Botan 3.0.0
Crypto and TLS for C&
Functions
ffi_cert.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_util.h>
#include <botan/internal/ffi_pkey.h>
#include <memory>

Go to the source code of this file.

Functions

int botan_x509_cert_allowed_usage (botan_x509_cert_t cert, unsigned int key_usage)
 
int botan_x509_cert_destroy (botan_x509_cert_t cert)
 
int botan_x509_cert_dup (botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
 
int botan_x509_cert_get_authority_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_fingerprint (botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_issuer_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_public_key (botan_x509_cert_t cert, botan_pubkey_t *key)
 
int botan_x509_cert_get_public_key_bits (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_serial_number (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_time_expires (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_get_time_starts (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_hostname_match (botan_x509_cert_t cert, const char *hostname)
 
int botan_x509_cert_load (botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
 
int botan_x509_cert_load_file (botan_x509_cert_t *cert_obj, const char *cert_path)
 
int botan_x509_cert_not_after (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_not_before (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_to_string (botan_x509_cert_t cert, char out[], size_t *out_len)
 
const char * botan_x509_cert_validation_status (int code)
 
int botan_x509_cert_verify (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 
int botan_x509_cert_verify_with_crl (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const botan_x509_crl_t *crls, size_t crls_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 
int botan_x509_cert_view_as_string (botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
 
int botan_x509_cert_view_public_key_bits (botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
 
int botan_x509_crl_destroy (botan_x509_crl_t crl)
 
int botan_x509_crl_load (botan_x509_crl_t *crl_obj, const uint8_t crl_bits[], size_t crl_bits_len)
 
int botan_x509_crl_load_file (botan_x509_crl_t *crl_obj, const char *crl_path)
 
int botan_x509_is_revoked (botan_x509_crl_t crl, botan_x509_cert_t cert)
 

Function Documentation

◆ botan_x509_cert_allowed_usage()

int botan_x509_cert_allowed_usage ( botan_x509_cert_t  cert,
unsigned int  key_usage 
)

Definition at line 145 of file ffi_cert.cpp.

146 {
147#if defined(BOTAN_HAS_X509_CERTIFICATES)
148 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
149 const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
150 if(c.allowed_usage(k))
151 return BOTAN_FFI_SUCCESS;
152 return 1;
153 });
154#else
155 BOTAN_UNUSED(cert, key_usage);
157#endif
158 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition: ffi.h:91
@ BOTAN_FFI_SUCCESS
Definition: ffi.h:70
#define BOTAN_FFI_VISIT(obj, lambda)
Definition: ffi_util.h:126

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_destroy()

int botan_x509_cert_destroy ( botan_x509_cert_t  cert)
Returns
0 if success, error if invalid object handle

Definition at line 160 of file ffi_cert.cpp.

161 {
162#if defined(BOTAN_HAS_X509_CERTIFICATES)
163 return BOTAN_FFI_CHECKED_DELETE(cert);
164#else
165 BOTAN_UNUSED(cert);
167#endif
168 }
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition: ffi_util.h:145

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_cert_dup()

int botan_x509_cert_dup ( botan_x509_cert_t cert_obj,
botan_x509_cert_t  cert 
)

Definition at line 47 of file ffi_cert.cpp.

48 {
49 if(!cert_obj)
51
52#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
53
54 return ffi_guard_thunk(__func__, [=]() -> int {
55 auto c = std::make_unique<Botan::X509_Certificate>(safe_get(cert));
56 *cert_obj = new botan_x509_cert_struct(std::move(c));
57 return BOTAN_FFI_SUCCESS;
58 });
59
60#else
61 BOTAN_UNUSED(cert);
63#endif
64 }
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition: ffi.h:85
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:69
int ffi_guard_thunk(const char *func_name, const std::function< int()> &thunk)
Definition: ffi.cpp:120

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

◆ botan_x509_cert_get_authority_key_id()

int botan_x509_cert_get_authority_key_id ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 234 of file ffi_cert.cpp.

235 {
236#if defined(BOTAN_HAS_X509_CERTIFICATES)
237 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.authority_key_id()); });
238#else
239 BOTAN_UNUSED(cert, out, out_len);
241#endif
242 }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:214

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_fingerprint()

int botan_x509_cert_get_fingerprint ( botan_x509_cert_t  cert,
const char *  hash,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 224 of file ffi_cert.cpp.

