Botan  2.16.0
Crypto and TLS for C++11
Functions
ffi_cert.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_util.h>
#include <botan/internal/ffi_pkey.h>

Go to the source code of this file.

Functions

int botan_x509_cert_allowed_usage (botan_x509_cert_t cert, unsigned int key_usage)
 
int botan_x509_cert_destroy (botan_x509_cert_t cert)
 
int botan_x509_cert_dup (botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
 
int botan_x509_cert_get_authority_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_fingerprint (botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_issuer_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_public_key (botan_x509_cert_t cert, botan_pubkey_t *key)
 
int botan_x509_cert_get_public_key_bits (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_serial_number (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_time_expires (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_get_time_starts (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_hostname_match (botan_x509_cert_t cert, const char *hostname)
 
int botan_x509_cert_load (botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
 
int botan_x509_cert_load_file (botan_x509_cert_t *cert_obj, const char *cert_path)
 
int botan_x509_cert_not_after (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_not_before (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_to_string (botan_x509_cert_t cert, char out[], size_t *out_len)
 
const char * botan_x509_cert_validation_status (int code)
 
int botan_x509_cert_verify (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 
int botan_x509_cert_verify_with_crl (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const botan_x509_crl_t *crls, size_t crls_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 
int botan_x509_crl_destroy (botan_x509_crl_t crl)
 
int botan_x509_crl_load (botan_x509_crl_t *crl_obj, const uint8_t crl_bits[], size_t crl_bits_len)
 
int botan_x509_crl_load_file (botan_x509_crl_t *crl_obj, const char *crl_path)
 
int botan_x509_is_revoked (botan_x509_crl_t crl, botan_x509_cert_t cert)
 

Function Documentation

◆ botan_x509_cert_allowed_usage()

int botan_x509_cert_allowed_usage ( botan_x509_cert_t  cert,
unsigned int  key_usage 
)

Definition at line 136 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_RETURNING, BOTAN_FFI_SUCCESS, and BOTAN_UNUSED.

137  {
138 #if defined(BOTAN_HAS_X509_CERTIFICATES)
140  const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
141  if(c.allowed_usage(k))
142  return BOTAN_FFI_SUCCESS;
143  return 1;
144  });
145 #else
146  BOTAN_UNUSED(cert, key_usage);
148 #endif
149  }
#define BOTAN_FFI_RETURNING(T, obj, param, block)
Definition: ffi_util.h:101
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_cert_destroy()

int botan_x509_cert_destroy ( botan_x509_cert_t  cert)
Returns
0 if success, error if invalid object handle

Definition at line 151 of file ffi_cert.cpp.

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

152  {
153 #if defined(BOTAN_HAS_X509_CERTIFICATES)
154  return BOTAN_FFI_CHECKED_DELETE(cert);
155 #else
156  BOTAN_UNUSED(cert);
158 #endif
159  }
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition: ffi_util.h:129
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_cert_dup()

int botan_x509_cert_dup ( botan_x509_cert_t cert_obj,
botan_x509_cert_t  cert 
)

Definition at line 46 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

47  {
48  if(!cert_obj)
50 
51 #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
52 
53  return ffi_guard_thunk(__func__, [=]() -> int {
54  std::unique_ptr<Botan::X509_Certificate> c(new Botan::X509_Certificate(safe_get(cert)));
55  *cert_obj = new botan_x509_cert_struct(c.release());
56  return BOTAN_FFI_SUCCESS;
57  });
58 
59 #else
60  BOTAN_UNUSED(cert);
62 #endif
63  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61

◆ botan_x509_cert_get_authority_key_id()

int botan_x509_cert_get_authority_key_id ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 225 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

226  {
227 #if defined(BOTAN_HAS_X509_CERTIFICATES)
228  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.authority_key_id()); });
229 #else
230  BOTAN_UNUSED(cert, out, out_len);
232 #endif
233  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:155
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_fingerprint()

int botan_x509_cert_get_fingerprint ( botan_x509_cert_t  cert,
const char *  hash,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 215 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, hash, and Botan_FFI::write_str_output().

