Botan  2.12.1
Crypto and TLS for C++11
Functions
ffi_cert.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_util.h>
#include <botan/internal/ffi_pkey.h>

Go to the source code of this file.

Functions

int botan_x509_cert_allowed_usage (botan_x509_cert_t cert, unsigned int key_usage)
 
int botan_x509_cert_destroy (botan_x509_cert_t cert)
 
int botan_x509_cert_dup (botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
 
int botan_x509_cert_get_authority_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_fingerprint (botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_issuer_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_public_key (botan_x509_cert_t cert, botan_pubkey_t *key)
 
int botan_x509_cert_get_public_key_bits (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_serial_number (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_dn (botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_subject_key_id (botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
 
int botan_x509_cert_get_time_expires (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_get_time_starts (botan_x509_cert_t cert, char out[], size_t *out_len)
 
int botan_x509_cert_hostname_match (botan_x509_cert_t cert, const char *hostname)
 
int botan_x509_cert_load (botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
 
int botan_x509_cert_load_file (botan_x509_cert_t *cert_obj, const char *cert_path)
 
int botan_x509_cert_not_after (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_not_before (botan_x509_cert_t cert, uint64_t *time_since_epoch)
 
int botan_x509_cert_to_string (botan_x509_cert_t cert, char out[], size_t *out_len)
 
const char * botan_x509_cert_validation_status (int code)
 
int botan_x509_cert_verify (int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
 

Function Documentation

◆ botan_x509_cert_allowed_usage()

int botan_x509_cert_allowed_usage ( botan_x509_cert_t  cert,
unsigned int  key_usage 
)

Definition at line 135 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, and BOTAN_UNUSED.

136  {
137 #if defined(BOTAN_HAS_X509_CERTIFICATES)
138  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, {
139  const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
140  if(c.allowed_usage(k))
141  return BOTAN_FFI_SUCCESS;
142  return 1;
143  });
144 #else
145  BOTAN_UNUSED(cert, key_usage);
147 #endif
148  }
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_destroy()

int botan_x509_cert_destroy ( botan_x509_cert_t  cert)
Returns
0 if success, error if invalid object handle

Definition at line 150 of file ffi_cert.cpp.

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

151  {
152 #if defined(BOTAN_HAS_X509_CERTIFICATES)
153  return BOTAN_FFI_CHECKED_DELETE(cert);
154 #else
155  BOTAN_UNUSED(cert);
157 #endif
158  }
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition: ffi_util.h:120
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_cert_dup()

int botan_x509_cert_dup ( botan_x509_cert_t cert_obj,
botan_x509_cert_t  cert 
)

Definition at line 45 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

46  {
47  if(!cert_obj)
49 
50 #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
51 
52  return ffi_guard_thunk(__func__, [=]() -> int {
53  std::unique_ptr<Botan::X509_Certificate> c(new Botan::X509_Certificate(safe_get(cert)));
54  *cert_obj = new botan_x509_cert_struct(c.release());
55  return BOTAN_FFI_SUCCESS;
56  });
57 
58 #else
59  BOTAN_UNUSED(cert);
61 #endif
62  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:86
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61

◆ botan_x509_cert_get_authority_key_id()

int botan_x509_cert_get_authority_key_id ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 224 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

225  {
226 #if defined(BOTAN_HAS_X509_CERTIFICATES)
227  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.authority_key_id()); });
228 #else
229  BOTAN_UNUSED(cert, out, out_len);
231 #endif
232  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:146
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_fingerprint()

int botan_x509_cert_get_fingerprint ( botan_x509_cert_t  cert,
const char *  hash,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 214 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, hash, and Botan_FFI::write_str_output().

215  {
216 #if defined(BOTAN_HAS_X509_CERTIFICATES)
217  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.fingerprint(hash)); });
218 #else
219  BOTAN_UNUSED(cert, hash, out, out_len);
221 #endif
222  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92
MechanismType hash

◆ botan_x509_cert_get_issuer_dn()

int botan_x509_cert_get_issuer_dn ( botan_x509_cert_t  cert,
const char *  key,
size_t  index,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 101 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

104  {
105 #if defined(BOTAN_HAS_X509_CERTIFICATES)
106  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.issuer_info(key).at(index)); });
107 #else
108  BOTAN_UNUSED(cert, key, index, out, out_len);
110 #endif
111  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_public_key()

int botan_x509_cert_get_public_key ( botan_x509_cert_t  cert,
botan_pubkey_t key 
)

Definition at line 82 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::safe_get().

