/src/botan/src/lib/x509/x509cert.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * X.509 Certificates |
3 | | * (C) 1999-2010,2015,2017 Jack Lloyd |
4 | | * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/x509cert.h> |
10 | | #include <botan/datastor.h> |
11 | | #include <botan/pk_keys.h> |
12 | | #include <botan/x509_ext.h> |
13 | | #include <botan/ber_dec.h> |
14 | | #include <botan/parsing.h> |
15 | | #include <botan/bigint.h> |
16 | | #include <botan/oids.h> |
17 | | #include <botan/hash.h> |
18 | | #include <botan/hex.h> |
19 | | #include <algorithm> |
20 | | #include <sstream> |
21 | | |
22 | | namespace Botan { |
23 | | |
24 | | struct X509_Certificate_Data |
25 | | { |
26 | | std::vector<uint8_t> m_serial; |
27 | | AlgorithmIdentifier m_sig_algo_inner; |
28 | | X509_DN m_issuer_dn; |
29 | | X509_DN m_subject_dn; |
30 | | std::vector<uint8_t> m_issuer_dn_bits; |
31 | | std::vector<uint8_t> m_subject_dn_bits; |
32 | | X509_Time m_not_before; |
33 | | X509_Time m_not_after; |
34 | | std::vector<uint8_t> m_subject_public_key_bits; |
35 | | std::vector<uint8_t> m_subject_public_key_bits_seq; |
36 | | std::vector<uint8_t> m_subject_public_key_bitstring; |
37 | | std::vector<uint8_t> m_subject_public_key_bitstring_sha1; |
38 | | AlgorithmIdentifier m_subject_public_key_algid; |
39 | | |
40 | | std::vector<uint8_t> m_v2_issuer_key_id; |
41 | | std::vector<uint8_t> m_v2_subject_key_id; |
42 | | Extensions m_v3_extensions; |
43 | | |
44 | | std::vector<OID> m_extended_key_usage; |
45 | | std::vector<uint8_t> m_authority_key_id; |
46 | | std::vector<uint8_t> m_subject_key_id; |
47 | | std::vector<OID> m_cert_policies; |
48 | | |
49 | | std::vector<std::string> m_crl_distribution_points; |
50 | | std::string m_ocsp_responder; |
51 | | std::vector<std::string> m_ca_issuers; |
52 | | |
53 | | std::vector<uint8_t> m_issuer_dn_bits_sha256; |
54 | | std::vector<uint8_t> m_subject_dn_bits_sha256; |
55 | | |
56 | | std::string m_fingerprint_sha1; |
57 | | std::string m_fingerprint_sha256; |
58 | | |
59 | | AlternativeName m_subject_alt_name; |
60 | | AlternativeName m_issuer_alt_name; |
61 | | NameConstraints m_name_constraints; |
62 | | |
63 | | Data_Store m_subject_ds; |
64 | | Data_Store m_issuer_ds; |
65 | | |
66 | | size_t m_version = 0; |
67 | | size_t m_path_len_constraint = 0; |
68 | | Key_Constraints m_key_constraints = NO_CONSTRAINTS; |
69 | | bool m_self_signed = false; |
70 | | bool m_is_ca_certificate = false; |
71 | | bool m_serial_negative = false; |
72 | | }; |
73 | | |
74 | | std::string X509_Certificate::PEM_label() const |
75 | 9.72k | { |
76 | 9.72k | return "CERTIFICATE"; |
77 | 9.72k | } |
78 | | |
79 | | std::vector<std::string> X509_Certificate::alternate_PEM_labels() const |
80 | 102 | { |
81 | 102 | return { "X509 CERTIFICATE" }; |
82 | 102 | } |
83 | | |
84 | | X509_Certificate::X509_Certificate(DataSource& src) |
85 | 15.0k | { |
86 | 15.0k | load_data(src); |
87 | 15.0k | } |
88 | | |
89 | | X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec) |
90 | 0 | { |
91 | 0 | DataSource_Memory src(vec.data(), vec.size()); |
92 | 0 | load_data(src); |
93 | 0 | } |
94 | | |
95 | | X509_Certificate::X509_Certificate(const uint8_t data[], size_t len) |
96 | 1.33k | { |
97 | 1.33k | DataSource_Memory src(data, len); |
98 | 1.33k | load_data(src); |
99 | 1.33k | } |
100 | | |
101 | | #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) |
102 | | X509_Certificate::X509_Certificate(const std::string& fsname) |
103 | 0 | { |
104 | 0 | DataSource_Stream src(fsname, true); |
105 | 0 | load_data(src); |
106 | 0 | } |
107 | | #endif |
108 | | |
109 | | namespace { |
110 | | |
111 | | std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& obj) |
112 | 14.1k | { |
113 | 14.1k | std::unique_ptr<X509_Certificate_Data> data(new X509_Certificate_Data); |
114 | 14.1k | |
115 | 14.1k | BigInt serial_bn; |
116 | 14.1k | BER_Object public_key; |
117 | 14.1k | BER_Object v3_exts_data; |
118 | 14.1k | |
119 | 14.1k | BER_Decoder(obj.signed_body()) |
120 | 14.1k | .decode_optional(data->m_version, ASN1_Tag(0), ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) |
121 | 14.1k | .decode(serial_bn) |
122 | 14.1k | .decode(data->m_sig_algo_inner) |
123 | 14.1k | .decode(data->m_issuer_dn) |
124 | 14.1k | .start_cons(SEQUENCE) |
125 | 14.1k | .decode(data->m_not_before) |
126 | 14.1k | .decode(data->m_not_after) |
127 | 14.1k | .end_cons() |
