/src/botan/src/lib/x509/x509cert.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * X.509 Certificates |
3 | | * (C) 1999-2010,2015,2017 Jack Lloyd |
4 | | * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/x509cert.h> |
10 | | #include <botan/x509_key.h> |
11 | | #include <botan/pk_keys.h> |
12 | | #include <botan/x509_ext.h> |
13 | | #include <botan/ber_dec.h> |
14 | | #include <botan/internal/parsing.h> |
15 | | #include <botan/bigint.h> |
16 | | #include <botan/oids.h> |
17 | | #include <botan/hash.h> |
18 | | #include <botan/hex.h> |
19 | | #include <algorithm> |
20 | | #include <sstream> |
21 | | |
22 | | namespace Botan { |
23 | | |
24 | | struct X509_Certificate_Data |
25 | | { |
26 | | std::vector<uint8_t> m_serial; |
27 | | AlgorithmIdentifier m_sig_algo_inner; |
28 | | X509_DN m_issuer_dn; |
29 | | X509_DN m_subject_dn; |
30 | | std::vector<uint8_t> m_issuer_dn_bits; |
31 | | std::vector<uint8_t> m_subject_dn_bits; |
32 | | X509_Time m_not_before; |
33 | | X509_Time m_not_after; |
34 | | std::vector<uint8_t> m_subject_public_key_bits; |
35 | | std::vector<uint8_t> m_subject_public_key_bits_seq; |
36 | | std::vector<uint8_t> m_subject_public_key_bitstring; |
37 | | std::vector<uint8_t> m_subject_public_key_bitstring_sha1; |
38 | | AlgorithmIdentifier m_subject_public_key_algid; |
39 | | |
40 | | std::vector<uint8_t> m_v2_issuer_key_id; |
41 | | std::vector<uint8_t> m_v2_subject_key_id; |
42 | | Extensions m_v3_extensions; |
43 | | |
44 | | std::vector<OID> m_extended_key_usage; |
45 | | std::vector<uint8_t> m_authority_key_id; |
46 | | std::vector<uint8_t> m_subject_key_id; |
47 | | std::vector<OID> m_cert_policies; |
48 | | |
49 | | std::vector<std::string> m_crl_distribution_points; |
50 | | std::string m_ocsp_responder; |
51 | | std::vector<std::string> m_ca_issuers; |
52 | | |
53 | | std::vector<uint8_t> m_issuer_dn_bits_sha256; |
54 | | std::vector<uint8_t> m_subject_dn_bits_sha256; |
55 | | |
56 | | std::string m_fingerprint_sha1; |
57 | | std::string m_fingerprint_sha256; |
58 | | |
59 | | AlternativeName m_subject_alt_name; |
60 | | AlternativeName m_issuer_alt_name; |
61 | | NameConstraints m_name_constraints; |
62 | | |
63 | | size_t m_version = 0; |
64 | | size_t m_path_len_constraint = 0; |
65 | | Key_Constraints m_key_constraints = NO_CONSTRAINTS; |
66 | | bool m_self_signed = false; |
67 | | bool m_is_ca_certificate = false; |
68 | | bool m_serial_negative = false; |
69 | | }; |
70 | | |
71 | | std::string X509_Certificate::PEM_label() const |
72 | 14.3k | { |
73 | 14.3k | return "CERTIFICATE"; |
74 | 14.3k | } |
75 | | |
76 | | std::vector<std::string> X509_Certificate::alternate_PEM_labels() const |
77 | 288 | { |
78 | 288 | return { "X509 CERTIFICATE" }; |
79 | 288 | } |
80 | | |
81 | | X509_Certificate::X509_Certificate(DataSource& src) |
82 | 16.3k | { |
83 | 16.3k | load_data(src); |
84 | 16.3k | } |
85 | | |
86 | | X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec) |
87 | 1.36k | { |
88 | 1.36k | DataSource_Memory src(vec.data(), vec.size()); |
89 | 1.36k | load_data(src); |
90 | 1.36k | } |
91 | | |
92 | | X509_Certificate::X509_Certificate(const uint8_t data[], size_t len) |
93 | 4.96k | { |
94 | 4.96k | DataSource_Memory src(data, len); |
95 | 4.96k | load_data(src); |
96 | 4.96k | } |
97 | | |
98 | | #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) |
99 | | X509_Certificate::X509_Certificate(const std::string& fsname) |
100 | 0 | { |
101 | 0 | DataSource_Stream src(fsname, true); |
102 | 0 | load_data(src); |
103 | 0 | } |
104 | | #endif |
105 | | |
106 | | namespace { |
107 | | |
108 | | std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& obj) |
109 | 17.9k | { |
110 | 17.9k | auto data = std::make_unique<X509_Certificate_Data>(); |
111 | | |
112 | 17.9k | BigInt serial_bn; |
113 | 17.9k | BER_Object public_key; |
114 | 17.9k | BER_Object v3_exts_data; |
115 | | |
116 | 17.9k | BER_Decoder(obj.signed_body()) |
117 | 17.9k | .decode_optional(data->m_version, ASN1_Type(0), ASN1_Class::Constructed | ASN1_Class::ContextSpecific) |