83  {
84  if(key == nullptr)
86 
87  *key = nullptr;
88 
89 #if defined(BOTAN_HAS_X509_CERTIFICATES)
90  return ffi_guard_thunk(__func__, [=]() -> int {
91  std::unique_ptr<Botan::Public_Key> publicKey = safe_get(cert).load_subject_public_key();
92  *key = new botan_pubkey_struct(publicKey.release());
93  return BOTAN_FFI_SUCCESS;
94  });
95 #else
96  BOTAN_UNUSED(cert);
98 #endif
99  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:86
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61

◆ botan_x509_cert_get_public_key_bits()

int botan_x509_cert_get_public_key_bits ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 244 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

245  {
246 #if defined(BOTAN_HAS_X509_CERTIFICATES)
247  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_public_key_bits()); });
248 #else
249  BOTAN_UNUSED(cert, out, out_len);
251 #endif
252  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:146
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_serial_number()

int botan_x509_cert_get_serial_number ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 204 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

205  {
206 #if defined(BOTAN_HAS_X509_CERTIFICATES)
207  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.serial_number()); });
208 #else
209  BOTAN_UNUSED(cert, out, out_len);
211 #endif
212  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:146
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_subject_dn()

int botan_x509_cert_get_subject_dn ( botan_x509_cert_t  cert,
const char *  key,
size_t  index,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 113 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

116  {
117 #if defined(BOTAN_HAS_X509_CERTIFICATES)
118  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.subject_info(key).at(index)); });
119 #else
120  BOTAN_UNUSED(cert, key, index, out, out_len);
122 #endif
123  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_subject_key_id()

int botan_x509_cert_get_subject_key_id ( botan_x509_cert_t  cert,
uint8_t  out[],
size_t *  out_len 
)

Definition at line 234 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_vec_output().

235  {
236 #if defined(BOTAN_HAS_X509_CERTIFICATES)
237  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_key_id()); });
238 #else
239  BOTAN_UNUSED(cert, out, out_len);
241 #endif
242  }
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:146
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_time_expires()

int botan_x509_cert_get_time_expires ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 170 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

171  {
172 #if defined(BOTAN_HAS_X509_CERTIFICATES)
173  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.not_after().to_string()); });
174 #else
175  BOTAN_UNUSED(cert, out, out_len);
177 #endif
178  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_get_time_starts()

int botan_x509_cert_get_time_starts ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 160 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

161  {
162 #if defined(BOTAN_HAS_X509_CERTIFICATES)
163  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.not_before().to_string()); });
164 #else
165  BOTAN_UNUSED(cert, out, out_len);
167 #endif
168  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_hostname_match()

int botan_x509_cert_hostname_match ( botan_x509_cert_t  cert,
const char *  hostname 
)

Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.

Definition at line 254 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, and Botan::X509_Certificate::matches_dns_name().

255  {
256  if(hostname == nullptr)
258 
259 #if defined(BOTAN_HAS_X509_CERTIFICATES)
260  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c,
261  { return c.matches_dns_name(hostname) ? 0 : -1; });
262 #else
263  BOTAN_UNUSED(cert);
265 #endif
266  }
bool matches_dns_name(const std::string &name) const
Definition: x509cert.cpp:729
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_load()

int botan_x509_cert_load ( botan_x509_cert_t cert_obj,
const uint8_t  cert_bits[],
size_t  cert_bits_len 
)

Definition at line 64 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, and Botan_FFI::ffi_guard_thunk().

65  {
66  if(!cert_obj || !cert_bits)
68 
69 #if defined(BOTAN_HAS_X509_CERTIFICATES)
70  return ffi_guard_thunk(__func__, [=]() -> int {
71  Botan::DataSource_Memory bits(cert_bits, cert_bits_len);
72  std::unique_ptr<Botan::X509_Certificate> c(new Botan::X509_Certificate(bits));
73  *cert_obj = new botan_x509_cert_struct(c.release());
74  return BOTAN_FFI_SUCCESS;
75  });
76 #else
77  BOTAN_UNUSED(cert_bits_len);
79 #endif
80  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:86
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ botan_x509_cert_load_file()

int botan_x509_cert_load_file ( botan_x509_cert_t cert_obj,
const char *  cert_path 
)

Definition at line 27 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, and Botan_FFI::ffi_guard_thunk().

28  {
29  if(!cert_obj || !cert_path)
31 
32 #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
33 
34  return ffi_guard_thunk(__func__, [=]() -> int {
35  std::unique_ptr<Botan::X509_Certificate> c(new Botan::X509_Certificate(cert_path));
36  *cert_obj = new botan_x509_cert_struct(c.release());
37  return BOTAN_FFI_SUCCESS;
38  });
39 
40 #else
42 #endif
43  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:86

◆ botan_x509_cert_not_after()

int botan_x509_cert_not_after ( botan_x509_cert_t  cert,
uint64_t *  time_since_epoch 
)

Definition at line 192 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan::X509_Certificate::not_after(), and Botan::X509_Time::time_since_epoch().

