8#include <botan/x509_crl.h>
10#include <botan/ber_dec.h>
11#include <botan/x509_ext.h>
12#include <botan/x509cert.h>
23 std::vector<CRL_Entry> m_entries;
24 Extensions m_extensions;
27 size_t m_crl_number = 0;
28 std::vector<uint8_t> m_auth_key_id;
29 std::vector<std::string> m_idp_urls;
32std::string X509_CRL::PEM_label()
const {
36std::vector<std::string> X509_CRL::alternate_PEM_labels()
const {
49#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
59 const std::vector<CRL_Entry>& revoked) :
61 m_data = std::make_shared<CRL_Data>();
62 m_data->m_issuer = issuer;
65 m_data->m_entries = revoked;
83 if(!crl_akid.empty() && !cert_akid.empty()) {
84 if(crl_akid != cert_akid) {
89 const std::vector<uint8_t>& cert_serial = cert.
serial_number();
95 if(cert_serial == entry.serial_number()) {
112std::unique_ptr<CRL_Data> decode_crl_body(
const std::vector<uint8_t>& body,
const AlgorithmIdentifier& sig_algo) {
113 auto data = std::make_unique<CRL_Data>();
118 data->m_version += 1;
120 if(data->m_version != 1 && data->m_version != 2) {
121 throw Decoding_Error(
"Unknown X.509 CRL version " + std::to_string(data->m_version));
124 AlgorithmIdentifier sig_algo_inner;
125 tbs_crl.decode(sig_algo_inner);
127 if(sig_algo != sig_algo_inner) {
128 throw Decoding_Error(
"Algorithm identifier mismatch in CRL");
131 tbs_crl.decode(data->m_issuer).decode(data->m_this_update).decode(data->m_next_update);
133 BER_Object next = tbs_crl.get_next_object();
136 BER_Decoder cert_list(std::move(next));
138 while(cert_list.more_items()) {
140 cert_list.decode(entry);
141 data->m_entries.push_back(entry);
143 next = tbs_crl.get_next_object();
147 BER_Decoder crl_options(std::move(next));
148 crl_options.decode(data->m_extensions).verify_end();
149 next = tbs_crl.get_next_object();
153 throw Decoding_Error(
"Unknown tag following extensions in CRL");
156 tbs_crl.verify_end();
159 if(
auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::CRL_Number>()) {
160 data->m_crl_number = ext->get_crl_number();
162 if(
auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>()) {
163 data->m_auth_key_id = ext->get_key_id();
165 if(
auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::CRL_Issuing_Distribution_Point>()) {
166 data->m_idp_urls = ext->get_point().get_attribute(
"URL");
174void X509_CRL::force_decode() {
178const CRL_Data& X509_CRL::data()
const {
180 throw Invalid_State(
"X509_CRL uninitialized");
186 return data().m_extensions;
193 return data().m_entries;
197 return static_cast<uint32_t
>(data().m_version);
204 return data().m_issuer;
211 return data().m_auth_key_id;
218 return static_cast<uint32_t
>(data().m_crl_number);
225 return data().m_this_update;
232 return data().m_next_update;
239 if(!data().m_idp_urls.empty()) {
240 return data().m_idp_urls[0];
249 return data().m_idp_urls;
const std::vector< CRL_Entry > & get_revoked() const
const std::vector< uint8_t > & authority_key_id() const
const X509_Time & this_update() const
std::vector< std::string > issuing_distribution_points() const
const Extensions & extensions() const
uint32_t crl_number() const
const X509_Time & next_update() const
const X509_DN & issuer_dn() const
bool is_revoked(const X509_Certificate &cert) const
std::string crl_issuing_distribution_point() const
uint32_t x509_version() const
const std::vector< uint8_t > & serial_number() const
const std::vector< uint8_t > & authority_key_id() const
const X509_DN & issuer_dn() const
const std::vector< uint8_t > & signed_body() const
const AlgorithmIdentifier & signature_algorithm() const
void load_data(DataSource &src)