128 | 14.1k | .decode(data->m_subject_dn) |
129 | 14.1k | .get_next(public_key) |
130 | 14.1k | .decode_optional_string(data->m_v2_issuer_key_id, BIT_STRING, 1) |
131 | 14.1k | .decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2) |
132 | 14.1k | .get_next(v3_exts_data) |
133 | 14.1k | .verify_end("TBSCertificate has extra data after extensions block"); |
134 | 14.1k | |
135 | 14.1k | if(data->m_version > 2) |
136 | 12 | throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); |
137 | 14.1k | if(obj.signature_algorithm() != data->m_sig_algo_inner) |
138 | 88 | throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields"); |
139 | 14.0k | |
140 | 14.0k | public_key.assert_is_a(SEQUENCE, CONSTRUCTED, "X.509 certificate public key"); |
141 | 14.0k | |
142 | 14.0k | // crude method to save the serial's sign; will get lost during decoding, otherwise |
143 | 14.0k | data->m_serial_negative = serial_bn.is_negative(); |
144 | 14.0k | |
145 | 14.0k | // for general sanity convert wire version (0 based) to standards version (v1 .. v3) |
146 | 14.0k | data->m_version += 1; |
147 | 14.0k | |
148 | 14.0k | data->m_serial = BigInt::encode(serial_bn); |
149 | 14.0k | data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); |
150 | 14.0k | data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); |
151 | 14.0k | |
152 | 14.0k | // validate_public_key_params(public_key.value); |
153 | 14.0k | AlgorithmIdentifier public_key_alg_id; |
154 | 14.0k | BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); |
155 | 14.0k | |
156 | 14.0k | const std::vector<std::string> public_key_info = |
157 | 14.0k | split_on(OIDS::oid2str_or_empty(public_key_alg_id.get_oid()), '/'); |
158 | 14.0k | |
159 | 14.0k | if(!public_key_info.empty() && public_key_info[0] == "RSA") |
160 | 6.96k | { |
161 | 6.96k | // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP |
162 | 6.96k | if(public_key_info.size() >= 2) |
163 | 529 | { |
164 | 529 | if(public_key_info[1] == "EMSA4") |
165 | 7 | { |
166 | 7 | /* |
167 | 7 | When the RSA private key owner wishes to limit the use of the public |
168 | 7 | key exclusively to RSASSA-PSS, then the id-RSASSA-PSS object |
169 | 7 | identifier MUST be used in the algorithm field within the subject |
170 | 7 | public key information, and, if present, the parameters field MUST |
171 | 7 | contain RSASSA-PSS-params. |
172 | 7 | |
173 | 7 | All parameters in the signature structure algorithm identifier MUST |
174 | 7 | match the parameters in the key structure algorithm identifier |
175 | 7 | except the saltLength field. The saltLength field in the signature parameters |
176 | 7 | MUST be greater or equal to that in the key parameters field. |
177 | 7 | |
178 | 7 | ToDo: Allow salt length to be greater |
179 | 7 | */ |
180 | 7 | if(public_key_alg_id != obj.signature_algorithm()) |
181 | 3 | { |
182 | 3 | throw Decoding_Error("Algorithm identifier mismatch"); |
183 | 3 | } |
184 | 6.43k | } |
185 | 6.43k | } |
186 | 6.43k | else |
187 | 6.43k | { |
188 | 6.43k | // oid = rsaEncryption -> parameters field MUST contain NULL |
189 | 6.43k | if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM)) |
190 | 39 | { |
191 | 39 | throw Decoding_Error("RSA algorithm parameters field MUST contain NULL"); |
192 | 39 | } |
193 | 14.0k | } |
194 | 6.96k | } |
195 | 14.0k | |
196 | 14.0k | data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); |
197 | 14.0k | |
198 | 14.0k | data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits); |
199 | 14.0k | |
200 | 14.0k | BER_Decoder(data->m_subject_public_key_bits) |
201 | 14.0k | .decode(data->m_subject_public_key_algid) |
202 | 14.0k | .decode(data->m_subject_public_key_bitstring, BIT_STRING); |
203 | 14.0k | |
204 | 14.0k | if(v3_exts_data.is_a(3, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) |
205 | 4.56k | { |
206 | 4.56k | // Path validation will reject a v1/v2 cert with v3 extensions |
207 | 4.56k | BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end(); |
208 | 4.56k | } |
209 | 9.47k | else if(v3_exts_data.is_set()) |
210 | 8 | { |
211 | 8 | throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); |
212 | 8 | } |
213 | 14.0k | |
214 | 14.0k | // Now cache some fields from the extensions |
215 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>()) |
216 | 130 | { |
217 | 130 | data->m_key_constraints = ext->get_constraints(); |
218 | 130 | /* |