118 | 17.9k | .decode(serial_bn) |
119 | 17.9k | .decode(data->m_sig_algo_inner) |
120 | 17.9k | .decode(data->m_issuer_dn) |
121 | 17.9k | .start_sequence() |
122 | 17.9k | .decode(data->m_not_before) |
123 | 17.9k | .decode(data->m_not_after) |
124 | 17.9k | .end_cons() |
125 | 17.9k | .decode(data->m_subject_dn) |
126 | 17.9k | .get_next(public_key) |
127 | 17.9k | .decode_optional_string(data->m_v2_issuer_key_id, ASN1_Type::BitString, 1) |
128 | 17.9k | .decode_optional_string(data->m_v2_subject_key_id, ASN1_Type::BitString, 2) |
129 | 17.9k | .get_next(v3_exts_data) |
130 | 17.9k | .verify_end("TBSCertificate has extra data after extensions block"); |
131 | | |
132 | 17.9k | if(data->m_version > 2) |
133 | 45 | throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); |
134 | 17.8k | if(obj.signature_algorithm() != data->m_sig_algo_inner) |
135 | 152 | throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields"); |
136 | | |
137 | 17.7k | public_key.assert_is_a(ASN1_Type::Sequence, ASN1_Class::Constructed, "X.509 certificate public key"); |
138 | | |
139 | | // crude method to save the serial's sign; will get lost during decoding, otherwise |
140 | 17.7k | data->m_serial_negative = serial_bn.is_negative(); |
141 | | |
142 | | // for general sanity convert wire version (0 based) to standards version (v1 .. v3) |
143 | 17.7k | data->m_version += 1; |
144 | | |
145 | 17.7k | data->m_serial = BigInt::encode(serial_bn); |
146 | 17.7k | data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); |
147 | 17.7k | data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); |
148 | | |
149 | | // validate_public_key_params(public_key.value); |
150 | 17.7k | AlgorithmIdentifier public_key_alg_id; |
151 | 17.7k | BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); |
152 | | |
153 | 17.7k | const std::vector<std::string> public_key_info = |
154 | 17.7k | split_on(OIDS::oid2str_or_empty(public_key_alg_id.get_oid()), '/'); |
155 | | |
156 | 17.7k | if(!public_key_info.empty() && public_key_info[0] == "RSA") |
157 | 8.56k | { |
158 | | // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP |
159 | 8.56k | if(public_key_info.size() >= 2) |
160 | 2.33k | { |
161 | 2.33k | if(public_key_info[1] == "EMSA4") |
162 | 13 | { |
163 | | /* |
164 | | When the RSA private key owner wishes to limit the use of the public |
165 | | key exclusively to RSASSA-PSS, then the id-RSASSA-PSS object |
166 | | identifier MUST be used in the algorithm field within the subject |
167 | | public key information, and, if present, the parameters field MUST |
168 | | contain RSASSA-PSS-params. |
169 | | |
170 | | All parameters in the signature structure algorithm identifier MUST |
171 | | match the parameters in the key structure algorithm identifier |
172 | | except the saltLength field. The saltLength field in the signature parameters |
173 | | MUST be greater or equal to that in the key parameters field. |
174 | | |
175 | | ToDo: Allow salt length to be greater |
176 | | */ |
177 | 13 | if(public_key_alg_id != obj.signature_algorithm()) |
178 | 2 | { |
179 | 2 | throw Decoding_Error("Algorithm identifier mismatch"); |
180 | 2 | } |
181 | 13 | } |
182 | 2.33k | } |
183 | 6.22k | else |
184 | 6.22k | { |
185 | | // oid = rsaEncryption -> parameters field MUST contain NULL |
186 | 6.22k | if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM)) |
187 | 27 | { |
188 | 27 | throw Decoding_Error("RSA algorithm parameters field MUST contain NULL"); |
189 | 27 | } |
190 | 6.22k | } |
191 | 8.56k | } |
192 | | |
193 | 17.6k | data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); |
194 | | |
195 | 17.6k | data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits); |
196 | | |
197 | 17.6k | BER_Decoder(data->m_subject_public_key_bits) |
198 | 17.6k | .decode(data->m_subject_public_key_algid) |
199 | 17.6k | .decode(data->m_subject_public_key_bitstring, ASN1_Type::BitString); |
200 | | |
201 | 17.6k | if(v3_exts_data.is_a(3, ASN1_Class::Constructed | ASN1_Class::ContextSpecific)) |