225 {
226#if defined(BOTAN_HAS_X509_CERTIFICATES)
227 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_str_output(out, out_len, c.fingerprint(hash)); });
228#else
229 BOTAN_UNUSED(cert, hash, out, out_len);
231#endif
232 }
int write_str_output(uint8_t out[], size_t *out_len, std::string_view str)
Definition: ffi_util.h:219

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_issuer_dn()

int botan_x509_cert_get_issuer_dn ( botan_x509_cert_t  cert,
const char *  key,
size_t  index,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 103 of file ffi_cert.cpp.

106 {
107#if defined(BOTAN_HAS_X509_CERTIFICATES)
108 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_str_output(out, out_len, c.issuer_info(key).at(index)); });
109#else
110 BOTAN_UNUSED(cert, key, index, out, out_len);
112#endif
113 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_public_key()

int botan_x509_cert_get_public_key ( botan_x509_cert_t  cert,
botan_pubkey_t key 
)

Definition at line 84 of file ffi_cert.cpp.

85 {
86 if(key == nullptr)
88
89 *key = nullptr;
90
91#if defined(BOTAN_HAS_X509_CERTIFICATES)
92 return ffi_guard_thunk(__func__, [=]() -> int {
93 auto public_key = safe_get(cert).subject_public_key();
94 *key = new botan_pubkey_struct(std::move(public_key));
95 return BOTAN_FFI_SUCCESS;
96 });
97#else
98 BOTAN_UNUSED(cert);
100#endif
101 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

◆ botan_x509_cert_get_public_key_bits()

int botan_x509_cert_get_public_key_bits ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 254 of file ffi_cert.cpp.

255 {
256 return copy_view_bin(out, out_len, botan_x509_cert_view_public_key_bits, cert);
257 }
int botan_x509_cert_view_public_key_bits(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
Definition: ffi_cert.cpp:259
int copy_view_bin(uint8_t out[], size_t *out_len, Fn fn, Args... args)
Definition: ffi_util.h:171

References botan_x509_cert_view_public_key_bits(), and Botan_FFI::copy_view_bin().

◆ botan_x509_cert_get_serial_number()

int botan_x509_cert_get_serial_number ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 214 of file ffi_cert.cpp.

215 {
216#if defined(BOTAN_HAS_X509_CERTIFICATES)
217 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.serial_number()); });
218#else
219 BOTAN_UNUSED(cert, out, out_len);
221#endif
222 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_subject_dn()

int botan_x509_cert_get_subject_dn ( botan_x509_cert_t  cert,
const char *  key,
size_t  index,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 115 of file ffi_cert.cpp.

118 {
119#if defined(BOTAN_HAS_X509_CERTIFICATES)
120 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_str_output(out, out_len, c.subject_info(key).at(index)); });
121#else
122 BOTAN_UNUSED(cert, key, index, out, out_len);
124#endif
125 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_subject_key_id()

int botan_x509_cert_get_subject_key_id ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 244 of file ffi_cert.cpp.

245 {
246#if defined(BOTAN_HAS_X509_CERTIFICATES)
247 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.subject_key_id()); });
248#else
249 BOTAN_UNUSED(cert, out, out_len);
251#endif
252 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_time_expires()

int botan_x509_cert_get_time_expires ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 180 of file ffi_cert.cpp.

181 {
182#if defined(BOTAN_HAS_X509_CERTIFICATES)
183 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_str_output(out, out_len, c.not_after().to_string()); });
184#else
185 BOTAN_UNUSED(cert, out, out_len);
187#endif
188 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_time_starts()

int botan_x509_cert_get_time_starts ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 170 of file ffi_cert.cpp.

171 {
172#if defined(BOTAN_HAS_X509_CERTIFICATES)
173 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_str_output(out, out_len, c.not_before().to_string()); });
174#else
175 BOTAN_UNUSED(cert, out, out_len);
177#endif
178 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_hostname_match()

int botan_x509_cert_hostname_match ( botan_x509_cert_t  cert,
const char *  hostname 
)

Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.