219 | 130 | RFC 5280: When the keyUsage extension appears in a certificate, |
220 | 130 | at least one of the bits MUST be set to 1. |
221 | 130 | */ |
222 | 130 | if(data->m_key_constraints == NO_CONSTRAINTS) |
223 | 8 | { |
224 | 8 | throw Decoding_Error("Certificate has invalid encoding for KeyUsage"); |
225 | 8 | } |
226 | 13.9k | } |
227 | 13.9k | else |
228 | 13.9k | { |
229 | 13.9k | data->m_key_constraints = NO_CONSTRAINTS; |
230 | 13.9k | } |
231 | 14.0k | |
232 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Key_ID>()) |
233 | 469 | { |
234 | 469 | data->m_subject_key_id = ext->get_key_id(); |
235 | 469 | } |
236 | 14.0k | |
237 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>()) |
238 | 602 | { |
239 | 602 | data->m_authority_key_id = ext->get_key_id(); |
240 | 602 | } |
241 | 14.0k | |
242 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>()) |
243 | 65 | { |
244 | 65 | data->m_name_constraints = ext->get_name_constraints(); |
245 | 65 | } |
246 | 14.0k | |
247 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>()) |
248 | 248 | { |
249 | 248 | if(ext->get_is_ca() == true) |
250 | 92 | { |
251 | 92 | /* |
252 | 92 | * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all |
253 | 92 | * intermediate CA certificates they issue. Currently we accept it being |
254 | 92 | * missing, as do most other implementations. But it may be worth |
255 | 92 | * removing this entirely, or alternately adding a warning level |
256 | 92 | * validation failure for it. |
257 | 92 | */ |
258 | 92 | if(data->m_key_constraints == NO_CONSTRAINTS || |
259 | 92 | (data->m_key_constraints & KEY_CERT_SIGN)) |
260 | 71 | { |
261 | 71 | data->m_is_ca_certificate = true; |
262 | 71 | data->m_path_len_constraint = ext->get_path_limit(); |
263 | 71 | } |
264 | 92 | } |
265 | 248 | } |
266 | 14.0k | |
267 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Issuer_Alternative_Name>()) |
268 | 183 | { |
269 | 183 | data->m_issuer_alt_name = ext->get_alt_name(); |
270 | 183 | } |
271 | 14.0k | |
272 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>()) |
273 | 348 | { |
274 | 348 | data->m_subject_alt_name = ext->get_alt_name(); |
275 | 348 | } |
276 | 14.0k | |
277 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Extended_Key_Usage>()) |
278 | 142 | { |
279 | 142 | data->m_extended_key_usage = ext->get_oids(); |
280 | 142 | } |
281 | 14.0k | |
282 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>()) |
283 | 83 | { |
284 | 83 | data->m_cert_policies = ext->get_policy_oids(); |
285 | 83 | } |
286 | 14.0k | |
287 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>()) |
288 | 53 | { |
289 | 53 | data->m_ocsp_responder = ext->ocsp_responder(); |
290 | 53 | data->m_ca_issuers = ext->ca_issuers(); |
291 | 53 | } |
292 | 14.0k | |
293 | 14.0k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::CRL_Distribution_Points>()) |
294 | 69 | { |
295 | 69 | data->m_crl_distribution_points = ext->crl_distribution_urls(); |
296 | 69 | } |
297 | 14.0k | |
298 | 14.0k | // Check for self-signed vs self-issued certificates |
299 | 14.0k | if(data->m_subject_dn == data->m_issuer_dn) |
300 | 9.32k | { |
301 | 9.32k | if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false) |
302 | 123 | { |
303 | 123 | data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id); |
304 | 123 | } |
305 | 9.19k | else |
306 | 9.19k | { |
307 | 9.19k | /* |
308 | 9.19k | If a parse error or unknown algorithm is encountered, default |
309 | 9.19k | to assuming it is self signed. We have no way of being certain but |
310 | 9.19k | that is usually the default case (self-issued is rare in practice). |
311 | 9.19k | */ |
312 | 9.19k | data->m_self_signed = true; |
313 | 9.19k | |
314 | 9.19k | try |
315 | 9.19k | { |
316 | 9.19k | std::unique_ptr<Public_Key> pub_key(X509::load_key(data->m_subject_public_key_bits_seq)); |
317 | 9.19k | |
318 | 9.19k | Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); |
319 | 9.19k | |
320 | 9.19k | if(sig_status == Certificate_Status_Code::OK || |
321 | 9.19k | sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) |
322 | 5.47k | { |
323 | 5.47k | data->m_self_signed = true; |
324 | 5.47k | } |
325 | 3.72k | else |
326 | 3.72k | { |
327 | 3.72k | data->m_self_signed = false; |
328 | 3.72k | } |
329 | 9.19k | } |
330 | 9.19k | catch(...) |
331 | 9.19k | { |
332 | 1.38k | // ignore errors here to allow parsing to continue |
333 | 1.38k | } |
334 | 9.19k | } |
