/src/botan/src/lib/x509/x509cert.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * X.509 Certificates |
3 | | * (C) 1999-2010,2015,2017 Jack Lloyd |
4 | | * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/x509cert.h> |
10 | | #include <botan/datastor.h> |
11 | | #include <botan/pk_keys.h> |
12 | | #include <botan/x509_ext.h> |
13 | | #include <botan/ber_dec.h> |
14 | | #include <botan/parsing.h> |
15 | | #include <botan/bigint.h> |
16 | | #include <botan/oids.h> |
17 | | #include <botan/hash.h> |
18 | | #include <botan/hex.h> |
19 | | #include <algorithm> |
20 | | #include <sstream> |
21 | | |
22 | | namespace Botan { |
23 | | |
24 | | struct X509_Certificate_Data |
25 | | { |
26 | | std::vector<uint8_t> m_serial; |
27 | | AlgorithmIdentifier m_sig_algo_inner; |
28 | | X509_DN m_issuer_dn; |
29 | | X509_DN m_subject_dn; |
30 | | std::vector<uint8_t> m_issuer_dn_bits; |
31 | | std::vector<uint8_t> m_subject_dn_bits; |
32 | | X509_Time m_not_before; |
33 | | X509_Time m_not_after; |
34 | | std::vector<uint8_t> m_subject_public_key_bits; |
35 | | std::vector<uint8_t> m_subject_public_key_bits_seq; |
36 | | std::vector<uint8_t> m_subject_public_key_bitstring; |
37 | | std::vector<uint8_t> m_subject_public_key_bitstring_sha1; |
38 | | AlgorithmIdentifier m_subject_public_key_algid; |
39 | | |
40 | | std::vector<uint8_t> m_v2_issuer_key_id; |
41 | | std::vector<uint8_t> m_v2_subject_key_id; |
42 | | Extensions m_v3_extensions; |
43 | | |
44 | | std::vector<OID> m_extended_key_usage; |
45 | | std::vector<uint8_t> m_authority_key_id; |
46 | | std::vector<uint8_t> m_subject_key_id; |
47 | | std::vector<OID> m_cert_policies; |
48 | | |
49 | | std::vector<std::string> m_crl_distribution_points; |
50 | | std::string m_ocsp_responder; |
51 | | std::vector<std::string> m_ca_issuers; |
52 | | |
53 | | std::vector<uint8_t> m_issuer_dn_bits_sha256; |
54 | | std::vector<uint8_t> m_subject_dn_bits_sha256; |
55 | | |
56 | | std::string m_fingerprint_sha1; |
57 | | std::string m_fingerprint_sha256; |
58 | | |
59 | | AlternativeName m_subject_alt_name; |
60 | | AlternativeName m_issuer_alt_name; |
61 | | NameConstraints m_name_constraints; |
62 | | |
63 | | Data_Store m_subject_ds; |
64 | | Data_Store m_issuer_ds; |
65 | | |
66 | | size_t m_version = 0; |
67 | | size_t m_path_len_constraint = 0; |
68 | | Key_Constraints m_key_constraints = NO_CONSTRAINTS; |
69 | | bool m_self_signed = false; |
70 | | bool m_is_ca_certificate = false; |
71 | | bool m_serial_negative = false; |
72 | | }; |
73 | | |
74 | | std::string X509_Certificate::PEM_label() const |
75 | 9.68k | { |
76 | 9.68k | return "CERTIFICATE"; |
77 | 9.68k | } |
78 | | |
79 | | std::vector<std::string> X509_Certificate::alternate_PEM_labels() const |
80 | 116 | { |
81 | 116 | return { "X509 CERTIFICATE" }; |
82 | 116 | } |
83 | | |
84 | | X509_Certificate::X509_Certificate(DataSource& src) |
85 | 15.0k | { |
86 | 15.0k | load_data(src); |
87 | 15.0k | } |
88 | | |
89 | | X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec) |
90 | 0 | { |
91 | 0 | DataSource_Memory src(vec.data(), vec.size()); |
92 | 0 | load_data(src); |
93 | 0 | } |
94 | | |
95 | | X509_Certificate::X509_Certificate(const uint8_t data[], size_t len) |
96 | 1.40k | { |
97 | 1.40k | DataSource_Memory src(data, len); |
98 | 1.40k | load_data(src); |
99 | 1.40k | } |
100 | | |
101 | | #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) |
102 | | X509_Certificate::X509_Certificate(const std::string& fsname) |
103 | 0 | { |
104 | 0 | DataSource_Stream src(fsname, true); |
105 | 0 | load_data(src); |
106 | 0 | } |
107 | | #endif |
108 | | |
109 | | namespace { |
110 | | |
111 | | std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& obj) |
112 | 14.1k | { |
113 | 14.1k | std::unique_ptr<X509_Certificate_Data> data(new X509_Certificate_Data); |
114 | 14.1k | |
115 | 14.1k | BigInt serial_bn; |
116 | 14.1k | BER_Object public_key; |
117 | 14.1k | BER_Object v3_exts_data; |
118 | 14.1k | |
119 | 14.1k | BER_Decoder(obj.signed_body()) |
120 | 14.1k | .decode_optional(data->m_version, ASN1_Tag(0), ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) |
121 | 14.1k | .decode(serial_bn) |
122 | 14.1k | .decode(data->m_sig_algo_inner) |
123 | 14.1k | .decode(data->m_issuer_dn) |
