::BigInt::from_bytes(c.serial_number());
677 return ffi_new_object(serial_number, std::make_unique<Botan::BigInt>(std::move(serial_bn)));
678 });
679#else
680 BOTAN_UNUSED(cert, serial_number);
681 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
682#endif
683}
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:83
Botan::X509_Certificate::serial_number
const std::vector< uint8_t > & serial_number() const
Definition x509cert.cpp:406

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::ffi_new_object(), Botan::BigInt::from_bytes(), and Botan::X509_Certificate::serial_number().

◆ botan_x509_cert_subject_alternative_names()

int botan_x509_cert_subject_alternative_names ( botan_x509_cert_t cert,
size_t index,
botan_x509_general_name_t * alt_name )

Provides access to all "subject alternative names", where each entry is returned as a botan_x509_general_name_t. If the given index is not within range of the available entries, BOTAN_FFI_ERROR_OUT_OF_RANGE is returned. If cert does not contain a SubjectAlternativeNames extension, BOTAN_FFI_ERROR_NO_VALUE is returned.

Definition at line 882 of file ffi_cert.cpp.

884 {
885#if defined(BOTAN_HAS_X509_CERTIFICATES)
886 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) {
887 if(Botan::any_null_pointers(alt_name)) {
888 return BOTAN_FFI_ERROR_NULL_POINTER;
889 }
890
891 if(!c.v3_extensions().extension_set(Botan::OID::from_string("X509v3.SubjectAlternativeName"))) {
892 return BOTAN_FFI_ERROR_NO_VALUE;
893 }
894
895 if(auto name = extract_general_name_at(c.subject_alt_name(), index)) {
896 return ffi_new_object(alt_name, std::make_unique<Botan::GeneralName>(std::move(name).value()));
897 }
898
899 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
900 });
901#else
902 BOTAN_UNUSED(cert, index, alt_name);
903 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
904#endif
905}
Botan::X509_Certificate::subject_alt_name
const AlternativeName & subject_alt_name() const
Definition x509cert.cpp:602

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan::Extensions::extension_set(), Botan_FFI::ffi_new_object(), Botan::OID::from_string(), Botan::X509_Certificate::subject_alt_name(), and Botan::X509_Certificate::v3_extensions().

◆ botan_x509_cert_subject_alternative_names_count()

int botan_x509_cert_subject_alternative_names_count ( botan_x509_cert_t cert,
size_t * count )

Definition at line 907 of file ffi_cert.cpp.

907 {
908#if defined(BOTAN_HAS_X509_CERTIFICATES)
909 if(Botan::any_null_pointers(count)) {
910 return BOTAN_FFI_ERROR_NULL_POINTER;
911 }
912
913 return BOTAN_FFI_VISIT(
914 cert, [=](const Botan::X509_Certificate& c) { *count = count_general_names_in(c.subject_alt_name()); });
915#else
916 BOTAN_UNUSED(cert, count);
917 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
918#endif
919}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan::X509_Certificate::subject_alt_name().

◆ botan_x509_cert_to_string()

int botan_x509_cert_to_string ( botan_x509_cert_t cert,
char out[],
size_t * out_len )

Definition at line 555 of file ffi_cert.cpp.

555 {
556 return copy_view_str(reinterpret_cast<uint8_t*>(out), out_len, botan_x509_cert_view_as_string, cert);
557}
botan_x509_cert_view_as_string
int botan_x509_cert_view_as_string(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
Definition ffi_cert.cpp:559
Botan_FFI::copy_view_str
int copy_view_str(uint8_t out[], size_t *out_len, Fn fn, Args... args)
Definition ffi_util.h:220

References botan_x509_cert_view_as_string(), and Botan_FFI::copy_view_str().

◆ botan_x509_cert_validation_status()

const char * botan_x509_cert_validation_status ( int code)

Returns a pointer to a static character string explaining the status code, or else NULL if unknown.

Definition at line 1040 of file ffi_cert.cpp.

1040 {
1041 if(code < 0) {
1042 return nullptr;
1043 }
1044
1045#if defined(BOTAN_HAS_X509_CERTIFICATES)
1046 const Botan::Certificate_Status_Code sc = static_cast<Botan::Certificate_Status_Code>(code);
1047 return Botan::to_string(sc);
1048#else
1049 return nullptr;
1050#endif
1051}
Botan::Certificate_Status_Code
Certificate_Status_Code
Definition pkix_enums.h:20
Botan::to_string
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13

References Botan::to_string().

◆ botan_x509_cert_verify()

int botan_x509_cert_verify ( int * validation_result,
botan_x509_cert_t cert,
const botan_x509_cert_t * intermediates,
size_t intermediates_len,
const botan_x509_cert_t * trusted,
size_t trusted_len,
const char * trusted_path,
size_t required_strength,
const char * hostname,
uint64_t reference_time )

Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result

Intermediates or trusted lists can be null Trusted path can be null

Definition at line 973 of file ffi_cert.cpp.

982 {
983 if(required_strength == 0) {
984 required_strength = 110;
985 }
986
987#if defined(BOTAN_HAS_X509_CERTIFICATES)
988 return ffi_guard_thunk(__func__, [=]() -> int {
989 const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
990 const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;
991 const auto validation_time = reference_time == 0
992 ? std::chrono::system_clock::now()
993 : std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
994
995 std::vector<Botan::X509_Certificate> end_certs;
996 end_certs.push_back(safe_get(cert));
997 for(size_t i = 0; i != intermediates_len; ++i) {
998 end_certs.push_back(safe_get(intermediates[i]));
999 }
1000
1001 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
1002 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
1003 std::vector<Botan::Certificate_Store*> trusted_roots;
1004
1005 if(trusted_path != nullptr && *trusted_path != 0) {
1006 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
1007 trusted_roots.push_back(trusted_from_path.get());
1008 }
1009
1010 if(trusted_len > 0) {
1011 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
1012 for(size_t i = 0; i != trusted_len; ++i) {
1013 trusted_extra->add_certificate(safe_get(trusted[i]));
1014 }
1015 trusted_roots.push_back(trusted_extra.get());
1016 }
1017
1018 const Botan::Path_Validation_Restrictions restrictions(false, required_strength);
1019
1020 auto validation_result =
1021 Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);
1022
1023 if(result_code != nullptr) {
1024 *result_code = static_cast<int>(validation_result.result());
1025 }
1026
1027 if(validation_result.successful_validation()) {
1028 return 0;
1029 } else {
1030 return 1;
1031 }
1032 });
1033#else
1034 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
1035 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
1036 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1037#endif
1038}
Botan::Path_Validation_Restrictions
Definition x509path.h:33
Botan::x509_path_validate
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:933

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

◆ botan_x509_cert_verify_with_crl()

int botan_x509_cert_verify_with_crl ( int * validation_result,
botan_x509_cert_t cert,
const botan_x509_cert_t * intermediates,
size_t intermediates_len,
const botan_x509_cert_t * trusted,
size_t trusted_len,
const botan_x509_crl_t * crls,
size_t crls_len,
const char * trusted_path,
size_t required_strength,
const char * hostname,
uint64_t reference_time )

Different flavor of botan_x509_cert_verify, supports revocation lists. CRLs are passed as an array, same as intermediates and trusted CAs

Definition at line 1443 of file ffi_cert.cpp.

