/src/botan/src/lib/x509/ocsp_types.cpp

Source (jump to first uncovered line)
/*
* OCSP subtypes
* (C) 2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/ocsp_types.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/x509_ext.h>
#include <botan/hash.h>

namespace Botan {

namespace OCSP {

CertID::CertID(const X509_Certificate& issuer,
               const BigInt& subject_serial)
   {
   /*
   In practice it seems some responders, including, notably,
   ocsp.verisign.com, will reject anything but SHA-1 here
   */
   std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));

   m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
   m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
   m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
   m_subject_serial = subject_serial;
   }

bool CertID::is_id_for(const X509_Certificate& issuer,
                       const X509_Certificate& subject) const
   {
   try
      {
      if(BigInt::decode(subject.serial_number()) != m_subject_serial)
         return false;

      const std::string hash_algo = m_hash_id.get_oid().to_formatted_string();
      std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo);

      if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
         return false;

      if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
         return false;
      }
   catch(...)
      {
      return false;
      }

   return true;
   }

void CertID::encode_into(class DER_Encoder& to) const
   {
   to.start_cons(SEQUENCE)
      .encode(m_hash_id)
      .encode(m_issuer_dn_hash, OCTET_STRING)
      .encode(m_issuer_key_hash, OCTET_STRING)
      .encode(m_subject_serial)
      .end_cons();
   }

void CertID::decode_from(class BER_Decoder& from)
   {
   from.start_cons(SEQUENCE)
      .decode(m_hash_id)
      .decode(m_issuer_dn_hash, OCTET_STRING)
      .decode(m_issuer_key_hash, OCTET_STRING)
      .decode(m_subject_serial)
      .end_cons();

   }

void SingleResponse::encode_into(class DER_Encoder&) const
   {
   throw Not_Implemented("SingleResponse::encode_into");
   }

void SingleResponse::decode_from(class BER_Decoder& from)
   {
   BER_Object cert_status;
   Extensions extensions;

   from.start_cons(SEQUENCE)
      .decode(m_certid)
      .get_next(cert_status)
      .decode(m_thisupdate)
      .decode_optional(m_nextupdate, ASN1_Tag(0),
                       ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))
      .decode_optional(extensions,
                       ASN1_Tag(1),
                       ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))
      .end_cons();

   m_cert_status = cert_status.type();
   }

}

}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* OCSP subtypes
3		* (C) 2012 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/ocsp_types.h>
9		#include <botan/der_enc.h>
10		#include <botan/ber_dec.h>
11		#include <botan/x509_ext.h>
12		#include <botan/hash.h>
13
14		namespace Botan {
15
16		namespace OCSP {
17
18		CertID::CertID(const X509_Certificate& issuer,
19		const BigInt& subject_serial)
20	0	{
21	0	/*
22	0	In practice it seems some responders, including, notably,
23	0	ocsp.verisign.com, will reject anything but SHA-1 here
24	0	*/
25	0	std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
26	0
27	0	m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
28	0	m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
29	0	m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
30	0	m_subject_serial = subject_serial;
31	0	}
32
33		bool CertID::is_id_for(const X509_Certificate& issuer,
34		const X509_Certificate& subject) const
35	0	{
36	0	try
37	0	{
38	0	if(BigInt::decode(subject.serial_number()) != m_subject_serial)
39	0	return false;
40	0
41	0	const std::string hash_algo = m_hash_id.get_oid().to_formatted_string();
42	0	std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo);
43	0
44	0	if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45	0	return false;
46	0
47	0	if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48	0	return false;
49	0	}
50	0	catch(...)
51	0	{
52	0	return false;
53	0	}
54	0
55	0	return true;
56	0	}
57
58		void CertID::encode_into(class DER_Encoder& to) const
59	0	{
60	0	to.start_cons(SEQUENCE)
61	0	.encode(m_hash_id)
62	0	.encode(m_issuer_dn_hash, OCTET_STRING)
63	0	.encode(m_issuer_key_hash, OCTET_STRING)
64	0	.encode(m_subject_serial)
65	0	.end_cons();
66	0	}
67
68		void CertID::decode_from(class BER_Decoder& from)
69	57	{
70	57	from.start_cons(SEQUENCE)
71	57	.decode(m_hash_id)
72	57	.decode(m_issuer_dn_hash, OCTET_STRING)
73	57	.decode(m_issuer_key_hash, OCTET_STRING)
74	57	.decode(m_subject_serial)
75	57	.end_cons();
76	57
77	57	}
78
79		void SingleResponse::encode_into(class DER_Encoder&) const
80	0	{
81	0	throw Not_Implemented("SingleResponse::encode_into");
82	0	}
83
84		void SingleResponse::decode_from(class BER_Decoder& from)
85	64	{
86	64	BER_Object cert_status;
87	64	Extensions extensions;
88	64
89	64	from.start_cons(SEQUENCE)
90	64	.decode(m_certid)
91	64	.get_next(cert_status)
92	64	.decode(m_thisupdate)
93	64	.decode_optional(m_nextupdate, ASN1_Tag(0),
94	64	ASN1_Tag(CONTEXT_SPECIFIC \| CONSTRUCTED))
95	64	.decode_optional(extensions,
96	64	ASN1_Tag(1),
97	64	ASN1_Tag(CONTEXT_SPECIFIC \| CONSTRUCTED))
98	64	.end_cons();
99	64
100	64	m_cert_status = cert_status.type();
101	64	}
102
103		}
104
105		}

Coverage Report

Created: 2019-12-03 15:21