124 | 14.1k | .start_cons(SEQUENCE) |
125 | 14.1k | .decode(data->m_not_before) |
126 | 14.1k | .decode(data->m_not_after) |
127 | 14.1k | .end_cons() |
128 | 14.1k | .decode(data->m_subject_dn) |
129 | 14.1k | .get_next(public_key) |
130 | 14.1k | .decode_optional_string(data->m_v2_issuer_key_id, BIT_STRING, 1) |
131 | 14.1k | .decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2) |
132 | 14.1k | .get_next(v3_exts_data) |
133 | 14.1k | .verify_end("TBSCertificate has extra data after extensions block"); |
134 | 14.1k | |
135 | 14.1k | if(data->m_version > 2) |
136 | 9 | throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); |
137 | 14.1k | if(obj.signature_algorithm() != data->m_sig_algo_inner) |
138 | 88 | throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields"); |
139 | 14.0k | |
140 | 14.0k | public_key.assert_is_a(SEQUENCE, CONSTRUCTED, "X.509 certificate public key"); |
141 | 14.0k | |
142 | 14.0k | // crude method to save the serial's sign; will get lost during decoding, otherwise |
143 | 14.0k | data->m_serial_negative = serial_bn.is_negative(); |
144 | 14.0k | |
145 | 14.0k | // for general sanity convert wire version (0 based) to standards version (v1 .. v3) |
146 | 14.0k | data->m_version += 1; |
147 | 14.0k | |
148 | 14.0k | data->m_serial = BigInt::encode(serial_bn); |
149 | 14.0k | data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); |
150 | 14.0k | data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); |
151 | 14.0k | |
152 | 14.0k | // validate_public_key_params(public_key.value); |
153 | 14.0k | AlgorithmIdentifier public_key_alg_id; |
154 | 14.0k | BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); |
155 | 14.0k | |
156 | 14.0k | const std::vector<std::string> public_key_info = |
157 | 14.0k | split_on(OIDS::oid2str_or_empty(public_key_alg_id.get_oid()), '/'); |
158 | 14.0k | |
159 | 14.0k | if(!public_key_info.empty() && public_key_info[0] == "RSA") |
160 | 7.03k | { |
161 | 7.03k | // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP |
162 | 7.03k | if(public_key_info.size() >= 2) |
163 | 566 | { |
164 | 566 | if(public_key_info[1] == "EMSA4") |
165 | 8 | { |
166 | 8 | /* |
167 | 8 | When the RSA private key owner wishes to limit the use of the public |
168 | 8 | key exclusively to RSASSA-PSS, then the id-RSASSA-PSS object |
169 | 8 | identifier MUST be used in the algorithm field within the subject |
170 | 8 | public key information, and, if present, the parameters field MUST |
171 | 8 | contain RSASSA-PSS-params. |
172 | 8 | |
173 | 8 | All parameters in the signature structure algorithm identifier MUST |
174 | 8 | match the parameters in the key structure algorithm identifier |
175 | 8 | except the saltLength field. The saltLength field in the signature parameters |
176 | 8 | MUST be greater or equal to that in the key parameters field. |
177 | 8 | |
178 | 8 | ToDo: Allow salt length to be greater |
179 | 8 | */ |
180 | 8 | if(public_key_alg_id != obj.signature_algorithm()) |
181 | 3 | { |
182 | 3 | throw Decoding_Error("Algorithm identifier mismatch"); |
183 | 3 | } |
184 | 6.46k | } |
185 | 6.46k | } |
186 | 6.46k | else |
187 | 6.46k | { |
188 | 6.46k | // oid = rsaEncryption -> parameters field MUST contain NULL |
189 | 6.46k | if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM)) |
190 | 40 | { |
191 | 40 | throw Decoding_Error("RSA algorithm parameters field MUST contain NULL"); |
192 | 40 | } |
193 | 14.0k | } |
194 | 7.03k | } |
195 | 14.0k | |
196 | 14.0k | data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); |
197 | 14.0k | |
198 | 14.0k | data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits); |
199 | 14.0k | |
200 | 14.0k | BER_Decoder(data->m_subject_public_key_bits) |
201 | 14.0k | .decode(data->m_subject_public_key_algid) |
202 | 14.0k | .decode(data->m_subject_public_key_bitstring, BIT_STRING); |
203 | 14.0k | |
204 | 14.0k | if(v3_exts_data.is_a(3, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) |
205 | 4.68k | { |
206 | 4.68k | // Path validation will reject a v1/v2 cert with v3 extensions |
207 | 4.68k | BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end(); |
208 | 4.68k | } |
209 | 9.35k | else if(v3_exts_data.is_set()) |
210 | 9 | { |
211 | 9 | throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); |
212 | 9 | } |
