Botan 3.0.0
Crypto and TLS for C&
ocsp_types.cpp
Go to the documentation of this file.
1/*
2* OCSP subtypes
3* (C) 2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/ocsp.h>
9#include <botan/der_enc.h>
10#include <botan/ber_dec.h>
11#include <botan/x509_ext.h>
12#include <botan/hash.h>
13
14namespace Botan::OCSP {
15
16CertID::CertID(const X509_Certificate& issuer,
17 const BigInt& subject_serial)
18 {
19 /*
20 In practice it seems some responders, including, notably,
21 ocsp.verisign.com, will reject anything but SHA-1 here
22 */
23 auto hash = HashFunction::create_or_throw("SHA-1");
24
25 m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
26 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
27 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
28 m_subject_serial = subject_serial;
29 }
30
31bool CertID::is_id_for(const X509_Certificate& issuer,
32 const X509_Certificate& subject) const
33 {
34 try
35 {
36 if(BigInt::decode(subject.serial_number()) != m_subject_serial)
37 return false;
38
39 const std::string hash_algo = m_hash_id.oid().to_formatted_string();
40 auto hash = HashFunction::create_or_throw(hash_algo);
41
42 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
43 return false;
44
45 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
46 return false;
47 }
48 catch(...)
49 {
50 return false;
51 }
52
53 return true;
54 }
55
56void CertID::encode_into(DER_Encoder& to) const
57 {
58 to.start_sequence()
59 .encode(m_hash_id)
60 .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
61 .encode(m_issuer_key_hash, ASN1_Type::OctetString)
62 .encode(m_subject_serial)
63 .end_cons();
64 }
65
66void CertID::decode_from(BER_Decoder& from)
67 {
68 from.start_sequence()
69 .decode(m_hash_id)
70 .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
71 .decode(m_issuer_key_hash, ASN1_Type::OctetString)
72 .decode(m_subject_serial)
73 .end_cons();
74
75 }
76
77void SingleResponse::encode_into(DER_Encoder& /*to*/) const
78 {
79 throw Not_Implemented("SingleResponse::encode_into");
80 }
81
82void SingleResponse::decode_from(BER_Decoder& from)
83 {
84 BER_Object cert_status;
85 Extensions extensions;
86
87 from.start_sequence()
88 .decode(m_certid)
89 .get_next(cert_status)
90 .decode(m_thisupdate)
91 .decode_optional(m_nextupdate, ASN1_Type(0),
92 ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
93 .decode_optional(extensions,
94 ASN1_Type(1),
95 ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
96 .end_cons();
97
98 /* CertStatus ::= CHOICE {
99 good [0] IMPLICIT NULL,
100 revoked [1] IMPLICIT RevokedInfo,
101 unknown [2] IMPLICIT UnknownInfo }
102
103 RevokedInfo ::= SEQUENCE {
104 revocationTime GeneralizedTime,
105 revocationReason [0] EXPLICIT CRLReason OPTIONAL }
106
107 UnknownInfo ::= NULL
108
109 We should verify the expected body and decode the RevokedInfo
110 */
111 m_cert_status = static_cast<uint32_t>(cert_status.type());
112 }
113
114}
Botan::AlgorithmIdentifier::oid
const OID & oid() const
Definition: asn1_obj.h:477
Botan::BER_Decoder
Definition: ber_dec.h:22
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:193
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition: ber_dec.cpp:304
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition: ber_dec.h:117
Botan::BER_Decoder::decode_optional
BER_Decoder & decode_optional(T &out, ASN1_Type type_tag, ASN1_Class class_tag, const T &default_value=T())
Definition: ber_dec.h:371
Botan::BER_Decoder::get_next
BER_Decoder & get_next(BER_Object &ber)
Definition: ber_dec.h:72
Botan::BER_Object
Definition: asn1_obj.h:133
Botan::BigInt::decode
static BigInt decode(const uint8_t buf[], size_t length)
Definition: bigint.h:805
Botan::DER_Encoder
Definition: der_enc.h:23
Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition: der_enc.h:66
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition: der_enc.cpp:196
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:290
Botan::HashFunction::create_or_throw
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition: hash.cpp:320
Botan::Not_Implemented
Definition: exceptn.h:353
Botan::OCSP::CertID::decode_from
void decode_from(BER_Decoder &from) override
Definition: ocsp_types.cpp:66
Botan::OCSP::CertID::encode_into
void encode_into(DER_Encoder &to) const override
Definition: ocsp_types.cpp:56
Botan::OCSP::CertID::is_id_for
bool is_id_for(const X509_Certificate &issuer, const X509_Certificate &subject) const
Definition: ocsp_types.cpp:31
Botan::OCSP::SingleResponse::decode_from
void decode_from(BER_Decoder &from) override
Definition: ocsp_types.cpp:82
Botan::OCSP::SingleResponse::cert_status
size_t cert_status() const
Definition: ocsp.h:54
Botan::OCSP::SingleResponse::encode_into
void encode_into(DER_Encoder &to) const override
Definition: ocsp_types.cpp:77
Botan::OID::to_formatted_string
std::string to_formatted_string() const
Definition: asn1_oid.cpp:120
Botan::X509_Certificate
Definition: x509cert.h:38
Botan::X509_Certificate::serial_number
const std::vector< uint8_t > & serial_number() const
Definition: x509cert.cpp:400
Botan::X509_Certificate::raw_subject_dn
const std::vector< uint8_t > & raw_subject_dn() const
Definition: x509cert.cpp:426
Botan::X509_Certificate::raw_issuer_dn
const std::vector< uint8_t > & raw_issuer_dn() const
Definition: x509cert.cpp:421
Botan::X509_Certificate::subject_public_key_bitstring
const std::vector< uint8_t > & subject_public_key_bitstring() const
Definition: x509cert.cpp:377
Botan::ASN1_Type
ASN1_Type
Definition: asn1_obj.h:43
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:77
Generated by doxygen 1.9.6