aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509crl
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-02-06 19:30:38 +0000
committerlloyd <[email protected]>2012-02-06 19:30:38 +0000
commitf1a2b5a7b5f35322927446d1b9a381f05cc677df (patch)
tree905b125d9173a32c4a3b758ae124ded0d045d635 /src/cert/x509crl
parentcd58927000ef86eacc9de5b80f361d4d05e71731 (diff)
All of the X509 modules were actually mutually dependent. Ideally this
would be fixed but it's quite hard to do, makes more sense for now to merge then back into one big x509 blog.
Diffstat (limited to 'src/cert/x509crl')
-rw-r--r--src/cert/x509crl/crl_ent.cpp104
-rw-r--r--src/cert/x509crl/crl_ent.h94
-rw-r--r--src/cert/x509crl/info.txt6
-rw-r--r--src/cert/x509crl/x509_crl.cpp185
-rw-r--r--src/cert/x509crl/x509_crl.h101
5 files changed, 0 insertions, 490 deletions
diff --git a/src/cert/x509crl/crl_ent.cpp b/src/cert/x509crl/crl_ent.cpp
deleted file mode 100644
index d566637f6..000000000
--- a/src/cert/x509crl/crl_ent.cpp
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
-* CRL Entry
-* (C) 1999-2010 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/crl_ent.h>
-#include <botan/x509_ext.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/bigint.h>
-#include <botan/oids.h>
-#include <botan/time.h>
-
-namespace Botan {
-
-/*
-* Create a CRL_Entry
-*/
-CRL_Entry::CRL_Entry(bool t_on_unknown_crit) :
- throw_on_unknown_critical(t_on_unknown_crit)
- {
- reason = UNSPECIFIED;
- }
-
-/*
-* Create a CRL_Entry
-*/
-CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) :
- throw_on_unknown_critical(false)
- {
- serial = cert.serial_number();
- time = X509_Time(system_time());
- reason = why;
- }
-
-/*
-* Compare two CRL_Entrys for equality
-*/
-bool operator==(const CRL_Entry& a1, const CRL_Entry& a2)
- {
- if(a1.serial_number() != a2.serial_number())
- return false;
- if(a1.expire_time() != a2.expire_time())
- return false;
- if(a1.reason_code() != a2.reason_code())
- return false;
- return true;
- }
-
-/*
-* Compare two CRL_Entrys for inequality
-*/
-bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2)
- {
- return !(a1 == a2);
- }
-
-/*
-* DER encode a CRL_Entry
-*/
-void CRL_Entry::encode_into(DER_Encoder& der) const
- {
- Extensions extensions;
-
- extensions.add(new Cert_Extension::CRL_ReasonCode(reason));
-
- der.start_cons(SEQUENCE)
- .encode(BigInt::decode(serial))
- .encode(time)
- .start_cons(SEQUENCE)
- .encode(extensions)
- .end_cons()
- .end_cons();
- }
-
-/*
-* Decode a BER encoded CRL_Entry
-*/
-void CRL_Entry::decode_from(BER_Decoder& source)
- {
- BigInt serial_number_bn;
- reason = UNSPECIFIED;
-
- BER_Decoder entry = source.start_cons(SEQUENCE);
-
- entry.decode(serial_number_bn).decode(time);
-
- if(entry.more_items())
- {
- Extensions extensions(throw_on_unknown_critical);
- entry.decode(extensions);
- Data_Store info;
- extensions.contents_to(info, info);
- reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode"));
- }
-
- entry.end_cons();
-
- serial = BigInt::encode(serial_number_bn);
- }
-
-}
diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h
deleted file mode 100644
index ae9535484..000000000
--- a/src/cert/x509crl/crl_ent.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
-* CRL Entry
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_CRL_ENTRY_H__
-#define BOTAN_CRL_ENTRY_H__
-
-#include <botan/x509cert.h>
-
-namespace Botan {
-
-/**
-* X.509v2 CRL Reason Code.
-*/
-enum CRL_Code {
- UNSPECIFIED = 0,
- KEY_COMPROMISE = 1,
- CA_COMPROMISE = 2,
- AFFILIATION_CHANGED = 3,
- SUPERSEDED = 4,
- CESSATION_OF_OPERATION = 5,
- CERTIFICATE_HOLD = 6,
- REMOVE_FROM_CRL = 8,
- PRIVLEDGE_WITHDRAWN = 9,
- AA_COMPROMISE = 10,
-
- DELETE_CRL_ENTRY = 0xFF00,
- OCSP_GOOD = 0xFF01,
- OCSP_UNKNOWN = 0xFF02
-};
-
-/**
-* This class represents CRL entries
-*/
-class BOTAN_DLL CRL_Entry : public ASN1_Object
- {
- public:
- void encode_into(class DER_Encoder&) const;
- void decode_from(class BER_Decoder&);
-
- /**
- * Get the serial number of the certificate associated with this entry.