216  {
217 #if defined(BOTAN_HAS_X509_CERTIFICATES)
218  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.fingerprint(hash)); });
219 #else
220  BOTAN_UNUSED(cert, hash, out, out_len);
222 #endif
223  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:160
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92
MechanismType hash

◆ botan_x509_cert_get_issuer_dn()

int botan_x509_cert_get_issuer_dn ( botan_x509_cert_t  cert,
const char *  key,
size_t  index,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 102 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

105  {
106 #if defined(BOTAN_HAS_X509_CERTIFICATES)
107  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.issuer_info(key).at(index)); });
108 #else
109  BOTAN_UNUSED(cert, key, index, out, out_len);
111 #endif
112  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:160
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_public_key()

int botan_x509_cert_get_public_key ( botan_x509_cert_t  cert,
botan_pubkey_t key 
)

Definition at line 83 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

84  {
85  if(key == nullptr)
87 
88  *key = nullptr;
89 
90 #if defined(BOTAN_HAS_X509_CERTIFICATES)
91  return ffi_guard_thunk(__func__, [=]() -> int {
92  std::unique_ptr<Botan::Public_Key> publicKey = safe_get(cert).load_subject_public_key();
93  *key = new botan_pubkey_struct(publicKey.release());
94  return BOTAN_FFI_SUCCESS;
95  });
96 #else
97  BOTAN_UNUSED(cert);
99 #endif
100  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61

◆ botan_x509_cert_get_public_key_bits()

int botan_x509_cert_get_public_key_bits ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 245 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

246  {
247 #if defined(BOTAN_HAS_X509_CERTIFICATES)
248  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_public_key_bits()); });
249 #else
250  BOTAN_UNUSED(cert, out, out_len);
252 #endif
253  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:155
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_serial_number()

int botan_x509_cert_get_serial_number ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 205 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

206  {
207 #if defined(BOTAN_HAS_X509_CERTIFICATES)
208  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.serial_number()); });
209 #else
210  BOTAN_UNUSED(cert, out, out_len);
212 #endif
213  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:155
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_subject_dn()

int botan_x509_cert_get_subject_dn ( botan_x509_cert_t  cert,
const char *  key,
size_t  index,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 114 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

117  {
118 #if defined(BOTAN_HAS_X509_CERTIFICATES)
119  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.subject_info(key).at(index)); });
120 #else
121  BOTAN_UNUSED(cert, key, index, out, out_len);
123 #endif
124  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:160
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_subject_key_id()

int botan_x509_cert_get_subject_key_id ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 235 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

236  {
237 #if defined(BOTAN_HAS_X509_CERTIFICATES)
238  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_key_id()); });
239 #else
240  BOTAN_UNUSED(cert, out, out_len);
242 #endif
243  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:155
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_time_expires()

int botan_x509_cert_get_time_expires ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 171 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

172  {
173 #if defined(BOTAN_HAS_X509_CERTIFICATES)
174  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.not_after().to_string()); });
175 #else
176  BOTAN_UNUSED(cert, out, out_len);
178 #endif
179  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:160
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_time_starts()

int botan_x509_cert_get_time_starts ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 161 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

162  {
163 #if defined(BOTAN_HAS_X509_CERTIFICATES)
164  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.not_before().to_string()); });
165 #else
166  BOTAN_UNUSED(cert, out, out_len);
168 #endif
169  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:160
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_hostname_match()

int botan_x509_cert_hostname_match ( botan_x509_cert_t  cert,
const char *  hostname 
)

Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.

Definition at line 255 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, and Botan::X509_Certificate::matches_dns_name().

