/src/botan/src/lib/tls/msg_certificate.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Certificate Message |
3 | | * (C) 2004-2006,2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/tls_messages.h> |
9 | | #include <botan/tls_extensions.h> |
10 | | #include <botan/internal/tls_reader.h> |
11 | | #include <botan/internal/tls_handshake_io.h> |
12 | | #include <botan/internal/tls_handshake_hash.h> |
13 | | #include <botan/loadstor.h> |
14 | | #include <botan/data_src.h> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | namespace TLS { |
19 | | |
20 | | /** |
21 | | * Create a new Certificate message |
22 | | */ |
23 | | Certificate::Certificate(Handshake_IO& io, |
24 | | Handshake_Hash& hash, |
25 | | const std::vector<X509_Certificate>& cert_list) : |
26 | | m_certs(cert_list) |
27 | 126 | { |
28 | 126 | hash.update(io.send(*this)); |
29 | 126 | } |
30 | | |
31 | | /** |
32 | | * Deserialize a Certificate message |
33 | | */ |
34 | | Certificate::Certificate(const std::vector<uint8_t>& buf, const Policy& policy) |
35 | 3.35k | { |
36 | 3.35k | if(buf.size() < 3) |
37 | 1 | throw Decoding_Error("Certificate: Message malformed"); |
38 | 3.35k | |
39 | 3.35k | const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]); |
40 | 3.35k | |
41 | 3.35k | if(total_size != buf.size() - 3) |
42 | 27 | throw Decoding_Error("Certificate: Message malformed"); |
43 | 3.32k | |
44 | 3.32k | const size_t max_size = policy.maximum_certificate_chain_size(); |
45 | 3.32k | if(max_size > 0 && total_size > max_size) |
46 | 0 | throw Decoding_Error("Certificate chain exceeds policy specified maximum size"); |
47 | 3.32k | |
48 | 3.32k | const uint8_t* certs = buf.data() + 3; |
49 | 3.32k | |
50 | 8.49k | while(size_t remaining_bytes = buf.data() + buf.size() - certs) |
51 | 5.34k | { |
52 | 5.34k | if(remaining_bytes < 3) |
53 | 2 | throw Decoding_Error("Certificate: Message malformed"); |
54 | 5.34k | |
55 | 5.34k | const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]); |
56 | 5.34k | |
57 | 5.34k | if(remaining_bytes < (3 + cert_size)) |
58 | 177 | throw Decoding_Error("Certificate: Message malformed"); |
59 | 5.16k | |
60 | 5.16k | DataSource_Memory cert_buf(&certs[3], cert_size); |
61 | 5.16k | m_certs.push_back(X509_Certificate(cert_buf)); |
62 | 5.16k | |
63 | 5.16k | certs += cert_size + 3; |
64 | 5.16k | } |
65 | 3.32k | } |
66 | | |
67 | | /** |
68 | | * Serialize a Certificate message |
69 | | */ |
70 | | std::vector<uint8_t> Certificate::serialize() const |
71 | 126 | { |
72 | 126 | std::vector<uint8_t> buf(3); |
73 | 126 | |
74 | 250 | for(size_t i = 0; i != m_certs.size(); ++i) |
75 | 124 | { |
76 | 124 | std::vector<uint8_t> raw_cert = m_certs[i].BER_encode(); |
77 | 124 | const size_t cert_size = raw_cert.size(); |
78 | 496 | for(size_t j = 0; j != 3; ++j) |
79 | 372 | { |
80 | 372 | buf.push_back(get_byte(j+1, static_cast<uint32_t>(cert_size))); |
81 | 372 | } |
82 | 124 | buf += raw_cert; |
83 | 124 | } |
84 | 126 | |
85 | 126 | const size_t buf_size = buf.size() - 3; |
86 | 504 | for(size_t i = 0; i != 3; ++i) |
87 | 378 | buf[i] = get_byte(i+1, static_cast<uint32_t>(buf_size)); |
88 | 126 | |
89 | 126 | return buf; |
90 | 126 | } |
91 | | |
92 | | } |
93 | | |
94 | | } |