1454 {
1455 if(required_strength == 0) {
1456 required_strength = 110;
1457 }
1458
1459#if defined(BOTAN_HAS_X509_CERTIFICATES)
1460 return ffi_guard_thunk(__func__, [=]() -> int {
1461 const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
1462 const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;
1463 const auto validation_time = reference_time == 0
1464 ? std::chrono::system_clock::now()
1465 : std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
1466
1467 std::vector<Botan::X509_Certificate> end_certs;
1468 end_certs.push_back(safe_get(cert));
1469 for(size_t i = 0; i != intermediates_len; ++i) {
1470 end_certs.push_back(safe_get(intermediates[i]));
1471 }
1472
1473 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
1474 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
1475 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
1476 std::vector<Botan::Certificate_Store*> trusted_roots;
1477
1478 if(trusted_path != nullptr && *trusted_path != 0) {
1479 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
1480 trusted_roots.push_back(trusted_from_path.get());
1481 }
1482
1483 if(trusted_len > 0) {
1484 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
1485 for(size_t i = 0; i != trusted_len; ++i) {
1486 trusted_extra->add_certificate(safe_get(trusted[i]));
1487 }
1488 trusted_roots.push_back(trusted_extra.get());
1489 }
1490
1491 if(crls_len > 0) {
1492 trusted_crls = std::make_unique<Botan::Certificate_Store_In_Memory>();
1493 for(size_t i = 0; i != crls_len; ++i) {
1494 trusted_crls->add_crl(safe_get(crls[i]));
1495 }
1496 trusted_roots.push_back(trusted_crls.get());
1497 }
1498
1499 const Botan::Path_Validation_Restrictions restrictions(false, required_strength);
1500
1501 auto validation_result =
1502 Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);
1503
1504 if(result_code != nullptr) {
1505 *result_code = static_cast<int>(validation_result.result());
1506 }
1507
1508 if(validation_result.successful_validation()) {
1509 return 0;
1510 } else {
1511 return 1;
1512 }
1513 });
1514#else
1515 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
1516 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
1517 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1518#endif
1519}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

◆ botan_x509_cert_view_as_string()

int botan_x509_cert_view_as_string ( botan_x509_cert_t cert,
botan_view_ctx ctx,
botan_view_str_fn view )

Definition at line 559 of file ffi_cert.cpp.

559 {
560#if defined(BOTAN_HAS_X509_CERTIFICATES)
561 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return invoke_view_callback(view, ctx, c.to_string()); });
562#else
563 BOTAN_UNUSED(cert, ctx, view);
564 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
565#endif
566}
Botan_FFI::invoke_view_callback
int invoke_view_callback(botan_view_bin_fn view, botan_view_ctx ctx, std::span< const uint8_t > buf)
Definition ffi_util.h:190

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_to_string().

◆ botan_x509_cert_view_binary_values()

int botan_x509_cert_view_binary_values ( botan_x509_cert_t cert,
botan_x509_value_type value_type,
size_t index,
botan_view_ctx ctx,
botan_view_bin_fn view )

Retrieve a specific binary value from an X.509 certificate.

For multi-values index allows enumerating the available entries, until BOTAN_FFI_ERROR_OUT_OF_RANGE is returned. For singleton values, an index of value "0" is expected.

Returns
BOTAN_FFI_ERROR_NO_VALUE if the provided cert does not provide the requested value_type at all or not in binary format.

Definition at line 286 of file ffi_cert.cpp.

290 {
291#if defined(BOTAN_HAS_X509_CERTIFICATES)
292 if(index != 0) {
293 // As of now there are no multi-value binary entries.
294 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
295 }
296
297 auto view = [=](std::span<const uint8_t> value) -> int {
298 if(value.empty()) {
299 return BOTAN_FFI_ERROR_NO_VALUE;
300 } else {
301 return invoke_view_callback(view_fn, ctx, value);
302 }
303 };
304
305 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) -> int {
306 switch(value_type) {
307 case BOTAN_X509_SERIAL_NUMBER:
308 return view(c.serial_number());
309 case BOTAN_X509_SUBJECT_DN_BITS:
310 return view(c.raw_subject_dn());
311 case BOTAN_X509_ISSUER_DN_BITS:
312 return view(c.raw_issuer_dn());
313 case BOTAN_X509_SUBJECT_KEY_IDENTIFIER:
314 return view(c.subject_key_id());
315 case BOTAN_X509_AUTHORITY_KEY_IDENTIFIER:
316 return view(c.authority_key_id());
317 case BOTAN_X509_PUBLIC_KEY_PKCS8_BITS:
318 return view(c.subject_public_key_info());
319
320 case BOTAN_X509_TBS_DATA_BITS:
321 case BOTAN_X509_SIGNATURE_SCHEME_BITS:
322 case BOTAN_X509_SIGNATURE_BITS:
323 case BOTAN_X509_DER_ENCODING:
324 return botan_x509_object_view_value(c, value_type, index, ctx, view_fn);
325
326 case BOTAN_X509_PEM_ENCODING:
327 case BOTAN_X509_CRL_DISTRIBUTION_URLS:
328 case BOTAN_X509_OCSP_RESPONDER_URLS:
329 case BOTAN_X509_CA_ISSUERS_URLS:
330 return BOTAN_FFI_ERROR_NO_VALUE;
331 }
332
333 return BOTAN_FFI_ERROR_BAD_PARAMETER;
334 });
335#else
336 BOTAN_UNUSED(cert, value_type, index, ctx, view_fn);
337 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
338#endif
339}
Botan::X509_Certificate::authority_key_id
const std::vector< uint8_t > & authority_key_id() const
Definition x509cert.cpp:398
Botan::X509_Certificate::raw_subject_dn
const std::vector< uint8_t > & raw_subject_dn() const
Definition x509cert.cpp:426
Botan::X509_Certificate::subject_key_id
const std::vector< uint8_t > & subject_key_id() const
Definition x509cert.cpp:402
Botan::X509_Certificate::raw_issuer_dn
const std::vector< uint8_t > & raw_issuer_dn() const
Definition x509cert.cpp:422
Botan::X509_Certificate::subject_public_key_info
const std::vector< uint8_t > & subject_public_key_info() const
Definition x509cert.cpp:382
BOTAN_X509_AUTHORITY_KEY_IDENTIFIER
@ BOTAN_X509_AUTHORITY_KEY_IDENTIFIER
Definition ffi.h:2407
BOTAN_X509_SUBJECT_KEY_IDENTIFIER
@ BOTAN_X509_SUBJECT_KEY_IDENTIFIER
Definition ffi.h:2406
BOTAN_X509_TBS_DATA_BITS
@ BOTAN_X509_TBS_DATA_BITS
Definition ffi.h:2410
BOTAN_X509_SIGNATURE_BITS
@ BOTAN_X509_SIGNATURE_BITS
Definition ffi.h:2412
BOTAN_X509_PUBLIC_KEY_PKCS8_BITS
@ BOTAN_X509_PUBLIC_KEY_PKCS8_BITS
Definition ffi.h:2409
BOTAN_X509_DER_ENCODING
@ BOTAN_X509_DER_ENCODING
Definition ffi.h:2414
BOTAN_X509_PEM_ENCODING
@ BOTAN_X509_PEM_ENCODING
Definition ffi.h:2415
BOTAN_X509_OCSP_RESPONDER_URLS
@ BOTAN_X509_OCSP_RESPONDER_URLS
Definition ffi.h:2418
BOTAN_X509_SIGNATURE_SCHEME_BITS
@ BOTAN_X509_SIGNATURE_SCHEME_BITS
Definition ffi.h:2411
BOTAN_X509_SUBJECT_DN_BITS
@ BOTAN_X509_SUBJECT_DN_BITS
Definition ffi.h:2404
BOTAN_X509_CRL_DISTRIBUTION_URLS
@ BOTAN_X509_CRL_DISTRIBUTION_URLS
Definition ffi.h:2417
BOTAN_X509_SERIAL_NUMBER
@ BOTAN_X509_SERIAL_NUMBER
Definition ffi.h:2403
BOTAN_X509_ISSUER_DN_BITS
@ BOTAN_X509_ISSUER_DN_BITS
Definition ffi.h:2405
BOTAN_X509_CA_ISSUERS_URLS
@ BOTAN_X509_CA_ISSUERS_URLS
Definition ffi.h:2419