256  {
257  if(hostname == nullptr)
259 
260 #if defined(BOTAN_HAS_X509_CERTIFICATES)
261  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c,
262  { return c.matches_dns_name(hostname) ? 0 : -1; });
263 #else
264  BOTAN_UNUSED(cert);
266 #endif
267  }
bool matches_dns_name(const std::string &name) const
Definition: x509cert.cpp:780
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_load()

int botan_x509_cert_load ( botan_x509_cert_t cert_obj,
const uint8_t  cert_bits[],
size_t  cert_bits_len 
)

Definition at line 65 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

66  {
67  if(!cert_obj || !cert_bits)
69 
70 #if defined(BOTAN_HAS_X509_CERTIFICATES)
71  return ffi_guard_thunk(__func__, [=]() -> int {
72  Botan::DataSource_Memory bits(cert_bits, cert_bits_len);
73  std::unique_ptr<Botan::X509_Certificate> c(new Botan::X509_Certificate(bits));
74  *cert_obj = new botan_x509_cert_struct(c.release());
75  return BOTAN_FFI_SUCCESS;
76  });
77 #else
78  BOTAN_UNUSED(cert_bits_len);
80 #endif
81  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_cert_load_file()

int botan_x509_cert_load_file ( botan_x509_cert_t cert_obj,
const char *  cert_path 
)

Definition at line 28 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

29  {
30  if(!cert_obj || !cert_path)
32 
33 #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
34 
35  return ffi_guard_thunk(__func__, [=]() -> int {
36  std::unique_ptr<Botan::X509_Certificate> c(new Botan::X509_Certificate(cert_path));
37  *cert_obj = new botan_x509_cert_struct(c.release());
38  return BOTAN_FFI_SUCCESS;
39  });
40 
41 #else
43 #endif
44  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89

◆ botan_x509_cert_not_after()

int botan_x509_cert_not_after ( botan_x509_cert_t  cert,
uint64_t *  time_since_epoch 
)

Definition at line 193 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan::X509_Certificate::not_after(), and Botan::X509_Time::time_since_epoch().

194  {
195 #if defined(BOTAN_HAS_X509_CERTIFICATES)
196  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, {
197  *time_since_epoch = c.not_after().time_since_epoch();
198  });
199 #else
200  BOTAN_UNUSED(cert, time_since_epoch);
202 #endif
203  }
const X509_Time & not_after() const
Definition: x509cert.cpp:406
#define BOTAN_UNUSED(...)
Definition: assert.h:142
uint64_t time_since_epoch() const
Return time since epoch.
Definition: asn1_time.cpp:266
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_not_before()

int botan_x509_cert_not_before ( botan_x509_cert_t  cert,
uint64_t *  time_since_epoch 
)

Definition at line 181 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan::X509_Certificate::not_before(), and Botan::X509_Time::time_since_epoch().

182  {
183 #if defined(BOTAN_HAS_X509_CERTIFICATES)
184  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, {
185  *time_since_epoch = c.not_before().time_since_epoch();
186  });
187 #else
188  BOTAN_UNUSED(cert, time_since_epoch);
190 #endif
191  }
#define BOTAN_UNUSED(...)
Definition: assert.h:142
const X509_Time & not_before() const
Definition: x509cert.cpp:401
uint64_t time_since_epoch() const
Return time since epoch.
Definition: asn1_time.cpp:266
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_to_string()

int botan_x509_cert_to_string ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 126 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

127  {
128 #if defined(BOTAN_HAS_X509_CERTIFICATES)
129  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.to_string()); });
130 #else
131  BOTAN_UNUSED(cert, out, out_len);
133 #endif
134  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:160
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_validation_status()

const char* botan_x509_cert_validation_status ( int  code)

Returns a pointer to a static character string explaining the status code, or else NULL if unknown.

Definition at line 340 of file ffi_cert.cpp.

References Botan::to_string().

