Botan 3.7.1
Crypto and TLS for C&
ffi_cert.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_util.h>
#include <memory>

Go to the source code of this file.

Functions

int botan_x509_cert_allowed_usage (botan_x509_cert_t cert, unsigned int key_usage)
 
int botan_x509_cert_destroy (botan_x509_cert_t cert)
 
int botan_x509_cert_dup (botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
 
int botan_x509_cert_get_authority_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_fingerprint (botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_issuer_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_public_key (botan_x509_cert_t cert, botan_pubkey_t *key)
 
int botan_x509_cert_get_public_key_bits (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_serial_number (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_time_expires (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_get_time_starts (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_hostname_match (botan_x509_cert_t cert, const char *hostname)
 
int botan_x509_cert_load (botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
 
int botan_x509_cert_load_file (botan_x509_cert_t *cert_obj, const char *cert_path)
 
int botan_x509_cert_not_after (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_not_before (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_to_string (botan_x509_cert_t cert, char out[], size_t *out_len)
 
const char * botan_x509_cert_validation_status (int code)
 
int botan_x509_cert_verify (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 
int botan_x509_cert_verify_with_crl (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const botan_x509_crl_t *crls, size_t crls_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 
int botan_x509_cert_view_as_string (botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
 
int botan_x509_cert_view_public_key_bits (botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
 
int botan_x509_crl_destroy (botan_x509_crl_t crl)
 
int botan_x509_crl_load (botan_x509_crl_t *crl_obj, const uint8_t crl_bits[], size_t crl_bits_len)
 
int botan_x509_crl_load_file (botan_x509_crl_t *crl_obj, const char *crl_path)
 
int botan_x509_is_revoked (botan_x509_crl_t crl, botan_x509_cert_t cert)
 

Function Documentation

◆ botan_x509_cert_allowed_usage()

int botan_x509_cert_allowed_usage ( botan_x509_cert_t cert,
unsigned int key_usage )

Definition at line 151 of file ffi_cert.cpp.

151 {
152#if defined(BOTAN_HAS_X509_CERTIFICATES)
153 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
154 const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
155 if(c.allowed_usage(k)) {
156 return BOTAN_FFI_SUCCESS;
157 }
158 return 1;
159 });
160#else
161 BOTAN_UNUSED(cert, key_usage);
163#endif
164}
#define BOTAN_UNUSED
Definition assert.h:118
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition ffi.h:135
@ BOTAN_FFI_SUCCESS
Definition ffi.h:114
#define BOTAN_FFI_VISIT(obj, lambda)
Definition ffi_util.h:124

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_destroy()

int botan_x509_cert_destroy ( botan_x509_cert_t cert)
Returns
0 if success, error if invalid object handle

Definition at line 166 of file ffi_cert.cpp.

166 {
167#if defined(BOTAN_HAS_X509_CERTIFICATES)
168 return BOTAN_FFI_CHECKED_DELETE(cert);
169#else
170 BOTAN_UNUSED(cert);
172#endif
173}
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition ffi_util.h:143

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_cert_dup()

int botan_x509_cert_dup ( botan_x509_cert_t * cert_obj,
botan_x509_cert_t cert )

Definition at line 48 of file ffi_cert.cpp.

48 {
49 if(!cert_obj) {
51 }
52
53#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
54
55 return ffi_guard_thunk(__func__, [=]() -> int {
56 auto c = std::make_unique<Botan::X509_Certificate>(safe_get(cert));
57 *cert_obj = new botan_x509_cert_struct(std::move(c));
58 return BOTAN_FFI_SUCCESS;
59 });
60
61#else
62 BOTAN_UNUSED(cert);
64#endif
65}
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition ffi.h:129
T & safe_get(botan_struct< T, M > *p)
Definition ffi_util.h:63
int ffi_guard_thunk(const char *func_name, const std::function< int()> &thunk)
Definition ffi.cpp:128

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

◆ botan_x509_cert_get_authority_key_id()

int botan_x509_cert_get_authority_key_id ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 231 of file ffi_cert.cpp.

231 {
232#if defined(BOTAN_HAS_X509_CERTIFICATES)
233 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.authority_key_id()); });
234#else
235 BOTAN_UNUSED(cert, out, out_len);
237#endif
238}
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition ffi_util.h:201

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_fingerprint()

int botan_x509_cert_get_fingerprint ( botan_x509_cert_t cert,
const char * hash,
uint8_t out[],
size_t * out_len )

Definition at line 222 of file ffi_cert.cpp.

