diff options
author | lloyd <[email protected]> | 2009-12-16 22:54:39 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2009-12-16 22:54:39 +0000 |
commit | 1d595f8976483078c292e365bde3949c9de26332 (patch) | |
tree | 874f7cb1b2ba23405bc69330e6233eb567bf2ec4 /src/cert | |
parent | f3f36611db8c3f6c67c818d454973a0165b0fcf2 (diff) | |
parent | 85b961ff87c1d6300451538c939c99a2ff74b505 (diff) |
propagate from branch 'net.randombit.botan' (head 22c82e10d78ad0e2cdaa56cb02f3d846ed0ead5e)
to branch 'net.randombit.botan.c++0x' (head 74dbf310b7fcc11f94a16cd63046219acd5d62bc)
Diffstat (limited to 'src/cert')
29 files changed, 292 insertions, 367 deletions
diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index ee2ed2ddf..1335e8afa 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -1,7 +1,7 @@ /* * EAC Time Types * (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd +* 2008-2009 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -22,7 +22,7 @@ SecureVector<byte> enc_two_digit(u32bit in) { SecureVector<byte> result; in %= 100; - if (in < 10) + if(in < 10) result.append(0x00); else { @@ -50,24 +50,24 @@ u32bit dec_two_digit(byte b1, byte b2) /* * Create an EAC_Time */ -EAC_Time::EAC_Time(u64bit timer, ASN1_Tag t) - :tag(t) +EAC_Time::EAC_Time(const std::chrono::system_clock::time_point& time, + ASN1_Tag t) : tag(t) { - std::tm time_info = time_t_to_tm(timer); + calendar_point cal = calendar_value(time); - year = time_info.tm_year + 1900; - month = time_info.tm_mon + 1; - day = time_info.tm_mday; + year = cal.year; + month = cal.month; + day = cal.day; } /* * Create an EAC_Time */ -EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) - :tag(t) +EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : tag(t) { set_to(t_spec); } + /* * Create an EAC_Time */ @@ -84,7 +84,7 @@ EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) */ void EAC_Time::set_to(const std::string& time_str) { - if (time_str == "") + if(time_str == "") { year = month = day = 0; return; @@ -93,28 +93,28 @@ void EAC_Time::set_to(const std::string& time_str) std::vector<std::string> params; std::string current; - for (u32bit j = 0; j != time_str.size(); ++j) + for(u32bit j = 0; j != time_str.size(); ++j) { - if (Charset::is_digit(time_str[j])) + if(Charset::is_digit(time_str[j])) current += time_str[j]; else { - if (current != "") + if(current != "") params.push_back(current); current.clear(); } } - if (current != "") + if(current != "") params.push_back(current); - if (params.size() != 3) + if(params.size() != 3) throw Invalid_Argument("Invalid time specification " + time_str); year = to_u32bit(params[0]); month = to_u32bit(params[1]); day = to_u32bit(params[2]); - if (!passes_sanity_check()) + if(!passes_sanity_check()) throw Invalid_Argument("Invalid time specification " + time_str); } @@ -133,15 +133,10 @@ void EAC_Time::encode_into(DER_Encoder& der) const */ std::string EAC_Time::as_string() const { - if (time_is_set() == false) + if(time_is_set() == false) throw Invalid_State("EAC_Time::as_string: No time set"); - std::string asn1rep; - asn1rep = to_string(year, 2); - - asn1rep += to_string(month, 2) + to_string(day, 2); - - return asn1rep; + return std::to_string(year * 10000 + month * 100 + day); } /* @@ -157,15 +152,14 @@ bool EAC_Time::time_is_set() const */ std::string EAC_Time::readable_string() const { - if (time_is_set() == false) + if(time_is_set() == false) throw Invalid_State("EAC_Time::readable_string: No time set"); - std::string readable; - readable += to_string(year, 2) + "/"; - readable += to_string(month, 2) + "/"; - readable += to_string(day, 2) + " "; + std::string output(11, 0); + + std::sprintf(&output[0], "%04d/%02d/%02d", year, month, day); - return readable; + return output; } /* @@ -173,11 +167,11 @@ std::string EAC_Time::readable_string() const */ bool EAC_Time::passes_sanity_check() const { - if (year < 2000 || year > 2099) + if(year < 2000 || year > 2099) return false; - if (month == 0 || month > 12) + if(month == 0 || month > 12) return