References Botan::X509_Certificate::authority_key_id(), BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_AUTHORITY_KEY_IDENTIFIER, BOTAN_X509_CA_ISSUERS_URLS, BOTAN_X509_CRL_DISTRIBUTION_URLS, BOTAN_X509_DER_ENCODING, BOTAN_X509_ISSUER_DN_BITS, BOTAN_X509_OCSP_RESPONDER_URLS, BOTAN_X509_PEM_ENCODING, BOTAN_X509_PUBLIC_KEY_PKCS8_BITS, BOTAN_X509_SERIAL_NUMBER, BOTAN_X509_SIGNATURE_BITS, BOTAN_X509_SIGNATURE_SCHEME_BITS, BOTAN_X509_SUBJECT_DN_BITS, BOTAN_X509_SUBJECT_KEY_IDENTIFIER, BOTAN_X509_TBS_DATA_BITS, Botan_FFI::invoke_view_callback(), Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::serial_number(), Botan::X509_Certificate::subject_key_id(), and Botan::X509_Certificate::subject_public_key_info().

Referenced by botan_x509_cert_view_binary_values_count().

◆ botan_x509_cert_view_binary_values_count()

int botan_x509_cert_view_binary_values_count ( botan_x509_cert_t cert,
botan_x509_value_type value_type,
size_t * count )

Definition at line 341 of file ffi_cert.cpp.

341 {
342#if defined(BOTAN_HAS_X509_CERTIFICATES)
343 return enumerator_count_values(count, [=](size_t index) {
344 return botan_x509_cert_view_binary_values(
345 cert, value_type, index, nullptr, [](auto, auto, auto) -> int { return BOTAN_FFI_SUCCESS; });
346 });
347#else
348 BOTAN_UNUSED(cert, value_type, count);
349 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
350#endif
351}
botan_x509_cert_view_binary_values
int botan_x509_cert_view_binary_values(botan_x509_cert_t cert, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_bin_fn view_fn)
Definition ffi_cert.cpp:286

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and botan_x509_cert_view_binary_values().

◆ botan_x509_cert_view_public_key_bits()

int botan_x509_cert_view_public_key_bits ( botan_x509_cert_t cert,
botan_view_ctx ctx,
botan_view_bin_fn view )

Definition at line 723 of file ffi_cert.cpp.

723 {
724#if defined(BOTAN_HAS_X509_CERTIFICATES)
725 return BOTAN_FFI_VISIT(cert,
726 [=](const auto& c) { return invoke_view_callback(view, ctx, c.subject_public_key_bits()); });
727#else
728 BOTAN_UNUSED(cert, ctx, view);
729 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
730#endif
731}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_get_public_key_bits().

◆ botan_x509_cert_view_string_values()

int botan_x509_cert_view_string_values ( botan_x509_cert_t cert,
botan_x509_value_type value_type,
size_t index,
botan_view_ctx ctx,
botan_view_str_fn view )

Retrieve a specific string value from an X.509 certificate.

For multi-values index allows enumerating the available entries, until BOTAN_FFI_ERROR_OUT_OF_RANGE is returned. For singleton values, an index of value "0" is expected.

Returns
BOTAN_FFI_ERROR_NO_VALUE if the provided cert does not provide the requested value_type at all or not in string format.

Definition at line 353 of file ffi_cert.cpp.

357 {
358#if defined(BOTAN_HAS_X509_CERTIFICATES)
359 auto enumerate = [view_fn, ctx](auto values, size_t idx) -> int {
360 if(idx >= values.size()) {
361 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
362 } else {
363 return invoke_view_callback(view_fn, ctx, values[idx]);
364 }
365 };
366
367 auto enumerate_crl_distribution_points = [view_fn, ctx](const Botan::X509_Certificate& c, size_t idx) -> int {
368 const auto* crl_dp_ext =
369 c.v3_extensions().get_extension_object_as<Botan::Cert_Extension::CRL_Distribution_Points>();
370 if(crl_dp_ext == nullptr) {
371 return BOTAN_FFI_ERROR_OUT_OF_RANGE; // essentially an empty list
372 }
373
374 const auto& dps = crl_dp_ext->distribution_points();
375 for(size_t i = idx; const auto& dp : dps) {
376 const auto& uris = dp.point().uris();
377 if(i >= uris.size()) {
378 i -= uris.size();
379 continue;
380 }
381
382 auto itr = uris.begin();
383 std::advance(itr, i);
384 return invoke_view_callback(view_fn, ctx, *itr);
385 }
386
387 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
388 };
389
390 return BOTAN_FFI_VISIT(cert, [=](const Botan::X509_Certificate& c) -> int {
391 switch(value_type) {
392 case BOTAN_X509_CRL_DISTRIBUTION_URLS:
393 return enumerate_crl_distribution_points(c, index);
394 case BOTAN_X509_OCSP_RESPONDER_URLS:
395 return enumerate(c.ocsp_responders(), index);
396 case BOTAN_X509_CA_ISSUERS_URLS:
397 return enumerate(c.ca_issuers(), index);
398 case BOTAN_X509_PEM_ENCODING:
399 return botan_x509_object_view_value(c, value_type, index, ctx, view_fn);
400
401 case BOTAN_X509_SERIAL_NUMBER:
402 case BOTAN_X509_SUBJECT_DN_BITS:
403 case BOTAN_X509_ISSUER_DN_BITS:
404 case BOTAN_X509_SUBJECT_KEY_IDENTIFIER:
405 case BOTAN_X509_AUTHORITY_KEY_IDENTIFIER:
406 case BOTAN_X509_PUBLIC_KEY_PKCS8_BITS:
407 case BOTAN_X509_TBS_DATA_BITS:
408 case BOTAN_X509_SIGNATURE_SCHEME_BITS:
409 case BOTAN_X509_SIGNATURE_BITS:
410 case BOTAN_X509_DER_ENCODING:
411 return BOTAN_FFI_ERROR_NO_VALUE;
412 }
413
414 return BOTAN_FFI_ERROR_BAD_PARAMETER;
415 });
416#else
417 BOTAN_UNUSED(cert, value_type, index, ctx, view_fn);
418 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
419#endif
420}
Botan::Cert_Extension::CRL_Distribution_Points
Definition x509_ext.h:427
Botan::Cert_Extension::CRL_Distribution_Points::distribution_points
const std::vector< Distribution_Point > & distribution_points() const
Definition x509_ext.h:450
Botan::X509_Certificate::ocsp_responders
const std::vector< std::string > & ocsp_responders() const
Definition x509cert.cpp:582
Botan::X509_Certificate::ca_issuers
std::vector< std::string > ca_issuers() const
Definition x509cert.cpp:586