Definition at line 272 of file ffi_cert.cpp.

273 {
274 if(hostname == nullptr)
276
277#if defined(BOTAN_HAS_X509_CERTIFICATES)
278 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.matches_dns_name(hostname) ? 0 : -1; });
279#else
280 BOTAN_UNUSED(cert);
282#endif
283 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_load()

int botan_x509_cert_load ( botan_x509_cert_t cert_obj,
const uint8_t  cert_bits[],
size_t  cert_bits_len 
)

Definition at line 66 of file ffi_cert.cpp.

67 {
68 if(!cert_obj || !cert_bits)
70
71#if defined(BOTAN_HAS_X509_CERTIFICATES)
72 return ffi_guard_thunk(__func__, [=]() -> int {
73 Botan::DataSource_Memory bits(cert_bits, cert_bits_len);
74 auto c = std::make_unique<Botan::X509_Certificate>(bits);
75 *cert_obj = new botan_x509_cert_struct(std::move(c));
76 return BOTAN_FFI_SUCCESS;
77 });
78#else
79 BOTAN_UNUSED(cert_bits_len);
81#endif
82 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_cert_load_file()

int botan_x509_cert_load_file ( botan_x509_cert_t cert_obj,
const char *  cert_path 
)

Definition at line 29 of file ffi_cert.cpp.

30 {
31 if(!cert_obj || !cert_path)
33
34#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
35
36 return ffi_guard_thunk(__func__, [=]() -> int {
37 auto c = std::make_unique<Botan::X509_Certificate>(cert_path);
38 *cert_obj = new botan_x509_cert_struct(std::move(c));
39 return BOTAN_FFI_SUCCESS;
40 });
41
42#else
44#endif
45 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_cert_not_after()

int botan_x509_cert_not_after ( botan_x509_cert_t  cert,
uint64_t *  time_since_epoch 
)

Definition at line 202 of file ffi_cert.cpp.

203 {
204#if defined(BOTAN_HAS_X509_CERTIFICATES)
205 return BOTAN_FFI_VISIT(cert, [=](const auto& c) {
206 *time_since_epoch = c.not_after().time_since_epoch();
207 });
208#else
209 BOTAN_UNUSED(cert, time_since_epoch);
211#endif
212 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_not_before()

int botan_x509_cert_not_before ( botan_x509_cert_t  cert,
uint64_t *  time_since_epoch 
)

Definition at line 190 of file ffi_cert.cpp.

191 {
192#if defined(BOTAN_HAS_X509_CERTIFICATES)
193 return BOTAN_FFI_VISIT(cert, [=](const auto& c) {
194 *time_since_epoch = c.not_before().time_since_epoch();
195 });
196#else
197 BOTAN_UNUSED(cert, time_since_epoch);
199#endif
200 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_to_string()

int botan_x509_cert_to_string ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 127 of file ffi_cert.cpp.

128 {
129 return copy_view_str(reinterpret_cast<uint8_t*>(out), out_len, botan_x509_cert_view_as_string, cert);
130 }
int botan_x509_cert_view_as_string(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
Definition: ffi_cert.cpp:132
int copy_view_str(uint8_t out[], size_t *out_len, Fn fn, Args... args)
Definition: ffi_util.h:180

References botan_x509_cert_view_as_string(), and Botan_FFI::copy_view_str().

◆ botan_x509_cert_validation_status()

const char * botan_x509_cert_validation_status ( int  code)

Returns a pointer to a static character string explaining the status code, or else NULL if unknown.

Definition at line 356 of file ffi_cert.cpp.

357 {
358 if(code < 0)
359 return nullptr;
360
361#if defined(BOTAN_HAS_X509_CERTIFICATES)
363 return Botan::to_string(sc);
364#else
365 return nullptr;
366#endif
367 }
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition: exceptn.cpp:12
Certificate_Status_Code
Definition: pkix_enums.h:19

References Botan::to_string().

◆ botan_x509_cert_verify()

int botan_x509_cert_verify ( int *  validation_result,
botan_x509_cert_t  cert,
const botan_x509_cert_t intermediates,
size_t  intermediates_len,
const botan_x509_cert_t trusted,
size_t  trusted_len,
const char *  trusted_path,
size_t  required_strength,
const char *  hostname,
uint64_t  reference_time 
)

Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result

Intermediates or trusted lists can be null Trusted path can be null

Definition at line 285 of file ffi_cert.cpp.