213 | 14.0k | |
214 | 14.0k | // Now cache some fields from the extensions |
215 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>()) |
216 | 122 | { |
217 | 122 | data->m_key_constraints = ext->get_constraints(); |
218 | 122 | } |
219 | 13.9k | else |
220 | 13.9k | { |
221 | 13.9k | data->m_key_constraints = NO_CONSTRAINTS; |
222 | 13.9k | } |
223 | 14.0k | |
224 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Key_ID>()) |
225 | 600 | { |
226 | 600 | data->m_subject_key_id = ext->get_key_id(); |
227 | 600 | } |
228 | 14.0k | |
229 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>()) |
230 | 654 | { |
231 | 654 | data->m_authority_key_id = ext->get_key_id(); |
232 | 654 | } |
233 | 14.0k | |
234 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>()) |
235 | 78 | { |
236 | 78 | data->m_name_constraints = ext->get_name_constraints(); |
237 | 78 | } |
238 | 14.0k | |
239 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>()) |
240 | 276 | { |
241 | 276 | if(ext->get_is_ca() == true) |
242 | 89 | { |
243 | 89 | if(data->m_key_constraints == NO_CONSTRAINTS || |
244 | 89 | (data->m_key_constraints & KEY_CERT_SIGN)) |
245 | 75 | { |
246 | 75 | data->m_is_ca_certificate = true; |
247 | 75 | data->m_path_len_constraint = ext->get_path_limit(); |
248 | 75 | } |
249 | 89 | } |
250 | 276 | } |
251 | 14.0k | |
252 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Issuer_Alternative_Name>()) |
253 | 182 | { |
254 | 182 | data->m_issuer_alt_name = ext->get_alt_name(); |
255 | 182 | } |
256 | 14.0k | |
257 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>()) |
258 | 301 | { |
259 | 301 | data->m_subject_alt_name = ext->get_alt_name(); |
260 | 301 | } |
261 | 14.0k | |
262 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Extended_Key_Usage>()) |
263 | 169 | { |
264 | 169 | data->m_extended_key_usage = ext->get_oids(); |
265 | 169 | } |
266 | 14.0k | |
267 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>()) |
268 | 122 | { |
269 | 122 | data->m_cert_policies = ext->get_policy_oids(); |
270 | 122 | } |
271 | 14.0k | |
272 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>()) |
273 | 65 | { |
274 | 65 | data->m_ocsp_responder = ext->ocsp_responder(); |
275 | 65 | data->m_ca_issuers = ext->ca_issuers(); |
276 | 65 | } |
277 | 14.0k | |
278 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::CRL_Distribution_Points>()) |
279 | 74 | { |
280 | 74 | data->m_crl_distribution_points = ext->crl_distribution_urls(); |
281 | 74 | } |
282 | 14.0k | |
283 | 14.0k | // Check for self-signed vs self-issued certificates |
284 | 14.0k | if(data->m_subject_dn == data->m_issuer_dn) |
285 | 9.18k | { |
286 | 9.18k | if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false) |
287 | 126 | { |
288 | 126 | data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id); |
289 | 126 | } |
290 | 9.05k | else |
291 | 9.05k | { |
292 | 9.05k | /* |
293 | 9.05k | If a parse error or unknown algorithm is encountered, default |
294 | 9.05k | to assuming it is self signed. We have no way of being certain but |
295 | 9.05k | that is usually the default case (self-issued is rare in practice). |
296 | 9.05k | */ |
297 | 9.05k | data->m_self_signed = true; |
298 | 9.05k | |
299 | 9.05k | try |
300 | 9.05k | { |
301 | 9.05k | std::unique_ptr<Public_Key> pub_key(X509::load_key(data->m_subject_public_key_bits_seq)); |
302 | 9.05k | |
303 | 9.05k | Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); |
304 | 9.05k | |
305 | 9.05k | if(sig_status == Certificate_Status_Code::OK || |
306 | 9.05k | sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) |
307 | 5.33k | { |
308 | 5.33k | data->m_self_signed = true; |
309 | 5.33k | } |
310 | 3.72k | else |
311 | 3.72k | { |
312 | 3.72k | data->m_self_signed = false; |
313 | 3.72k | } |
314 | 9.05k | } |
315 | 9.05k | catch(...) |
316 | 9.05k | { |
317 | 1.35k | // ignore errors here to allow parsing to continue |
318 | 1.35k | } |
319 | 9.05k | } |
320 | 9.18k | } |
321 | 14.0k | |
322 | 14.0k | const std::vector<uint8_t> full_encoding = obj.BER_encode(); |
323 | 14.0k | |
324 | 14.0k | std::unique_ptr<HashFunction> sha1(HashFunction::create("SHA-1")); |
325 | 14.0k | if(sha1) |
326 | 11.7k | { |
327 | 11.7k | sha1->update(data->m_subject_public_key_bitstring); |