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_AUTHORITY_KEY_IDENTIFIER, BOTAN_X509_CA_ISSUERS_URLS, BOTAN_X509_CRL_DISTRIBUTION_URLS, BOTAN_X509_DER_ENCODING, BOTAN_X509_ISSUER_DN_BITS, BOTAN_X509_OCSP_RESPONDER_URLS, BOTAN_X509_PEM_ENCODING, BOTAN_X509_PUBLIC_KEY_PKCS8_BITS, BOTAN_X509_SERIAL_NUMBER, BOTAN_X509_SIGNATURE_BITS, BOTAN_X509_SIGNATURE_SCHEME_BITS, BOTAN_X509_SUBJECT_DN_BITS, BOTAN_X509_SUBJECT_KEY_IDENTIFIER, BOTAN_X509_TBS_DATA_BITS, Botan::Cert_Extension::CRL_Distribution_Points::distribution_points(), and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_view_string_values_count().

◆ botan_x509_cert_view_string_values_count()

int botan_x509_cert_view_string_values_count ( botan_x509_cert_t cert,
botan_x509_value_type value_type,
size_t * count )

Definition at line 422 of file ffi_cert.cpp.

422 {
423#if defined(BOTAN_HAS_X509_CERTIFICATES)
424 return enumerator_count_values(count, [=](size_t index) {
425 return botan_x509_cert_view_string_values(
426 cert, value_type, index, nullptr, [](auto, auto, auto) -> int { return BOTAN_FFI_SUCCESS; });
427 });
428#else
429 BOTAN_UNUSED(cert, value_type, count);
430 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
431#endif
432}
botan_x509_cert_view_string_values
int botan_x509_cert_view_string_values(botan_x509_cert_t cert, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_str_fn view_fn)
Definition ffi_cert.cpp:353

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and botan_x509_cert_view_string_values().

◆ botan_x509_crl_create()

int botan_x509_crl_create ( botan_x509_crl_t * crl_obj,
botan_rng_t rng,
botan_x509_cert_t ca_cert,
botan_privkey_t ca_key,
uint64_t issue_time,
uint32_t next_update,
const char * hash_fn,
const char * padding )

Create a new CRL

Parameters
crl_objThe newly created CRL
Random Number Generatorsa random number generator object
ca_certThe CA Certificate the CRL belongs to
ca_keyThe private key of that CA
issue_timeThe time when the CRL becomes valid
next_updateThe number of seconds after issue_time until the CRL expires
hash_fnThe hash function to use, may be null
paddingThe padding to use, may be null

Definition at line 1123 of file ffi_cert.cpp.

1130 {
1131 if(Botan::any_null_pointers(crl_obj)) {
1132 return BOTAN_FFI_ERROR_NULL_POINTER;
1133 }
1134#if defined(BOTAN_HAS_X509_CERTIFICATES)
1135 return ffi_guard_thunk(__func__, [=]() -> int {
1136 auto& rng_ = safe_get(rng);
1137 auto ca = Botan::X509_CA(
1138 safe_get(ca_cert), safe_get(ca_key), default_from_ptr(hash_fn), default_from_ptr(padding), rng_);
1139 auto crl = std::make_unique<Botan::X509_CRL>(
1140 ca.new_crl(rng_, timepoint_from_timestamp(issue_time), std::chrono::seconds(next_update)));
1141 return ffi_new_object(crl_obj, std::move(crl));
1142 });
1143#else
1144 BOTAN_UNUSED(rng, ca_cert, ca_key, hash_fn, padding, issue_time, next_update);
1145 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1146#endif
1147}
Botan::X509_CA
Definition x509_ca.h:27

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), and Botan_FFI::safe_get().

◆ botan_x509_crl_destroy()

int botan_x509_crl_destroy ( botan_x509_crl_t crl)

Definition at line 1213 of file ffi_cert.cpp.

1213 {
1214#if defined(BOTAN_HAS_X509_CERTIFICATES)
1215 return BOTAN_FFI_CHECKED_DELETE(crl);
1216#else
1217 BOTAN_UNUSED(crl);
1218 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1219#endif
1220}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_crl_entries()

int botan_x509_crl_entries ( botan_x509_crl_t crl,
size_t index,
botan_x509_crl_entry_t * entry )

Allows iterating all entries of the CRL.

Parameters
crlthe CRL whose entries should be listed
indexthe index of the CRL entry to return
entryan object handle containing the CRL entry data
Returns
BOTAN_FFI_ERROR_OUT_OF_RANGE if the given index is out of range of the CRL entry list.

Definition at line 1343 of file ffi_cert.cpp.

1343 {
1344#if defined(BOTAN_HAS_X509_CERTIFICATES)
1345 return BOTAN_FFI_VISIT(crl, [=](const Botan::X509_CRL& c) -> int {
1346 const auto& entries = c.get_revoked();
1347 if(index >= entries.size()) {
1348 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
1349 }
1350
1351 if(Botan::any_null_pointers(entry)) {
1352 return BOTAN_FFI_ERROR_NULL_POINTER;
1353 }
1354
1355 return ffi_new_object(entry, std::make_unique<Botan::CRL_Entry>(entries[index]));
1356 });
1357#else
1358 BOTAN_UNUSED(crl, index, entry);
1359 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1360#endif
1361}
Botan::X509_CRL
Definition x509_crl.h:90
Botan::X509_CRL::get_revoked
const std::vector< CRL_Entry > & get_revoked() const
Definition x509_crl.cpp:220

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::ffi_new_object(), and Botan::X509_CRL::get_revoked().

◆ botan_x509_crl_entries_count()

int botan_x509_crl_entries_count ( botan_x509_crl_t crl,
size_t * count )

Definition at line 1363 of file ffi_cert.cpp.

1363 {
1364#if defined(BOTAN_HAS_X509_CERTIFICATES)
1365 if(Botan::any_null_pointers(count)) {
1366 return BOTAN_FFI_ERROR_NULL_POINTER;
1367 }
1368
1369 return BOTAN_FFI_VISIT(crl, [=](const Botan::X509_CRL& c) { *count = c.get_revoked().size(); });
1370#else
1371 BOTAN_UNUSED(crl, count);
1372 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1373#endif
1374}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan::X509_CRL::get_revoked().

◆ botan_x509_crl_entry_create()

int botan_x509_crl_entry_create ( botan_x509_crl_entry_t * entry,
botan_x509_cert_t cert,
int reason_code )

Create a new CRL entry that marks cert as revoked

Parameters
entryThe newly created CRL entry
certThe certificate to mark as revoked
reason_codeThe reason code for revocation

Definition at line 1149 of file ffi_cert.cpp.

