/src/botan/src/lib/x509/ocsp_types.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * OCSP subtypes |
3 | | * (C) 2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/ocsp_types.h> |
9 | | #include <botan/der_enc.h> |
10 | | #include <botan/ber_dec.h> |
11 | | #include <botan/x509_ext.h> |
12 | | #include <botan/hash.h> |
13 | | |
14 | | namespace Botan { |
15 | | |
16 | | namespace OCSP { |
17 | | |
18 | | CertID::CertID(const X509_Certificate& issuer, |
19 | | const BigInt& subject_serial) |
20 | 0 | { |
21 | 0 | /* |
22 | 0 | In practice it seems some responders, including, notably, |
23 | 0 | ocsp.verisign.com, will reject anything but SHA-1 here |
24 | 0 | */ |
25 | 0 | std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160")); |
26 | 0 |
|
27 | 0 | m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM); |
28 | 0 | m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring())); |
29 | 0 | m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn())); |
30 | 0 | m_subject_serial = subject_serial; |
31 | 0 | } |
32 | | |
33 | | bool CertID::is_id_for(const X509_Certificate& issuer, |
34 | | const X509_Certificate& subject) const |
35 | 0 | { |
36 | 0 | try |
37 | 0 | { |
38 | 0 | if(BigInt::decode(subject.serial_number()) != m_subject_serial) |
39 | 0 | return false; |
40 | 0 | |
41 | 0 | const std::string hash_algo = m_hash_id.get_oid().to_formatted_string(); |
42 | 0 | std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo); |
43 | 0 |
|
44 | 0 | if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) |
45 | 0 | return false; |
46 | 0 | |
47 | 0 | if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) |
48 | 0 | return false; |
49 | 0 | } |
50 | 0 | catch(...) |
51 | 0 | { |
52 | 0 | return false; |
53 | 0 | } |
54 | 0 | |
55 | 0 | return true; |
56 | 0 | } |
57 | | |
58 | | void CertID::encode_into(class DER_Encoder& to) const |
59 | 0 | { |
60 | 0 | to.start_cons(SEQUENCE) |
61 | 0 | .encode(m_hash_id) |
62 | 0 | .encode(m_issuer_dn_hash, OCTET_STRING) |
63 | 0 | .encode(m_issuer_key_hash, OCTET_STRING) |
64 | 0 | .encode(m_subject_serial) |
65 | 0 | .end_cons(); |
66 | 0 | } |
67 | | |
68 | | void CertID::decode_from(class BER_Decoder& from) |
69 | 57 | { |
70 | 57 | from.start_cons(SEQUENCE) |
71 | 57 | .decode(m_hash_id) |
72 | 57 | .decode(m_issuer_dn_hash, OCTET_STRING) |
73 | 57 | .decode(m_issuer_key_hash, OCTET_STRING) |
74 | 57 | .decode(m_subject_serial) |
75 | 57 | .end_cons(); |
76 | 57 | |
77 | 57 | } |
78 | | |
79 | | void SingleResponse::encode_into(class DER_Encoder&) const |
80 | 0 | { |
81 | 0 | throw Not_Implemented("SingleResponse::encode_into"); |
82 | 0 | } |
83 | | |
84 | | void SingleResponse::decode_from(class BER_Decoder& from) |
85 | 64 | { |
86 | 64 | BER_Object cert_status; |
87 | 64 | Extensions extensions; |
88 | 64 | |
89 | 64 | from.start_cons(SEQUENCE) |
90 | 64 | .decode(m_certid) |
91 | 64 | .get_next(cert_status) |
92 | 64 | .decode(m_thisupdate) |
93 | 64 | .decode_optional(m_nextupdate, ASN1_Tag(0), |
94 | 64 | ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) |
95 | 64 | .decode_optional(extensions, |
96 | 64 | ASN1_Tag(1), |
97 | 64 | ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) |
98 | 64 | .end_cons(); |
99 | 64 | |
100 | 64 | m_cert_status = cert_status.type(); |
101 | 64 | } |
102 | | |
103 | | } |
104 | | |
105 | | } |