328 | 11.7k | data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec(); |
329 | 11.7k | // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called |
330 | 11.7k | |
331 | 11.7k | data->m_fingerprint_sha1 = create_hex_fingerprint(full_encoding, "SHA-1"); |
332 | 11.7k | } |
333 | 14.0k | |
334 | 14.0k | std::unique_ptr<HashFunction> sha256(HashFunction::create("SHA-256")); |
335 | 14.0k | if(sha256) |
336 | 11.7k | { |
337 | 11.7k | sha256->update(data->m_issuer_dn_bits); |
338 | 11.7k | data->m_issuer_dn_bits_sha256 = sha256->final_stdvec(); |
339 | 11.7k | |
340 | 11.7k | sha256->update(data->m_subject_dn_bits); |
341 | 11.7k | data->m_subject_dn_bits_sha256 = sha256->final_stdvec(); |
342 | 11.7k | |
343 | 11.7k | data->m_fingerprint_sha256 = create_hex_fingerprint(full_encoding, "SHA-256"); |
344 | 11.7k | } |
345 | 14.0k | |
346 | 14.0k | data->m_subject_ds.add(data->m_subject_dn.contents()); |
347 | 14.0k | data->m_issuer_ds.add(data->m_issuer_dn.contents()); |
348 | 14.0k | data->m_v3_extensions.contents_to(data->m_subject_ds, data->m_issuer_ds); |
349 | 14.0k | |
350 | 14.0k | return data; |
351 | 14.0k | } |
352 | | |
353 | | } |
354 | | |
355 | | /* |
356 | | * Decode the TBSCertificate data |
357 | | */ |
358 | | void X509_Certificate::force_decode() |
359 | 14.1k | { |
360 | 14.1k | m_data.reset(); |
361 | 14.1k | |
362 | 14.1k | std::unique_ptr<X509_Certificate_Data> data = parse_x509_cert_body(*this); |
363 | 14.1k | |
364 | 14.1k | m_data.reset(data.release()); |
365 | 14.1k | } |
366 | | |
367 | | const X509_Certificate_Data& X509_Certificate::data() const |
368 | 50.2k | { |
369 | 50.2k | if(m_data == nullptr) |
370 | 0 | { |
371 | 0 | throw Invalid_State("X509_Certificate uninitialized"); |
372 | 0 | } |
373 | 50.2k | return *m_data.get(); |
374 | 50.2k | } |
375 | | |
376 | | uint32_t X509_Certificate::x509_version() const |
377 | 0 | { |
378 | 0 | return static_cast<uint32_t>(data().m_version); |
379 | 0 | } |
380 | | |
381 | | bool X509_Certificate::is_self_signed() const |
382 | 4.44k | { |
383 | 4.44k | return data().m_self_signed; |
384 | 4.44k | } |
385 | | |
386 | | const X509_Time& X509_Certificate::not_before() const |
387 | 0 | { |
388 | 0 | return data().m_not_before; |
389 | 0 | } |
390 | | |
391 | | const X509_Time& X509_Certificate::not_after() const |
392 | 0 | { |
393 | 0 | return data().m_not_after; |
394 | 0 | } |
395 | | |
396 | | const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const |
397 | 0 | { |
398 | 0 | return data().m_subject_public_key_algid; |
399 | 0 | } |
400 | | |
401 | | const std::vector<uint8_t>& X509_Certificate::v2_issuer_key_id() const |
402 | 0 | { |
403 | 0 | return data().m_v2_issuer_key_id; |
404 | 0 | } |
405 | | |
406 | | const std::vector<uint8_t>& X509_Certificate::v2_subject_key_id() const |
407 | 0 | { |
408 | 0 | return data().m_v2_subject_key_id; |
409 | 0 | } |
410 | | |
411 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bits() const |
412 | 0 | { |
413 | 0 | return data().m_subject_public_key_bits; |
414 | 0 | } |
415 | | |
416 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_info() const |
417 | 1.69k | { |
418 | 1.69k | return data().m_subject_public_key_bits_seq; |
419 | 1.69k | } |
420 | | |
421 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring() const |
422 | 0 | { |
423 | 0 | return data().m_subject_public_key_bitstring; |
424 | 0 | } |
425 | | |
426 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring_sha1() const |
427 | 0 | { |
428 | 0 | if(data().m_subject_public_key_bitstring_sha1.empty()) |
429 | 0 | throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build"); |
430 | 0 | |
431 | 0 | return data().m_subject_public_key_bitstring_sha1; |
432 | 0 | } |
433 | | |
434 | | const std::vector<uint8_t>& X509_Certificate::authority_key_id() const |
435 | 3.52k | { |
436 | 3.52k | return data().m_authority_key_id; |
437 | 3.52k | } |
438 | | |
439 | | const std::vector<uint8_t>& X509_Certificate::subject_key_id() const |
440 | 5.99k | { |
441 | 5.99k | return data().m_subject_key_id; |
442 | 5.99k | } |
443 | | |
444 | | const std::vector<uint8_t>& X509_Certificate::serial_number() const |
445 | 0 | { |
446 | 0 | return data().m_serial; |
447 | 0 | } |
448 | | |
449 | | bool X509_Certificate::is_serial_negative() const |