295 {
296 if(required_strength == 0)
297 required_strength = 110;
298
299#if defined(BOTAN_HAS_X509_CERTIFICATES)
300 return ffi_guard_thunk(__func__, [=]() -> int {
301 const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
303 const auto validation_time = reference_time == 0 ?
304 std::chrono::system_clock::now() :
305 std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
306
307 std::vector<Botan::X509_Certificate> end_certs;
308 end_certs.push_back(safe_get(cert));
309 for(size_t i = 0; i != intermediates_len; ++i)
310 end_certs.push_back(safe_get(intermediates[i]));
311
312 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
313 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
314 std::vector<Botan::Certificate_Store*> trusted_roots;
315
316 if(trusted_path && *trusted_path)
317 {
318 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
319 trusted_roots.push_back(trusted_from_path.get());
320 }
321
322 if(trusted_len > 0)
323 {
324 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
325 for(size_t i = 0; i != trusted_len; ++i)
326 {
327 trusted_extra->add_certificate(safe_get(trusted[i]));
328 }
329 trusted_roots.push_back(trusted_extra.get());
330 }
331
332 Botan::Path_Validation_Restrictions restrictions(false, required_strength);
333
334 auto validation_result = Botan::x509_path_validate(end_certs,
335 restrictions,
336 trusted_roots,
337 hostname,
338 usage,
339 validation_time);
340
341 if(result_code)
342 *result_code = static_cast<int>(validation_result.result());
343
344 if(validation_result.successful_validation())
345 return 0;
346 else
347 return 1;
348 });
349#else
350 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
351 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
353#endif
354 }
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition: x509path.cpp:928
Usage_Type
Definition: x509cert.h:23
Definition: bigint.h:1092

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

◆ botan_x509_cert_verify_with_crl()

int botan_x509_cert_verify_with_crl ( int *  validation_result,
botan_x509_cert_t  cert,
const botan_x509_cert_t intermediates,
size_t  intermediates_len,
const botan_x509_cert_t trusted,
size_t  trusted_len,
const botan_x509_crl_t crls,
size_t  crls_len,
const char *  trusted_path,
size_t  required_strength,
const char *  hostname,
uint64_t  reference_time 
)

Different flavor of botan_x509_cert_verify, supports revocation lists. CRLs are passed as an array, same as intermediates and trusted CAs

Definition at line 435 of file ffi_cert.cpp.

448 {
449 if(required_strength == 0)
450 required_strength = 110;
451
452#if defined(BOTAN_HAS_X509_CERTIFICATES)
453 return ffi_guard_thunk(__func__, [=]() -> int {
454 const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
456 const auto validation_time = reference_time == 0 ?
457 std::chrono::system_clock::now() :
458 std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
459
460 std::vector<Botan::X509_Certificate> end_certs;
461 end_certs.push_back(safe_get(cert));
462 for(size_t i = 0; i != intermediates_len; ++i)
463 end_certs.push_back(safe_get(intermediates[i]));
464
465 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
466 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
467 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
468 std::vector<Botan::Certificate_Store*> trusted_roots;
469
470 if(trusted_path && *trusted_path)
471 {
472 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
473 trusted_roots.push_back(trusted_from_path.get());
474 }
475
476 if(trusted_len > 0)
477 {
478 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
479 for(size_t i = 0; i != trusted_len; ++i)
480 {
481 trusted_extra->add_certificate(safe_get(trusted[i]));
482 }
483 trusted_roots.push_back(trusted_extra.get());
484 }
485
486 if(crls_len > 0)
487 {
488 trusted_crls = std::make_unique<Botan::Certificate_Store_In_Memory>();
489 for(size_t i = 0; i != crls_len; ++i)
490 {
491 trusted_crls->add_crl(safe_get(crls[i]));
492 }
493 trusted_roots.push_back(trusted_crls.get());
494 }
495
496 Botan::Path_Validation_Restrictions restrictions(false, required_strength);
497
498 auto validation_result = Botan::x509_path_validate(end_certs,
499 restrictions,
500 trusted_roots,
501 hostname,
502 usage,
503 validation_time);
504
505 if(result_code)
506 *result_code = static_cast<int>(validation_result.result());
507
508 if(validation_result.successful_validation())
509 return 0;
510 else
511 return 1;
512 });
513#else
514 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
515 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
517#endif
518 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

