9#include <botan/internal/ffi_pkey.h>
10#include <botan/internal/ffi_util.h>
13#if defined(BOTAN_HAS_X509_CERTIFICATES)
14 #include <botan/data_src.h>
15 #include <botan/x509_crl.h>
16 #include <botan/x509cert.h>
17 #include <botan/x509path.h>
24#if defined(BOTAN_HAS_X509_CERTIFICATES)
31 if(!cert_obj || !cert_path) {
35#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
38 auto c = std::make_unique<Botan::X509_Certificate>(cert_path);
39 *cert_obj =
new botan_x509_cert_struct(std::move(c));
53#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
56 auto c = std::make_unique<Botan::X509_Certificate>(
safe_get(cert));
57 *cert_obj =
new botan_x509_cert_struct(std::move(c));
68 if(!cert_obj || !cert_bits) {
72#if defined(BOTAN_HAS_X509_CERTIFICATES)
75 auto c = std::make_unique<Botan::X509_Certificate>(bits);
76 *cert_obj =
new botan_x509_cert_struct(std::move(c));
92#if defined(BOTAN_HAS_X509_CERTIFICATES)
94 auto public_key =
safe_get(cert).subject_public_key();
95 *key =
new botan_pubkey_struct(std::move(public_key));
105 botan_x509_cert_t cert,
const char* key,
size_t index, uint8_t out[],
size_t* out_len) {
106#if defined(BOTAN_HAS_X509_CERTIFICATES)
108 auto issuer_info = c.issuer_info(key);
109 if(index < issuer_info.size()) {
122 botan_x509_cert_t cert,
const char* key,
size_t index, uint8_t out[],
size_t* out_len) {
123#if defined(BOTAN_HAS_X509_CERTIFICATES)
125 auto subject_info = c.subject_info(key);
126 if(index < subject_info.size()) {
143#if defined(BOTAN_HAS_X509_CERTIFICATES)
152#if defined(BOTAN_HAS_X509_CERTIFICATES)
155 if(c.allowed_usage(k)) {
167#if defined(BOTAN_HAS_X509_CERTIFICATES)
176#if defined(BOTAN_HAS_X509_CERTIFICATES)
178 [=](
const auto& c) {
return write_str_output(out, out_len, c.not_before().to_string()); });
186#if defined(BOTAN_HAS_X509_CERTIFICATES)
188 [=](
const auto& c) {
return write_str_output(out, out_len, c.not_after().to_string()); });
196#if defined(BOTAN_HAS_X509_CERTIFICATES)
197 return BOTAN_FFI_VISIT(cert, [=](
const auto& c) { *time_since_epoch = c.not_before().time_since_epoch(); });
205#if defined(BOTAN_HAS_X509_CERTIFICATES)
206 return BOTAN_FFI_VISIT(cert, [=](
const auto& c) { *time_since_epoch = c.not_after().time_since_epoch(); });
214#if defined(BOTAN_HAS_X509_CERTIFICATES)
223#if defined(BOTAN_HAS_X509_CERTIFICATES)
232#if defined(BOTAN_HAS_X509_CERTIFICATES)
241#if defined(BOTAN_HAS_X509_CERTIFICATES)
254#if defined(BOTAN_HAS_X509_CERTIFICATES)
264 if(hostname ==
nullptr) {
268#if defined(BOTAN_HAS_X509_CERTIFICATES)
269 return BOTAN_FFI_VISIT(cert, [=](
const auto& c) {
return c.matches_dns_name(hostname) ? 0 : -1; });
279 size_t intermediates_len,
282 const char* trusted_path,
283 size_t required_strength,
284 const char* hostname_cstr,
285 uint64_t reference_time) {
286 if(required_strength == 0) {
287 required_strength = 110;
290#if defined(BOTAN_HAS_X509_CERTIFICATES)
292 const std::string hostname((hostname_cstr ==
nullptr) ?
"" : hostname_cstr);
294 const auto validation_time = reference_time == 0
295 ? std::chrono::system_clock::now()
296 : std::chrono::system_clock::from_time_t(
static_cast<time_t
>(reference_time));
298 std::vector<Botan::X509_Certificate> end_certs;
299 end_certs.push_back(
safe_get(cert));
300 for(
size_t i = 0; i != intermediates_len; ++i) {
301 end_certs.push_back(
safe_get(intermediates[i]));
304 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
305 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
306 std::vector<Botan::Certificate_Store*> trusted_roots;
308 if(trusted_path && *trusted_path) {
309 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
310 trusted_roots.push_back(trusted_from_path.get());
313 if(trusted_len > 0) {
314 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
315 for(
size_t i = 0; i != trusted_len; ++i) {
316 trusted_extra->add_certificate(
safe_get(trusted[i]));
318 trusted_roots.push_back(trusted_extra.get());
323 auto validation_result =
327 *result_code =
static_cast<int>(validation_result.result());
330 if(validation_result.successful_validation()) {
337 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
338 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
348#if defined(BOTAN_HAS_X509_CERTIFICATES)
356#if defined(BOTAN_HAS_X509_CERTIFICATES)
363 if(!crl_obj || !crl_path) {
367#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
370 auto c = std::make_unique<Botan::X509_CRL>(crl_path);
371 *crl_obj =
new botan_x509_crl_struct(std::move(c));
381 if(!crl_obj || !crl_bits) {
385#if defined(BOTAN_HAS_X509_CERTIFICATES)
388 auto c = std::make_unique<Botan::X509_CRL>(bits);
389 *crl_obj =
new botan_x509_crl_struct(std::move(c));
399#if defined(BOTAN_HAS_X509_CERTIFICATES)
408#if defined(BOTAN_HAS_X509_CERTIFICATES)
420 size_t intermediates_len,
425 const char* trusted_path,
426 size_t required_strength,
427 const char* hostname_cstr,
428 uint64_t reference_time) {
429 if(required_strength == 0) {
430 required_strength = 110;
433#if defined(BOTAN_HAS_X509_CERTIFICATES)
435 const std::string hostname((hostname_cstr ==
nullptr) ?