1149 {
1150 if(Botan::any_null_pointers(entry)) {
1151 return BOTAN_FFI_ERROR_NULL_POINTER;
1152 }
1153#if defined(BOTAN_HAS_X509_CERTIFICATES)
1154 return ffi_guard_thunk(__func__, [=]() -> int {
1155 return ffi_new_object(
1156 entry, std::make_unique<Botan::CRL_Entry>(safe_get(cert), static_cast<Botan::CRL_Code>(reason_code)));
1157 });
1158#else
1159 BOTAN_UNUSED(cert, reason_code);
1160 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1161#endif
1162}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), and Botan_FFI::safe_get().

◆ botan_x509_crl_entry_destroy()

int botan_x509_crl_entry_destroy ( botan_x509_crl_entry_t entry)

Definition at line 1376 of file ffi_cert.cpp.

1376 {
1377#if defined(BOTAN_HAS_X509_CERTIFICATES)
1378 return BOTAN_FFI_CHECKED_DELETE(entry);
1379#else
1380 BOTAN_UNUSED(entry);
1381 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1382#endif
1383}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_crl_entry_reason()

int botan_x509_crl_entry_reason ( botan_x509_crl_entry_t entry,
int * reason_code )

Return the revocation reason code for the given CRL entry. See botan_x509_crl_reason_code and RFC 5280 - 5.3.1 for possible reason codes.

Definition at line 1385 of file ffi_cert.cpp.

1385 {
1386#if defined(BOTAN_HAS_X509_CERTIFICATES)
1387 return BOTAN_FFI_VISIT(entry, [=](const Botan::CRL_Entry& e) {
1388 if(Botan::any_null_pointers(reason_code)) {
1389 return BOTAN_FFI_ERROR_NULL_POINTER;
1390 }
1391
1392 *reason_code = static_cast<int>(e.reason_code());
1393 return BOTAN_FFI_SUCCESS;
1394 });
1395#else
1396 BOTAN_UNUSED(entry, reason_code);
1397 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1398#endif
1399}
Botan::CRL_Entry
Definition x509_crl.h:29
Botan::CRL_Entry::reason_code
CRL_Code reason_code() const
Definition crl_ent.cpp:126

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan::CRL_Entry::reason_code().

◆ botan_x509_crl_entry_revocation_date()

int botan_x509_crl_entry_revocation_date ( botan_x509_crl_entry_t entry,
uint64_t * time_since_epoch )

Return the revocation date for the given CRL entry as time since epoch in seconds.

Definition at line 1427 of file ffi_cert.cpp.

1427 {
1428#if defined(BOTAN_HAS_X509_CERTIFICATES)
1429 return BOTAN_FFI_VISIT(entry, [=](const Botan::CRL_Entry& e) {
1430 if(Botan::any_null_pointers(time_since_epoch)) {
1431 return BOTAN_FFI_ERROR_NULL_POINTER;
1432 }
1433
1434 *time_since_epoch = e.expire_time().time_since_epoch();
1435 return BOTAN_FFI_SUCCESS;
1436 });
1437#else
1438 BOTAN_UNUSED(entry, time_since_epoch);
1439 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1440#endif
1441}
Botan::ASN1_Time::time_since_epoch
uint64_t time_since_epoch() const
Return time since epoch.
Definition asn1_time.cpp:271
Botan::CRL_Entry::expire_time
const X509_Time & expire_time() const
Definition crl_ent.cpp:122

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan::CRL_Entry::expire_time(), and Botan::ASN1_Time::time_since_epoch().

◆ botan_x509_crl_entry_serial_number()

int botan_x509_crl_entry_serial_number ( botan_x509_crl_entry_t entry,
botan_mp_t * serial_number )

Return the serial number associated with the given CRL entry.

Definition at line 1401 of file ffi_cert.cpp.

1401 {
1402#if defined(BOTAN_HAS_X509_CERTIFICATES)
1403 return BOTAN_FFI_VISIT(entry, [=](const Botan::CRL_Entry& e) {
1404 if(Botan::any_null_pointers(serial_number)) {
1405 return BOTAN_FFI_ERROR_NULL_POINTER;
1406 }
1407
1408 auto serial_bn = Botan::BigInt::from_bytes(e.serial_number());
1409 return ffi_new_object(serial_number, std::make_unique<Botan::BigInt>(std::move(serial_bn)));
1410 });
1411#else
1412 BOTAN_UNUSED(entry, serial_number);
1413 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1414#endif
1415}
Botan::CRL_Entry::serial_number
const std::vector< uint8_t > & serial_number() const
Definition crl_ent.cpp:118

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::ffi_new_object(), Botan::BigInt::from_bytes(), and Botan::CRL_Entry::serial_number().

◆ botan_x509_crl_entry_view_serial_number()

int botan_x509_crl_entry_view_serial_number ( botan_x509_crl_entry_t entry,
botan_view_ctx ctx,
botan_view_bin_fn view )

View the serial number associated with the given CRL entry.

Definition at line 1417 of file ffi_cert.cpp.

1417 {
1418#if defined(BOTAN_HAS_X509_CERTIFICATES)
1419 return BOTAN_FFI_VISIT(
1420 entry, [=](const Botan::CRL_Entry& e) { return invoke_view_callback(view, ctx, e.serial_number()); });
1421#else
1422 BOTAN_UNUSED(entry, ctx, view);
1423 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1424#endif
1425}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::invoke_view_callback(), and Botan::CRL_Entry::serial_number().

◆ botan_x509_crl_load()

int botan_x509_crl_load ( botan_x509_crl_t * crl_obj,
const uint8_t crl_bits[],
size_t crl_bits_len )

Definition at line 1070 of file ffi_cert.cpp.

1070 {
1071 if(crl_obj == nullptr || crl_bits == nullptr) {
1072 return BOTAN_FFI_ERROR_NULL_POINTER;
1073 }
1074
1075#if defined(BOTAN_HAS_X509_CERTIFICATES)
1076 return ffi_guard_thunk(__func__, [=]() -> int {
1077 Botan::DataSource_Memory bits(crl_bits, crl_bits_len);
1078 auto c = std::make_unique<Botan::X509_CRL>(bits);
1079 return ffi_new_object(crl_obj, std::move(c));
1080 });
1081#else
1082 BOTAN_UNUSED(crl_bits_len);
1083 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1084#endif
1085}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_x509_crl_load_file()

int botan_x509_crl_load_file ( botan_x509_crl_t * crl_obj,
const char * crl_path )

Definition at line 1053 of file ffi_cert.cpp.

1053 {
1054 if(crl_obj == nullptr || crl_path == nullptr) {
1055 return BOTAN_FFI_ERROR_NULL_POINTER;
1056 }
1057
1058#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
1059
1060 return ffi_guard_thunk(__func__, [=]() -> int {
1061 auto c = std::make_unique<Botan::X509_CRL>(crl_path);
1062 return ffi_new_object(crl_obj, std::move(c));
1063 });
1064
1065#else
1066 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1067#endif
1068}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_x509_crl_next_update()

int botan_x509_crl_next_update ( botan_x509_crl_t crl,
uint64_t * time_since_epoch )

Definition at line 1102 of file ffi_cert.cpp.