202 | 3.65k | { |
203 | | // Path validation will reject a v1/v2 cert with v3 extensions |
204 | 3.65k | BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end(); |
205 | 3.65k | } |
206 | 14.0k | else if(v3_exts_data.is_set()) |
207 | 169 | { |
208 | 169 | throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); |
209 | 169 | } |
210 | | |
211 | | // Now cache some fields from the extensions |
212 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>()) |
213 | 46 | { |
214 | 46 | data->m_key_constraints = ext->get_constraints(); |
215 | | /* |
216 | | RFC 5280: When the keyUsage extension appears in a certificate, |
217 | | at least one of the bits MUST be set to 1. |
218 | | */ |
219 | 46 | if(data->m_key_constraints == NO_CONSTRAINTS) |
220 | 5 | { |
221 | 5 | throw Decoding_Error("Certificate has invalid encoding for KeyUsage"); |
222 | 5 | } |
223 | 46 | } |
224 | 17.4k | else |
225 | 17.4k | { |
226 | 17.4k | data->m_key_constraints = NO_CONSTRAINTS; |
227 | 17.4k | } |
228 | | |
229 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Key_ID>()) |
230 | 38 | { |
231 | 38 | data->m_subject_key_id = ext->get_key_id(); |
232 | 38 | } |
233 | | |
234 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>()) |
235 | 59 | { |
236 | 59 | data->m_authority_key_id = ext->get_key_id(); |
237 | 59 | } |
238 | | |
239 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>()) |
240 | 48 | { |
241 | 48 | data->m_name_constraints = ext->get_name_constraints(); |
242 | 48 | } |
243 | | |
244 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>()) |
245 | 63 | { |
246 | 63 | if(ext->get_is_ca() == true) |
247 | 42 | { |
248 | | /* |
249 | | * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all |
250 | | * intermediate CA certificates they issue. Currently we accept it being |
251 | | * missing, as do most other implementations. But it may be worth |
252 | | * removing this entirely, or alternately adding a warning level |
253 | | * validation failure for it. |
254 | | */ |
255 | 42 | if(data->m_key_constraints == NO_CONSTRAINTS || |
256 | 42 | (data->m_key_constraints & KEY_CERT_SIGN)) |
257 | 31 | { |
258 | 31 | data->m_is_ca_certificate = true; |
259 | 31 | data->m_path_len_constraint = ext->get_path_limit(); |
260 | 31 | } |
261 | 42 | } |
262 | 63 | } |
263 | | |
264 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Issuer_Alternative_Name>()) |
265 | 393 | { |
266 | 393 | data->m_issuer_alt_name = ext->get_alt_name(); |
267 | 393 | } |
268 | | |
269 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>()) |
270 | 261 | { |
271 | 261 | data->m_subject_alt_name = ext->get_alt_name(); |
272 | 261 | } |
273 | | |
274 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Extended_Key_Usage>()) |
275 | 50 | { |
276 | 50 | data->m_extended_key_usage = ext->get_oids(); |
277 | 50 | } |
278 | | |
279 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>()) |
280 | 72 | { |
281 | 72 | data->m_cert_policies = ext->get_policy_oids(); |
282 | 72 | } |
283 | | |
284 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>()) |
285 | 21 | { |
286 | 21 | data->m_ocsp_responder = ext->ocsp_responder(); |
287 | 21 | data->m_ca_issuers = ext->ca_issuers(); |
288 | 21 | } |
289 | | |
290 | 17.5k | if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::CRL_Distribution_Points>()) |
291 | 67 | { |
292 | 67 | data->m_crl_distribution_points = ext->crl_distribution_urls(); |
293 | 67 | } |
294 | | |
295 | | // Check for self-signed vs self-issued certificates |
296 | 17.5k | if(data->m_subject_dn == data->m_issuer_dn) |
297 | 12.4k | { |
298 | 12.4k | if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false) |
299 | 21 | { |
300 | 21 | data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id); |
301 | 21 | } |
302 | 12.3k | else |
303 | 12.3k | { |
304 | | /* |
305 | | If a parse error or unknown algorithm is encountered, default |
306 | | to assuming it is self signed. We have no way of being certain but |
307 | | that is usually the default case (self-issued is rare in practice). |
