Botan 3.9.0
Crypto and TLS for C&
ocsp_types.cpp
Go to the documentation of this file.
1/*
2* OCSP subtypes
3* (C) 2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/ocsp.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/hash.h>
13#include <botan/x509_ext.h>
14
15namespace Botan::OCSP {
16
17CertID::CertID(const X509_Certificate& issuer, const BigInt& subject_serial) : m_subject_serial(subject_serial) {
18 /*
19 In practice it seems some responders, including, notably,
20 ocsp.verisign.com, will reject anything but SHA-1 here
21 */
22 auto hash = HashFunction::create_or_throw("SHA-1");
23
25 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
26 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
27}
28
29bool CertID::is_id_for(const X509_Certificate& issuer, const X509_Certificate& subject) const {
30 try {
31 if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {
32 return false;
33 }
34
35 const std::string hash_algo = m_hash_id.oid().to_formatted_string();
36 auto hash = HashFunction::create_or_throw(hash_algo);
37
38 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) {
39 return false;
40 }
41
42 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) {
43 return false;
44 }
45 } catch(...) {
46 return false;
47 }
48
49 return true;
50}
51
54 .encode(m_hash_id)
55 .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
56 .encode(m_issuer_key_hash, ASN1_Type::OctetString)
57 .encode(m_subject_serial)
58 .end_cons();
59}
60
62 from.start_sequence()
63 .decode(m_hash_id)
64 .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
65 .decode(m_issuer_key_hash, ASN1_Type::OctetString)
66 .decode(m_subject_serial)
67 .end_cons();
68}
69
71 throw Not_Implemented("SingleResponse::encode_into");
72}
73
76 Extensions extensions;
77
78 from.start_sequence()
79 .decode(m_certid)
81 .decode(m_thisupdate)
84 .end_cons();
85
86 /* CertStatus ::= CHOICE {
87 good [0] IMPLICIT NULL,
88 revoked [1] IMPLICIT RevokedInfo,
89 unknown [2] IMPLICIT UnknownInfo }
90
91 RevokedInfo ::= SEQUENCE {
92 revocationTime GeneralizedTime,
93 revocationReason [0] EXPLICIT CRLReason OPTIONAL }
94
95 UnknownInfo ::= NULL
96
97 We should verify the expected body and decode the RevokedInfo
98 */
99 m_cert_status = static_cast<uint32_t>(cert_status.type());
100}
101
102} // namespace Botan::OCSP
BER_Decoder & decode(bool &out)
Definition ber_dec.h:188
BER_Decoder & end_cons()
Definition ber_dec.cpp:312
BER_Decoder start_sequence()
Definition ber_dec.h:125
BER_Decoder & decode_optional(T &out, ASN1_Type type_tag, ASN1_Class class_tag, const T &default_value=T())
Definition ber_dec.h:253
BER_Decoder & get_next(BER_Object &ber)
Definition ber_dec.h:71
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:87
DER_Encoder & start_sequence()
Definition der_enc.h:65
DER_Encoder & end_cons()
Definition der_enc.cpp:173
DER_Encoder & encode(bool b)
Definition der_enc.cpp:252
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:298
void decode_from(BER_Decoder &from) override
void encode_into(DER_Encoder &to) const override
bool is_id_for(const X509_Certificate &issuer, const X509_Certificate &subject) const
void decode_from(BER_Decoder &from) override
size_t cert_status() const
Definition ocsp.h:50
void encode_into(DER_Encoder &to) const override
const std::vector< uint8_t > & serial_number() const
Definition x509cert.cpp:399
const std::vector< uint8_t > & raw_subject_dn() const
Definition x509cert.cpp:419
const std::vector< uint8_t > & raw_issuer_dn() const
Definition x509cert.cpp:415
const std::vector< uint8_t > & subject_public_key_bitstring() const
Definition x509cert.cpp:379
ASN1_Type
Definition asn1_obj.h:43
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:86