8#include <botan/internal/ffi_util.h>
9#include <botan/internal/ffi_pkey.h>
11#if defined(BOTAN_HAS_X509_CERTIFICATES)
12 #include <botan/x509cert.h>
13 #include <botan/x509path.h>
14 #include <botan/x509_crl.h>
15 #include <botan/data_src.h>
22#if defined(BOTAN_HAS_X509_CERTIFICATES)
30 if(!cert_obj || !cert_path)
33#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
37 *cert_obj =
new botan_x509_cert_struct(c.release());
51#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
55 *cert_obj =
new botan_x509_cert_struct(c.release());
67 if(!cert_obj || !cert_bits)
70#if defined(BOTAN_HAS_X509_CERTIFICATES)
74 *cert_obj =
new botan_x509_cert_struct(c.release());
90#if defined(BOTAN_HAS_X509_CERTIFICATES)
92 std::unique_ptr<Botan::Public_Key> publicKey =
safe_get(cert).load_subject_public_key();
93 *key =
new botan_pubkey_struct(publicKey.release());
103 const char* key,
size_t index,
104 uint8_t out[],
size_t* out_len)
106#if defined(BOTAN_HAS_X509_CERTIFICATES)
115 const char* key,
size_t index,
116 uint8_t out[],
size_t* out_len)
118#if defined(BOTAN_HAS_X509_CERTIFICATES)
128#if defined(BOTAN_HAS_X509_CERTIFICATES)
138#if defined(BOTAN_HAS_X509_CERTIFICATES)
141 if(c.allowed_usage(k))
153#if defined(BOTAN_HAS_X509_CERTIFICATES)
163#if defined(BOTAN_HAS_X509_CERTIFICATES)
173#if defined(BOTAN_HAS_X509_CERTIFICATES)
183#if defined(BOTAN_HAS_X509_CERTIFICATES)
185 *time_since_epoch = c.
not_before().time_since_epoch();
195#if defined(BOTAN_HAS_X509_CERTIFICATES)
197 *time_since_epoch = c.
not_after().time_since_epoch();
207#if defined(BOTAN_HAS_X509_CERTIFICATES)
217#if defined(BOTAN_HAS_X509_CERTIFICATES)
227#if defined(BOTAN_HAS_X509_CERTIFICATES)
237#if defined(BOTAN_HAS_X509_CERTIFICATES)
247#if defined(BOTAN_HAS_X509_CERTIFICATES)
257 if(hostname ==
nullptr)
260#if defined(BOTAN_HAS_X509_CERTIFICATES)
272 size_t intermediates_len,
275 const char* trusted_path,
276 size_t required_strength,
277 const char* hostname_cstr,
278 uint64_t reference_time)
280 if(required_strength == 0)
281 required_strength = 110;
283#if defined(BOTAN_HAS_X509_CERTIFICATES)
285 const std::string hostname((hostname_cstr ==
nullptr) ?
"" : hostname_cstr);
287 const auto validation_time = reference_time == 0 ?
288 std::chrono::system_clock::now() :
289 std::chrono::system_clock::from_time_t(
static_cast<time_t
>(reference_time));
291 std::vector<Botan::X509_Certificate> end_certs;
292 end_certs.push_back(
safe_get(cert));
293 for(
size_t i = 0; i != intermediates_len; ++i)
294 end_certs.push_back(
safe_get(intermediates[i]));
296 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
297 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
298 std::vector<Botan::Certificate_Store*> trusted_roots;
300 if(trusted_path && *trusted_path)
303 trusted_roots.push_back(trusted_from_path.get());
309 for(
size_t i = 0; i != trusted_len; ++i)
311 trusted_extra->add_certificate(
safe_get(trusted[i]));
313 trusted_roots.push_back(trusted_extra.get());
326 *result_code =
static_cast<int>(validation_result.result());
328 if(validation_result.successful_validation())
334 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
335 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
345#if defined(BOTAN_HAS_X509_CERTIFICATES)
353#if defined(BOTAN_HAS_X509_CERTIFICATES)
361 if(!crl_obj || !crl_path)
364#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
368 *crl_obj =
new botan_x509_crl_struct(c.release());
379 if(!crl_obj || !crl_bits)
382#if defined(BOTAN_HAS_X509_CERTIFICATES)
386 *crl_obj =
new botan_x509_crl_struct(c.release());
397#if defined(BOTAN_HAS_X509_CERTIFICATES)
407#if defined(BOTAN_HAS_X509_CERTIFICATES)
422 size_t intermediates_len,
427 const char* trusted_path,
428 size_t required_strength,
429 const char* hostname_cstr,
430 uint64_t reference_time)
432 if(required_strength == 0)
433 required_strength = 110;
435#if defined(BOTAN_HAS_X509_CERTIFICATES)
437 const std::string hostname((hostname_cstr ==
nullptr) ?