false; - if (day == 0 || day > 31) + if(day == 0 || day > 31) return false; return true; @@ -186,11 +180,11 @@ bool EAC_Time::passes_sanity_check() const /****************************************** * modification functions ******************************************/ - void EAC_Time::add_years(u32bit years) { year += years; } + void EAC_Time::add_months(u32bit months) { year += months/12; @@ -202,23 +196,22 @@ void EAC_Time::add_months(u32bit months) } } - /* * Compare this time against another */ s32bit EAC_Time::cmp(const EAC_Time& other) const { - if (time_is_set() == false) + if(time_is_set() == false) throw Invalid_State("EAC_Time::cmp: No time set"); const s32bit EARLIER = -1, LATER = 1, SAME_TIME = 0; - if (year < other.year) return EARLIER; - if (year > other.year) return LATER; - if (month < other.month) return EARLIER; - if (month > other.month) return LATER; - if (day < other.day) return EARLIER; - if (day > other.day) return LATER; + if(year < other.year) return EARLIER; + if(year > other.year) return LATER; + if(month < other.month) return EARLIER; + if(month > other.month) return LATER; + if(day < other.day) return EARLIER; + if(day > other.day) return LATER; return SAME_TIME; } @@ -230,22 +223,27 @@ bool operator==(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) == 0); } + bool operator!=(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) != 0); } + bool operator<=(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) <= 0); } + bool operator>=(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) >= 0); } + bool operator>(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) > 0); } + bool operator<(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) < 0); @@ -282,19 +280,6 @@ void EAC_Time::decode_from(BER_Decoder& source) } -u32bit EAC_Time::get_year() const - { - return year; - } -u32bit EAC_Time::get_month() const - { - return month; - } -u32bit EAC_Time::get_day() const - { - return day; - } - /* * make the value an octet string for encoding */ @@ -307,28 +292,4 @@ SecureVector<byte> EAC_Time::encoded_eac_time() const return result; } -ASN1_Ced::ASN1_Ced(std::string const& str) - : EAC_Time(str, ASN1_Tag(37)) - {} - -ASN1_Ced::ASN1_Ced(u64bit val) - : EAC_Time(val, ASN1_Tag(37)) - {} - -ASN1_Ced::ASN1_Ced(EAC_Time const& other) - : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(37)) - {} - -ASN1_Cex::ASN1_Cex(std::string const& str) - : EAC_Time(str, ASN1_Tag(36)) - {} - -ASN1_Cex::ASN1_Cex(u64bit val) - : EAC_Time(val, ASN1_Tag(36)) - {} - -ASN1_Cex::ASN1_Cex(EAC_Time const& other) - : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(36)) - {} - } diff --git a/src/cert/cvc/cvc_ado.cpp b/src/cert/cvc/cvc_ado.cpp index 6e1484e90..47c972c72 100644 --- a/src/cert/cvc/cvc_ado.cpp +++ b/src/cert/cvc/cvc_ado.cpp @@ -12,7 +12,7 @@ namespace Botan { -EAC1_1_ADO::EAC1_1_ADO(std::tr1::shared_ptr<DataSource> in) +EAC1_1_ADO::EAC1_1_ADO(std::shared_ptr<DataSource> in) { init(in); do_decode(); @@ -20,7 +20,7 @@ EAC1_1_ADO::EAC1_1_ADO(std::tr1::shared_ptr<DataSource> in) EAC1_1_ADO::EAC1_1_ADO(const std::string& in) { - std::tr1::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); + std::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); init(stream); do_decode(); } @@ -41,18 +41,18 @@ void EAC1_1_ADO::force_decode() .end_cons() .get_contents(); - std::tr1::shared_ptr<DataSource> req_source(new DataSource_Memory(req_bits)); + std::shared_ptr<DataSource> req_source(new DataSource_Memory(req_bits)); m_req = EAC1_1_Req(req_source); sig_algo = m_req.sig_algo; } MemoryVector<byte> EAC1_1_ADO::make_signed( - std::auto_ptr<PK_Signer> signer, + PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng) { SecureVector<byte> concat_sig = - EAC1_1_obj<EAC1_1_ADO>::make_signature(signer.get(), tbs_bits, rng); + EAC1_1_obj<EAC1_1_ADO>::make_signature(signer, tbs_bits, rng); assert(concat_sig.size() % 2 == 0); MemoryVector<byte> result = DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h index