308 | | */ |
309 | 12.3k | data->m_self_signed = true; |
310 | | |
311 | 12.3k | try |
312 | 12.3k | { |
313 | 12.3k | std::unique_ptr<Public_Key> pub_key(X509::load_key(data->m_subject_public_key_bits_seq)); |
314 | | |
315 | 12.3k | Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); |
316 | | |
317 | 12.3k | if(sig_status == Certificate_Status_Code::OK || |
318 | 12.3k | sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) |
319 | 5.94k | { |
320 | 5.94k | data->m_self_signed = true; |
321 | 5.94k | } |
322 | 6.44k | else |
323 | 6.44k | { |
324 | 6.44k | data->m_self_signed = false; |
325 | 6.44k | } |
326 | 12.3k | } |
327 | 12.3k | catch(...) |
328 | 12.3k | { |
329 | | // ignore errors here to allow parsing to continue |
330 | 3.28k | } |
331 | 12.3k | } |
332 | 12.4k | } |
333 | | |
334 | 17.5k | const std::vector<uint8_t> full_encoding = obj.BER_encode(); |
335 | | |
336 | 17.5k | std::unique_ptr<HashFunction> sha1(HashFunction::create("SHA-1")); |
337 | 17.5k | if(sha1) |
338 | 13.2k | { |
339 | 13.2k | sha1->update(data->m_subject_public_key_bitstring); |
340 | 13.2k | data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec(); |
341 | | // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called |
342 | | |
343 | 13.2k | data->m_fingerprint_sha1 = create_hex_fingerprint(full_encoding, "SHA-1"); |
344 | 13.2k | } |
345 | | |
346 | 17.5k | std::unique_ptr<HashFunction> sha256(HashFunction::create("SHA-256")); |
347 | 17.5k | if(sha256) |
348 | 13.2k | { |
349 | 13.2k | sha256->update(data->m_issuer_dn_bits); |
350 | 13.2k | data->m_issuer_dn_bits_sha256 = sha256->final_stdvec(); |
351 | | |
352 | 13.2k | sha256->update(data->m_subject_dn_bits); |
353 | 13.2k | data->m_subject_dn_bits_sha256 = sha256->final_stdvec(); |
354 | | |
355 | 13.2k | data->m_fingerprint_sha256 = create_hex_fingerprint(full_encoding, "SHA-256"); |
356 | 13.2k | } |
357 | | |
358 | 17.5k | return data; |
359 | 17.5k | } |
360 | | |
361 | | } |
362 | | |
363 | | /* |
364 | | * Decode the TBSCertificate data |
365 | | */ |
366 | | void X509_Certificate::force_decode() |
367 | 17.9k | { |
368 | 17.9k | m_data.reset(); |
369 | 17.9k | m_data = parse_x509_cert_body(*this); |
370 | 17.9k | } |
371 | | |
372 | | const X509_Certificate_Data& X509_Certificate::data() const |
373 | 71 | { |
374 | 71 | if(m_data == nullptr) |
375 | 0 | { |
376 | 0 | throw Invalid_State("X509_Certificate uninitialized"); |
377 | 0 | } |
378 | 71 | return *m_data.get(); |
379 | 71 | } |
380 | | |
381 | | uint32_t X509_Certificate::x509_version() const |
382 | 0 | { |
383 | 0 | return static_cast<uint32_t>(data().m_version); |
384 | 0 | } |
385 | | |
386 | | bool X509_Certificate::is_self_signed() const |
387 | 71 | { |
388 | 71 | return data().m_self_signed; |
389 | 71 | } |
390 | | |
391 | | const X509_Time& X509_Certificate::not_before() const |
392 | 0 | { |
393 | 0 | return data().m_not_before; |
394 | 0 | } |
395 | | |
396 | | const X509_Time& X509_Certificate::not_after() const |
397 | 0 | { |
398 | 0 | return data().m_not_after; |
399 | 0 | } |
400 | | |
401 | | const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const |
402 | 0 | { |
403 | 0 | return data().m_subject_public_key_algid; |
404 | 0 | } |
405 | | |
406 | | const std::vector<uint8_t>& X509_Certificate::v2_issuer_key_id() const |
407 | 0 | { |
408 | 0 | return data().m_v2_issuer_key_id; |
409 | 0 | } |
410 | | |
411 | | const std::vector<uint8_t>& X509_Certificate::v2_subject_key_id() const |
412 | 0 | { |
413 | 0 | return data().m_v2_subject_key_id; |
414 | 0 | } |
415 | | |
416 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bits() const |
417 | 0 | { |
418 | 0 | return data().m_subject_public_key_bits; |
419 | 0 | } |
420 | | |
421 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_info() const |
422 | 0 | { |
423 | 0 | return data().m_subject_public_key_bits_seq; |
424 | 0 | } |
425 | | |
426 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring() const |
427 | 0 | { |