341  {
342  if(code < 0)
343  return nullptr;
344 
345 #if defined(BOTAN_HAS_X509_CERTIFICATES)
347  return Botan::to_string(sc);
348 #else
349  return nullptr;
350 #endif
351  }
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition: exceptn.cpp:11
Certificate_Status_Code
Definition: cert_status.h:18

◆ botan_x509_cert_verify()

int botan_x509_cert_verify ( int *  validation_result,
botan_x509_cert_t  cert,
const botan_x509_cert_t intermediates,
size_t  intermediates_len,
const botan_x509_cert_t trusted,
size_t  trusted_len,
const char *  trusted_path,
size_t  required_strength,
const char *  hostname,
uint64_t  reference_time 
)

Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result

Intermediates or trusted lists can be null Trusted path can be null

Definition at line 269 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

279  {
280  if(required_strength == 0)
281  required_strength = 110;
282 
283 #if defined(BOTAN_HAS_X509_CERTIFICATES)
284  return ffi_guard_thunk(__func__, [=]() -> int {
285  const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
287  const auto validation_time = reference_time == 0 ?
288  std::chrono::system_clock::now() :
289  std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
290 
291  std::vector<Botan::X509_Certificate> end_certs;
292  end_certs.push_back(safe_get(cert));
293  for(size_t i = 0; i != intermediates_len; ++i)
294  end_certs.push_back(safe_get(intermediates[i]));
295 
296  std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
297  std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
298  std::vector<Botan::Certificate_Store*> trusted_roots;
299 
300  if(trusted_path && *trusted_path)
301  {
302  trusted_from_path.reset(new Botan::Certificate_Store_In_Memory(trusted_path));
303  trusted_roots.push_back(trusted_from_path.get());
304  }
305 
306  if(trusted_len > 0)
307  {
308  trusted_extra.reset(new Botan::Certificate_Store_In_Memory);
309  for(size_t i = 0; i != trusted_len; ++i)
310  {
311  trusted_extra->add_certificate(safe_get(trusted[i]));
312  }
313  trusted_roots.push_back(trusted_extra.get());
314  }
315 
316  Botan::Path_Validation_Restrictions restrictions(false, required_strength);
317 
318  auto validation_result = Botan::x509_path_validate(end_certs,
319  restrictions,
320  trusted_roots,
321  hostname,
322  usage,
323  validation_time);
324 
325  if(result_code)
326  *result_code = static_cast<int>(validation_result.result());
327 
328  if(validation_result.successful_validation())
329  return 0;
330  else
331  return 1;
332  });
333 #else
334  BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
335  BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
337 #endif
338  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89
Definition: bigint.h:1142
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store *> &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:846
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61
Usage_Type
Definition: x509cert.h:25

◆ botan_x509_cert_verify_with_crl()

int botan_x509_cert_verify_with_crl ( int *  validation_result,
botan_x509_cert_t  cert,
const botan_x509_cert_t intermediates,
size_t  intermediates_len,
const botan_x509_cert_t trusted,
size_t  trusted_len,
const botan_x509_crl_t crls,
size_t  crls_len,
const char *  trusted_path,
size_t  required_strength,
const char *  hostname,
uint64_t  reference_time 
)

Different flavor of botan_x509_cert_verify, supports revocation lists. CRLs are passed as an array, same as intermediates and trusted CAs