450 | 0 | { |
451 | 0 | return data().m_serial_negative; |
452 | 0 | } |
453 | | |
454 | | |
455 | | const X509_DN& X509_Certificate::issuer_dn() const |
456 | 3.52k | { |
457 | 3.52k | return data().m_issuer_dn; |
458 | 3.52k | } |
459 | | |
460 | | const X509_DN& X509_Certificate::subject_dn() const |
461 | 9.82k | { |
462 | 9.82k | return data().m_subject_dn; |
463 | 9.82k | } |
464 | | |
465 | | const std::vector<uint8_t>& X509_Certificate::raw_issuer_dn() const |
466 | 0 | { |
467 | 0 | return data().m_issuer_dn_bits; |
468 | 0 | } |
469 | | |
470 | | const std::vector<uint8_t>& X509_Certificate::raw_subject_dn() const |
471 | 0 | { |
472 | 0 | return data().m_subject_dn_bits; |
473 | 0 | } |
474 | | |
475 | | bool X509_Certificate::is_CA_cert() const |
476 | 0 | { |
477 | 0 | if(data().m_version < 3 && data().m_self_signed) |
478 | 0 | return true; |
479 | 0 | |
480 | 0 | return data().m_is_ca_certificate; |
481 | 0 | } |
482 | | |
483 | | uint32_t X509_Certificate::path_limit() const |
484 | 0 | { |
485 | 0 | if(data().m_version < 3 && data().m_self_signed) |
486 | 0 | return 32; // in theory infinite, but this is more than enough |
487 | 0 | |
488 | 0 | return static_cast<uint32_t>(data().m_path_len_constraint); |
489 | 0 | } |
490 | | |
491 | | Key_Constraints X509_Certificate::constraints() const |
492 | 0 | { |
493 | 0 | return data().m_key_constraints; |
494 | 0 | } |
495 | | |
496 | | const std::vector<OID>& X509_Certificate::extended_key_usage() const |
497 | 0 | { |
498 | 0 | return data().m_extended_key_usage; |
499 | 0 | } |
500 | | |
501 | | const std::vector<OID>& X509_Certificate::certificate_policy_oids() const |
502 | 0 | { |
503 | 0 | return data().m_cert_policies; |
504 | 0 | } |
505 | | |
506 | | const NameConstraints& X509_Certificate::name_constraints() const |
507 | 0 | { |
508 | 0 | return data().m_name_constraints; |
509 | 0 | } |
510 | | |
511 | | const Extensions& X509_Certificate::v3_extensions() const |
512 | 0 | { |
513 | 0 | return data().m_v3_extensions; |
514 | 0 | } |
515 | | |
516 | | bool X509_Certificate::allowed_usage(Key_Constraints usage) const |
517 | 0 | { |
518 | 0 | if(constraints() == NO_CONSTRAINTS) |
519 | 0 | return true; |
520 | 0 | return ((constraints() & usage) == usage); |
521 | 0 | } |
522 | | |
523 | | bool X509_Certificate::allowed_extended_usage(const std::string& usage) const |
524 | 0 | { |
525 | 0 | return allowed_extended_usage(OID::from_string(usage)); |
526 | 0 | } |
527 | | |
528 | | bool X509_Certificate::allowed_extended_usage(const OID& usage) const |
529 | 0 | { |
530 | 0 | const std::vector<OID>& ex = extended_key_usage(); |
531 | 0 | if(ex.empty()) |
532 | 0 | return true; |
533 | 0 | |
534 | 0 | if(std::find(ex.begin(), ex.end(), usage) != ex.end()) |
535 | 0 | return true; |
536 | 0 | |
537 | 0 | return false; |
538 | 0 | } |
539 | | |
540 | | bool X509_Certificate::allowed_usage(Usage_Type usage) const |
541 | 0 | { |
542 | 0 | // These follow suggestions in RFC 5280 4.2.1.12 |
543 | 0 |
|
544 | 0 | switch(usage) |
545 | 0 | { |
546 | 0 | case Usage_Type::UNSPECIFIED: |
547 | 0 | return true; |
548 | 0 |
|
549 | 0 | case Usage_Type::TLS_SERVER_AUTH: |
550 | 0 | return (allowed_usage(KEY_AGREEMENT) || allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth"); |
551 | 0 |
|
552 | 0 | case Usage_Type::TLS_CLIENT_AUTH: |
553 | 0 | return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(KEY_AGREEMENT)) && allowed_extended_usage("PKIX.ClientAuth"); |
554 | 0 |
|
555 | 0 | case Usage_Type::OCSP_RESPONDER: |
556 | 0 | return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && allowed_extended_usage("PKIX.OCSPSigning"); |
557 | 0 |
|
558 | 0 | case Usage_Type::CERTIFICATE_AUTHORITY: |
559 | 0 | return is_CA_cert(); |
560 | 0 |
|
561 | 0 | case Usage_Type::ENCRYPTION: |
562 | 0 | return (allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DATA_ENCIPHERMENT)); |
563 | 0 | } |
564 | 0 |
|
565 | 0 | return false; |
566 | 0 | } |
567 | | |
568 | | bool X509_Certificate::has_constraints(Key_Constraints constraints) const |
569 | 0 | { |
570 | 0 | if(this->constraints() == NO_CONSTRAINTS) |
571 | 0 | { |
572 | 0 | return false; |
573 | 0 | } |
574 | 0 | |
575 | 0 | return ((this->constraints() & constraints) != 0); |