222 {
223#if defined(BOTAN_HAS_X509_CERTIFICATES)
224 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_str_output(out, out_len, c.fingerprint(hash)); });
225#else
226 BOTAN_UNUSED(cert, hash, out, out_len);
228#endif
229}
int write_str_output(uint8_t out[], size_t *out_len, std::string_view str)
Definition ffi_util.h:205

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_issuer_dn()

int botan_x509_cert_get_issuer_dn ( botan_x509_cert_t cert,
const char * key,
size_t index,
uint8_t out[],
size_t * out_len )

Definition at line 104 of file ffi_cert.cpp.

105 {
106#if defined(BOTAN_HAS_X509_CERTIFICATES)
107 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
108 auto issuer_info = c.issuer_info(key);
109 if(index < issuer_info.size()) {
110 return write_str_output(out, out_len, c.issuer_info(key).at(index));
111 } else {
113 }
114 });
115#else
116 BOTAN_UNUSED(cert, key, index, out, out_len);
118#endif
119}
@ BOTAN_FFI_ERROR_BAD_PARAMETER
Definition ffi.h:130

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_public_key()

int botan_x509_cert_get_public_key ( botan_x509_cert_t cert,
botan_pubkey_t * key )

Definition at line 85 of file ffi_cert.cpp.

85 {
86 if(key == nullptr) {
88 }
89
90 *key = nullptr;
91
92#if defined(BOTAN_HAS_X509_CERTIFICATES)
93 return ffi_guard_thunk(__func__, [=]() -> int {
94 auto public_key = safe_get(cert).subject_public_key();
95 *key = new botan_pubkey_struct(std::move(public_key));
96 return BOTAN_FFI_SUCCESS;
97 });
98#else
99 BOTAN_UNUSED(cert);
101#endif
102}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

◆ botan_x509_cert_get_public_key_bits()

int botan_x509_cert_get_public_key_bits ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 249 of file ffi_cert.cpp.

249 {
250 return copy_view_bin(out, out_len, botan_x509_cert_view_public_key_bits, cert);
251}
int botan_x509_cert_view_public_key_bits(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
Definition ffi_cert.cpp:253
int copy_view_bin(uint8_t out[], size_t *out_len, Fn fn, Args... args)
Definition ffi_util.h:163

References botan_x509_cert_view_public_key_bits(), and Botan_FFI::copy_view_bin().

◆ botan_x509_cert_get_serial_number()

int botan_x509_cert_get_serial_number ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 213 of file ffi_cert.cpp.

213 {
214#if defined(BOTAN_HAS_X509_CERTIFICATES)
215 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.serial_number()); });
216#else
217 BOTAN_UNUSED(cert, out, out_len);
219#endif
220}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_subject_dn()

int botan_x509_cert_get_subject_dn ( botan_x509_cert_t cert,
const char * key,
size_t index,
uint8_t out[],
size_t * out_len )

Definition at line 121 of file ffi_cert.cpp.

122 {
123#if defined(BOTAN_HAS_X509_CERTIFICATES)
124 return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
125 auto subject_info = c.subject_info(key);
126 if(index < subject_info.size()) {
127 return write_str_output(out, out_len, c.subject_info(key).at(index));
128 } else {
130 }
131 });
132#else
133 BOTAN_UNUSED(cert, key, index, out, out_len);
135#endif
136}

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_subject_key_id()

int botan_x509_cert_get_subject_key_id ( botan_x509_cert_t cert,
uint8_t out[],
size_t * out_len )

Definition at line 240 of file ffi_cert.cpp.

240 {
241#if defined(BOTAN_HAS_X509_CERTIFICATES)
242 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.subject_key_id()); });
243#else
244 BOTAN_UNUSED(cert, out, out_len);
246#endif
247}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

◆ botan_x509_cert_get_time_expires()

int botan_x509_cert_get_time_expires ( botan_x509_cert_t cert,
char out[],
size_t * out_len )

Definition at line 185 of file ffi_cert.cpp.