428 | 0 | return data().m_subject_public_key_bitstring; |
429 | 0 | } |
430 | | |
431 | | const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring_sha1() const |
432 | 0 | { |
433 | 0 | if(data().m_subject_public_key_bitstring_sha1.empty()) |
434 | 0 | throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build"); |
435 | | |
436 | 0 | return data().m_subject_public_key_bitstring_sha1; |
437 | 0 | } |
438 | | |
439 | | const std::vector<uint8_t>& X509_Certificate::authority_key_id() const |
440 | 0 | { |
441 | 0 | return data().m_authority_key_id; |
442 | 0 | } |
443 | | |
444 | | const std::vector<uint8_t>& X509_Certificate::subject_key_id() const |
445 | 0 | { |
446 | 0 | return data().m_subject_key_id; |
447 | 0 | } |
448 | | |
449 | | const std::vector<uint8_t>& X509_Certificate::serial_number() const |
450 | 0 | { |
451 | 0 | return data().m_serial; |
452 | 0 | } |
453 | | |
454 | | bool X509_Certificate::is_serial_negative() const |
455 | 0 | { |
456 | 0 | return data().m_serial_negative; |
457 | 0 | } |
458 | | |
459 | | |
460 | | const X509_DN& X509_Certificate::issuer_dn() const |
461 | 0 | { |
462 | 0 | return data().m_issuer_dn; |
463 | 0 | } |
464 | | |
465 | | const X509_DN& X509_Certificate::subject_dn() const |
466 | 0 | { |
467 | 0 | return data().m_subject_dn; |
468 | 0 | } |
469 | | |
470 | | const std::vector<uint8_t>& X509_Certificate::raw_issuer_dn() const |
471 | 0 | { |
472 | 0 | return data().m_issuer_dn_bits; |
473 | 0 | } |
474 | | |
475 | | const std::vector<uint8_t>& X509_Certificate::raw_subject_dn() const |
476 | 0 | { |
477 | 0 | return data().m_subject_dn_bits; |
478 | 0 | } |
479 | | |
480 | | bool X509_Certificate::is_CA_cert() const |
481 | 0 | { |
482 | 0 | if(data().m_version < 3 && data().m_self_signed) |
483 | 0 | return true; |
484 | | |
485 | 0 | return data().m_is_ca_certificate; |
486 | 0 | } |
487 | | |
488 | | uint32_t X509_Certificate::path_limit() const |
489 | 0 | { |
490 | 0 | if(data().m_version < 3 && data().m_self_signed) |
491 | 0 | return 32; // in theory infinite, but this is more than enough |
492 | | |
493 | 0 | return static_cast<uint32_t>(data().m_path_len_constraint); |
494 | 0 | } |
495 | | |
496 | | Key_Constraints X509_Certificate::constraints() const |
497 | 0 | { |
498 | 0 | return data().m_key_constraints; |
499 | 0 | } |
500 | | |
501 | | const std::vector<OID>& X509_Certificate::extended_key_usage() const |
502 | 0 | { |
503 | 0 | return data().m_extended_key_usage; |
504 | 0 | } |
505 | | |
506 | | const std::vector<OID>& X509_Certificate::certificate_policy_oids() const |
507 | 0 | { |
508 | 0 | return data().m_cert_policies; |
509 | 0 | } |
510 | | |
511 | | const NameConstraints& X509_Certificate::name_constraints() const |
512 | 0 | { |
513 | 0 | return data().m_name_constraints; |
514 | 0 | } |
515 | | |
516 | | const Extensions& X509_Certificate::v3_extensions() const |
517 | 0 | { |
518 | 0 | return data().m_v3_extensions; |
519 | 0 | } |
520 | | |
521 | | bool X509_Certificate::allowed_usage(Key_Constraints usage) const |
522 | 0 | { |
523 | 0 | if(constraints() == NO_CONSTRAINTS) |
524 | 0 | return true; |
525 | 0 | return ((constraints() & usage) == usage); |
526 | 0 | } |
527 | | |
528 | | bool X509_Certificate::allowed_extended_usage(const std::string& usage) const |
529 | 0 | { |
530 | 0 | return allowed_extended_usage(OID::from_string(usage)); |
531 | 0 | } |
532 | | |
533 | | bool X509_Certificate::allowed_extended_usage(const OID& usage) const |
534 | 0 | { |
535 | 0 | const std::vector<OID>& ex = extended_key_usage(); |
536 | 0 | if(ex.empty()) |
537 | 0 | return true; |
538 | | |
539 | 0 | if(std::find(ex.begin(), ex.end(), usage) != ex.end()) |
540 | 0 | return true; |
541 | | |
542 | 0 | return false; |
543 | 0 | } |
544 | | |
545 | | bool X509_Certificate::allowed_usage(Usage_Type usage) const |
546 | 0 | { |
547 | | // These follow suggestions in RFC 5280 4.2.1.12 |
548 | |
|
549 | 0 | switch(usage) |
550 | 0 | { |
551 | 0 | case Usage_Type::UNSPECIFIED: |
552 | 0 | return true; |
553 | | |
