aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-21 19:58:20 -0500
committerJack Lloyd <[email protected]>2016-11-23 08:31:06 -0500
commitec7c6e4d3d70077199523fa1b0f3ee17b2f86de2 (patch)
tree991cadc539bf23682e65daa7a02b52a0d83c114f
parent13be30e33e0aac0e5d566d77c4775293a2c363f7 (diff)
Add X509_Certificate helper functions for OCSP
Using the SHA-1 of the public key to identify the signing cert is hardcoded in OCSP and unlikely to change.
-rw-r--r--src/lib/x509/x509cert.cpp34
-rw-r--r--src/lib/x509/x509cert.h13
2 files changed, 43 insertions, 4 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp
index f56495a79..52802a8e4 100644
--- a/src/lib/x509/x509cert.cpp
+++ b/src/lib/x509/x509cert.cpp
@@ -143,11 +143,14 @@ void X509_Certificate::force_decode()
m_issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id);
m_subject.add("X509.Certificate.v2.key_id", v2_subject_key_id);
- m_subject.add("X509.Certificate.public_key",
- hex_encode(public_key.value));
+ m_subject.add("X509.Certificate.public_key", hex_encode(public_key.value));
- std::unique_ptr<Public_Key> pub_key(subject_public_key());
- m_self_signed = (dn_subject == dn_issuer) && check_signature(*pub_key);
+ m_self_signed = false;
+ if(dn_subject == dn_issuer)
+ {
+ std::unique_ptr<Public_Key> pub_key(subject_public_key());
+ m_self_signed = check_signature(*pub_key);
+ }
if(m_self_signed && version == 0)
{
@@ -221,6 +224,29 @@ std::vector<byte> X509_Certificate::subject_public_key_bits() const
return hex_decode(m_subject.get1("X509.Certificate.public_key"));
}
+std::vector<byte> X509_Certificate::subject_public_key_bitstring() const
+ {
+ // TODO: cache this
+ const std::vector<byte> key_bits = subject_public_key_bits();
+
+ AlgorithmIdentifier public_key_algid;
+ std::vector<byte> public_key_bitstr;
+
+ BER_Decoder(key_bits)
+ .decode(public_key_algid)
+ .decode(public_key_bitstr, BIT_STRING);
+
+ return public_key_bitstr;
+ }
+
+std::vector<byte> X509_Certificate::subject_public_key_bitstring_sha1() const
+ {
+ // TODO: cache this value
+ std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
+ hash->update(this->subject_public_key_bitstring());
+ return hash->final_stdvec();
+ }
+
/*
* Check if the certificate is for a CA
*/
diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h
index acdba7e02..5cf7c81fa 100644
--- a/src/lib/x509/x509cert.h
+++ b/src/lib/x509/x509cert.h
@@ -49,6 +49,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object
std::vector<byte> subject_public_key_bits() const;
/**
+ * Get the bit string of the public key associated with this certificate
+ * @return subject public key of this certificate
+ */
+ std::vector<byte> subject_public_key_bitstring() const;
+
+ /**
+ * Get the SHA-1 bit string of the public key associated with this certificate.
+ * This is used for OCSP among other protocols
+ * @return hash of subject public key of this certificate
+ */
+ std::vector<byte> subject_public_key_bitstring_sha1() const;
+
+ /**
* Get the certificate's issuer distinguished name (DN).
* @return issuer DN of this certificate
*/