diff options
| author | Jack Lloyd <[email protected]> | 2017-12-30 16:40:43 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-12-30 16:40:43 -0500 |
| commit | 6ea658f52f14963928fbf14002bcc15325ccd276 (patch) | |
| tree | 21080ed8696ab0ae177c13a410bab7dc303157e9 | |
| parent | a3426e922a75dab3f5ef157bf2521d910eef5090 (diff) | |
Change X509_Certificate to cache cert policies and name constraints
| -rw-r--r-- | src/lib/x509/x509cert.cpp | 36 | ||||
| -rw-r--r-- | src/lib/x509/x509cert.h | 4 |
2 files changed, 20 insertions, 20 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 459e26650..1ebfb7293 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -46,6 +46,7 @@ struct X509_Certificate_Data std::vector<OID> m_extended_key_usage; std::vector<uint8_t> m_authority_key_id; std::vector<uint8_t> m_subject_key_id; + std::vector<OID> m_cert_policies; std::vector<std::string> m_crl_distribution_points; std::string m_ocsp_responder; @@ -56,6 +57,7 @@ struct X509_Certificate_Data AlternativeName m_subject_alt_name; AlternativeName m_issuer_alt_name; + NameConstraints m_name_constraints; Data_Store m_subject_ds; Data_Store m_issuer_ds; @@ -219,6 +221,11 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o data->m_authority_key_id = ext->get_key_id(); } + if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>()) + { + data->m_name_constraints = ext->get_name_constraints(); + } + if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>()) { if(ext->get_is_ca() == true) @@ -247,6 +254,11 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o data->m_extended_key_usage = ext->get_oids(); } + if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>()) + { + data->m_cert_policies = ext->get_policy_oids(); + } + if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>()) { data->m_ocsp_responder = ext->ocsp_responder(); @@ -433,25 +445,14 @@ const std::vector<OID>& X509_Certificate::extended_key_usage() const return data().m_extended_key_usage; } -std::vector<OID> X509_Certificate::certificate_policy_oids() const +const std::vector<OID>& X509_Certificate::certificate_policy_oids() const { - if(auto ext = v3_extensions().get_extension_object_as<Cert_Extension::Certificate_Policies>()) - { - return ext->get_policy_oids(); - } - return std::vector<OID>(); + return data().m_cert_policies; } -/* -* Return the name constraints -*/ -NameConstraints X509_Certificate::name_constraints() const +const NameConstraints& X509_Certificate::name_constraints() const { - if(auto ext = v3_extensions().get_extension_object_as<Cert_Extension::Name_Constraints>()) - { - return ext->get_name_constraints(); - } - return NameConstraints(); // no constraints + return data().m_name_constraints; } const Extensions& X509_Certificate::v3_extensions() const @@ -785,10 +786,9 @@ std::string X509_Certificate::to_string() const out << " " << OIDS::oid2str(ex_constraints[i]) << "\n"; } - NameConstraints name_constraints = this->name_constraints(); + const NameConstraints& name_constraints = this->name_constraints(); - if(!name_constraints.permitted().empty() || - !name_constraints.excluded().empty()) + if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty()) { out << "Name Constraints:\n"; diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 4235d87e2..e87e5e436 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -308,7 +308,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object * extension of this certificate. * @return name constraints */ - NameConstraints name_constraints() const; + const NameConstraints& name_constraints() const; /** * Get the policies as defined in the CertificatePolicies extension @@ -317,7 +317,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ std::vector<std::string> BOTAN_DEPRECATED("Use certificate_policy_oids") policies() const; - std::vector<OID> certificate_policy_oids() const; + const std::vector<OID>& certificate_policy_oids() const; /** * Get all extensions of this certificate. |