335 | 9.32k | } |
336 | 14.0k | |
337 | 14.0k | const std::vector<uint8_t> full_encoding = obj.BER_encode(); |
338 | 14.0k | |
339 | 14.0k | std::unique_ptr<HashFunction> sha1(HashFunction::create("SHA-1")); |
340 | 14.0k | if(sha1) |
341 | 11.8k | { |
342 | 11.8k | sha1->update(data->m_subject_public_key_bitstring); |
343 | 11.8k | data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec(); |
344 | 11.8k | // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called |
345 | 11.8k | |
346 | 11.8k | data->m_fingerprint_sha1 = create_hex_fingerprint(full_encoding, "SHA-1"); |
347 | 11.8k | } |
348 | 14.0k | |
349 | 14.0k | std::unique_ptr<HashFunction> sha256(HashFunction::create("SHA-256")); |
350 | 14.0k | if(sha256) |
351 | 11.8k | { |
352 | 11.8k | sha256->update(data->m_issuer_dn_bits); |
353 | 11.8k | data->m_issuer_dn_bits_sha256 = sha256->final_stdvec(); |
354 | 11.8k | |
355 | 11.8k | sha256->update(data->m_subject_dn_bits); |
356 | 11.8k | data->m_subject_dn_bits_sha256 = sha256->final_stdvec(); |
357 | 11.8k | |
358 | 11.8k | data->m_fingerprint_sha256 = create_hex_fingerprint(full_encoding, "SHA-256"); |
359 | 11.8k | } |
360 | 14.0k | |
361 | 14.0k | data->m_subject_ds.add(data->m_subject_dn.contents()); |
362 | 14.0k | data->m_issuer_ds.add(data->m_issuer_dn.contents()); |
363 | 14.0k | data->m_v3_extensions.contents_to(data->m_subject_ds, data->m_issuer_ds); |
364 | 14.0k | |
365 | 14.0k | return data; |
366 | 14.0k | } |
367 | | |
368 | | } |
369 | | |
370 | | /* |
371 | | * Decode the TBSCertificate data |
372 | | */ |
373 | | void X509_Certificate::force_decode() |
374 | 14.1k | { |
375 | 14.1k | m_data.reset(); |
376 | 14.1k | |
377 | 14.1k | std::unique_ptr<X509_Certificate_Data> data = parse_x509_cert_body(*this); |
378 | 14.1k | |
379 | 14.1k | m_data.reset(data.release()); |
380 | 14.1k | } |
381 | | |
382 | | const X509_Certificate_Data& X509_Certificate::data() const |
383 | 49.0k | { |
384 | 49.0k | if(m_data == nullptr) |
385 | 0 | { |
386 | 0 | throw Invalid_State("X509_Certificate uninitialized"); |
387 | 0 | } |
388 | 49.0k | return *m_data.get(); |
389 | 49.0k | } |
390 | | |
391 | | uint32_t X509_Certificate::x509_version() const |
392 | 1.74k | { |
393 | 1.74k | return static_cast<uint32_t>(data().m_version); |
394 | 1.74k | } |
395 | | |
396 | | bool X509_Certificate::is_self_signed() const |
397 | 4.07k | { |
398 | 4.07k | return data().m_self_signed; |
399 | 4.07k | } |
400 | | |
401 | | const X509_Time& X509_Certificate::not_before() const |
402 | 0 | { |
403 | 0 | return data().m_not_before; |
404 | 0 | } |
405 | | |
406 | | const X509_Time& X509_Certificate::not_after() const |
407 | 0 | { |
408 | 0 | return data().m_not_after; |
409 | 0 | } |
410 | | |
411 | | const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const |
412 | 0 | { |
413 | 0 | return data().m_subject_public_key_algid; |
414 | 0 | } |
415 | | |
416 | | const std::vector<uint8_t>& X509_Certificate::v2_issuer_key_id() const |
417 | 0 | { |
418 | 0 | return data().m_v2_issuer_key_id; |
419 | 0 | } |
420 | | |
421 | | const std::vector<uint8_t>& X509_Certificate::v2_subject_key_id() const |
422 | 0 | { |
423 | 0 | return data().m_v2_subject_key_id; |
424 | 0 | } |
425 | | |
426 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bits() const |
427 | 0 | { |
428 | 0 | return data().m_subject_public_key_bits; |
429 | 0 | } |
430 | | |
431 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_info() const |
432 | 1.45k | { |
433 | 1.45k | return data().m_subject_public_key_bits_seq; |
434 | 1.45k | } |
435 | | |
436 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring() const |
437 | 0 | { |
438 | 0 | return data().m_subject_public_key_bitstring; |
439 | 0 | } |
440 | | |
441 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring_sha1() const |
442 | 0 | { |
443 | 0 | if(data().m_subject_public_key_bitstring_sha1.empty()) |
444 | 0 | throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build"); |
445 | 0 | |
446 | 0 | return data().m_subject_public_key_bitstring_sha1; |
447 | 0 | } |
448 | | |
449 | | const std::vector<uint8_t>& X509_Certificate::authority_key_id() const |
450 | 3.26k | { |
451 | 3.26k | return data().m_authority_key_id; |
452 | 3.26k | } |
453 | | |
454 | | const std::vector<uint8_t>& X509_Certificate::subject_key_id() const |
455 | 5.42k | { |
456 | 5.42k | return data().m_subject_key_id; |
457 | 5.42k | } |