1102 {
1103#if defined(BOTAN_HAS_X509_CERTIFICATES)
1104 return BOTAN_FFI_VISIT(crl, [=](const auto& c) {
1105 const auto& time = c.next_update();
1106 if(!time.time_is_set()) {
1107 return BOTAN_FFI_ERROR_NO_VALUE;
1108 }
1109
1110 if(Botan::any_null_pointers(time_since_epoch)) {
1111 return BOTAN_FFI_ERROR_NULL_POINTER;
1112 }
1113
1114 *time_since_epoch = c.next_update().time_since_epoch();
1115 return BOTAN_FFI_SUCCESS;
1116 });
1117#else
1118 BOTAN_UNUSED(crl, time_since_epoch);
1119 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1120#endif
1121}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_crl_this_update()

int botan_x509_crl_this_update ( botan_x509_crl_t crl,
uint64_t * time_since_epoch )

Definition at line 1087 of file ffi_cert.cpp.

1087 {
1088#if defined(BOTAN_HAS_X509_CERTIFICATES)
1089 return BOTAN_FFI_VISIT(crl, [=](const auto& c) {
1090 if(Botan::any_null_pointers(time_since_epoch)) {
1091 return BOTAN_FFI_ERROR_NULL_POINTER;
1092 }
1093 *time_since_epoch = c.this_update().time_since_epoch();
1094 return BOTAN_FFI_SUCCESS;
1095 });
1096#else
1097 BOTAN_UNUSED(crl, time_since_epoch);
1098 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1099#endif
1100}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_crl_update()

int botan_x509_crl_update ( botan_x509_crl_t * crl_obj,
botan_x509_crl_t last_crl,
botan_rng_t rng,
botan_x509_cert_t ca_cert,
botan_privkey_t ca_key,
uint64_t issue_time,
uint32_t next_update,
const botan_x509_crl_entry_t * new_entries,
size_t new_entries_len,
const char * hash_fn,
const char * padding )

Update a CRL with new revoked entries. This does not modify the old crl, and instead creates a new one.

Parameters
crl_objThe newly created CRL
last_crlThe CRL to update
Random Number Generatorsa random number generator object
ca_certThe CA Certificate the CRL belongs to
ca_keyThe private key of that CA
issue_timeThe time when the CRL becomes valid
next_updateThe number of seconds after issue_time until the CRL expires
new_entriesThe entries to add to the CRL
new_entries_lenThe number of entries
hash_fnThe hash function to use, may be null
paddingThe padding to use, may be null

Definition at line 1164 of file ffi_cert.cpp.

1174 {
1175 if(Botan::any_null_pointers(crl_obj)) {
1176 return BOTAN_FFI_ERROR_NULL_POINTER;
1177 }
1178 if(new_entries_len > 0 && Botan::any_null_pointers(new_entries)) {
1179 return BOTAN_FFI_ERROR_NULL_POINTER;
1180 }
1181#if defined(BOTAN_HAS_X509_CERTIFICATES)
1182 return ffi_guard_thunk(__func__, [=]() -> int {
1183 auto& rng_ = safe_get(rng);
1184 auto ca = Botan::X509_CA(
1185 safe_get(ca_cert), safe_get(ca_key), default_from_ptr(hash_fn), default_from_ptr(padding), rng_);
1186
1187 std::vector<Botan::CRL_Entry> entries;
1188 entries.reserve(new_entries_len);
1189 for(size_t i = 0; i < new_entries_len; i++) {
1190 entries.push_back(safe_get(new_entries[i]));
1191 }
1192
1193 auto crl = std::make_unique<Botan::X509_CRL>(ca.update_crl(
1194 safe_get(last_crl), entries, rng_, timepoint_from_timestamp(issue_time), std::chrono::seconds(next_update)));
1195 return ffi_new_object(crl_obj, std::move(crl));
1196 });
1197#else
1198 BOTAN_UNUSED(
1199 last_crl, rng, ca_cert, ca_key, hash_fn, padding, issue_time, next_update, new_entries, new_entries_len);
1200 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1201#endif
1202}

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), and Botan_FFI::safe_get().

◆ botan_x509_crl_verify_signature()

int botan_x509_crl_verify_signature ( botan_x509_crl_t crl,
botan_pubkey_t key )

Definition at line 1204 of file ffi_cert.cpp.

1204 {
1205#if defined(BOTAN_HAS_X509_CERTIFICATES)
1206 return BOTAN_FFI_VISIT(crl, [=](const auto& c) -> int { return c.check_signature(safe_get(key)) ? 1 : 0; });
1207#else
1208 BOTAN_UNUSED(crl, key);
1209 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1210#endif
1211}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

◆ botan_x509_crl_view_binary_values()

int botan_x509_crl_view_binary_values ( botan_x509_crl_t crl_obj,
botan_x509_value_type value_type,
size_t index,
botan_view_ctx ctx,
botan_view_bin_fn view )

Retrieve a specific binary value from an X.509 certificate revocation list.

For multi-values index allows enumerating the available entries, until BOTAN_FFI_ERROR_OUT_OF_RANGE is returned. For singleton values, an index of value "0" is expected.

Returns
BOTAN_FFI_ERROR_NO_VALUE if the provided crl_obj does not provide the requested value_type at all or not in binary format.

Definition at line 1222 of file ffi_cert.cpp.