185 {
186#if defined(BOTAN_HAS_X509_CERTIFICATES)
187 return BOTAN_FFI_VISIT(cert,
188 [=](const auto& c) { return write_str_output(out, out_len, c.not_after().to_string()); });
189#else
190 BOTAN_UNUSED(cert, out, out_len);
192#endif
193}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_get_time_starts()

int botan_x509_cert_get_time_starts ( botan_x509_cert_t cert,
char out[],
size_t * out_len )

Definition at line 175 of file ffi_cert.cpp.

175 {
176#if defined(BOTAN_HAS_X509_CERTIFICATES)
177 return BOTAN_FFI_VISIT(cert,
178 [=](const auto& c) { return write_str_output(out, out_len, c.not_before().to_string()); });
179#else
180 BOTAN_UNUSED(cert, out, out_len);
182#endif
183}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::write_str_output().

◆ botan_x509_cert_hostname_match()

int botan_x509_cert_hostname_match ( botan_x509_cert_t cert,
const char * hostname )

Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.

Definition at line 263 of file ffi_cert.cpp.

263 {
264 if(hostname == nullptr) {
266 }
267
268#if defined(BOTAN_HAS_X509_CERTIFICATES)
269 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.matches_dns_name(hostname) ? 0 : -1; });
270#else
271 BOTAN_UNUSED(cert);
273#endif
274}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_load()

int botan_x509_cert_load ( botan_x509_cert_t * cert_obj,
const uint8_t cert_bits[],
size_t cert_bits_len )

Definition at line 67 of file ffi_cert.cpp.

67 {
68 if(!cert_obj || !cert_bits) {
70 }
71
72#if defined(BOTAN_HAS_X509_CERTIFICATES)
73 return ffi_guard_thunk(__func__, [=]() -> int {
74 Botan::DataSource_Memory bits(cert_bits, cert_bits_len);
75 auto c = std::make_unique<Botan::X509_Certificate>(bits);
76 *cert_obj = new botan_x509_cert_struct(std::move(c));
77 return BOTAN_FFI_SUCCESS;
78 });
79#else
80 BOTAN_UNUSED(cert_bits_len);
82#endif
83}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_cert_load_file()

int botan_x509_cert_load_file ( botan_x509_cert_t * cert_obj,
const char * cert_path )

Definition at line 30 of file ffi_cert.cpp.

30 {
31 if(!cert_obj || !cert_path) {
33 }
34
35#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
36
37 return ffi_guard_thunk(__func__, [=]() -> int {
38 auto c = std::make_unique<Botan::X509_Certificate>(cert_path);
39 *cert_obj = new botan_x509_cert_struct(std::move(c));
40 return BOTAN_FFI_SUCCESS;
41 });
42
43#else
45#endif
46}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_cert_not_after()

int botan_x509_cert_not_after ( botan_x509_cert_t cert,
uint64_t * time_since_epoch )

Definition at line 204 of file ffi_cert.cpp.

204 {
205#if defined(BOTAN_HAS_X509_CERTIFICATES)
206 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_after().time_since_epoch(); });
207#else
208 BOTAN_UNUSED(cert, time_since_epoch);
210#endif
211}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_not_before()

int botan_x509_cert_not_before ( botan_x509_cert_t cert,
uint64_t * time_since_epoch )

Definition at line 195 of file ffi_cert.cpp.

195 {
196#if defined(BOTAN_HAS_X509_CERTIFICATES)
197 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_before().time_since_epoch(); });
198#else
199 BOTAN_UNUSED(cert, time_since_epoch);
201#endif
202}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_x509_cert_to_string()

int botan_x509_cert_to_string ( botan_x509_cert_t cert,
char out[],
size_t * out_len )

Definition at line 138 of file ffi_cert.cpp.

138 {
139 return copy_view_str(reinterpret_cast<uint8_t*>(out), out_len, botan_x509_cert_view_as_string, cert);
140}
int botan_x509_cert_view_as_string(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
Definition ffi_cert.cpp:142
int copy_view_str(uint8_t out[], size_t *out_len, Fn fn, Args... args)
Definition ffi_util.h:171

References botan_x509_cert_view_as_string(), and Botan_FFI::copy_view_str().

◆ botan_x509_cert_validation_status()

const char * botan_x509_cert_validation_status ( int code)

Returns a pointer to a static character string explaining the status code, or else NULL if unknown.

Definition at line 343 of file ffi_cert.cpp.