576 | 0 | } |
577 | | |
578 | | bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const |
579 | 0 | { |
580 | 0 | return has_ex_constraint(OID::from_string(ex_constraint)); |
581 | 0 | } |
582 | | |
583 | | bool X509_Certificate::has_ex_constraint(const OID& usage) const |
584 | 0 | { |
585 | 0 | const std::vector<OID>& ex = extended_key_usage(); |
586 | 0 | return (std::find(ex.begin(), ex.end(), usage) != ex.end()); |
587 | 0 | } |
588 | | |
589 | | /* |
590 | | * Return if a certificate extension is marked critical |
591 | | */ |
592 | | bool X509_Certificate::is_critical(const std::string& ex_name) const |
593 | 0 | { |
594 | 0 | return v3_extensions().critical_extension_set(OID::from_string(ex_name)); |
595 | 0 | } |
596 | | |
597 | | std::string X509_Certificate::ocsp_responder() const |
598 | 0 | { |
599 | 0 | return data().m_ocsp_responder; |
600 | 0 | } |
601 | | |
602 | | std::vector<std::string> X509_Certificate::ca_issuers() const |
603 | 0 | { |
604 | 0 | return data().m_ca_issuers; |
605 | 0 | } |
606 | | |
607 | | std::string X509_Certificate::crl_distribution_point() const |
608 | 0 | { |
609 | 0 | // just returns the first (arbitrarily) |
610 | 0 | if(data().m_crl_distribution_points.size() > 0) |
611 | 0 | return data().m_crl_distribution_points[0]; |
612 | 0 | return ""; |
613 | 0 | } |
614 | | |
615 | | const AlternativeName& X509_Certificate::subject_alt_name() const |
616 | 0 | { |
617 | 0 | return data().m_subject_alt_name; |
618 | 0 | } |
619 | | |
620 | | const AlternativeName& X509_Certificate::issuer_alt_name() const |
621 | 0 | { |
622 | 0 | return data().m_issuer_alt_name; |
623 | 0 | } |
624 | | |
625 | | /* |
626 | | * Return information about the subject |
627 | | */ |
628 | | std::vector<std::string> |
629 | | X509_Certificate::subject_info(const std::string& req) const |
630 | 0 | { |
631 | 0 | if(req == "Email") |
632 | 0 | return this->subject_info("RFC822"); |
633 | 0 | |
634 | 0 | if(subject_dn().has_field(req)) |
635 | 0 | return subject_dn().get_attribute(req); |
636 | 0 | |
637 | 0 | if(subject_alt_name().has_field(req)) |
638 | 0 | return subject_alt_name().get_attribute(req); |
639 | 0 | |
640 | 0 | // These will be removed later: |
641 | 0 | if(req == "X509.Certificate.v2.key_id") |
642 | 0 | return {hex_encode(this->v2_subject_key_id())}; |
643 | 0 | if(req == "X509v3.SubjectKeyIdentifier") |
644 | 0 | return {hex_encode(this->subject_key_id())}; |
645 | 0 | if(req == "X509.Certificate.dn_bits") |
646 | 0 | return {hex_encode(this->raw_subject_dn())}; |
647 | 0 | if(req == "X509.Certificate.start") |
648 | 0 | return {not_before().to_string()}; |
649 | 0 | if(req == "X509.Certificate.end") |
650 | 0 | return {not_after().to_string()}; |
651 | 0 | |
652 | 0 | if(req == "X509.Certificate.version") |
653 | 0 | return {std::to_string(x509_version())}; |
654 | 0 | if(req == "X509.Certificate.serial") |
655 | 0 | return {hex_encode(serial_number())}; |
656 | 0 | |
657 | 0 | return data().m_subject_ds.get(req); |
658 | 0 | } |
659 | | |
660 | | /* |
661 | | * Return information about the issuer |
662 | | */ |
663 | | std::vector<std::string> |
664 | | X509_Certificate::issuer_info(const std::string& req) const |
665 | 0 | { |
666 | 0 | if(issuer_dn().has_field(req)) |
667 | 0 | return issuer_dn().get_attribute(req); |
668 | 0 | |
669 | 0 | if(issuer_alt_name().has_field(req)) |
670 | 0 | return issuer_alt_name().get_attribute(req); |
671 | 0 | |
672 | 0 | // These will be removed later: |
673 | 0 | if(req == "X509.Certificate.v2.key_id") |
674 | 0 | return {hex_encode(this->v2_issuer_key_id())}; |
675 | 0 | if(req == "X509v3.AuthorityKeyIdentifier") |
676 | 0 | return {hex_encode(this->authority_key_id())}; |
677 | 0 | if(req == "X509.Certificate.dn_bits") |
678 | 0 | return {hex_encode(this->raw_issuer_dn())}; |
679 | 0 | |
680 | 0 | return data().m_issuer_ds.get(req); |
681 | 0 | } |
682 | | |
683 | | /* |
684 | | * Return the public key in this certificate |
685 | | */ |
686 | | std::unique_ptr<Public_Key> X509_Certificate::load_subject_public_key() const |
687 | 1.69k | { |
688 | 1.69k | try |
689 | 1.69k | { |
690 | 1.69k | return std::unique_ptr<Public_Key>(X509::load_key(subject_public_key_info())); |
691 | 1.69k | } |
692 | 664 | catch(std::exception& e) |