1226 {
1227#if defined(BOTAN_HAS_X509_CERTIFICATES)
1228 if(index != 0) {
1229 // As of now there are no multi-value binary entries.
1230 return BOTAN_FFI_ERROR_OUT_OF_RANGE;
1231 }
1232
1233 auto view = [=](std::span<const uint8_t> value) -> int {
1234 if(value.empty()) {
1235 return BOTAN_FFI_ERROR_NO_VALUE;
1236 } else {
1237 return invoke_view_callback(view_fn, ctx, value);
1238 }
1239 };
1240
1241 return BOTAN_FFI_VISIT(crl_obj, [=](const Botan::X509_CRL& crl) -> int {
1242 switch(value_type) {
1243 case BOTAN_X509_SERIAL_NUMBER:
1244 return view(Botan::store_be(crl.crl_number()));
1245 case BOTAN_X509_ISSUER_DN_BITS:
1246 return view(Botan::ASN1::put_in_sequence(crl.issuer_dn().get_bits()));
1247 case BOTAN_X509_AUTHORITY_KEY_IDENTIFIER:
1248 return view(crl.authority_key_id());
1249
1250 case BOTAN_X509_TBS_DATA_BITS:
1251 case BOTAN_X509_SIGNATURE_SCHEME_BITS:
1252 case BOTAN_X509_SIGNATURE_BITS:
1253 case BOTAN_X509_DER_ENCODING:
1254 return botan_x509_object_view_value(crl, value_type, index, ctx, view_fn);
1255
1256 case BOTAN_X509_SUBJECT_DN_BITS:
1257 case BOTAN_X509_SUBJECT_KEY_IDENTIFIER:
1258 case BOTAN_X509_PUBLIC_KEY_PKCS8_BITS:
1259 case BOTAN_X509_PEM_ENCODING:
1260 case BOTAN_X509_CRL_DISTRIBUTION_URLS:
1261 case BOTAN_X509_OCSP_RESPONDER_URLS:
1262 case BOTAN_X509_CA_ISSUERS_URLS:
1263 return BOTAN_FFI_ERROR_NO_VALUE;
1264 }
1265
1266 return BOTAN_FFI_ERROR_BAD_PARAMETER;
1267 });
1268#else
1269 BOTAN_UNUSED(crl_obj, value_type, index, ctx, view_fn);
1270 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1271#endif
1272}
Botan::X509_CRL::authority_key_id
const std::vector< uint8_t > & authority_key_id() const
Definition x509_crl.cpp:238
Botan::X509_CRL::crl_number
uint32_t crl_number() const
Definition x509_crl.cpp:245
Botan::X509_CRL::issuer_dn
const X509_DN & issuer_dn() const
Definition x509_crl.cpp:231
Botan::X509_DN::get_bits
const std::vector< uint8_t > & get_bits() const
Definition pkix_types.h:84
Botan::ASN1::put_in_sequence
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition asn1_obj.cpp:177
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References Botan::X509_CRL::authority_key_id(), BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_OUT_OF_RANGE, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_AUTHORITY_KEY_IDENTIFIER, BOTAN_X509_CA_ISSUERS_URLS, BOTAN_X509_CRL_DISTRIBUTION_URLS, BOTAN_X509_DER_ENCODING, BOTAN_X509_ISSUER_DN_BITS, BOTAN_X509_OCSP_RESPONDER_URLS, BOTAN_X509_PEM_ENCODING, BOTAN_X509_PUBLIC_KEY_PKCS8_BITS, BOTAN_X509_SERIAL_NUMBER, BOTAN_X509_SIGNATURE_BITS, BOTAN_X509_SIGNATURE_SCHEME_BITS, BOTAN_X509_SUBJECT_DN_BITS, BOTAN_X509_SUBJECT_KEY_IDENTIFIER, BOTAN_X509_TBS_DATA_BITS, Botan::X509_CRL::crl_number(), Botan::X509_DN::get_bits(), Botan_FFI::invoke_view_callback(), Botan::X509_CRL::issuer_dn(), Botan::ASN1::put_in_sequence(), and Botan::store_be().

Referenced by botan_x509_crl_view_binary_values_count().

◆ botan_x509_crl_view_binary_values_count()

int botan_x509_crl_view_binary_values_count ( botan_x509_crl_t crl_obj,
botan_x509_value_type value_type,
size_t * count )

Definition at line 1274 of file ffi_cert.cpp.

1274 {
1275#if defined(BOTAN_HAS_X509_CERTIFICATES)
1276 return enumerator_count_values(count, [=](size_t index) {
1277 return botan_x509_crl_view_binary_values(
1278 crl_obj, value_type, index, nullptr, [](auto, auto, auto) -> int { return BOTAN_FFI_SUCCESS; });
1279 });
1280#else
1281 BOTAN_UNUSED(crl_obj, value_type, count);
1282 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1283#endif
1284}
botan_x509_crl_view_binary_values
int botan_x509_crl_view_binary_values(botan_x509_crl_t crl_obj, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_bin_fn view_fn)
Definition ffi_cert.cpp:1222

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and botan_x509_crl_view_binary_values().

◆ botan_x509_crl_view_string_values()

int botan_x509_crl_view_string_values ( botan_x509_crl_t crl_obj,
botan_x509_value_type value_type,
size_t index,
botan_view_ctx ctx,
botan_view_str_fn view )

Retrieve a specific string value from an X.509 certificate revocation list.

For multi-values index allows enumerating the available entries, until BOTAN_FFI_ERROR_OUT_OF_RANGE is returned. For singleton values, an index of value "0" is expected.

Returns
BOTAN_FFI_ERROR_NO_VALUE if the provided crl_obj does not provide the requested value_type at all or not in string format.

Definition at line 1286 of file ffi_cert.cpp.

1290 {
1291#if defined(BOTAN_HAS_X509_CERTIFICATES)
1292 return BOTAN_FFI_VISIT(crl_obj, [=](const Botan::X509_CRL& crl) -> int {
1293 switch(value_type) {
1294 case BOTAN_X509_PEM_ENCODING:
1295 return botan_x509_object_view_value(crl, value_type, index, ctx, view);
1296
1297 case BOTAN_X509_SERIAL_NUMBER:
1298 case BOTAN_X509_SUBJECT_DN_BITS:
1299 case BOTAN_X509_ISSUER_DN_BITS:
1300 case BOTAN_X509_SUBJECT_KEY_IDENTIFIER:
1301 case BOTAN_X509_AUTHORITY_KEY_IDENTIFIER:
1302 case BOTAN_X509_PUBLIC_KEY_PKCS8_BITS:
1303 case BOTAN_X509_TBS_DATA_BITS:
1304 case BOTAN_X509_SIGNATURE_SCHEME_BITS:
1305 case BOTAN_X509_SIGNATURE_BITS:
1306 case BOTAN_X509_DER_ENCODING:
1307 case BOTAN_X509_CRL_DISTRIBUTION_URLS:
1308 case BOTAN_X509_OCSP_RESPONDER_URLS:
1309 case BOTAN_X509_CA_ISSUERS_URLS:
1310 return BOTAN_FFI_ERROR_NO_VALUE;
1311 }
1312
1313 return BOTAN_FFI_ERROR_BAD_PARAMETER;
1314 });
1315#else
1316 BOTAN_UNUSED(crl_obj, value_type, index, ctx, view);
1317 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1318#endif
1319}

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NO_VALUE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_AUTHORITY_KEY_IDENTIFIER, BOTAN_X509_CA_ISSUERS_URLS, BOTAN_X509_CRL_DISTRIBUTION_URLS, BOTAN_X509_DER_ENCODING, BOTAN_X509_ISSUER_DN_BITS, BOTAN_X509_OCSP_RESPONDER_URLS, BOTAN_X509_PEM_ENCODING, BOTAN_X509_PUBLIC_KEY_PKCS8_BITS, BOTAN_X509_SERIAL_NUMBER, BOTAN_X509_SIGNATURE_BITS, BOTAN_X509_SIGNATURE_SCHEME_BITS, BOTAN_X509_SUBJECT_DN_BITS, BOTAN_X509_SUBJECT_KEY_IDENTIFIER, and BOTAN_X509_TBS_DATA_BITS.

Referenced by botan_x509_crl_view_string_values_count().

◆ botan_x509_crl_view_string_values_count()

int botan_x509_crl_view_string_values_count ( botan_x509_crl_t crl_obj,
botan_x509_value_type value_type,
size_t * count )

Definition at line 1321 of file ffi_cert.cpp.

1321 {
1322#if defined(BOTAN_HAS_X509_CERTIFICATES)
1323 return enumerator_count_values(count, [=](size_t index) {
1324 return botan_x509_crl_view_string_values(
1325 crl_obj, value_type, index, nullptr, [](auto, auto, auto) -> int { return BOTAN_FFI_SUCCESS; });
1326 });
1327#else
1328 BOTAN_UNUSED(crl_obj, value_type, count);
1329 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1330#endif
1331}
botan_x509_crl_view_string_values
int botan_x509_crl_view_string_values(botan_x509_crl_t crl_obj, botan_x509_value_type value_type, size_t index, botan_view_ctx ctx, botan_view_str_fn view)
Definition ffi_cert.cpp:1286

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and botan_x509_crl_view_string_values().