a0dbec2a6..5968b1ba4 100644 --- a/src/cert/cvc/cvc_ado.h +++ b/src/cert/cvc/cvc_ado.h @@ -38,7 +38,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> * Construct a CVC ADO request from a data source * @param source the data source */ - EAC1_1_ADO(std::tr1::shared_ptr<DataSource> source); + EAC1_1_ADO(std::shared_ptr<DataSource> source); /** * Create a signed CVC ADO request from to be signed (TBS) data @@ -46,7 +46,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> * @param tbs_bits the TBS data to sign */ static MemoryVector<byte> make_signed( - std::auto_ptr<PK_Signer> signer, + PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng); diff --git a/src/cert/cvc/cvc_ca.cpp b/src/cert/cvc/cvc_ca.cpp index 8ca8db0c2..b51c1f4ff 100644 --- a/src/cert/cvc/cvc_ca.cpp +++ b/src/cert/cvc/cvc_ca.cpp @@ -4,7 +4,7 @@ #include <botan/oids.h> namespace Botan { -EAC1_1_CVC EAC1_1_CVC_CA::make_cert(std::auto_ptr<PK_Signer> signer, +EAC1_1_CVC EAC1_1_CVC_CA::make_cert(PK_Signer& signer, MemoryRegion<byte> const& public_key, ASN1_Car const& car, ASN1_Chr const& chr, @@ -37,7 +37,7 @@ EAC1_1_CVC EAC1_1_CVC_CA::make_cert(std::auto_ptr<PK_Signer> signer, EAC1_1_CVC::build_cert_body(tbs), rng); - std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); + std::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); return EAC1_1_CVC(source); } diff --git a/src/cert/cvc/cvc_ca.h b/src/cert/cvc/cvc_ca.h index 3ec307bb3..87699808f 100644 --- a/src/cert/cvc/cvc_ca.h +++ b/src/cert/cvc/cvc_ca.h @@ -36,7 +36,7 @@ class BOTAN_DLL EAC1_1_CVC_CA * @param ced the CED to appear in the certificate * @param ced the CEX to appear in the certificate */ - static EAC1_1_CVC make_cert(std::auto_ptr<PK_Signer> signer, + static EAC1_1_CVC make_cert(PK_Signer& signer, MemoryRegion<byte> const& public_key, ASN1_Car const& car, ASN1_Chr const& chr, diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index d2be12df8..5c2e28c39 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -61,7 +61,7 @@ void EAC1_1_CVC::force_decode() // FIXME: PK algos have no notion of EAC encoder/decoder currently #if 0 ECDSA_PublicKey tmp_pk; - std::auto_ptr<EAC1_1_CVC_Decoder> dec = tmp_pk.cvc_eac1_1_decoder(); + std::unique_ptr<EAC1_1_CVC_Decoder> dec = tmp_pk.cvc_eac1_1_decoder(); sig_algo = dec->public_key(enc_pk); @@ -78,7 +78,7 @@ void EAC1_1_CVC::force_decode() /* * CVC Certificate Constructor */ -EAC1_1_CVC::EAC1_1_CVC(std::tr1::shared_ptr<DataSource>& in) +EAC1_1_CVC::EAC1_1_CVC(std::shared_ptr<DataSource>& in) { init(in); self_signed = false; @@ -87,7 +87,7 @@ EAC1_1_CVC::EAC1_1_CVC(std::tr1::shared_ptr<DataSource>& in) EAC1_1_CVC::EAC1_1_CVC(const std::string& in) { - std::tr1::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); + std::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); init(stream); self_signed = false; do_decode(); diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h index 17671d332..0bc162c0c 100644 --- a/src/cert/cvc/cvc_cert.h +++ b/src/cert/cvc/cvc_cert.h @@ -59,7 +59,7 @@ class BOTAN_DLL EAC1_1_CVC : public EAC1_1_gen_CVC<EAC1_1_CVC>//Signed_Object * Construct a CVC from a data source * @param source the data source */ - EAC1_1_CVC(std::tr1::shared_ptr<DataSource>& source); + EAC1_1_CVC(std::shared_ptr<DataSource>& source); /** * Construct a CVC from a file diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index 797970e29..059a82562 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -34,7 +34,7 @@ class BOTAN_DLL EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation * Get this certificates public key. * @result this certificates public key */ - std::auto_ptr<Public_Key> subject_public_key() const; + std::unique_ptr<Public_Key> subject_public_key() const; /** * Find out whether this object is self signed. @@ -76,7 +76,7 @@ class BOTAN_DLL EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation * @result the DER encoded signed generalized CVC object */ static MemoryVector<byte> make_signed( - std::auto_ptr<PK_Signer> signer, + PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng); virtual ~EAC1_1_gen_CVC<Derived>() @@ -104,11 +104,11 @@ template<typename Derived> bool EAC1_1_gen_CVC<Derived>::is_self_signed() const } template<typename Derived> MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_signed( - std::auto_ptr<PK_Signer> signer, + PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng) // static { - SecureVector<byte> concat_sig = EAC1_1_obj<Derived>::make_signature(signer.get(), tbs_bits, rng); + SecureVector<byte> concat_sig = EAC1_1_obj<Derived>::make_signature(signer, tbs_bits, rng); assert(concat_sig.size() % 2 == 0); return DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) @@ -118,9 +118,9 @@ template<typename Derived> MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_sign .get_contents(); } -template<typename Derived> std::auto_ptr<Public_Key> EAC1_1_gen_CVC<Derived>::subject_public_key() const +template<typename Derived> std::unique_ptr<Public_Key> EAC1_1_gen_CVC<Derived>::subject_public_key() const { - return std::auto_ptr<Public_Key>(new ECDSA_PublicKey(m_pk)); + return std::unique_ptr<Public_Key>(new ECDSA_PublicKey(m_pk)); } template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(MemoryRegion<byte> const& tbs) diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp index 70a44bacd..aa29d8ee6 100644 --- a/src/cert/cvc/cvc_req.cpp +++ b/src/cert/cvc/cvc_req.cpp @@ -44,13 +44,13 @@ void EAC1_1_Req::force_decode() // FIXME: No EAC support in ECDSA #if 0 ECDSA_PublicKey tmp_pk; - std::auto_ptr<EAC1_1_CVC_Decoder> dec = tmp_pk.cvc_eac1_1_decoder(); + std::unique_ptr<EAC1_1_CVC_Decoder> dec = tmp_pk.cvc_eac1_1_decoder(); sig_algo = dec->public_key(enc_pk); m_pk = tmp_pk; #endif } -EAC1_1_Req::EAC1_1_Req(std::tr1::shared_ptr<DataSource> in) +EAC1_1_Req::EAC1_1_Req(std::shared_ptr<DataSource> in) { init(in); self_signed = true; @@ -59,7 +59,7 @@ EAC1_1_Req::EAC1_1_Req(std::tr1::shared_ptr<DataSource> in) EAC1_1_Req::EAC1_1_Req(const std::string& in) { - std::tr1::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); + std::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); init(stream); self_signed = true; do_decode(); diff --git a/src/cert/cvc/cvc_req.h b/src/cert/cvc/cvc_req.h index 28f03db80..ea05fc157 100644 --- a/src/cert/cvc/cvc_req.h +++ b/src/cert/cvc/cvc_req.h @@ -35,7 +35,7 @@ class BOTAN_DLL EAC1_1_Req : public EAC1_1_gen_CVC<EAC1_1_Req> * Construct a CVC request from a data source. * @param source the data source */ - EAC1_1_Req(std::tr1::shared_ptr<DataSource> source); + EAC1_1_Req(std::shared_ptr<DataSource> source); /** * Construct a CVC request from a DER encoded CVC reqeust file. diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index 227ff4136..ae10838ac 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -14,7 +14,7 @@ #include <botan/look_pk.h> #include <botan/cvc_req.h> #include <botan/cvc_ado.h> -#include <botan/time.h> +#include <chrono> #include <sstream> namespace Botan { @@ -84,16 +84,18 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + std::unique_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); #if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); + std::unique_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); #else MemoryVector<byte> enc_public_key; #endif - return EAC1_1_CVC_CA::make_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, opt.ced, opt.cex, rng); + return EAC1_1_CVC_CA::make_cert(*signer.get(), enc_public_key, + opt.car, chr, opt.holder_auth_templ, + opt.ced, opt.cex, rng); } @@ -113,10 +115,10 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + std::unique_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); #if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); + std::unique_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); #else MemoryVector<byte> enc_public_key; @@ -130,8 +132,11 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, .encode(chr) .get_contents(); - MemoryVector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); - std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); + MemoryVector<byte> signed_cert = + EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(*signer.get(), + EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); + + std::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); return EAC1_1_Req(source); } @@ -146,12 +151,16 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, { throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); } + std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + + std::unique_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + SecureVector<byte> tbs_bits = req.BER_encode(); tbs_bits.append(DER_Encoder().encode(car).get_contents()); - MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); - std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); + + MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(*signer.get(), tbs_bits, rng); + std::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); return EAC1_1_ADO(source); } @@ -172,9 +181,8 @@ EAC1_1_CVC create_cvca(Private_Key const& key, } EAC1_1_CVC_Options opts; opts.car = car; - const u64bit current_time = system_time(); - opts.ced = ASN1_Ced(current_time); + opts.ced = ASN1_Ced(std::chrono::system_clock::now()); opts.cex = ASN1_Cex(opts.ced); opts.cex.add_months(cvca_validity_months); opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT)); @@ -189,12 +197,12 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, EAC1_1_CVC const& signee, RandomNumberGenerator& rng) { - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); + const ECDSA_PrivateKey* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); + if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - ASN1_Ced ced(system_time()); + throw Invalid_Argument("link_cvca(): unsupported key type"); + + ASN1_Ced ced(std::chrono::system_clock::now()); ASN1_Cex cex(signee.get_cex()); if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex)) { @@ -210,19 +218,19 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, } AlgorithmIdentifier sig_algo = signer.signature_algorithm(); std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); - std::auto_ptr<Public_Key> pk = signee.subject_public_key(); + std::unique_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); + std::unique_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(ENC_EXPLICIT); #if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); + std::unique_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); #else MemoryVector<byte> enc_public_key; #endif - return EAC1_1_CVC_CA::make_cert(pk_signer, enc_public_key, + return EAC1_1_CVC_CA::make_cert(*pk_signer.get(), enc_public_key, signer.get_car(), signee.get_chr(), signer.get_chat_value(), @@ -250,10 +258,10 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, chr_str.append(fixed_len_seqnr(seqnr, seqnr_len)); ASN1_Chr chr(chr_str); std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); - std::auto_ptr<Public_Key> pk = signee.subject_public_key(); + std::unique_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); + std::unique_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); - std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); + std::unique_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); // for the case that the domain parameters are not set... // (we use those from the signer because they must fit) @@ -262,15 +270,16 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, subj_pk->set_parameter_encoding(ENC_IMPLICITCA); #if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); + std::unique_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); #else MemoryVector<byte> enc_public_key; #endif AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm()); - const u64bit current_time = system_time(); - ASN1_Ced ced(current_time); + + ASN1_Ced ced(std::chrono::system_clock::now()); + u32bit chat_val; u32bit chat_low = signer_cert.get_chat_value() & 0x3; // take the chat rights from signer ASN1_Cex cex(ced); @@ -298,7 +307,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, throw Invalid_Argument("sign_request(): encountered illegal value for CHAT"); // (IS cannot sign certificates) } - return EAC1_1_CVC_CA::make_cert(pk_signer, enc_public_key, + return EAC1_1_CVC_CA::make_cert(*pk_signer.get(), enc_public_key, ASN1_Car(signer_cert.get_chr().iso_8859()), chr, chat_val, diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h index 652c9a6e6..79802951c 100644 --- a/src/cert/cvc/eac_asn_obj.h +++ b/src/cert/cvc/eac_asn_obj.h @@ -1,7 +1,7 @@ /* * EAC ASN.1 Objects * (C) 2007-2008 FlexSecure GmbH -* 2008 Jack Lloyd +* 2008-2009 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -12,6 +12,7 @@ #include <botan/asn1_obj.h> #include <vector> #include <map> +#include <chrono> namespace Botan { @@ -58,7 +59,6 @@ class BOTAN_DLL EAC_Time : public ASN1_Object * e.g. "2007 08 01" */ void set_to(const std::string& str); - //void set_to(const std::string&, ASN1_Tag); /** * Add the specified number of years to this. @@ -76,24 +76,28 @@ class BOTAN_DLL EAC_Time : public ASN1_Object * Get the year value of this objects. * @return the year value */ - u32bit get_year() const; + u32bit get_year() const { return year; } /** * Get the month value of this objects. * @return the month value */ - u32bit get_month() const; + u32bit get_month() const { return month; } /** * Get the day value of this objects. * @return the day value */ - u32bit get_day() const; + u32bit get_day() const { return day; } - EAC_Time(u64bit, ASN1_Tag t = ASN1_Tag(0)); - //EAC_Time(const std::string& = ""); - EAC_Time(const std::string&, ASN1_Tag = ASN1_Tag(0)); - EAC_Time(u32bit year, u32bit month, u32bit day, ASN1_Tag = ASN1_Tag(0)); + EAC_Time(const std::chrono::system_clock::time_point& time, + ASN1_Tag tag = ASN1_Tag(0)); + + EAC_Time(const std::string& yyyy_mm_dd, + ASN1_Tag tag = ASN1_Tag(0)); + + EAC_Time(u32bit year, u32bit month, u32bit day, + ASN1_Tag tag = ASN1_Tag(0)); virtual ~EAC_Time() {} private: @@ -115,25 +119,25 @@ class BOTAN_DLL ASN1_Ced : public EAC_Time * @param str a string in the format "yyyy mm dd", * e.g. "2007 08 01" */ - ASN1_Ced(std::string const& str = ""); + ASN1_Ced(std::string const& str = "") : + EAC_Time(str, ASN1_Tag(37)) {} /** - * Construct a CED from a timer value. - * @param time the number of seconds elapsed midnight, 1st - * January 1970 GMT (or 7pm, 31st December 1969 EST) up to the - * desired date + * Construct a CED from a time point */ - ASN1_Ced(u64bit time); + ASN1_Ced(const std::chrono::system_clock::time_point& time) : + EAC_Time(time, ASN1_Tag(37)) {} /** * Copy constructor (for general EAC_Time objects). * @param other the object to copy from */ - ASN1_Ced(EAC_Time const& other); - //ASN1_Ced(ASN1_Cex const& cex); + ASN1_Ced(EAC_Time const& other) : + EAC_Time(other.get_year(), other.get_month(), other.get_day(), + ASN1_Tag(37)) + {} }; - /** * This class represents CVC CEXs. Only limited sanity checks of * the inputted date value are performed. @@ -142,27 +146,20 @@ class BOTAN_DLL ASN1_Cex : public EAC_Time { public: /** - * Construct a CED from a string value. + * Construct a CEX from a string value. * @param str a string in the format "yyyy mm dd", * e.g. "2007 08 01" */ - ASN1_Cex(std::string const& str=""); + ASN1_Cex(std::string const& str = "") : + EAC_Time(str, ASN1_Tag(36)) {} - /** - * Construct a CED from a timer value. - * @param time the number of seconds elapsed - * midnight, 1st - * January 1970 GMT (or 7pm, 31st December 1969 EST) - * up to the desired date - */ - ASN1_Cex(u64bit time); + ASN1_Cex(const std::chrono::system_clock::time_point& time) : + EAC_Time(time, ASN1_Tag(36)) {} - /** - * Copy constructor (for general EAC_Time objects). - * @param other the object to copy from - */ - ASN1_Cex(EAC_Time const& other); - //ASN1_Cex(ASN1_Ced const& ced); + ASN1_Cex(EAC_Time const& other) : + EAC_Time(other.get_year(), other.get_month(), other.get_day(), + ASN1_Tag(36)) + {} }; /** diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index