343 {
344 if(code < 0) {
345 return nullptr;
346 }
347
348#if defined(BOTAN_HAS_X509_CERTIFICATES)
350 return Botan::to_string(sc);
351#else
352 return nullptr;
353#endif
354}
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13
Certificate_Status_Code
Definition pkix_enums.h:20

References Botan::to_string().

◆ botan_x509_cert_verify()

int botan_x509_cert_verify ( int * validation_result,
botan_x509_cert_t cert,
const botan_x509_cert_t * intermediates,
size_t intermediates_len,
const botan_x509_cert_t * trusted,
size_t trusted_len,
const char * trusted_path,
size_t required_strength,
const char * hostname,
uint64_t reference_time )

Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result

Intermediates or trusted lists can be null Trusted path can be null

Definition at line 276 of file ffi_cert.cpp.

285 {
286 if(required_strength == 0) {
287 required_strength = 110;
288 }
289
290#if defined(BOTAN_HAS_X509_CERTIFICATES)
291 return ffi_guard_thunk(__func__, [=]() -> int {
292 const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
294 const auto validation_time = reference_time == 0
295 ? std::chrono::system_clock::now()
296 : std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
297
298 std::vector<Botan::X509_Certificate> end_certs;
299 end_certs.push_back(safe_get(cert));
300 for(size_t i = 0; i != intermediates_len; ++i) {
301 end_certs.push_back(safe_get(intermediates[i]));
302 }
303
304 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
305 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
306 std::vector<Botan::Certificate_Store*> trusted_roots;
307
308 if(trusted_path && *trusted_path) {
309 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
310 trusted_roots.push_back(trusted_from_path.get());
311 }
312
313 if(trusted_len > 0) {
314 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
315 for(size_t i = 0; i != trusted_len; ++i) {
316 trusted_extra->add_certificate(safe_get(trusted[i]));
317 }
318 trusted_roots.push_back(trusted_extra.get());
319 }
320
321 Botan::Path_Validation_Restrictions restrictions(false, required_strength);
322
323 auto validation_result =
324 Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);
325
326 if(result_code) {
327 *result_code = static_cast<int>(validation_result.result());
328 }
329
330 if(validation_result.successful_validation()) {
331 return 0;
332 } else {
333 return 1;
334 }
335 });
336#else
337 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
338 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
340#endif
341}
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:882
Usage_Type
Definition x509cert.h:22

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

◆ botan_x509_cert_verify_with_crl()

int botan_x509_cert_verify_with_crl ( int * validation_result,
botan_x509_cert_t cert,
const botan_x509_cert_t * intermediates,
size_t intermediates_len,
const botan_x509_cert_t * trusted,
size_t trusted_len,
const botan_x509_crl_t * crls,
size_t crls_len,
const char * trusted_path,
size_t required_strength,
const char * hostname,
uint64_t reference_time )

Different flavor of botan_x509_cert_verify, supports revocation lists. CRLs are passed as an array, same as intermediates and trusted CAs

Definition at line 417 of file ffi_cert.cpp.

428 {
429 if(required_strength == 0) {
430 required_strength = 110;
431 }
432
433#if defined(BOTAN_HAS_X509_CERTIFICATES)
434 return ffi_guard_thunk(__func__, [=]() -> int {
435 const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
437 const auto validation_time = reference_time == 0
438 ? std::chrono::system_clock::now()
439 : std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
440
441 std::vector<Botan::X509_Certificate> end_certs;
442 end_certs.push_back(safe_get(cert));
443 for(size_t i = 0; i != intermediates_len; ++i) {
444 end_certs.push_back(safe_get(intermediates[i]));
445 }
446
447 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
448 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
449 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
450 std::vector<Botan::Certificate_Store*> trusted_roots;
451
452 if(trusted_path && *trusted_path) {
453 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
454 trusted_roots.push_back(trusted_from_path.get());
455 }
456
457 if(trusted_len > 0) {
458 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
459 for(size_t i = 0; i != trusted_len; ++i) {
460 trusted_extra->add_certificate(safe_get(trusted[i]));
461 }
462 trusted_roots.push_back(trusted_extra.get());
463 }
464
465 if(crls_len > 0) {
466 trusted_crls = std::make_unique<Botan::Certificate_Store_In_Memory>();
467 for(size_t i = 0; i != crls_len; ++i) {
468 trusted_crls->add_crl(safe_get(crls[i]));
469 }
470 trusted_roots.push_back(trusted_crls.get());
471 }
472
473 Botan::Path_Validation_Restrictions restrictions(false, required_strength);
474
475 auto validation_result =
476 Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);
477
478 if(result_code) {
479 *result_code = static_cast<int>(validation_result.result());
480 }
481
482 if(validation_result.successful_validation()) {
483 return 0;
484 } else {
485 return 1;
486 }
487 });
488#else
489 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
490 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
492#endif
493}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