◆ botan_x509_cert_view_as_string()

int botan_x509_cert_view_as_string ( botan_x509_cert_t  cert,
botan_view_ctx  ctx,
botan_view_str_fn  view 
)

Definition at line 132 of file ffi_cert.cpp.

133 {
134#if defined(BOTAN_HAS_X509_CERTIFICATES)
135 return BOTAN_FFI_VISIT(cert, [=](const auto& c)
136 {
137 return invoke_view_callback(view, ctx, c.to_string());
138 });
139#else
140 BOTAN_UNUSED(cert, ctx, view);
142#endif
143 }
int invoke_view_callback(botan_view_bin_fn view, botan_view_ctx ctx, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:148

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_to_string().

◆ botan_x509_cert_view_public_key_bits()

int botan_x509_cert_view_public_key_bits ( botan_x509_cert_t  cert,
botan_view_ctx  ctx,
botan_view_bin_fn  view 
)

Definition at line 259 of file ffi_cert.cpp.

260 {
261#if defined(BOTAN_HAS_X509_CERTIFICATES)
262 return BOTAN_FFI_VISIT(cert, [=](const auto& c)
263 {
264 return invoke_view_callback(view, ctx, c.subject_public_key_bits());
265 });
266#else
267 BOTAN_UNUSED(cert, ctx, view);
269#endif
270 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_get_public_key_bits().

◆ botan_x509_crl_destroy()

int botan_x509_crl_destroy ( botan_x509_crl_t  crl)

Definition at line 411 of file ffi_cert.cpp.

412 {
413#if defined(BOTAN_HAS_X509_CERTIFICATES)
414 return BOTAN_FFI_CHECKED_DELETE(crl);
415#else
416 BOTAN_UNUSED(crl);
418#endif
419 }

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_crl_load()

int botan_x509_crl_load ( botan_x509_crl_t crl_obj,
const uint8_t  crl_bits[],
size_t  crl_bits_len 
)

Definition at line 393 of file ffi_cert.cpp.

394 {
395 if(!crl_obj || !crl_bits)
397
398#if defined(BOTAN_HAS_X509_CERTIFICATES)
399 return ffi_guard_thunk(__func__, [=]() -> int {
400 Botan::DataSource_Memory bits(crl_bits, crl_bits_len);
401 auto c = std::make_unique<Botan::X509_CRL>(bits);
402 *crl_obj = new botan_x509_crl_struct(std::move(c));
403 return BOTAN_FFI_SUCCESS;
404 });
405#else
406 BOTAN_UNUSED(crl_bits_len);
408#endif
409 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_crl_load_file()

int botan_x509_crl_load_file ( botan_x509_crl_t crl_obj,
const char *  crl_path 
)

Definition at line 375 of file ffi_cert.cpp.

376 {
377 if(!crl_obj || !crl_path)
379
380#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
381
382 return ffi_guard_thunk(__func__, [=]() -> int {
383 auto c = std::make_unique<Botan::X509_CRL>(crl_path);
384 *crl_obj = new botan_x509_crl_struct(std::move(c));
385 return BOTAN_FFI_SUCCESS;
386 });
387
388#else
390#endif
391 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_is_revoked()

int botan_x509_is_revoked ( botan_x509_crl_t  crl,
botan_x509_cert_t  cert 
)

Given a CRL and a certificate, check if the certificate is revoked on that particular CRL

Definition at line 421 of file ffi_cert.cpp.

422 {
423#if defined(BOTAN_HAS_X509_CERTIFICATES)
424 return BOTAN_FFI_VISIT(crl, [=] (const auto& c)
425 {
426 return c.is_revoked(safe_get(cert)) ? 0 : -1;
427 });
428#else
429 BOTAN_UNUSED(cert);
430 BOTAN_UNUSED(crl);
432#endif
433 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().