Definition at line 418 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

431  {
432  if(required_strength == 0)
433  required_strength = 110;
434 
435 #if defined(BOTAN_HAS_X509_CERTIFICATES)
436  return ffi_guard_thunk(__func__, [=]() -> int {
437  const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
439  const auto validation_time = reference_time == 0 ?
440  std::chrono::system_clock::now() :
441  std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
442 
443  std::vector<Botan::X509_Certificate> end_certs;
444  end_certs.push_back(safe_get(cert));
445  for(size_t i = 0; i != intermediates_len; ++i)
446  end_certs.push_back(safe_get(intermediates[i]));
447 
448  std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
449  std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
450  std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
451  std::vector<Botan::Certificate_Store*> trusted_roots;
452 
453  if(trusted_path && *trusted_path)
454  {
455  trusted_from_path.reset(new Botan::Certificate_Store_In_Memory(trusted_path));
456  trusted_roots.push_back(trusted_from_path.get());
457  }
458 
459  if(trusted_len > 0)
460  {
461  trusted_extra.reset(new Botan::Certificate_Store_In_Memory);
462  for(size_t i = 0; i != trusted_len; ++i)
463  {
464  trusted_extra->add_certificate(safe_get(trusted[i]));
465  }
466  trusted_roots.push_back(trusted_extra.get());
467  }
468 
469  if(crls_len > 0)
470  {
471  trusted_crls.reset(new Botan::Certificate_Store_In_Memory);
472  for(size_t i = 0; i != crls_len; ++i)
473  {
474  trusted_crls->add_crl(safe_get(crls[i]));
475  }
476  trusted_roots.push_back(trusted_crls.get());
477  }
478 
479  Botan::Path_Validation_Restrictions restrictions(false, required_strength);
480 
481  auto validation_result = Botan::x509_path_validate(end_certs,
482  restrictions,
483  trusted_roots,
484  hostname,
485  usage,
486  validation_time);
487 
488  if(result_code)
489  *result_code = static_cast<int>(validation_result.result());
490 
491  if(validation_result.successful_validation())
492  return 0;
493  else
494  return 1;
495  });
496 #else
497  BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
498  BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
500 #endif
501  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89
Definition: bigint.h:1142
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store *> &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:846
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61
Usage_Type
Definition: x509cert.h:25

◆ botan_x509_crl_destroy()

int botan_x509_crl_destroy ( botan_x509_crl_t  crl)

Definition at line 395 of file ffi_cert.cpp.

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

396  {
397 #if defined(BOTAN_HAS_X509_CERTIFICATES)
398  return BOTAN_FFI_CHECKED_DELETE(crl);
399 #else
400  BOTAN_UNUSED(crl);
402 #endif
403  }
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition: ffi_util.h:129
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_crl_load()

int botan_x509_crl_load ( botan_x509_crl_t crl_obj,
const uint8_t  crl_bits[],
size_t  crl_bits_len 
)

Definition at line 377 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

378  {
379  if(!crl_obj || !crl_bits)
381 
382 #if defined(BOTAN_HAS_X509_CERTIFICATES)
383  return ffi_guard_thunk(__func__, [=]() -> int {
384  Botan::DataSource_Memory bits(crl_bits, crl_bits_len);
385  std::unique_ptr<Botan::X509_CRL> c(new Botan::X509_CRL(bits));
386  *crl_obj = new botan_x509_crl_struct(c.release());
387  return BOTAN_FFI_SUCCESS;
388  });
389 #else
390  BOTAN_UNUSED(crl_bits_len);
392 #endif
393  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_crl_load_file()

int botan_x509_crl_load_file ( botan_x509_crl_t crl_obj,
const char *  crl_path 
)

Definition at line 359 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

360  {
361  if(!crl_obj || !crl_path)
363 
364 #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
365 
366  return ffi_guard_thunk(__func__, [=]() -> int {
367  std::unique_ptr<Botan::X509_CRL> c(new Botan::X509_CRL(crl_path));
368  *crl_obj = new botan_x509_crl_struct(c.release());
369  return BOTAN_FFI_SUCCESS;
370  });
371 
372 #else
374 #endif
375  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:89

◆ botan_x509_is_revoked()

int botan_x509_is_revoked ( botan_x509_crl_t  crl,
botan_x509_cert_t  cert 
)

Given a CRL and a certificate, check if the certificate is revoked on that particular CRL

Definition at line 405 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_RETURNING, BOTAN_UNUSED, Botan::X509_CRL::is_revoked(), and Botan_FFI::safe_get().

406  {
407 #if defined(BOTAN_HAS_X509_CERTIFICATES)
408  return BOTAN_FFI_RETURNING(Botan::X509_CRL, crl, c, {
409  return c.is_revoked(safe_get(cert)) ? 0 : -1;
410  });
411 #else
412  BOTAN_UNUSED(cert);
413  BOTAN_UNUSED(crl);
415 #endif
416  }
#define BOTAN_FFI_RETURNING(T, obj, param, block)
Definition: ffi_util.h:101
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61
bool is_revoked(const X509_Certificate &cert) const
Definition: x509_crl.cpp:76