"" : hostname_cstr);
437 const auto validation_time = reference_time == 0
438 ? std::chrono::system_clock::now()
439 : std::chrono::system_clock::from_time_t(
static_cast<time_t
>(reference_time));
441 std::vector<Botan::X509_Certificate> end_certs;
442 end_certs.push_back(
safe_get(cert));
443 for(
size_t i = 0; i != intermediates_len; ++i) {
444 end_certs.push_back(
safe_get(intermediates[i]));
447 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
448 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
449 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
450 std::vector<Botan::Certificate_Store*> trusted_roots;
452 if(trusted_path && *trusted_path) {
453 trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
454 trusted_roots.push_back(trusted_from_path.get());
457 if(trusted_len > 0) {
458 trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
459 for(
size_t i = 0; i != trusted_len; ++i) {
460 trusted_extra->add_certificate(
safe_get(trusted[i]));
462 trusted_roots.push_back(trusted_extra.get());
466 trusted_crls = std::make_unique<Botan::Certificate_Store_In_Memory>();
467 for(
size_t i = 0; i != crls_len; ++i) {
468 trusted_crls->add_crl(
safe_get(crls[i]));
470 trusted_roots.push_back(trusted_crls.get());
475 auto validation_result =
479 *result_code =
static_cast<int>(validation_result.result());
482 if(validation_result.successful_validation()) {
489 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
490 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
struct botan_pubkey_struct * botan_pubkey_t
struct botan_x509_crl_struct * botan_x509_crl_t
int(* botan_view_bin_fn)(botan_view_ctx view_ctx, const uint8_t *data, size_t len)
struct botan_x509_cert_struct * botan_x509_cert_t
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
@ BOTAN_FFI_ERROR_NULL_POINTER
@ BOTAN_FFI_ERROR_BAD_PARAMETER
int(* botan_view_str_fn)(botan_view_ctx view_ctx, const char *str, size_t len)
int botan_x509_is_revoked(botan_x509_crl_t crl, botan_x509_cert_t cert)
int botan_x509_crl_destroy(botan_x509_crl_t crl)
int botan_x509_cert_destroy(botan_x509_cert_t cert)
int botan_x509_cert_load_file(botan_x509_cert_t *cert_obj, const char *cert_path)
int botan_x509_cert_dup(botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
int botan_x509_cert_verify_with_crl(int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const botan_x509_crl_t *crls, size_t crls_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t *key)
const char * botan_x509_cert_validation_status(int code)
int botan_x509_cert_get_authority_key_id(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_issuer_dn(botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_time_expires(botan_x509_cert_t cert, char out[], size_t *out_len)
int botan_x509_cert_view_as_string(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view)
int botan_x509_cert_get_time_starts(botan_x509_cert_t cert, char out[], size_t *out_len)
int botan_x509_cert_load(botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
int botan_x509_crl_load(botan_x509_crl_t *crl_obj, const uint8_t crl_bits[], size_t crl_bits_len)
int botan_x509_cert_get_subject_dn(botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
int botan_x509_cert_not_before(botan_x509_cert_t cert, uint64_t *time_since_epoch)
int botan_x509_cert_verify(int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char *hostname)
int botan_x509_cert_get_serial_number(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_subject_key_id(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_view_public_key_bits(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view)
int botan_x509_crl_load_file(botan_x509_crl_t *crl_obj, const char *crl_path)
int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage)
int botan_x509_cert_not_after(botan_x509_cert_t cert, uint64_t *time_since_epoch)
int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_fingerprint(botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
int botan_x509_cert_to_string(botan_x509_cert_t cert, char out[], size_t *out_len)
#define BOTAN_FFI_VISIT(obj, lambda)
#define BOTAN_FFI_CHECKED_DELETE(o)
#define BOTAN_FFI_DECLARE_STRUCT(NAME, TYPE, MAGIC)
int copy_view_bin(uint8_t out[], size_t *out_len, Fn fn, Args... args)
int write_str_output(uint8_t out[], size_t *out_len, std::string_view str)
T & safe_get(botan_struct< T, M > *p)
int invoke_view_callback(botan_view_bin_fn view, botan_view_ctx ctx, const std::vector< uint8_t, Alloc > &buf)
int copy_view_str(uint8_t out[], size_t *out_len, Fn fn, Args... args)
int ffi_guard_thunk(const char *func_name, const std::function< int()> &thunk)
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
std::string to_string(ErrorType type)
Convert an ErrorType to string.