Botan  2.18.1
Crypto and TLS for C++11
ocsp_types.cpp
Go to the documentation of this file.
1 /*
2 * OCSP subtypes
3 * (C) 2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/ocsp.h>
9 #include <botan/der_enc.h>
10 #include <botan/ber_dec.h>
11 #include <botan/x509_ext.h>
12 #include <botan/hash.h>
13 
14 namespace Botan {
15 
16 namespace OCSP {
17 
19  const BigInt& subject_serial)
20  {
21  /*
22  In practice it seems some responders, including, notably,
23  ocsp.verisign.com, will reject anything but SHA-1 here
24  */
25  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
26 
28  m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
29  m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
30  m_subject_serial = subject_serial;
31  }
32 
34  const X509_Certificate& subject) const
35  {
36  try
37  {
38  if(BigInt::decode(subject.serial_number()) != m_subject_serial)
39  return false;
40 
41  const std::string hash_algo = m_hash_id.get_oid().to_formatted_string();
42  std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo);
43 
44  if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45  return false;
46 
47  if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48  return false;
49  }
50  catch(...)
51  {
52  return false;
53  }
54 
55  return true;
56  }
57 
58 void CertID::encode_into(class DER_Encoder& to) const
59  {
61  .encode(m_hash_id)
62  .encode(m_issuer_dn_hash, OCTET_STRING)
63  .encode(m_issuer_key_hash, OCTET_STRING)
64  .encode(m_subject_serial)
65  .end_cons();
66  }
67 
69  {
70  from.start_cons(SEQUENCE)
71  .decode(m_hash_id)
72  .decode(m_issuer_dn_hash, OCTET_STRING)
73  .decode(m_issuer_key_hash, OCTET_STRING)
74  .decode(m_subject_serial)
75  .end_cons();
76 
77  }
78 
80  {
81  throw Not_Implemented("SingleResponse::encode_into");
82  }
83 
85  {
87  Extensions extensions;
88 
89  from.start_cons(SEQUENCE)
90  .decode(m_certid)
92  .decode(m_thisupdate)
93  .decode_optional(m_nextupdate, ASN1_Tag(0),
95  .decode_optional(extensions,
96  ASN1_Tag(1),
98  .end_cons();
99 
100  m_cert_status = cert_status.type();
101  }
102 
103 }
104 
105 }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:344
const std::vector< uint8_t > & raw_subject_dn() const
Definition: x509cert.cpp:486
void encode_into(class DER_Encoder &to) const override
Definition: ocsp_types.cpp:79
ASN1_Tag
Definition: asn1_obj.h:25
DER_Encoder & end_cons()
Definition: der_enc.cpp:191
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:170
size_t cert_status() const
Definition: ocsp.h:52
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
Definition: ber_dec.h:337
BER_Decoder & end_cons()
Definition: ber_dec.cpp:300
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:290
bool is_id_for(const X509_Certificate &issuer, const X509_Certificate &subject) const
Definition: ocsp_types.cpp:33
void decode_from(class BER_Decoder &from) override
Definition: ocsp_types.cpp:84
Definition: alg_id.cpp:13
const std::vector< uint8_t > & subject_public_key_bitstring() const
Definition: x509cert.cpp:437
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
void encode_into(class DER_Encoder &to) const override
Definition: ocsp_types.cpp:58
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
BER_Decoder & get_next(BER_Object &ber)
Definition: ber_dec.h:66
std::string to_formatted_string() const
Definition: asn1_oid.cpp:111
static BigInt decode(const uint8_t buf[], size_t length)
Definition: bigint.h:805
const OID & get_oid() const
Definition: asn1_obj.h:445
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:181
const std::vector< uint8_t > & serial_number() const
Definition: x509cert.cpp:460
MechanismType hash
const std::vector< uint8_t > & raw_issuer_dn() const
Definition: x509cert.cpp:481
void decode_from(class BER_Decoder &from) override
Definition: ocsp_types.cpp:68