"" : hostname_cstr);
439 const auto validation_time = reference_time == 0 ?
440 std::chrono::system_clock::now() :
441 std::chrono::system_clock::from_time_t(
static_cast<time_t
>(reference_time));
443 std::vector<Botan::X509_Certificate> end_certs;
444 end_certs.push_back(
safe_get(cert));
445 for(
size_t i = 0; i != intermediates_len; ++i)
446 end_certs.push_back(
safe_get(intermediates[i]));
448 std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
449 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
450 std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
451 std::vector<Botan::Certificate_Store*> trusted_roots;
453 if(trusted_path && *trusted_path)
456 trusted_roots.push_back(trusted_from_path.get());
462 for(
size_t i = 0; i != trusted_len; ++i)
464 trusted_extra->add_certificate(
safe_get(trusted[i]));
466 trusted_roots.push_back(trusted_extra.get());
472 for(
size_t i = 0; i != crls_len; ++i)
474 trusted_crls->add_crl(
safe_get(crls[i]));
476 trusted_roots.push_back(trusted_crls.get());
489 *result_code =
static_cast<int>(validation_result.result());
491 if(validation_result.successful_validation())
497 BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
498 BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
#define BOTAN_UNUSED(...)
bool is_revoked(const X509_Certificate &cert) const
const X509_Time & not_after() const
bool matches_dns_name(const std::string &name) const
const X509_Time & not_before() const
struct botan_pubkey_struct * botan_pubkey_t
struct botan_x509_crl_struct * botan_x509_crl_t
struct botan_x509_cert_struct * botan_x509_cert_t
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
@ BOTAN_FFI_ERROR_NULL_POINTER
int botan_x509_is_revoked(botan_x509_crl_t crl, botan_x509_cert_t cert)
int botan_x509_crl_destroy(botan_x509_crl_t crl)
int botan_x509_cert_destroy(botan_x509_cert_t cert)
int botan_x509_cert_load_file(botan_x509_cert_t *cert_obj, const char *cert_path)
int botan_x509_cert_dup(botan_x509_cert_t *cert_obj, botan_x509_cert_t cert)
int botan_x509_cert_verify_with_crl(int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const botan_x509_crl_t *crls, size_t crls_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t *key)
const char * botan_x509_cert_validation_status(int code)
int botan_x509_cert_get_authority_key_id(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_issuer_dn(botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_time_expires(botan_x509_cert_t cert, char out[], size_t *out_len)
int botan_x509_cert_get_time_starts(botan_x509_cert_t cert, char out[], size_t *out_len)
int botan_x509_cert_load(botan_x509_cert_t *cert_obj, const uint8_t cert_bits[], size_t cert_bits_len)
int botan_x509_crl_load(botan_x509_crl_t *crl_obj, const uint8_t crl_bits[], size_t crl_bits_len)
int botan_x509_cert_get_subject_dn(botan_x509_cert_t cert, const char *key, size_t index, uint8_t out[], size_t *out_len)
int botan_x509_cert_not_before(botan_x509_cert_t cert, uint64_t *time_since_epoch)
int botan_x509_cert_verify(int *result_code, botan_x509_cert_t cert, const botan_x509_cert_t *intermediates, size_t intermediates_len, const botan_x509_cert_t *trusted, size_t trusted_len, const char *trusted_path, size_t required_strength, const char *hostname_cstr, uint64_t reference_time)
int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char *hostname)
int botan_x509_cert_get_serial_number(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_subject_key_id(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_crl_load_file(botan_x509_crl_t *crl_obj, const char *crl_path)
int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage)
int botan_x509_cert_not_after(botan_x509_cert_t cert, uint64_t *time_since_epoch)
int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], size_t *out_len)
int botan_x509_cert_get_fingerprint(botan_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len)
int botan_x509_cert_to_string(botan_x509_cert_t cert, char out[], size_t *out_len)
#define BOTAN_FFI_DO(T, obj, param, block)
#define BOTAN_FFI_CHECKED_DELETE(o)
#define BOTAN_FFI_RETURNING(T, obj, param, block)
#define BOTAN_FFI_DECLARE_STRUCT(NAME, TYPE, MAGIC)
int ffi_guard_thunk(const char *func_name, std::function< int()> thunk)
T & safe_get(botan_struct< T, M > *p)
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
std::string to_string(ErrorType type)
Convert an ErrorType to string.