458 | | |
459 | | const std::vector<uint8_t>& X509_Certificate::serial_number() const |
460 | 0 | { |
461 | 0 | return data().m_serial; |
462 | 0 | } |
463 | | |
464 | | bool X509_Certificate::is_serial_negative() const |
465 | 0 | { |
466 | 0 | return data().m_serial_negative; |
467 | 0 | } |
468 | | |
469 | | |
470 | | const X509_DN& X509_Certificate::issuer_dn() const |
471 | 3.26k | { |
472 | 3.26k | return data().m_issuer_dn; |
473 | 3.26k | } |
474 | | |
475 | | const X509_DN& X509_Certificate::subject_dn() const |
476 | 9.28k | { |
477 | 9.28k | return data().m_subject_dn; |
478 | 9.28k | } |
479 | | |
480 | | const std::vector<uint8_t>& X509_Certificate::raw_issuer_dn() const |
481 | 0 | { |
482 | 0 | return data().m_issuer_dn_bits; |
483 | 0 | } |
484 | | |
485 | | const std::vector<uint8_t>& X509_Certificate::raw_subject_dn() const |
486 | 0 | { |
487 | 0 | return data().m_subject_dn_bits; |
488 | 0 | } |
489 | | |
490 | | bool X509_Certificate::is_CA_cert() const |
491 | 0 | { |
492 | 0 | if(data().m_version < 3 && data().m_self_signed) |
493 | 0 | return true; |
494 | 0 | |
495 | 0 | return data().m_is_ca_certificate; |
496 | 0 | } |
497 | | |
498 | | uint32_t X509_Certificate::path_limit() const |
499 | 0 | { |
500 | 0 | if(data().m_version < 3 && data().m_self_signed) |
501 | 0 | return 32; // in theory infinite, but this is more than enough |
502 | 0 | |
503 | 0 | return static_cast<uint32_t>(data().m_path_len_constraint); |
504 | 0 | } |
505 | | |
506 | | Key_Constraints X509_Certificate::constraints() const |
507 | 769 | { |
508 | 769 | return data().m_key_constraints; |
509 | 769 | } |
510 | | |
511 | | const std::vector<OID>& X509_Certificate::extended_key_usage() const |
512 | 0 | { |
513 | 0 | return data().m_extended_key_usage; |
514 | 0 | } |
515 | | |
516 | | const std::vector<OID>& X509_Certificate::certificate_policy_oids() const |
517 | 0 | { |
518 | 0 | return data().m_cert_policies; |
519 | 0 | } |
520 | | |
521 | | const NameConstraints& X509_Certificate::name_constraints() const |
522 | 0 | { |
523 | 0 | return data().m_name_constraints; |
524 | 0 | } |
525 | | |
526 | | const Extensions& X509_Certificate::v3_extensions() const |
527 | 0 | { |
528 | 0 | return data().m_v3_extensions; |
529 | 0 | } |
530 | | |
531 | | bool X509_Certificate::allowed_usage(Key_Constraints usage) const |
532 | 0 | { |
533 | 0 | if(constraints() == NO_CONSTRAINTS) |
534 | 0 | return true; |
535 | 0 | return ((constraints() & usage) == usage); |
536 | 0 | } |
537 | | |
538 | | bool X509_Certificate::allowed_extended_usage(const std::string& usage) const |
539 | 0 | { |
540 | 0 | return allowed_extended_usage(OID::from_string(usage)); |
541 | 0 | } |
542 | | |
543 | | bool X509_Certificate::allowed_extended_usage(const OID& usage) const |
544 | 0 | { |
545 | 0 | const std::vector<OID>& ex = extended_key_usage(); |
546 | 0 | if(ex.empty()) |
547 | 0 | return true; |
548 | 0 | |
549 | 0 | if(std::find(ex.begin(), ex.end(), usage) != ex.end()) |
550 | 0 | return true; |
551 | 0 | |
552 | 0 | return false; |
553 | 0 | } |
554 | | |
555 | | bool X509_Certificate::allowed_usage(Usage_Type usage) const |
556 | 0 | { |
557 | 0 | // These follow suggestions in RFC 5280 4.2.1.12 |
558 | 0 |
|
559 | 0 | switch(usage) |
560 | 0 | { |
561 | 0 | case Usage_Type::UNSPECIFIED: |
562 | 0 | return true; |
563 | 0 | |
564 | 0 | case Usage_Type::TLS_SERVER_AUTH: |
565 | 0 | return (allowed_usage(KEY_AGREEMENT) || allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth"); |
566 | 0 | |
567 | 0 | case Usage_Type::TLS_CLIENT_AUTH: |
568 | 0 | return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(KEY_AGREEMENT)) && allowed_extended_usage("PKIX.ClientAuth"); |
569 | 0 | |
570 | 0 | case Usage_Type::OCSP_RESPONDER: |
571 | 0 | return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && allowed_extended_usage("PKIX.OCSPSigning"); |
572 | 0 | |
573 | 0 | case Usage_Type::CERTIFICATE_AUTHORITY: |
574 | 0 | return is_CA_cert(); |
575 | 0 | |
576 | 0 | case Usage_Type::ENCRYPTION: |
577 | 0 | return (allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DATA_ENCIPHERMENT)); |
578 | 0 | } |
579 | 0 |
|
580 | 0 | return false; |
581 | 0 | } |
582 | | |
583 | | bool X509_Certificate::has_constraints(Key_Constraints constraints) const |
584 | 0 | { |
585 | 0 | if(this->constraints() == NO_CONSTRAINTS) |
586 | 0 | { |
587 | 0 | return false; |
588 | 0 | } |
589 | 0 | |
