Remove config options to toggle if X.509 extensions are critical or

not. Instead provide via Extensions::add(). No way to modify behavior currently, it just follows the previous default police. Remove the config options from Library_State entirely. Die, mutable singletons, die.
author: lloyd <[email protected]> 2010-03-10 16:30:50 +0000
committer: lloyd <[email protected]> 2010-03-10 16:30:50 +0000
commit: fd79f63a44ad0b59507ac67bdb3eccbe4d45adbc (patch)
tree: 2fc4ef1884d1d3dc18608b03ad4e675c68d0e137
parent: 66494f4d9db90d04d93874ee37e77a282dd71b07 (diff)
7 files changed, 47 insertions, 96 deletions
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 1f3e643e9..ea7f3a405 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -63,19 +63,21 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
 
    Extensions extensions;
 
+   extensions.add(
+      new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()),
+      true);
+
+   extensions.add(new Cert_Extension::Key_Usage(constraints), true);
+
    extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
    extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key()));
 
    extensions.add(
-      new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()));
+      new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
 
-   extensions.add(new Cert_Extension::Key_Usage(constraints));
    extensions.add(
       new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));
 
-   extensions.add(
-      new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
-
    return make_cert(signer, rng, ca_sig_algo,
                     req.raw_public_key(),
                     not_before, not_after,
diff --git a/src/cert/x509/x509_ext.cpp b/src/cert/x509/x509_ext.cpp
index 69b21d8b3..3e51d1fa2 100644
--- a/src/cert/x509/x509_ext.cpp
+++ b/src/cert/x509/x509_ext.cpp
@@ -1,6 +1,6 @@
 /*
 * X.509 Certificate Extensions
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
 */
@@ -10,7 +10,6 @@
 #include <botan/der_enc.h>
 #include <botan/ber_dec.h>
 #include <botan/oids.h>
-#include <botan/libstate.h>
 #include <botan/internal/bit_ops.h>
 #include <algorithm>
 #include <memory>
@@ -52,12 +51,14 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object()
 */
 Extensions& Extensions::operator=(const Extensions& other)
    {
-   for(u32bit j = 0; j != extensions.size(); ++j)
-      delete extensions[j];
+   for(u32bit i = 0; i != extensions.size(); ++i)
+      delete extensions[i].first;
    extensions.clear();
 
-   for(u32bit j = 0; j != other.extensions.size(); ++j)
-      extensions.push_back(other.extensions[j]->copy());
+   for(u32bit i = 0; i != other.extensions.size(); ++i)
+      extensions.push_back(
+         std::make_pair(other.extensions[i].first->copy(),
+                        other.extensions[i].second));
 
    return (*this);
    }
@@ -70,30 +71,22 @@ OID Certificate_Extension::oid_of() const
    return OIDS::lookup(oid_name());
    }
 
+void Extensions::add(Certificate_Extension* extn, bool critical)
+   {
+   extensions.push_back(std::make_pair(extn, critical));
+   }
+
 /*
 * Encode an Extensions list
 */
 void Extensions::encode_into(DER_Encoder& to_object) const
    {
-   for(u32bit j = 0; j != extensions.size(); ++j)
+   for(u32bit i = 0; i != extensions.size(); ++i)
       {
-      const Certificate_Extension* ext = extensions[j];
-
-      std::string setting;
-
-      if(ext->config_id() != "")
-         setting = global_state().option("x509/exts/" + ext->config_id());
-
-      if(setting == "")
-         setting = "yes";
-
-      if(setting != "yes" && setting != "no" && setting != "critical")
-         throw Invalid_Argument("X509_CA:: Invalid value for option "
-                                "x509/exts/" + ext->config_id() + " of " +
-                                setting);
+      const Certificate_Extension* ext = extensions[i].first;
+      const bool is_critical = extensions[i].second;
 
-      bool is_critical = (setting == "critical");
-      bool should_encode = ext->should_encode() && (setting != "no");
+      const bool should_encode = ext->should_encode();
 
       if(should_encode)
          {
@@ -111,8 +104,8 @@ void Extensions::encode_into(DER_Encoder& to_object) const
 */
 void Extensions::decode_from(BER_Decoder& from_source)
    {
-   for(u32bit j = 0; j != extensions.size(); ++j)
-      delete extensions[j];
+   for(u32bit i = 0; i != extensions.size(); ++i)
+      delete extensions[i].first;
    extensions.clear();
 
    BER_Decoder sequence = from_source.start_cons(SEQUENCE);
@@ -142,7 +135,7 @@ void Extensions::decode_from(BER_Decoder& from_source)
 
       ext->decode_inner(value);
 
-      extensions.push_back(ext);
+      extensions.push_back(std::make_pair(ext, critical));
       }
    sequence.verify_end();
    }
@@ -153,8 +146,8 @@ void Extensions::decode_from(BER_Decoder& from_source)
 void Extensions::contents_to(Data_Store& subject_info,
                              Data_Store& issuer_info) const
    {
-   for(u32bit j = 0; j != extensions.size(); ++j)
-      extensions[j]->contents_to(subject_info, issuer_info);
+   for(u32bit i = 0; i != extensions.size(); ++i)
+      extensions[i].first->contents_to(subject_info, issuer_info);
    }
 