◆ botan_x509_general_name_destroy()

int botan_x509_general_name_destroy ( botan_x509_general_name_t name)

Definition at line 803 of file ffi_cert.cpp.

803 {
804#if defined(BOTAN_HAS_X509_CERTIFICATES)
805 return BOTAN_FFI_CHECKED_DELETE(name);
806#else
807 BOTAN_UNUSED(name);
808 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
809#endif
810}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_general_name_get_type()

int botan_x509_general_name_get_type ( botan_x509_general_name_t name,
unsigned int * type )

Provides the contained type of the name and returns BOTAN_FFI_SUCCESS if that type is supported and may be retrieved via the view functions below. Otherwise BOTAN_FFI_ERROR_INVALID_OBJECT_STATE is returned.

Definition at line 733 of file ffi_cert.cpp.

733 {
734#if defined(BOTAN_HAS_X509_CERTIFICATES)
735 return BOTAN_FFI_VISIT(name, [=](const Botan::GeneralName& n) {
736 if(Botan::any_null_pointers(type)) {
737 return BOTAN_FFI_ERROR_NULL_POINTER;
738 }
739
740 const auto mapped_type = to_botan_x509_general_name_types(n.type_code());
741 if(!mapped_type.has_value()) {
742 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
743 }
744
745 *type = mapped_type.value();
746 if(*type == BOTAN_X509_OTHER_NAME /* ... viewing of other-names not supported */) {
747 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
748 }
749
750 return BOTAN_FFI_SUCCESS;
751 });
752#else
753 BOTAN_UNUSED(name, type);
754 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
755#endif
756}
Botan::GeneralName
X.509 GeneralName Type.
Definition pkix_types.h:286
Botan::GeneralName::type_code
NameType type_code() const
Definition pkix_types.h:328
BOTAN_X509_OTHER_NAME
@ BOTAN_X509_OTHER_NAME
Definition ffi.h:2578
BOTAN_FFI_ERROR_INVALID_OBJECT_STATE
@ BOTAN_FFI_ERROR_INVALID_OBJECT_STATE
Definition ffi.h:137

References Botan::any_null_pointers(), BOTAN_FFI_ERROR_INVALID_OBJECT_STATE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_OTHER_NAME, and Botan::GeneralName::type_code().

◆ botan_x509_general_name_view_binary_value()

int botan_x509_general_name_view_binary_value ( botan_x509_general_name_t name,
botan_view_ctx ctx,
botan_view_bin_fn view )

Views the name as a bit string or returns BOTAN_FFI_ERROR_INVALID_OBJECT_STATE if the contained GeneralName value cannot be represented as a binary string.

The types BOTAN_X509_DIRECTORY_NAME, BOTAN_X509_IP_ADDRESS may be viewed as "binary".

Definition at line 781 of file ffi_cert.cpp.

783 {
784#if defined(BOTAN_HAS_X509_CERTIFICATES)
785 return BOTAN_FFI_VISIT(name, [=](const Botan::GeneralName& n) -> int {
786 const auto type = to_botan_x509_general_name_types(n.type_code());
787 if(!type) {
788 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
789 }
790
791 if(type != BOTAN_X509_DIRECTORY_NAME && type != BOTAN_X509_IP_ADDRESS) {
792 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
793 }
794
795 return invoke_view_callback(view, ctx, n.binary_name());
796 });
797#else
798 BOTAN_UNUSED(name, ctx, view);
799 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
800#endif
801}
Botan::GeneralName::binary_name
std::vector< uint8_t > binary_name() const
Definition name_constraint.cpp:123
BOTAN_X509_DIRECTORY_NAME
@ BOTAN_X509_DIRECTORY_NAME
Definition ffi.h:2581
BOTAN_X509_IP_ADDRESS
@ BOTAN_X509_IP_ADDRESS
Definition ffi.h:2583

References Botan::GeneralName::binary_name(), BOTAN_FFI_ERROR_INVALID_OBJECT_STATE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_DIRECTORY_NAME, BOTAN_X509_IP_ADDRESS, Botan_FFI::invoke_view_callback(), and Botan::GeneralName::type_code().

◆ botan_x509_general_name_view_string_value()

int botan_x509_general_name_view_string_value ( botan_x509_general_name_t name,
botan_view_ctx ctx,
botan_view_str_fn view )

Views the name as a string or returns BOTAN_FFI_ERROR_INVALID_OBJECT_STATE if the contained GeneralName value cannot be represented as a string.

The types BOTAN_X509_EMAIL_ADDRESS, BOTAN_X509_DNS_NAME, BOTAN_X509_URI, BOTAN_X509_IP_ADDRESS may be viewed as "string".

Definition at line 758 of file ffi_cert.cpp.

760 {
761#if defined(BOTAN_HAS_X509_CERTIFICATES)
762 return BOTAN_FFI_VISIT(name, [=](const Botan::GeneralName& n) -> int {
763 const auto type = to_botan_x509_general_name_types(n.type_code());
764 if(!type) {
765 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
766 }
767
768 if(type != BOTAN_X509_EMAIL_ADDRESS && type != BOTAN_X509_DNS_NAME && type != BOTAN_X509_URI &&
769 type != BOTAN_X509_IP_ADDRESS) {
770 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
771 }
772
773 return invoke_view_callback(view, ctx, n.name());
774 });
775#else
776 BOTAN_UNUSED(name, ctx, view);
777 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
778#endif
779}
Botan::GeneralName::name
std::string name() const
Definition name_constraint.cpp:101
BOTAN_X509_DNS_NAME
@ BOTAN_X509_DNS_NAME
Definition ffi.h:2580
BOTAN_X509_EMAIL_ADDRESS
@ BOTAN_X509_EMAIL_ADDRESS
Definition ffi.h:2579
BOTAN_X509_URI
@ BOTAN_X509_URI
Definition ffi.h:2582

References BOTAN_FFI_ERROR_INVALID_OBJECT_STATE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, BOTAN_X509_DNS_NAME, BOTAN_X509_EMAIL_ADDRESS, BOTAN_X509_IP_ADDRESS, BOTAN_X509_URI, Botan_FFI::invoke_view_callback(), Botan::GeneralName::name(), and Botan::GeneralName::type_code().

◆ botan_x509_is_revoked()

int botan_x509_is_revoked ( botan_x509_crl_t crl,
botan_x509_cert_t cert )

Given a CRL and a certificate, check if the certificate is revoked on that particular CRL

Definition at line 1333 of file ffi_cert.cpp.

1333 {
1334#if defined(BOTAN_HAS_X509_CERTIFICATES)
1335 return BOTAN_FFI_VISIT(crl, [=](const auto& c) { return c.is_revoked(safe_get(cert)) ? 0 : -1; });
1336#else
1337 BOTAN_UNUSED(cert);
1338 BOTAN_UNUSED(crl);
1339 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
1340#endif
1341}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

Generated by doxygen 1.16.1