590 | 0 | return ((this->constraints() & constraints) != 0); |
591 | 0 | } |
592 | | |
593 | | bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const |
594 | 0 | { |
595 | 0 | return has_ex_constraint(OID::from_string(ex_constraint)); |
596 | 0 | } |
597 | | |
598 | | bool X509_Certificate::has_ex_constraint(const OID& usage) const |
599 | 0 | { |
600 | 0 | const std::vector<OID>& ex = extended_key_usage(); |
601 | 0 | return (std::find(ex.begin(), ex.end(), usage) != ex.end()); |
602 | 0 | } |
603 | | |
604 | | /* |
605 | | * Return if a certificate extension is marked critical |
606 | | */ |
607 | | bool X509_Certificate::is_critical(const std::string& ex_name) const |
608 | 0 | { |
609 | 0 | return v3_extensions().critical_extension_set(OID::from_string(ex_name)); |
610 | 0 | } |
611 | | |
612 | | std::string X509_Certificate::ocsp_responder() const |
613 | 0 | { |
614 | 0 | return data().m_ocsp_responder; |
615 | 0 | } |
616 | | |
617 | | std::vector<std::string> X509_Certificate::ca_issuers() const |
618 | 0 | { |
619 | 0 | return data().m_ca_issuers; |
620 | 0 | } |
621 | | |
622 | | std::string X509_Certificate::crl_distribution_point() const |
623 | 0 | { |
624 | 0 | // just returns the first (arbitrarily) |
625 | 0 | if(data().m_crl_distribution_points.size() > 0) |
626 | 0 | return data().m_crl_distribution_points[0]; |
627 | 0 | return ""; |
628 | 0 | } |
629 | | |
630 | | const AlternativeName& X509_Certificate::subject_alt_name() const |
631 | 0 | { |
632 | 0 | return data().m_subject_alt_name; |
633 | 0 | } |
634 | | |
635 | | const AlternativeName& X509_Certificate::issuer_alt_name() const |
636 | 0 | { |
637 | 0 | return data().m_issuer_alt_name; |
638 | 0 | } |
639 | | |
640 | | /* |
641 | | * Return information about the subject |
642 | | */ |
643 | | std::vector<std::string> |
644 | | X509_Certificate::subject_info(const std::string& req) const |
645 | 0 | { |
646 | 0 | if(req == "Email") |
647 | 0 | return this->subject_info("RFC822"); |
648 | 0 | |
649 | 0 | if(subject_dn().has_field(req)) |
650 | 0 | return subject_dn().get_attribute(req); |
651 | 0 | |
652 | 0 | if(subject_alt_name().has_field(req)) |
653 | 0 | return subject_alt_name().get_attribute(req); |
654 | 0 | |
655 | 0 | // These will be removed later: |
656 | 0 | if(req == "X509.Certificate.v2.key_id") |
657 | 0 | return {hex_encode(this->v2_subject_key_id())}; |
658 | 0 | if(req == "X509v3.SubjectKeyIdentifier") |
659 | 0 | return {hex_encode(this->subject_key_id())}; |
660 | 0 | if(req == "X509.Certificate.dn_bits") |
661 | 0 | return {hex_encode(this->raw_subject_dn())}; |
662 | 0 | if(req == "X509.Certificate.start") |
663 | 0 | return {not_before().to_string()}; |
664 | 0 | if(req == "X509.Certificate.end") |
665 | 0 | return {not_after().to_string()}; |
666 | 0 | |
667 | 0 | if(req == "X509.Certificate.version") |
668 | 0 | return {std::to_string(x509_version())}; |
669 | 0 | if(req == "X509.Certificate.serial") |
670 | 0 | return {hex_encode(serial_number())}; |
671 | 0 | |
672 | 0 | return data().m_subject_ds.get(req); |
673 | 0 | } |
674 | | |
675 | | /* |
676 | | * Return information about the issuer |
677 | | */ |
678 | | std::vector<std::string> |
679 | | X509_Certificate::issuer_info(const std::string& req) const |
680 | 0 | { |
681 | 0 | if(issuer_dn().has_field(req)) |
682 | 0 | return issuer_dn().get_attribute(req); |
683 | 0 | |
684 | 0 | if(issuer_alt_name().has_field(req)) |
685 | 0 | return issuer_alt_name().get_attribute(req); |
686 | 0 | |
687 | 0 | // These will be removed later: |
688 | 0 | if(req == "X509.Certificate.v2.key_id") |
689 | 0 | return {hex_encode(this->v2_issuer_key_id())}; |
690 | 0 | if(req == "X509v3.AuthorityKeyIdentifier") |
691 | 0 | return {hex_encode(this->authority_key_id())}; |
692 | 0 | if(req == "X509.Certificate.dn_bits") |
693 | 0 | return {hex_encode(this->raw_issuer_dn())}; |
694 | 0 | |
695 | 0 | return data().m_issuer_ds.get(req); |
696 | 0 | } |
697 | | |
698 | | /* |
699 | | * Return the public key in this certificate |
700 | | */ |
701 | | std::unique_ptr<Public_Key> X509_Certificate::load_subject_public_key() const |
702 | 1.45k | { |
703 | 1.45k | try |
704 | 1.45k | { |
705 | 1.45k | return std::unique_ptr<Public_Key>(X509::load_key(subject_public_key_info())); |
706 | 1.45k | } |
707 | 585 | catch(std::exception& e) |
708 | 585 | { |
709 | 585 | throw Decoding_Error("X509_Certificate::load_subject_public_key", e); |