 /*
@@ -162,8 +155,8 @@ void Extensions::contents_to(Data_Store& subject_info,
 */
 Extensions::~Extensions()
    {
-   for(u32bit j = 0; j != extensions.size(); ++j)
-      delete extensions[j];
+   for(u32bit i = 0; i != extensions.size(); ++i)
+      delete extensions[i].first;
    }
 
 namespace Cert_Extension {
@@ -262,8 +255,8 @@ void Key_Usage::decode_inner(const MemoryRegion<byte>& in)
    obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]);
 
    u16bit usage = 0;
-   for(u32bit j = 1; j != obj.value.size(); ++j)
-      usage = (obj.value[j] << 8) | usage;
+   for(u32bit i = 1; i != obj.value.size(); ++i)
+      usage = (obj.value[i] << 8) | usage;
 
    constraints = Key_Constraints(usage);
    }
@@ -434,8 +427,8 @@ void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in)
 */
 void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const
    {
-   for(u32bit j = 0; j != oids.size(); ++j)
-      subject.add("X509v3.ExtendedKeyUsage", oids[j].as_string());
+   for(u32bit i = 0; i != oids.size(); ++i)
+      subject.add("X509v3.ExtendedKeyUsage", oids[i].as_string());
    }
 
 namespace {
@@ -503,8 +496,8 @@ void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in)
 */
 void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const
    {
-   for(u32bit j = 0; j != oids.size(); ++j)
-      info.add("X509v3.ExtendedKeyUsage", oids[j].as_string());
+   for(u32bit i = 0; i != oids.size(); ++i)
+      info.add("X509v3.ExtendedKeyUsage", oids[i].as_string());
    }
 
 /*
diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h
index 108215ee7..a5bfd357f 100644
--- a/src/cert/x509/x509_ext.h
+++ b/src/cert/x509/x509_ext.h
@@ -49,8 +49,7 @@ class BOTAN_DLL Extensions : public ASN1_Object
 
       void contents_to(Data_Store&, Data_Store&) const;
 
-      void add(Certificate_Extension* extn)
-         { extensions.push_back(extn); }
+      void add(Certificate_Extension* extn, bool critical = false);
 
       Extensions& operator=(const Extensions&);
 
@@ -60,7 +59,7 @@ class BOTAN_DLL Extensions : public ASN1_Object
    private:
       static Certificate_Extension* get_extension(const OID&);
 
-      std::vector<Certificate_Extension*> extensions;
+      std::vector<std::pair<Certificate_Extension*, bool> > extensions;
       bool should_throw;
    };
 
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index 89b63c8b2..68221cb4d 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -79,14 +79,19 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
 
    Extensions extensions;
 
-   extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
-   extensions.add(new Cert_Extension::Key_Usage(constraints));
    extensions.add(
-      new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
+      new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
+      true);
+
+   extensions.add(new Cert_Extension::Key_Usage(constraints), true);
+
+   extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
+
    extensions.add(
       new Cert_Extension::Subject_Alternative_Name(subject_alt));
+
    extensions.add(
-      new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
+      new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
 
    return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
                              opts.start, opts.end,
diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp
index 2e75453e9..b461c1ef8 100644
--- a/src/libstate/libstate.cpp
+++ b/src/libstate/libstate.cpp
@@ -213,23 +213,6 @@ std::string Library_State::deref_alias(const std::string& key) const
    return result;
    }
 
-/*
-* Set/Add an option
-*/
-void Library_State::set_option(const std::string& key,
-                               const std::string& value)
-   {
-   set("conf", key, value);
-   }
-
-/*
-* Get an option value
-*/
-std::string Library_State::option(const std::string& key) const
-   {
-   return get("conf", key);
-   }
-
 /**
 Return a reference to the Algorithm_Factory
 */
diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h
index d8d56bfd3..ade17c17e 100644
--- a/src/libstate/libstate.h
+++ b/src/libstate/libstate.h
@@ -88,21 +88,6 @@ class BOTAN_DLL Library_State
                bool overwrite = true);
 
       /**
-      * Get a parameters value out of the "conf" section (
-      * referred to as option).
-      * @param key the desired keys name
-      */
-      std::string option(const std::string& key) const;
-
-      /**
-      * Set an option.
-      * @param key the key of the option to set
-      * @param value the value to set
-      */
-      void set_option(const std::string& key,
-                      const std::string& value);
-
-      /**
       * Add a parameter value to the "alias" section.
       * @param key the name of the parameter which shall have a new alias
       * @param value the new alias
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp
index 7202f8df6..803ca518e 100644
--- a/src/libstate/policy.cpp
+++ b/src/libstate/policy.cpp
@@ -280,21 +280,6 @@ void set_default_aliases(Library_State& config)
    }
 
 /*
-* Set the default configuration toggles
-*/
-void set_default_config(Library_State& config)
-   {
-   config.set_option("x509/exts/basic_constraints", "critical");
-   config.set_option("x509/exts/subject_key_id", "yes");
-   config.set_option("x509/exts/authority_key_id", "yes");
-   config.set_option("x509/exts/subject_alternative_name", "yes");
-   config.set_option("x509/exts/issuer_alternative_name", "no");
-   config.set_option("x509/exts/key_usage", "critical");
-   config.set_option("x509/exts/extended_key_usage", "yes");
-   config.set_option("x509/exts/crl_number", "yes");
-   }
-
-/*
 * Set the built-in discrete log groups
 */
 void set_default_dl_groups(Library_State& config)
@@ -810,7 +795,6 @@ void set_default_dl_groups(Library_State& config)
 */
 void Library_State::load_default_config()
    {
-   set_default_config(*this);
    set_default_aliases(*this);
    set_default_oids(*this);
    set_default_dl_groups(*this);
author	lloyd <[email protected]>	2010-03-10 16:30:50 +0000
committer	lloyd <[email protected]>	2010-03-10 16:30:50 +0000
commit	fd79f63a44ad0b59507ac67bdb3eccbe4d45adbc (patch)
tree	2fc4ef1884d1d3dc18608b03ad4e675c68d0e137
parent	66494f4d9db90d04d93874ee37e77a282dd71b07 (diff)