693 | 664 | { |
694 | 664 | throw Decoding_Error("X509_Certificate::load_subject_public_key", e); |
695 | 664 | } |
696 | 1.69k | } |
697 | | |
698 | | std::vector<uint8_t> X509_Certificate::raw_issuer_dn_sha256() const |
699 | 0 | { |
700 | 0 | return data().m_issuer_dn_bits_sha256; |
701 | 0 | } |
702 | | |
703 | | std::vector<uint8_t> X509_Certificate::raw_subject_dn_sha256() const |
704 | 0 | { |
705 | 0 | return data().m_subject_dn_bits_sha256; |
706 | 0 | } |
707 | | |
708 | | namespace { |
709 | | |
710 | | /* |
711 | | * Lookup each OID in the vector |
712 | | */ |
713 | | std::vector<std::string> lookup_oids(const std::vector<OID>& oids) |
714 | 0 | { |
715 | 0 | std::vector<std::string> out; |
716 | 0 |
|
717 | 0 | for(const OID& oid : oids) |
718 | 0 | { |
719 | 0 | out.push_back(oid.to_formatted_string()); |
720 | 0 | } |
721 | 0 | return out; |
722 | 0 | } |
723 | | |
724 | | } |
725 | | |
726 | | /* |
727 | | * Return the list of extended key usage OIDs |
728 | | */ |
729 | | std::vector<std::string> X509_Certificate::ex_constraints() const |
730 | 0 | { |
731 | 0 | return lookup_oids(extended_key_usage()); |
732 | 0 | } |
733 | | |
734 | | /* |
735 | | * Return the list of certificate policies |
736 | | */ |
737 | | std::vector<std::string> X509_Certificate::policies() const |
738 | 0 | { |
739 | 0 | return lookup_oids(certificate_policy_oids()); |
740 | 0 | } |
741 | | |
742 | | std::string X509_Certificate::fingerprint(const std::string& hash_name) const |
743 | 10.6k | { |
744 | 10.6k | /* |
745 | 10.6k | * The SHA-1 and SHA-256 fingerprints are precomputed since these |
746 | 10.6k | * are the most commonly used. Especially, SHA-256 fingerprints are |
747 | 10.6k | * used for cycle detection during path construction. |
748 | 10.6k | * |
749 | 10.6k | * If SHA-1 or SHA-256 was missing at parsing time the vectors are |
750 | 10.6k | * left empty in which case we fall back to create_hex_fingerprint |
751 | 10.6k | * which will throw if the hash is unavailable. |
752 | 10.6k | */ |
753 | 10.6k | if(hash_name == "SHA-256" && data().m_fingerprint_sha256.size() > 0) |
754 | 10.6k | return data().m_fingerprint_sha256; |
755 | 0 | else if(hash_name == "SHA-1" && data().m_fingerprint_sha1.size() > 0) |
756 | 0 | return data().m_fingerprint_sha1; |
757 | 0 | else |
758 | 0 | return create_hex_fingerprint(this->BER_encode(), hash_name); |
759 | 10.6k | } |
760 | | |
761 | | bool X509_Certificate::matches_dns_name(const std::string& name) const |
762 | 0 | { |
763 | 0 | if(name.empty()) |
764 | 0 | return false; |
765 | 0 | |
766 | 0 | std::vector<std::string> issued_names = subject_info("DNS"); |
767 | 0 |
|
768 | 0 | // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4) |
769 | 0 | if(issued_names.empty()) |
770 | 0 | issued_names = subject_info("Name"); |
771 | 0 |
|
772 | 0 | for(size_t i = 0; i != issued_names.size(); ++i) |
773 | 0 | { |
774 | 0 | if(host_wildcard_match(issued_names[i], name)) |
775 | 0 | return true; |
776 | 0 | } |
777 | 0 |
|
778 | 0 | return false; |
779 | 0 | } |
780 | | |
781 | | /* |
782 | | * Compare two certificates for equality |
783 | | */ |
784 | | bool X509_Certificate::operator==(const X509_Certificate& other) const |
785 | 1.10k | { |
786 | 1.10k | return (this->signature() == other.signature() && |
787 | 1.10k | this->signature_algorithm() == other.signature_algorithm() && |
788 | 1.10k | this->signed_body() == other.signed_body()); |
789 | 1.10k | } |
790 | | |
791 | | bool X509_Certificate::operator<(const X509_Certificate& other) const |
792 | 0 | { |
793 | 0 | /* If signature values are not equal, sort by lexicographic ordering of that */ |
794 | 0 | if(this->signature() != other.signature()) |
795 | 0 | { |
796 | 0 | return (this->signature() < other.signature()); |
797 | 0 | } |
798 | 0 | |
799 | 0 | // Then compare the signed contents |
800 | 0 | return this->signed_body() < other.signed_body(); |
801 | 0 | } |
802 | | |
803 | | /* |
804 | | * X.509 Certificate Comparison |
805 | | */ |
806 | | bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) |
807 | 0 | { |
808 | 0 | return !(cert1 == cert2); |
809 | 0 | } |
810 | | |
811 | | std::string X509_Certificate::to_string() const |
812 | 0 | { |
813 | 0 | std::ostringstream out; |
814 | 0 |
|