◆ botan_x509_cert_view_as_string()

int botan_x509_cert_view_as_string ( botan_x509_cert_t cert,
botan_view_ctx ctx,
botan_view_str_fn view )

Definition at line 142 of file ffi_cert.cpp.

142 {
143#if defined(BOTAN_HAS_X509_CERTIFICATES)
144 return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return invoke_view_callback(view, ctx, c.to_string()); });
145#else
146 BOTAN_UNUSED(cert, ctx, view);
148#endif
149}
int invoke_view_callback(botan_view_bin_fn view, botan_view_ctx ctx, const std::vector< uint8_t, Alloc > &buf)
Definition ffi_util.h:146

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_to_string().

◆ botan_x509_cert_view_public_key_bits()

int botan_x509_cert_view_public_key_bits ( botan_x509_cert_t cert,
botan_view_ctx ctx,
botan_view_bin_fn view )

Definition at line 253 of file ffi_cert.cpp.

253 {
254#if defined(BOTAN_HAS_X509_CERTIFICATES)
255 return BOTAN_FFI_VISIT(cert,
256 [=](const auto& c) { return invoke_view_callback(view, ctx, c.subject_public_key_bits()); });
257#else
258 BOTAN_UNUSED(cert, ctx, view);
260#endif
261}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::invoke_view_callback().

Referenced by botan_x509_cert_get_public_key_bits().

◆ botan_x509_crl_destroy()

int botan_x509_crl_destroy ( botan_x509_crl_t crl)

Definition at line 398 of file ffi_cert.cpp.

398 {
399#if defined(BOTAN_HAS_X509_CERTIFICATES)
400 return BOTAN_FFI_CHECKED_DELETE(crl);
401#else
402 BOTAN_UNUSED(crl);
404#endif
405}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_x509_crl_load()

int botan_x509_crl_load ( botan_x509_crl_t * crl_obj,
const uint8_t crl_bits[],
size_t crl_bits_len )

Definition at line 380 of file ffi_cert.cpp.

380 {
381 if(!crl_obj || !crl_bits) {
383 }
384
385#if defined(BOTAN_HAS_X509_CERTIFICATES)
386 return ffi_guard_thunk(__func__, [=]() -> int {
387 Botan::DataSource_Memory bits(crl_bits, crl_bits_len);
388 auto c = std::make_unique<Botan::X509_CRL>(bits);
389 *crl_obj = new botan_x509_crl_struct(std::move(c));
390 return BOTAN_FFI_SUCCESS;
391 });
392#else
393 BOTAN_UNUSED(crl_bits_len);
395#endif
396}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_crl_load_file()

int botan_x509_crl_load_file ( botan_x509_crl_t * crl_obj,
const char * crl_path )

Definition at line 362 of file ffi_cert.cpp.

362 {
363 if(!crl_obj || !crl_path) {
365 }
366
367#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
368
369 return ffi_guard_thunk(__func__, [=]() -> int {
370 auto c = std::make_unique<Botan::X509_CRL>(crl_path);
371 *crl_obj = new botan_x509_crl_struct(std::move(c));
372 return BOTAN_FFI_SUCCESS;
373 });
374
375#else
377#endif
378}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

◆ botan_x509_is_revoked()

int botan_x509_is_revoked ( botan_x509_crl_t crl,
botan_x509_cert_t cert )

Given a CRL and a certificate, check if the certificate is revoked on that particular CRL

Definition at line 407 of file ffi_cert.cpp.

407 {
408#if defined(BOTAN_HAS_X509_CERTIFICATES)
409 return BOTAN_FFI_VISIT(crl, [=](const auto& c) { return c.is_revoked(safe_get(cert)) ? 0 : -1; });
410#else
411 BOTAN_UNUSED(cert);
412 BOTAN_UNUSED(crl);
414#endif
415}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().