Botan 2.19.3
Crypto and TLS for C&
ocsp_types.cpp
Go to the documentation of this file.
1/*
2* OCSP subtypes
3* (C) 2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/ocsp.h>
9#include <botan/der_enc.h>
10#include <botan/ber_dec.h>
11#include <botan/x509_ext.h>
12#include <botan/hash.h>
13
14namespace Botan {
15
16namespace OCSP {
17
19 const BigInt& subject_serial)
20 {
21 /*
22 In practice it seems some responders, including, notably,
23 ocsp.verisign.com, will reject anything but SHA-1 here
24 */
25 std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
26
28 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
29 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
30 m_subject_serial = subject_serial;
31 }
32
34 const X509_Certificate& subject) const
35 {
36 try
37 {
38 if(BigInt::decode(subject.serial_number()) != m_subject_serial)
39 return false;
40
41 const std::string hash_algo = m_hash_id.get_oid().to_formatted_string();
42 std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo);
43
44 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45 return false;
46
47 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48 return false;
49 }
50 catch(...)
51 {
52 return false;
53 }
54
55 return true;
56 }
57
58void CertID::encode_into(class DER_Encoder& to) const
59 {
61 .encode(m_hash_id)
62 .encode(m_issuer_dn_hash, OCTET_STRING)
63 .encode(m_issuer_key_hash, OCTET_STRING)
64 .encode(m_subject_serial)
65 .end_cons();
66 }
67
69 {
71 .decode(m_hash_id)
72 .decode(m_issuer_dn_hash, OCTET_STRING)
73 .decode(m_issuer_key_hash, OCTET_STRING)
74 .decode(m_subject_serial)
75 .end_cons();
76
77 }
78
80 {
81 throw Not_Implemented("SingleResponse::encode_into");
82 }
83
85 {
87 Extensions extensions;
88
90 .decode(m_certid)
92 .decode(m_thisupdate)
93 .decode_optional(m_nextupdate, ASN1_Tag(0),
95 .decode_optional(extensions,
96 ASN1_Tag(1),
98 .end_cons();
99
100 m_cert_status = cert_status.type();
101 }
102
103}
104
105}
const OID & get_oid() const
Definition asn1_obj.h:445
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition ber_dec.cpp:290
BER_Decoder & decode(bool &out)
Definition ber_dec.h:170
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
Definition ber_dec.h:337
BER_Decoder & end_cons()
Definition ber_dec.cpp:300
BER_Decoder & get_next(BER_Object &ber)
Definition ber_dec.h:66
static BigInt decode(const uint8_t buf[], size_t length)
Definition bigint.h:805
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition der_enc.cpp:181
DER_Encoder & end_cons()
Definition der_enc.cpp:191
DER_Encoder & encode(bool b)
Definition der_enc.cpp:285
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition hash.cpp:329
void decode_from(class BER_Decoder &from) override
bool is_id_for(const X509_Certificate &issuer, const X509_Certificate &subject) const
void encode_into(class DER_Encoder &to) const override
void encode_into(class DER_Encoder &to) const override
size_t cert_status() const
Definition ocsp.h:52
void decode_from(class BER_Decoder &from) override
std::string to_formatted_string() const
Definition asn1_oid.cpp:111
const std::vector< uint8_t > & serial_number() const
Definition x509cert.cpp:460
const std::vector< uint8_t > & raw_subject_dn() const
Definition x509cert.cpp:486
const std::vector< uint8_t > & raw_issuer_dn() const
Definition x509cert.cpp:481
const std::vector< uint8_t > & subject_public_key_bitstring() const
Definition x509cert.cpp:437
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:72
ASN1_Tag
Definition asn1_obj.h:25
@ CONSTRUCTED
Definition asn1_obj.h:30
@ SEQUENCE
Definition asn1_obj.h:42
@ CONTEXT_SPECIFIC
Definition asn1_obj.h:28
@ OCTET_STRING
Definition asn1_obj.h:38
MechanismType hash
AlgorithmIdentifier hash_algo
Definition x509_obj.cpp:22