815 | 0 | out << "Version: " << this->x509_version() << "\n"; |
816 | 0 | out << "Subject: " << subject_dn() << "\n"; |
817 | 0 | out << "Issuer: " << issuer_dn() << "\n"; |
818 | 0 | out << "Issued: " << this->not_before().readable_string() << "\n"; |
819 | 0 | out << "Expires: " << this->not_after().readable_string() << "\n"; |
820 | 0 |
|
821 | 0 | out << "Constraints:\n"; |
822 | 0 | Key_Constraints constraints = this->constraints(); |
823 | 0 | if(constraints == NO_CONSTRAINTS) |
824 | 0 | out << " None\n"; |
825 | 0 | else |
826 | 0 | { |
827 | 0 | if(constraints & DIGITAL_SIGNATURE) |
828 | 0 | out << " Digital Signature\n"; |
829 | 0 | if(constraints & NON_REPUDIATION) |
830 | 0 | out << " Non-Repudiation\n"; |
831 | 0 | if(constraints & KEY_ENCIPHERMENT) |
832 | 0 | out << " Key Encipherment\n"; |
833 | 0 | if(constraints & DATA_ENCIPHERMENT) |
834 | 0 | out << " Data Encipherment\n"; |
835 | 0 | if(constraints & KEY_AGREEMENT) |
836 | 0 | out << " Key Agreement\n"; |
837 | 0 | if(constraints & KEY_CERT_SIGN) |
838 | 0 | out << " Cert Sign\n"; |
839 | 0 | if(constraints & CRL_SIGN) |
840 | 0 | out << " CRL Sign\n"; |
841 | 0 | if(constraints & ENCIPHER_ONLY) |
842 | 0 | out << " Encipher Only\n"; |
843 | 0 | if(constraints & DECIPHER_ONLY) |
844 | 0 | out << " Decipher Only\n"; |
845 | 0 | } |
846 | 0 |
|
847 | 0 | const std::vector<OID>& policies = this->certificate_policy_oids(); |
848 | 0 | if(!policies.empty()) |
849 | 0 | { |
850 | 0 | out << "Policies: " << "\n"; |
851 | 0 | for(auto oid : policies) |
852 | 0 | out << " " << oid.to_string() << "\n"; |
853 | 0 | } |
854 | 0 |
|
855 | 0 | const std::vector<OID>& ex_constraints = this->extended_key_usage(); |
856 | 0 | if(!ex_constraints.empty()) |
857 | 0 | { |
858 | 0 | out << "Extended Constraints:\n"; |
859 | 0 | for(auto&& oid : ex_constraints) |
860 | 0 | { |
861 | 0 | out << " " << oid.to_formatted_string() << "\n"; |
862 | 0 | } |
863 | 0 | } |
864 | 0 |
|
865 | 0 | const NameConstraints& name_constraints = this->name_constraints(); |
866 | 0 |
|
867 | 0 | if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty()) |
868 | 0 | { |
869 | 0 | out << "Name Constraints:\n"; |
870 | 0 |
|
871 | 0 | if(!name_constraints.permitted().empty()) |
872 | 0 | { |
873 | 0 | out << " Permit"; |
874 | 0 | for(auto st: name_constraints.permitted()) |
875 | 0 | { |
876 | 0 | out << " " << st.base(); |
877 | 0 | } |
878 | 0 | out << "\n"; |
879 | 0 | } |
880 | 0 |
|
881 | 0 | if(!name_constraints.excluded().empty()) |
882 | 0 | { |
883 | 0 | out << " Exclude"; |
884 | 0 | for(auto st: name_constraints.excluded()) |
885 | 0 | { |
886 | 0 | out << " " << st.base(); |
887 | 0 | } |
888 | 0 | out << "\n"; |
889 | 0 | } |
890 | 0 | } |
891 | 0 |
|
892 | 0 | if(!ocsp_responder().empty()) |
893 | 0 | out << "OCSP responder " << ocsp_responder() << "\n"; |
894 | 0 |
|
895 | 0 | const std::vector<std::string> ca_issuers = this->ca_issuers(); |
896 | 0 | if(!ca_issuers.empty()) |
897 | 0 | { |
898 | 0 | out << "CA Issuers:\n"; |
899 | 0 | for(size_t i = 0; i != ca_issuers.size(); i++) |
900 | 0 | out << " URI: " << ca_issuers[i] << "\n"; |
901 | 0 | } |
902 | 0 |
|
903 | 0 | if(!crl_distribution_point().empty()) |
904 | 0 | out << "CRL " << crl_distribution_point() << "\n"; |
905 | 0 |
|
906 | 0 | out << "Signature algorithm: " << this->signature_algorithm().get_oid().to_formatted_string() << "\n"; |
907 | 0 |
|
908 | 0 | out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; |
909 | 0 |
|
910 | 0 | if(this->authority_key_id().size()) |
911 | 0 | out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; |
912 | 0 |
|
913 | 0 | if(this->subject_key_id().size()) |
914 | 0 | out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; |
915 | 0 |
|
916 | 0 | try |
917 | 0 | { |
918 | 0 | std::unique_ptr<Public_Key> pubkey(this->subject_public_key()); |
919 | 0 | out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n"; |
920 | 0 | out << X509::PEM_encode(*pubkey); |
921 | 0 | } |
922 | 0 | catch(Decoding_Error&) |
923 | 0 | { |
924 | 0 | const AlgorithmIdentifier& alg_id = this->subject_public_key_algo(); |
925 | 0 | out << "Failed to decode key with oid " << alg_id.get_oid().to_string() << "\n"; |
926 | 0 | } |
927 | 0 |
|
928 | 0 | return out.str(); |
929 | 0 | } |
930 | | |
931 | | } |