Botan 3.7.1
Crypto and TLS for C&
ocsp_types.cpp
Go to the documentation of this file.
1/*
2* OCSP subtypes
3* (C) 2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/ocsp.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/hash.h>
13#include <botan/x509_ext.h>
14
15namespace Botan::OCSP {
16
17CertID::CertID(const X509_Certificate& issuer, const BigInt& subject_serial) {
18 /*
19 In practice it seems some responders, including, notably,
20 ocsp.verisign.com, will reject anything but SHA-1 here
21 */
22 auto hash = HashFunction::create_or_throw("SHA-1");
23
24 m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
25 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
26 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
27 m_subject_serial = subject_serial;
28}
29
30bool CertID::is_id_for(const X509_Certificate& issuer, const X509_Certificate& subject) const {
31 try {
32 if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {
33 return false;
34 }
35
36 const std::string hash_algo = m_hash_id.oid().to_formatted_string();
37 auto hash = HashFunction::create_or_throw(hash_algo);
38
39 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) {
40 return false;
41 }
42
43 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) {
44 return false;
45 }
46 } catch(...) {
47 return false;
48 }
49
50 return true;
51}
52
53void CertID::encode_into(DER_Encoder& to) const {
54 to.start_sequence()
55 .encode(m_hash_id)
56 .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
57 .encode(m_issuer_key_hash, ASN1_Type::OctetString)
58 .encode(m_subject_serial)
59 .end_cons();
60}
61
62void CertID::decode_from(BER_Decoder& from) {
63 from.start_sequence()
64 .decode(m_hash_id)
65 .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
66 .decode(m_issuer_key_hash, ASN1_Type::OctetString)
67 .decode(m_subject_serial)
68 .end_cons();
69}
70
71void SingleResponse::encode_into(DER_Encoder& /*to*/) const {
72 throw Not_Implemented("SingleResponse::encode_into");
73}
74
75void SingleResponse::decode_from(BER_Decoder& from) {
76 BER_Object cert_status;
77 Extensions extensions;
78
79 from.start_sequence()
80 .decode(m_certid)
81 .get_next(cert_status)
82 .decode(m_thisupdate)
83 .decode_optional(m_nextupdate, ASN1_Type(0), ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
84 .decode_optional(extensions, ASN1_Type(1), ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
85 .end_cons();
86
87 /* CertStatus ::= CHOICE {
88 good [0] IMPLICIT NULL,
89 revoked [1] IMPLICIT RevokedInfo,
90 unknown [2] IMPLICIT UnknownInfo }
91
92 RevokedInfo ::= SEQUENCE {
93 revocationTime GeneralizedTime,
94 revocationReason [0] EXPLICIT CRLReason OPTIONAL }
95
96 UnknownInfo ::= NULL
97
98 We should verify the expected body and decode the RevokedInfo
99 */
100 m_cert_status = static_cast<uint32_t>(cert_status.type());
101}
102
103} // namespace Botan::OCSP
Botan::AlgorithmIdentifier::oid
const OID & oid() const
Definition asn1_obj.h:472
Botan::BER_Decoder
Definition ber_dec.h:22
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:186
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition ber_dec.cpp:309
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition ber_dec.h:123
Botan::BER_Decoder::decode_optional
BER_Decoder & decode_optional(T &out, ASN1_Type type_tag, ASN1_Class class_tag, const T &default_value=T())
Definition ber_dec.h:332
Botan::BER_Decoder::get_next
BER_Decoder & get_next(BER_Object &ber)
Definition ber_dec.h:69
Botan::BER_Object
Definition asn1_obj.h:127
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:95
Botan::DER_Encoder
Definition der_enc.h:22
Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition der_enc.h:64
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition der_enc.cpp:171
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
Botan::HashFunction::create_or_throw
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:298
Botan::Not_Implemented
Definition exceptn.h:334
Botan::OCSP::CertID::decode_from
void decode_from(BER_Decoder &from) override
Definition ocsp_types.cpp:62
Botan::OCSP::CertID::encode_into
void encode_into(DER_Encoder &to) const override
Definition ocsp_types.cpp:53
Botan::OCSP::CertID::is_id_for
bool is_id_for(const X509_Certificate &issuer, const X509_Certificate &subject) const
Definition ocsp_types.cpp:30
Botan::OCSP::SingleResponse::decode_from
void decode_from(BER_Decoder &from) override
Definition ocsp_types.cpp:75
Botan::OCSP::SingleResponse::cert_status
size_t cert_status() const
Definition ocsp.h:50
Botan::OCSP::SingleResponse::encode_into
void encode_into(DER_Encoder &to) const override
Definition ocsp_types.cpp:71
Botan::OID::to_formatted_string
std::string to_formatted_string() const
Definition asn1_oid.cpp:139
Botan::X509_Certificate
Definition x509cert.h:36
Botan::X509_Certificate::serial_number
const std::vector< uint8_t > & serial_number() const
Definition x509cert.cpp:397
Botan::X509_Certificate::raw_subject_dn
const std::vector< uint8_t > & raw_subject_dn() const
Definition x509cert.cpp:417
Botan::X509_Certificate::raw_issuer_dn
const std::vector< uint8_t > & raw_issuer_dn() const
Definition x509cert.cpp:413
Botan::X509_Certificate::subject_public_key_bitstring
const std::vector< uint8_t > & subject_public_key_bitstring() const
Definition x509cert.cpp:377
Botan::ASN1_Type
ASN1_Type
Definition asn1_obj.h:44
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:75
Generated by doxygen 1.12.0