Botan  2.6.0
Crypto and TLS for C++11
ocsp_types.cpp
Go to the documentation of this file.
1 /*
2 * OCSP subtypes
3 * (C) 2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/ocsp_types.h>
9 #include <botan/der_enc.h>
10 #include <botan/ber_dec.h>
11 #include <botan/x509_ext.h>
12 #include <botan/hash.h>
13 #include <botan/oids.h>
14 
15 namespace Botan {
16 
17 namespace OCSP {
18 
20  const BigInt& subject_serial)
21  {
22  /*
23  In practice it seems some responders, including, notably,
24  ocsp.verisign.com, will reject anything but SHA-1 here
25  */
26  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
27 
29  m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
30  m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
31  m_subject_serial = subject_serial;
32  }
33 
35  const X509_Certificate& subject) const
36  {
37  try
38  {
39  if(BigInt::decode(subject.serial_number()) != m_subject_serial)
40  return false;
41 
42  std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid())));
43 
44  if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45  return false;
46 
47  if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48  return false;
49  }
50  catch(...)
51  {
52  return false;
53  }
54 
55  return true;
56  }
57 
58 void CertID::encode_into(class DER_Encoder& to) const
59  {
61  .encode(m_hash_id)
62  .encode(m_issuer_dn_hash, OCTET_STRING)
63  .encode(m_issuer_key_hash, OCTET_STRING)
64  .encode(m_subject_serial)
65  .end_cons();
66  }
67 
69  {
70  from.start_cons(SEQUENCE)
71  .decode(m_hash_id)
72  .decode(m_issuer_dn_hash, OCTET_STRING)
73  .decode(m_issuer_key_hash, OCTET_STRING)
74  .decode(m_subject_serial)
75  .end_cons();
76 
77  }
78 
80  {
81  throw Not_Implemented("SingleResponse::encode_into");
82  }
83 
85  {
87  Extensions extensions;
88 
89  from.start_cons(SEQUENCE)
90  .decode(m_certid)
92  .decode(m_thisupdate)
93  .decode_optional(m_nextupdate, ASN1_Tag(0),
95  .decode_optional(extensions,
96  ASN1_Tag(1),
98  .end_cons();
99 
100  m_cert_status = cert_status.type();
101  }
102 
103 }
104 
105 }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:345
const std::vector< uint8_t > & raw_subject_dn() const
Definition: x509cert.cpp:439
void encode_into(class DER_Encoder &to) const override
Definition: ocsp_types.cpp:79
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:338
ASN1_Tag
Definition: asn1_obj.h:22
DER_Encoder & end_cons()
Definition: der_enc.cpp:146
size_t cert_status() const
Definition: ocsp_types.h:48
BER_Decoder & get_next(BER_Object &ber)
Definition: ber_dec.cpp:220
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:202
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
Definition: ber_dec.h:232
BER_Decoder & end_cons()
Definition: ber_dec.cpp:253
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:106
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:239
bool is_id_for(const X509_Certificate &issuer, const X509_Certificate &subject) const
Definition: ocsp_types.cpp:34
void decode_from(class BER_Decoder &from) override
Definition: ocsp_types.cpp:84
Definition: alg_id.cpp:13
const std::vector< uint8_t > & subject_public_key_bitstring() const
Definition: x509cert.cpp:390
void encode_into(class DER_Encoder &to) const override
Definition: ocsp_types.cpp:58
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
const OID & get_oid() const
Definition: alg_id.h:37
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:136
const std::vector< uint8_t > & serial_number() const
Definition: x509cert.cpp:413
std::string lookup(const OID &oid)
Definition: oids.cpp:113
MechanismType hash
static BigInt decode(const uint8_t buf[], size_t length, Base base=Binary)
Definition: big_code.cpp:114
const std::vector< uint8_t > & raw_issuer_dn() const
Definition: x509cert.cpp:434
void decode_from(class BER_Decoder &from) override
Definition: ocsp_types.cpp:68