- * @return certificate's serial number
- */
- MemoryVector<byte> serial_number() const { return serial; }
-
- /**
- * Get the revocation date of the certificate associated with this entry
- * @return certificate's revocation date
- */
- X509_Time expire_time() const { return time; }
-
- /**
- * Get the entries reason code
- * @return reason code
- */
- CRL_Code reason_code() const { return reason; }
-
- /**
- * Construct an empty CRL entry.
- */
- CRL_Entry(bool throw_on_unknown_critical_extension = false);
-
- /**
- * Construct an CRL entry.
- * @param cert the certificate to revoke
- * @param reason the reason code to set in the entry
- */
- CRL_Entry(const X509_Certificate& cert,
- CRL_Code reason = UNSPECIFIED);
-
- private:
- bool throw_on_unknown_critical;
- MemoryVector<byte> serial;
- X509_Time time;
- CRL_Code reason;
- };
-
-/**
-* Test two CRL entries for equality in all fields.
-*/
-BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&);
-
-/**
-* Test two CRL entries for inequality in at least one field.
-*/
-BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&);
-
-}
-
-#endif
diff --git a/src/cert/x509crl/info.txt b/src/cert/x509crl/info.txt
deleted file mode 100644
index 77de46074..000000000
--- a/src/cert/x509crl/info.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-define X509_CRL
-
-<requires>
-x509cert
-</requires>
-
diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp
deleted file mode 100644
index 9c6b891c7..000000000
--- a/src/cert/x509crl/x509_crl.cpp
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
-* X.509 CRL
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/x509_crl.h>
-#include <botan/x509_ext.h>
-#include <botan/x509cert.h>
-#include <botan/ber_dec.h>
-#include <botan/parsing.h>
-#include <botan/bigint.h>
-#include <botan/oids.h>
-
-namespace Botan {
-
-/*
-* Load a X.509 CRL
-*/
-X509_CRL::X509_CRL(DataSource& in, bool touc) :
- X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc)
- {
- do_decode();
- }
-
-/*
-* Load a X.509 CRL
-*/
-X509_CRL::X509_CRL(const std::string& in, bool touc) :
- X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
- {
- do_decode();
- }
-
-/**
-* Check if this particular certificate is listed in the CRL
-*/
-bool X509_CRL::is_revoked(const X509_Certificate& cert) const
- {
- /*
- If the cert wasn't issued by the CRL issuer, it's possible the cert
- is revoked, but not by this CRL. Maybe throw an exception instead?
- */
- if(cert.issuer_dn() != issuer_dn())
- return false;
-
- MemoryVector<byte> crl_akid = authority_key_id();
- MemoryVector<byte> cert_akid = cert.authority_key_id();
-
- if(!crl_akid.empty() && !cert_akid.empty())
- if(crl_akid != cert_akid)
- return false;
-
- MemoryVector<byte> cert_serial = cert.serial_number();
-
- bool is_revoked = false;
-
- for(size_t i = 0; i != revoked.size(); ++i)
- {
- if(cert_serial == revoked[i].serial_number())
- {
- if(revoked[i].reason_code() == REMOVE_FROM_CRL)
- is_revoked = false;
- else
- is_revoked = true;
- }
- }
-
- return is_revoked;
- }
-
-/*
-* Decode the TBSCertList data
-*/
-void X509_CRL::force_decode()
- {
- BER_Decoder tbs_crl(tbs_bits);
-
- size_t version;
- tbs_crl.decode_optional(version, INTEGER, UNIVERSAL);
-
- if(version != 0 && version != 1)
- throw X509_CRL_Error("Unknown X.509 CRL version " +
- to_string(version+1));
-
- AlgorithmIdentifier sig_algo_inner;
- tbs_crl.decode(sig_algo_inner);
-
- if(sig_algo != sig_algo_inner)
- throw X509_CRL_Error("Algorithm identifier mismatch");
-
- X509_DN dn_issuer;
- tbs_crl.decode(dn_issuer);
- info.add(dn_issuer.contents());
-
- X509_Time start, end;
- tbs_crl.decode(start).decode(end);
- info.add("X509.CRL.start", start.readable_string());
- info.add("X509.CRL.end", end.readable_string());
-
- BER_Object next = tbs_crl.get_next_object();
-
- if(next.type_tag == SEQUENCE && next.class_tag == CONSTRUCTED)
- {
- BER_Decoder cert_list(next.value);
-
- while(cert_list.more_items())
- {