554 | 0 | case Usage_Type::TLS_SERVER_AUTH: |
555 | 0 | return (allowed_usage(KEY_AGREEMENT) || allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth"); |
556 | | |
557 | 0 | case Usage_Type::TLS_CLIENT_AUTH: |
558 | 0 | return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(KEY_AGREEMENT)) && allowed_extended_usage("PKIX.ClientAuth"); |
559 | | |
560 | 0 | case Usage_Type::OCSP_RESPONDER: |
561 | 0 | return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && has_ex_constraint("PKIX.OCSPSigning"); |
562 | | |
563 | 0 | case Usage_Type::CERTIFICATE_AUTHORITY: |
564 | 0 | return is_CA_cert(); |
565 | | |
566 | 0 | case Usage_Type::ENCRYPTION: |
567 | 0 | return (allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DATA_ENCIPHERMENT)); |
568 | 0 | } |
569 | | |
570 | 0 | return false; |
571 | 0 | } |
572 | | |
573 | | bool X509_Certificate::has_constraints(Key_Constraints constraints) const |
574 | 0 | { |
575 | 0 | if(this->constraints() == NO_CONSTRAINTS) |
576 | 0 | { |
577 | 0 | return false; |
578 | 0 | } |
579 | | |
580 | 0 | return ((this->constraints() & constraints) != 0); |
581 | 0 | } |
582 | | |
583 | | bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const |
584 | 0 | { |
585 | 0 | return has_ex_constraint(OID::from_string(ex_constraint)); |
586 | 0 | } |
587 | | |
588 | | bool X509_Certificate::has_ex_constraint(const OID& usage) const |
589 | 0 | { |
590 | 0 | const std::vector<OID>& ex = extended_key_usage(); |
591 | 0 | return (std::find(ex.begin(), ex.end(), usage) != ex.end()); |
592 | 0 | } |
593 | | |
594 | | /* |
595 | | * Return if a certificate extension is marked critical |
596 | | */ |
597 | | bool X509_Certificate::is_critical(const std::string& ex_name) const |
598 | 0 | { |
599 | 0 | return v3_extensions().critical_extension_set(OID::from_string(ex_name)); |
600 | 0 | } |
601 | | |
602 | | std::string X509_Certificate::ocsp_responder() const |
603 | 0 | { |
604 | 0 | return data().m_ocsp_responder; |
605 | 0 | } |
606 | | |
607 | | std::vector<std::string> X509_Certificate::ca_issuers() const |
608 | 0 | { |
609 | 0 | return data().m_ca_issuers; |
610 | 0 | } |
611 | | |
612 | | std::string X509_Certificate::crl_distribution_point() const |
613 | 0 | { |
614 | | // just returns the first (arbitrarily) |
615 | 0 | if(!data().m_crl_distribution_points.empty()) |
616 | 0 | return data().m_crl_distribution_points[0]; |
617 | 0 | return ""; |
618 | 0 | } |
619 | | |
620 | | const AlternativeName& X509_Certificate::subject_alt_name() const |
621 | 0 | { |
622 | 0 | return data().m_subject_alt_name; |
623 | 0 | } |
624 | | |
625 | | const AlternativeName& X509_Certificate::issuer_alt_name() const |
626 | 0 | { |
627 | 0 | return data().m_issuer_alt_name; |
628 | 0 | } |
629 | | |
630 | | /* |
631 | | * Return information about the subject |
632 | | */ |
633 | | std::vector<std::string> |
634 | | X509_Certificate::subject_info(const std::string& req) const |
635 | 0 | { |
636 | 0 | if(req == "Email") |
637 | 0 | return this->subject_info("RFC822"); |
638 | | |
639 | 0 | if(subject_dn().has_field(req)) |
640 | 0 | return subject_dn().get_attribute(req); |
641 | | |
642 | 0 | if(subject_alt_name().has_field(req)) |
643 | 0 | return subject_alt_name().get_attribute(req); |
644 | | |
645 | 0 | return {}; |
646 | 0 | } |
647 | | |
648 | | /* |
649 | | * Return information about the issuer |
650 | | */ |
651 | | std::vector<std::string> |
652 | | X509_Certificate::issuer_info(const std::string& req) const |
653 | 0 | { |
654 | 0 | if(issuer_dn().has_field(req)) |
655 | 0 | return issuer_dn().get_attribute(req); |
656 | | |
657 | 0 | if(issuer_alt_name().has_field(req)) |
658 | 0 | return issuer_alt_name().get_attribute(req); |
659 | | |
660 | 0 | return {}; |
661 | 0 | } |
662 | | |
663 | | /* |
664 | | * Return the public key in this certificate |
665 | | */ |
666 | | std::unique_ptr<Public_Key> X509_Certificate::load_subject_public_key() const |
667 | 0 | { |
668 | 0 | try |
669 | 0 | { |