710 | 585 | } |
711 | 1.45k | } |
712 | | |
713 | | std::vector<uint8_t> X509_Certificate::raw_issuer_dn_sha256() const |
714 | 0 | { |
715 | 0 | if(data().m_issuer_dn_bits_sha256.empty()) |
716 | 0 | throw Encoding_Error("X509_Certificate::raw_issuer_dn_sha256 called but SHA-256 disabled in build"); |
717 | 0 | return data().m_issuer_dn_bits_sha256; |
718 | 0 | } |
719 | | |
720 | | std::vector<uint8_t> X509_Certificate::raw_subject_dn_sha256() const |
721 | 0 | { |
722 | 0 | if(data().m_subject_dn_bits_sha256.empty()) |
723 | 0 | throw Encoding_Error("X509_Certificate::raw_subject_dn_sha256 called but SHA-256 disabled in build"); |
724 | 0 | return data().m_subject_dn_bits_sha256; |
725 | 0 | } |
726 | | |
727 | | namespace { |
728 | | |
729 | | /* |
730 | | * Lookup each OID in the vector |
731 | | */ |
732 | | std::vector<std::string> lookup_oids(const std::vector<OID>& oids) |
733 | 0 | { |
734 | 0 | std::vector<std::string> out; |
735 | 0 |
|
736 | 0 | for(const OID& oid : oids) |
737 | 0 | { |
738 | 0 | out.push_back(oid.to_formatted_string()); |
739 | 0 | } |
740 | 0 | return out; |
741 | 0 | } |
742 | | |
743 | | } |
744 | | |
745 | | /* |
746 | | * Return the list of extended key usage OIDs |
747 | | */ |
748 | | std::vector<std::string> X509_Certificate::ex_constraints() const |
749 | 0 | { |
750 | 0 | return lookup_oids(extended_key_usage()); |
751 | 0 | } |
752 | | |
753 | | /* |
754 | | * Return the list of certificate policies |
755 | | */ |
756 | | std::vector<std::string> X509_Certificate::policies() const |
757 | 0 | { |
758 | 0 | return lookup_oids(certificate_policy_oids()); |
759 | 0 | } |
760 | | |
761 | | std::string X509_Certificate::fingerprint(const std::string& hash_name) const |
762 | 9.86k | { |
763 | 9.86k | /* |
764 | 9.86k | * The SHA-1 and SHA-256 fingerprints are precomputed since these |
765 | 9.86k | * are the most commonly used. Especially, SHA-256 fingerprints are |
766 | 9.86k | * used for cycle detection during path construction. |
767 | 9.86k | * |
768 | 9.86k | * If SHA-1 or SHA-256 was missing at parsing time the vectors are |
769 | 9.86k | * left empty in which case we fall back to create_hex_fingerprint |
770 | 9.86k | * which will throw if the hash is unavailable. |
771 | 9.86k | */ |
772 | 9.86k | if(hash_name == "SHA-256" && data().m_fingerprint_sha256.size() > 0) |
773 | 9.86k | return data().m_fingerprint_sha256; |
774 | 0 | else if(hash_name == "SHA-1" && data().m_fingerprint_sha1.size() > 0) |
775 | 0 | return data().m_fingerprint_sha1; |
776 | 0 | else |
777 | 0 | return create_hex_fingerprint(this->BER_encode(), hash_name); |
778 | 9.86k | } |
779 | | |
780 | | bool X509_Certificate::matches_dns_name(const std::string& name) const |
781 | 0 | { |
782 | 0 | if(name.empty()) |
783 | 0 | return false; |
784 | 0 | |
785 | 0 | std::vector<std::string> issued_names = subject_info("DNS"); |
786 | 0 |
|
787 | 0 | // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4) |
788 | 0 | if(issued_names.empty()) |
789 | 0 | issued_names = subject_info("Name"); |
790 | 0 |
|
791 | 0 | for(size_t i = 0; i != issued_names.size(); ++i) |
792 | 0 | { |
793 | 0 | if(host_wildcard_match(issued_names[i], name)) |
794 | 0 | return true; |
795 | 0 | } |
796 | 0 |
|
797 | 0 | return false; |
798 | 0 | } |
799 | | |
800 | | /* |
801 | | * Compare two certificates for equality |
802 | | */ |
803 | | bool X509_Certificate::operator==(const X509_Certificate& other) const |
804 | 1.01k | { |
805 | 1.01k | return (this->signature() == other.signature() && |
806 | 1.01k | this->signature_algorithm() == other.signature_algorithm() && |
807 | 1.01k | this->signed_body() == other.signed_body()); |
808 | 1.01k | } |
809 | | |
810 | | bool X509_Certificate::operator<(const X509_Certificate& other) const |
811 | 0 | { |
812 | 0 | /* If signature values are not equal, sort by lexicographic ordering of that */ |
813 | 0 | if(this->signature() != other.signature()) |
814 | 0 | { |
815 | 0 | return (this->signature() < other.signature()); |
816 | 0 | } |
817 | 0 | |
818 | 0 | // Then compare the signed contents |
819 | 0 | return this->signed_body() < other.signed_body(); |
820 | 0 | } |
821 | | |
822 | | /* |
823 | | * X.509 Certificate Comparison |
824 | | */ |
825 | | bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) |
826 | 0 | { |
827 | 0 | return !(cert1 == cert2); |
828 | 0 | } |
829 | | |
