← Back to branch summary

~ubuntu-branches/debian/sid/botan/sid

« back to all changes in this revision

Viewing changes to src/lib/x509/ocsp_types.cpp

  • Committer: Package Import Robot
  • Author(s): Laszlo Boszormenyi (GCS)
  • Date: 2018-03-01 22:23:25 UTC
  • mfrom: (1.2.2)
  • Revision ID: package-import@ubuntu.com-20180301222325-7p7vc45gu3hta34d
Tags: 2.4.0-2
* Don't remove .doctrees from the manual if it doesn't exist.
* Don't specify parallel to debhelper.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/x509/ocsp_types.cpp
 
1
/*
 
2
* OCSP subtypes
 
3
* (C) 2012 Jack Lloyd
 
4
*
 
5
* Botan is released under the Simplified BSD License (see license.txt)
 
6
*/
 
7
 
 
8
#include <botan/ocsp_types.h>
 
9
#include <botan/der_enc.h>
 
10
#include <botan/ber_dec.h>
 
11
#include <botan/x509_ext.h>
 
12
#include <botan/hash.h>
 
13
#include <botan/oids.h>
 
14
 
 
15
namespace Botan {
 
16
 
 
17
namespace OCSP {
 
18
 
 
19
CertID::CertID(const X509_Certificate& issuer,
 
20
               const BigInt& subject_serial)
 
21
   {
 
22
   /*
 
23
   In practice it seems some responders, including, notably,
 
24
   ocsp.verisign.com, will reject anything but SHA-1 here
 
25
   */
 
26
   std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
 
27
 
 
28
   m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
 
29
   m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
 
30
   m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
 
31
   m_subject_serial = subject_serial;
 
32
   }
 
33
 
 
34
bool CertID::is_id_for(const X509_Certificate& issuer,
 
35
                       const X509_Certificate& subject) const
 
36
   {
 
37
   try
 
38
      {
 
39
      if(BigInt::decode(subject.serial_number()) != m_subject_serial)
 
40
         return false;
 
41
 
 
42
      std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid())));
 
43
 
 
44
      if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
 
45
         return false;
 
46
 
 
47
      if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
 
48
         return false;
 
49
      }
 
50
   catch(...)
 
51
      {
 
52
      return false;
 
53
      }
 
54
 
 
55
   return true;
 
56
   }
 
57
 
 
58
void CertID::encode_into(class DER_Encoder& to) const
 
59
   {
 
60
   to.start_cons(SEQUENCE)
 
61
      .encode(m_hash_id)
 
62
      .encode(m_issuer_dn_hash, OCTET_STRING)
 
63
      .encode(m_issuer_key_hash, OCTET_STRING)
 
64
      .encode(m_subject_serial)
 
65
      .end_cons();
 
66
   }
 
67
 
 
68
void CertID::decode_from(class BER_Decoder& from)
 
69
   {
 
70
   from.start_cons(SEQUENCE)
 
71
      .decode(m_hash_id)
 
72
      .decode(m_issuer_dn_hash, OCTET_STRING)
 
73
      .decode(m_issuer_key_hash, OCTET_STRING)
 
74
      .decode(m_subject_serial)
 
75
      .end_cons();
 
76
 
 
77
   }
 
78
 
 
79
void SingleResponse::encode_into(class DER_Encoder&) const
 
80
   {
 
81
   throw Not_Implemented("SingleResponse::encode_into");
 
82
   }
 
83
 
 
84
void SingleResponse::decode_from(class BER_Decoder& from)
 
85
   {
 
86
   BER_Object cert_status;
 
87
   Extensions extensions;
 
88
 
 
89
   from.start_cons(SEQUENCE)
 
90
      .decode(m_certid)
 
91
      .get_next(cert_status)
 
92
      .decode(m_thisupdate)
 
93
      .decode_optional(m_nextupdate, ASN1_Tag(0),
 
94
                       ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))
 
95
      .decode_optional(extensions,
 
96
                       ASN1_Tag(1),
 
97
                       ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))
 
98
      .end_cons();
 
99
 
 
100
   m_cert_status = cert_status.type_tag;
 
101
   }
 
102
 
 
103
}
 
104
 
 
105
}