670 | 0 | return std::unique_ptr<Public_Key>(X509::load_key(subject_public_key_info())); |
671 | 0 | } |
672 | 0 | catch(std::exception& e) |
673 | 0 | { |
674 | 0 | throw Decoding_Error("X509_Certificate::load_subject_public_key", e); |
675 | 0 | } |
676 | 0 | } |
677 | | |
678 | | Public_Key* X509_Certificate::subject_public_key() const |
679 | 0 | { |
680 | 0 | return load_subject_public_key().release(); |
681 | 0 | } |
682 | | |
683 | | std::vector<uint8_t> X509_Certificate::raw_issuer_dn_sha256() const |
684 | 0 | { |
685 | 0 | if(data().m_issuer_dn_bits_sha256.empty()) |
686 | 0 | throw Encoding_Error("X509_Certificate::raw_issuer_dn_sha256 called but SHA-256 disabled in build"); |
687 | 0 | return data().m_issuer_dn_bits_sha256; |
688 | 0 | } |
689 | | |
690 | | std::vector<uint8_t> X509_Certificate::raw_subject_dn_sha256() const |
691 | 0 | { |
692 | 0 | if(data().m_subject_dn_bits_sha256.empty()) |
693 | 0 | throw Encoding_Error("X509_Certificate::raw_subject_dn_sha256 called but SHA-256 disabled in build"); |
694 | 0 | return data().m_subject_dn_bits_sha256; |
695 | 0 | } |
696 | | |
697 | | std::string X509_Certificate::fingerprint(const std::string& hash_name) const |
698 | 0 | { |
699 | | /* |
700 | | * The SHA-1 and SHA-256 fingerprints are precomputed since these |
701 | | * are the most commonly used. Especially, SHA-256 fingerprints are |
702 | | * used for cycle detection during path construction. |
703 | | * |
704 | | * If SHA-1 or SHA-256 was missing at parsing time the vectors are |
705 | | * left empty in which case we fall back to create_hex_fingerprint |
706 | | * which will throw if the hash is unavailable. |
707 | | */ |
708 | 0 | if(hash_name == "SHA-256" && !data().m_fingerprint_sha256.empty()) |
709 | 0 | return data().m_fingerprint_sha256; |
710 | 0 | else if(hash_name == "SHA-1" && !data().m_fingerprint_sha1.empty()) |
711 | 0 | return data().m_fingerprint_sha1; |
712 | 0 | else |
713 | 0 | return create_hex_fingerprint(this->BER_encode(), hash_name); |
714 | 0 | } |
715 | | |
716 | | bool X509_Certificate::matches_dns_name(const std::string& name) const |
717 | 0 | { |
718 | 0 | if(name.empty()) |
719 | 0 | return false; |
720 | | |
721 | 0 | auto issued_names = subject_info("DNS"); |
722 | | |
723 | | // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4) |
724 | 0 | if(issued_names.empty()) |
725 | 0 | issued_names = subject_info("Name"); |
726 | |
|
727 | 0 | for(const auto& issued_name : issued_names) |
728 | 0 | { |
729 | 0 | if(host_wildcard_match(issued_name, name)) |
730 | 0 | return true; |
731 | 0 | } |
732 | | |
733 | 0 | return false; |
734 | 0 | } |
735 | | |
736 | | /* |
737 | | * Compare two certificates for equality |
738 | | */ |
739 | | bool X509_Certificate::operator==(const X509_Certificate& other) const |
740 | 0 | { |
741 | 0 | return (this->signature() == other.signature() && |
742 | 0 | this->signature_algorithm() == other.signature_algorithm() && |
743 | 0 | this->signed_body() == other.signed_body()); |
744 | 0 | } |
745 | | |
746 | | bool X509_Certificate::operator<(const X509_Certificate& other) const |
747 | 0 | { |
748 | | /* If signature values are not equal, sort by lexicographic ordering of that */ |
749 | 0 | if(this->signature() != other.signature()) |
750 | 0 | { |
751 | 0 | return (this->signature() < other.signature()); |
752 | 0 | } |
753 | | |
754 | | // Then compare the signed contents |
755 | 0 | return this->signed_body() < other.signed_body(); |
756 | 0 | } |
757 | | |
758 | | /* |
759 | | * X.509 Certificate Comparison |
760 | | */ |
761 | | bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) |
762 | 0 | { |
763 | 0 | return !(cert1 == cert2); |
764 | 0 | } |
765 | | |
766 | | std::string X509_Certificate::to_string() const |
767 | 0 | { |
768 | 0 | std::ostringstream out; |
769 | |
|
770 | 0 | out << "Version: " << this->x509_version() << "\n"; |
771 | 0 | out << "Subject: " << subject_dn() << "\n"; |
772 | 0 | out << "Issuer: " << issuer_dn() << "\n"; |
773 | 0 | out << "Issued: " << this->not_before().readable_string() << "\n"; |