830 | | std::string X509_Certificate::to_string() const |
831 | 0 | { |
832 | 0 | std::ostringstream out; |
833 | 0 |
|
834 | 0 | out << "Version: " << this->x509_version() << "\n"; |
835 | 0 | out << "Subject: " << subject_dn() << "\n"; |
836 | 0 | out << "Issuer: " << issuer_dn() << "\n"; |
837 | 0 | out << "Issued: " << this->not_before().readable_string() << "\n"; |
838 | 0 | out << "Expires: " << this->not_after().readable_string() << "\n"; |
839 | 0 |
|
840 | 0 | out << "Constraints:\n"; |
841 | 0 | Key_Constraints constraints = this->constraints(); |
842 | 0 | if(constraints == NO_CONSTRAINTS) |
843 | 0 | out << " None\n"; |
844 | 0 | else |
845 | 0 | { |
846 | 0 | if(constraints & DIGITAL_SIGNATURE) |
847 | 0 | out << " Digital Signature\n"; |
848 | 0 | if(constraints & NON_REPUDIATION) |
849 | 0 | out << " Non-Repudiation\n"; |
850 | 0 | if(constraints & KEY_ENCIPHERMENT) |
851 | 0 | out << " Key Encipherment\n"; |
852 | 0 | if(constraints & DATA_ENCIPHERMENT) |
853 | 0 | out << " Data Encipherment\n"; |
854 | 0 | if(constraints & KEY_AGREEMENT) |
855 | 0 | out << " Key Agreement\n"; |
856 | 0 | if(constraints & KEY_CERT_SIGN) |
857 | 0 | out << " Cert Sign\n"; |
858 | 0 | if(constraints & CRL_SIGN) |
859 | 0 | out << " CRL Sign\n"; |
860 | 0 | if(constraints & ENCIPHER_ONLY) |
861 | 0 | out << " Encipher Only\n"; |
862 | 0 | if(constraints & DECIPHER_ONLY) |
863 | 0 | out << " Decipher Only\n"; |
864 | 0 | } |
865 | 0 |
|
866 | 0 | const std::vector<OID>& policies = this->certificate_policy_oids(); |
867 | 0 | if(!policies.empty()) |
868 | 0 | { |
869 | 0 | out << "Policies: " << "\n"; |
870 | 0 | for(auto oid : policies) |
871 | 0 | out << " " << oid.to_string() << "\n"; |
872 | 0 | } |
873 | 0 |
|
874 | 0 | const std::vector<OID>& ex_constraints = this->extended_key_usage(); |
875 | 0 | if(!ex_constraints.empty()) |
876 | 0 | { |
877 | 0 | out << "Extended Constraints:\n"; |
878 | 0 | for(auto&& oid : ex_constraints) |
879 | 0 | { |
880 | 0 | out << " " << oid.to_formatted_string() << "\n"; |
881 | 0 | } |
882 | 0 | } |
883 | 0 |
|
884 | 0 | const NameConstraints& name_constraints = this->name_constraints(); |
885 | 0 |
|
886 | 0 | if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty()) |
887 | 0 | { |
888 | 0 | out << "Name Constraints:\n"; |
889 | 0 |
|
890 | 0 | if(!name_constraints.permitted().empty()) |
891 | 0 | { |
892 | 0 | out << " Permit"; |
893 | 0 | for(auto st: name_constraints.permitted()) |
894 | 0 | { |
895 | 0 | out << " " << st.base(); |
896 | 0 | } |
897 | 0 | out << "\n"; |
898 | 0 | } |
899 | 0 |
|
900 | 0 | if(!name_constraints.excluded().empty()) |
901 | 0 | { |
902 | 0 | out << " Exclude"; |
903 | 0 | for(auto st: name_constraints.excluded()) |
904 | 0 | { |
905 | 0 | out << " " << st.base(); |
906 | 0 | } |
907 | 0 | out << "\n"; |
908 | 0 | } |
909 | 0 | } |
910 | 0 |
|
911 | 0 | if(!ocsp_responder().empty()) |
912 | 0 | out << "OCSP responder " << ocsp_responder() << "\n"; |
913 | 0 |
|
914 | 0 | const std::vector<std::string> ca_issuers = this->ca_issuers(); |
915 | 0 | if(!ca_issuers.empty()) |
916 | 0 | { |
917 | 0 | out << "CA Issuers:\n"; |
918 | 0 | for(size_t i = 0; i != ca_issuers.size(); i++) |
919 | 0 | out << " URI: " << ca_issuers[i] << "\n"; |
920 | 0 | } |
921 | 0 |
|
922 | 0 | if(!crl_distribution_point().empty()) |
923 | 0 | out << "CRL " << crl_distribution_point() << "\n"; |
924 | 0 |
|
925 | 0 | out << "Signature algorithm: " << this->signature_algorithm().get_oid().to_formatted_string() << "\n"; |
926 | 0 |
|
927 | 0 | out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; |
928 | 0 |
|
929 | 0 | if(this->authority_key_id().size()) |
930 | 0 | out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; |
931 | 0 |
|
932 | 0 | if(this->subject_key_id().size()) |
933 | 0 | out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; |
934 | 0 |
|
935 | 0 | try |
936 | 0 | { |
937 | 0 | std::unique_ptr<Public_Key> pubkey(this->subject_public_key()); |
938 | 0 | out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n"; |
939 | 0 | out << X509::PEM_encode(*pubkey); |
940 | 0 | } |
941 | 0 | catch(Decoding_Error&) |
942 | 0 | { |
943 | 0 | const AlgorithmIdentifier& alg_id = this->subject_public_key_algo(); |
944 | 0 | out << "Failed to decode key with oid " << alg_id.get_oid().to_string() << "\n"; |
945 | 0 | } |
946 | 0 |
|
947 | 0 | return out.str(); |
948 | 0 | } |
949 | | |
950 | | } |