- CRL_Entry entry(throw_on_unknown_critical);
- cert_list.decode(entry);
- revoked.push_back(entry);
- }
- next = tbs_crl.get_next_object();
- }
-
- if(next.type_tag == 0 &&
- next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
- {
- BER_Decoder crl_options(next.value);
-
- Extensions extensions(throw_on_unknown_critical);
-
- crl_options.decode(extensions).verify_end();
-
- extensions.contents_to(info, info);
-
- next = tbs_crl.get_next_object();
- }
-
- if(next.type_tag != NO_OBJECT)
- throw X509_CRL_Error("Unknown tag in CRL");
-
- tbs_crl.verify_end();
- }
-
-/*
-* Return the list of revoked certificates
-*/
-std::vector<CRL_Entry> X509_CRL::get_revoked() const
- {
- return revoked;
- }
-
-/*
-* Return the distinguished name of the issuer
-*/
-X509_DN X509_CRL::issuer_dn() const
- {
- return create_dn(info);
- }
-
-/*
-* Return the key identifier of the issuer
-*/
-MemoryVector<byte> X509_CRL::authority_key_id() const
- {
- return info.get1_memvec("X509v3.AuthorityKeyIdentifier");
- }
-
-/*
-* Return the CRL number of this CRL
-*/
-u32bit X509_CRL::crl_number() const
- {
- return info.get1_u32bit("X509v3.CRLNumber");
- }
-
-/*
-* Return the issue data of the CRL
-*/
-X509_Time X509_CRL::this_update() const
- {
- return info.get1("X509.CRL.start");
- }
-
-/*
-* Return the date when a new CRL will be issued
-*/
-X509_Time X509_CRL::next_update() const
- {
- return info.get1("X509.CRL.end");
- }
-
-}
diff --git a/src/cert/x509crl/x509_crl.h b/src/cert/x509crl/x509_crl.h
deleted file mode 100644
index 55eb8424b..000000000
--- a/src/cert/x509crl/x509_crl.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
-* X.509 CRL
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_X509_CRL_H__
-#define BOTAN_X509_CRL_H__
-
-#include <botan/x509_obj.h>
-#include <botan/crl_ent.h>
-#include <vector>
-
-namespace Botan {
-
-class X509_Certificate;
-
-/**
-* This class represents X.509 Certificate Revocation Lists (CRLs).
-*/
-class BOTAN_DLL X509_CRL : public X509_Object
- {
- public:
- /**
- * This class represents CRL related errors.
- */
- struct BOTAN_DLL X509_CRL_Error : public Exception
- {
- X509_CRL_Error(const std::string& error) :
- Exception("X509_CRL: " + error) {}
- };
-
- /**
- * Check if this particular certificate is listed in the CRL
- */
- bool is_revoked(const X509_Certificate& cert) const;
-
- /**
- * Get the entries of this CRL in the form of a vector.
- * @return vector containing the entries of this CRL.
- */
- std::vector<CRL_Entry> get_revoked() const;
-
- /**
- * Get the issuer DN of this CRL.
- * @return CRLs issuer DN
- */
- X509_DN issuer_dn() const;
-
- /**
- * Get the AuthorityKeyIdentifier of this CRL.
- * @return this CRLs AuthorityKeyIdentifier
- */
- MemoryVector<byte> authority_key_id() const;
-
- /**
- * Get the serial number of this CRL.
- * @return CRLs serial number
- */
- u32bit crl_number() const;
-
- /**
- * Get the CRL's thisUpdate value.
- * @return CRLs thisUpdate
- */
- X509_Time this_update() const;
-
- /**
- * Get the CRL's nextUpdate value.
- * @return CRLs nextdUpdate
- */
- X509_Time next_update() const;
-
- /**
- * Construct a CRL from a data source.
- * @param source the data source providing the DER or PEM encoded CRL.
- * @param throw_on_unknown_critical should we throw an exception
- * if an unknown CRL extension marked as critical is encountered.
- */
- X509_CRL(DataSource& source, bool throw_on_unknown_critical = false);
-
- /**
- * Construct a CRL from a file containing the DER or PEM encoded CRL.
- * @param filename the name of the CRL file
- * @param throw_on_unknown_critical should we throw an exception
- * if an unknown CRL extension marked as critical is encountered.
- */
- X509_CRL(const std::string& filename,
- bool throw_on_unknown_critical = false);
- private:
- void force_decode();
-
- bool throw_on_unknown_critical;
- std::vector<CRL_Entry> revoked;
- Data_Store info;
- };
-
-}
-
-#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 08:29:33 +0000