774 | 0 | out << "Expires: " << this->not_after().readable_string() << "\n"; |
775 | |
|
776 | 0 | out << "Constraints:\n"; |
777 | 0 | Key_Constraints constraints = this->constraints(); |
778 | 0 | if(constraints == NO_CONSTRAINTS) |
779 | 0 | out << " None\n"; |
780 | 0 | else |
781 | 0 | { |
782 | 0 | if(constraints & DIGITAL_SIGNATURE) |
783 | 0 | out << " Digital Signature\n"; |
784 | 0 | if(constraints & NON_REPUDIATION) |
785 | 0 | out << " Non-Repudiation\n"; |
786 | 0 | if(constraints & KEY_ENCIPHERMENT) |
787 | 0 | out << " Key Encipherment\n"; |
788 | 0 | if(constraints & DATA_ENCIPHERMENT) |
789 | 0 | out << " Data Encipherment\n"; |
790 | 0 | if(constraints & KEY_AGREEMENT) |
791 | 0 | out << " Key Agreement\n"; |
792 | 0 | if(constraints & KEY_CERT_SIGN) |
793 | 0 | out << " Cert Sign\n"; |
794 | 0 | if(constraints & CRL_SIGN) |
795 | 0 | out << " CRL Sign\n"; |
796 | 0 | if(constraints & ENCIPHER_ONLY) |
797 | 0 | out << " Encipher Only\n"; |
798 | 0 | if(constraints & DECIPHER_ONLY) |
799 | 0 | out << " Decipher Only\n"; |
800 | 0 | } |
801 | |
|
802 | 0 | const std::vector<OID>& policies = this->certificate_policy_oids(); |
803 | 0 | if(!policies.empty()) |
804 | 0 | { |
805 | 0 | out << "Policies: " << "\n"; |
806 | 0 | for(const auto& oid : policies) |
807 | 0 | out << " " << oid.to_string() << "\n"; |
808 | 0 | } |
809 | |
|
810 | 0 | const std::vector<OID>& ex_constraints = this->extended_key_usage(); |
811 | 0 | if(!ex_constraints.empty()) |
812 | 0 | { |
813 | 0 | out << "Extended Constraints:\n"; |
814 | 0 | for(auto&& oid : ex_constraints) |
815 | 0 | { |
816 | 0 | out << " " << oid.to_formatted_string() << "\n"; |
817 | 0 | } |
818 | 0 | } |
819 | |
|
820 | 0 | const NameConstraints& name_constraints = this->name_constraints(); |
821 | |
|
822 | 0 | if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty()) |
823 | 0 | { |
824 | 0 | out << "Name Constraints:\n"; |
825 | |
|
826 | 0 | if(!name_constraints.permitted().empty()) |
827 | 0 | { |
828 | 0 | out << " Permit"; |
829 | 0 | for(const auto& st: name_constraints.permitted()) |
830 | 0 | { |
831 | 0 | out << " " << st.base(); |
832 | 0 | } |
833 | 0 | out << "\n"; |
834 | 0 | } |
835 | |
|
836 | 0 | if(!name_constraints.excluded().empty()) |
837 | 0 | { |
838 | 0 | out << " Exclude"; |
839 | 0 | for(const auto& st: name_constraints.excluded()) |
840 | 0 | { |
841 | 0 | out << " " << st.base(); |
842 | 0 | } |
843 | 0 | out << "\n"; |
844 | 0 | } |
845 | 0 | } |
846 | |
|
847 | 0 | if(!ocsp_responder().empty()) |
848 | 0 | out << "OCSP responder " << ocsp_responder() << "\n"; |
849 | |
|
850 | 0 | const std::vector<std::string> ca_issuers = this->ca_issuers(); |
851 | 0 | if(!ca_issuers.empty()) |
852 | 0 | { |
853 | 0 | out << "CA Issuers:\n"; |
854 | 0 | for(const auto& ca_issuer : ca_issuers) |
855 | 0 | out << " URI: " << ca_issuer << "\n"; |
856 | 0 | } |
857 | |
|
858 | 0 | if(!crl_distribution_point().empty()) |
859 | 0 | out << "CRL " << crl_distribution_point() << "\n"; |
860 | |
|
861 | 0 | out << "Signature algorithm: " << this->signature_algorithm().get_oid().to_formatted_string() << "\n"; |
862 | |
|
863 | 0 | out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; |
864 | |
|
865 | 0 | if(!this->authority_key_id().empty()) |
866 | 0 | out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; |
867 | |
|
868 | 0 | if(!this->subject_key_id().empty()) |
869 | 0 | out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; |
870 | |
|
871 | 0 | try |
872 | 0 | { |
873 | 0 | std::unique_ptr<Public_Key> pubkey(this->subject_public_key()); |
874 | 0 | out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n"; |
875 | 0 | out << X509::PEM_encode(*pubkey); |
876 | 0 | } |
877 | 0 | catch(Decoding_Error&) |
878 | 0 | { |
879 | 0 | const AlgorithmIdentifier& alg_id = this->subject_public_key_algo(); |
880 | 0 | out << "Failed to decode key with oid " << alg_id.get_oid().to_string() << "\n"; |
881 | 0 | } |
882 | |
|
883 | 0 | return out.str(); |
884 | 0 | } |
885 | | |
886 | | } |