Merge GH #1123 Add OCSP::Response::certificates API

author: Jack Lloyd <[email protected]> 2017-07-24 06:46:32 -0400
committer: Jack Lloyd <[email protected]> 2017-07-24 06:46:32 -0400
commit: 40f399c920c3516d66cbea977f1d38e55a1f7fb1 (patch)
tree: 5cb1b38200cc06e1c428d5d43cc8e548584ad56b
parent: 109b70580bc1ada4f1c8f1345658deff5618d58a (diff)
parent: a05c83297666915321ad5c627418f683e1bed1a8 (diff)
2 files changed, 36 insertions, 0 deletions
diff --git a/src/lib/x509/ocsp.h b/src/lib/x509/ocsp.h
index 42c45e406..63dc94b6a 100644
--- a/src/lib/x509/ocsp.h
+++ b/src/lib/x509/ocsp.h
@@ -143,6 +143,11 @@ class BOTAN_DLL Response
                                          const X509_Certificate& subject,
                                          std::chrono::system_clock::time_point ref_time = std::chrono::system_clock::now()) const;
 
+      /**
+       * @return the certificate chain, if provided in response
+       */
+      const std::vector<X509_Certificate> &certificates() const { return  m_certs; }
+
    private:
       std::vector<uint8_t> m_response_bits;
       X509_Time m_produced_at;
diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp
index 18708ddf6..e88fad0b4 100644
--- a/src/tests/test_ocsp.cpp
+++ b/src/tests/test_ocsp.cpp
@@ -86,6 +86,36 @@ class OCSP_Tests : public Test
          return result;
          }
 
+      Test::Result test_response_certificate_access()
+         {
+         Test::Result result("OCSP response certificate access");
+
+         try
+            {
+            Botan::OCSP::Response resp1(slurp_data_file("ocsp/resp1.der"));
+            const auto &certs1 = resp1.certificates();
+            if(result.test_eq("Expected count of certificates", certs1.size(), 1))
+               {
+               const auto cert = certs1.front();
+               const Botan::X509_DN expected_dn({std::make_pair(
+                  "X520.CommonName",
+                  "Symantec Class 3 EV SSL CA - G3 OCSP Responder")});
+               const bool matches = cert.subject_dn() == expected_dn;
+               result.test_eq("CN matches expected", matches, true);
+               }
+
+            Botan::OCSP::Response resp2(slurp_data_file("ocsp/resp2.der"));
+            const auto &certs2 = resp2.certificates();
+            result.test_eq("Expect no certificates", certs2.size(), 0);
+            }
+         catch(Botan::Exception& e)
+            {
+            result.test_failure("Parsing failed", e.what());
+            }
+
+         return result;
+         }
+
       Test::Result test_request_encoding()
          {
          Test::Result result("OCSP request encoding");
@@ -192,6 +222,7 @@ class OCSP_Tests : public Test
 
          results.push_back(test_request_encoding());
          results.push_back(test_response_parsing());
+         results.push_back(test_response_certificate_access());
          results.push_back(test_response_verification());
 
 #if defined(BOTAN_HAS_ONLINE_REVOCATION_CHECKS)
author	Jack Lloyd <[email protected]>	2017-07-24 06:46:32 -0400
committer	Jack Lloyd <[email protected]>	2017-07-24 06:46:32 -0400
commit	40f399c920c3516d66cbea977f1d38e55a1f7fb1 (patch)
tree	5cb1b38200cc06e1c428d5d43cc8e548584ad56b
parent	109b70580bc1ada4f1c8f1345658deff5618d58a (diff)
parent	a05c83297666915321ad5c627418f683e1bed1a8 (diff)