193  {
194 #if defined(BOTAN_HAS_X509_CERTIFICATES)
195  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, {
196  *time_since_epoch = c.not_after().time_since_epoch();
197  });
198 #else
199  BOTAN_UNUSED(cert, time_since_epoch);
201 #endif
202  }
const X509_Time & not_after() const
Definition: x509cert.cpp:369
#define BOTAN_UNUSED(...)
Definition: assert.h:142
uint64_t time_since_epoch() const
Return time since epoch.
Definition: asn1_time.cpp:266
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_not_before()

int botan_x509_cert_not_before ( botan_x509_cert_t  cert,
uint64_t *  time_since_epoch 
)

Definition at line 180 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan::X509_Certificate::not_before(), and Botan::X509_Time::time_since_epoch().

181  {
182 #if defined(BOTAN_HAS_X509_CERTIFICATES)
183  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, {
184  *time_since_epoch = c.not_before().time_since_epoch();
185  });
186 #else
187  BOTAN_UNUSED(cert, time_since_epoch);
189 #endif
190  }
#define BOTAN_UNUSED(...)
Definition: assert.h:142
const X509_Time & not_before() const
Definition: x509cert.cpp:364
uint64_t time_since_epoch() const
Return time since epoch.
Definition: asn1_time.cpp:266
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_to_string()

int botan_x509_cert_to_string ( botan_x509_cert_t  cert,
char  out[],
size_t *  out_len 
)

Definition at line 125 of file ffi_cert.cpp.

References BOTAN_FFI_DO, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, and Botan_FFI::write_str_output().

126  {
127 #if defined(BOTAN_HAS_X509_CERTIFICATES)
128  return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.to_string()); });
129 #else
130  BOTAN_UNUSED(cert, out, out_len);
132 #endif
133  }
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_UNUSED(...)
Definition: assert.h:142
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:92

◆ botan_x509_cert_validation_status()

const char* botan_x509_cert_validation_status ( int  code)

Returns a pointer to a static character string explaining the status code, or else NULL if unknown.

Definition at line 339 of file ffi_cert.cpp.

References Botan::to_string().

340  {
341  if(code < 0)
342  return nullptr;
343 
344 #if defined(BOTAN_HAS_X509_CERTIFICATES)
346  return Botan::to_string(sc);
347 #else
348  return nullptr;
349 #endif
350  }
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition: exceptn.cpp:11
Certificate_Status_Code
Definition: cert_status.h:19

◆ botan_x509_cert_verify()

int botan_x509_cert_verify ( int *  validation_result,
botan_x509_cert_t  cert,
const botan_x509_cert_t intermediates,
size_t  intermediates_len,
const botan_x509_cert_t trusted,
size_t  trusted_len,
const char *  trusted_path,
size_t  required_strength,
const char *  hostname,
uint64_t  reference_time 
)

Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result

Intermediates or trusted lists can be null Trusted path can be null

Definition at line 268 of file ffi_cert.cpp.

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), Botan::UNSPECIFIED, and Botan::x509_path_validate().

278  {
279  if(required_strength == 0)
280  required_strength = 110;
281 
282 #if defined(BOTAN_HAS_X509_CERTIFICATES)
283  return ffi_guard_thunk(__func__, [=]() -> int {
284  const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
286  const auto validation_time = reference_time == 0 ?
287  std::chrono::system_clock::now() :
288  std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
289 
290  std::vector<Botan::X509_Certificate> end_certs;
291  end_certs.push_back(safe_get(cert));
292  for(size_t i = 0; i != intermediates_len; ++i)
293  end_certs.push_back(safe_get(intermediates[i]));
294 
295  std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
296  std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
297  std::vector<Botan::Certificate_Store*> trusted_roots;
298 
299  if(trusted_path && *trusted_path)
300  {
301  trusted_from_path.reset(new Botan::Certificate_Store_In_Memory(trusted_path));
302  trusted_roots.push_back(trusted_from_path.get());
303  }
304 
305  if(trusted_len > 0)
306  {
307  trusted_extra.reset(new Botan::Certificate_Store_In_Memory);
308  for(size_t i = 0; i != trusted_len; ++i)
309  {
310  trusted_extra->add_certificate(safe_get(trusted[i]));
311  }
312  trusted_roots.push_back(trusted_extra.get());
313  }
314 
315  Botan::Path_Validation_Restrictions restrictions(false, required_strength);
316 
317  auto validation_result = Botan::x509_path_validate(end_certs,
318  restrictions,
319  trusted_roots,
320  hostname,
321  usage,
322  validation_time);
323 
324  if(result_code)
325  *result_code = static_cast<int>(validation_result.result());
326 
327  if(validation_result.successful_validation())
328  return 0;
329  else
330  return 1;
331  });
332 #else
333  BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
334  BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
336 #endif
337  }
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
Definition: ffi.cpp:86
Definition: bigint.h:1135
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store *> &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:836
#define BOTAN_UNUSED(...)
Definition: assert.h:142
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:61
Usage_Type
Definition: x509cert.h:25