d357adb7d..f822442bc 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -54,7 +54,7 @@ class BOTAN_DLL EAC1_1_obj : public EAC_Signed_Object protected: void init(SharedPtrConverter<DataSource> in); - static SecureVector<byte> make_signature(PK_Signer* signer, + static SecureVector<byte> make_signature(PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng); @@ -68,12 +68,12 @@ template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::get_concat_si } template<typename Derived> SecureVector<byte> -EAC1_1_obj<Derived>::make_signature(PK_Signer* signer, +EAC1_1_obj<Derived>::make_signature(PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng) { // this is the signature as a der sequence - SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); + SecureVector<byte> seq_sig = signer.sign_message(tbs_bits, rng); ECDSA_Signature sig(decode_seq(seq_sig)); SecureVector<byte> concat_sig(sig.get_concatenation()); @@ -112,12 +112,12 @@ bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const if(!dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key)) return false; - std::auto_ptr<ECDSA_Signature_Encoder> enc(new ECDSA_Signature_Encoder(&m_sig)); + std::unique_ptr<ECDSA_Signature_Encoder> enc(new ECDSA_Signature_Encoder(&m_sig)); SecureVector<byte> seq_sig = enc->signature_bits(); SecureVector<byte> to_sign = tbs_data(); PK_Verifying_wo_MR_Key& sig_key = dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(sig_key, padding, format)); + std::unique_ptr<PK_Verifier> verifier(get_pk_verifier(sig_key, padding, format)); return verifier->verify_message(to_sign, seq_sig); } catch(...) diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index c33a4550a..1a60f7aa8 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -41,7 +41,7 @@ ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq) { ECDSA_Signature sig; - std::auto_ptr<ECDSA_Signature_Decoder> dec(new ECDSA_Signature_Decoder(&sig)); + std::unique_ptr<ECDSA_Signature_Decoder> dec(new ECDSA_Signature_Decoder(&sig)); dec->signature_bits(seq); return sig; } diff --git a/src/cert/cvc/freestore.h b/src/cert/cvc/freestore.h index 7f8b85388..3049dbd13 100644 --- a/src/cert/cvc/freestore.h +++ b/src/cert/cvc/freestore.h @@ -8,14 +8,7 @@ #define BOTAN_FREESTORE_H__ #include <botan/build.h> - -#if defined(BOTAN_USE_STD_TR1) - #include <tr1/memory> -#elif defined(BOTAN_USE_BOOST_TR1) - #include <boost/tr1/memory.hpp> -#else - #error "Please choose a TR1 implementation in build.h" -#endif +#include <memory> namespace Botan { @@ -29,7 +22,7 @@ template<typename T> class BOTAN_DLL SharedPtrConverter { public: - typedef std::tr1::shared_ptr<T> SharedPtr; + typedef std::shared_ptr<T> SharedPtr; /** * Construct a null pointer equivalent object. diff --git a/src/cert/cvc/info.txt b/src/cert/cvc/info.txt index 2033b9576..b89441a03 100644 --- a/src/cert/cvc/info.txt +++ b/src/cert/cvc/info.txt @@ -1,7 +1,5 @@ define CARD_VERIFIABLE_CERTIFICATES -uses_tr1 yes - load_on auto <header:public> diff --git a/src/cert/x509/crl_ent.cpp b/src/cert/x509/crl_ent.cpp index 42a742ebb..e7ce1a57a 100644 --- a/src/cert/x509/crl_ent.cpp +++ b/src/cert/x509/crl_ent.cpp @@ -11,7 +11,6 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/oids.h> -#include <botan/time.h> namespace Botan { @@ -31,7 +30,7 @@ CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) : throw_on_unknown_critical(false) { serial = cert.serial_number(); - time = X509_Time(system_time()); + time = X509_Time(std::chrono::system_clock::now()); reason = why; } diff --git a/src/cert/x509/pkcs10.cpp b/src/cert/x509/pkcs10.cpp index 5617cece4..5645552a0 100644 --- a/src/cert/x509/pkcs10.cpp +++ b/src/cert/x509/pkcs10.cpp @@ -45,7 +45,7 @@ void PKCS10_Request::force_decode() cert_req_info.decode(version); if(version != 0) throw Decoding_Error("Unknown version code in PKCS #10 request: " + - to_string(version)); + std::to_string(version)); X509_DN dn_subject; cert_req_info.decode(dn_subject); diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 16b7b3b9b..59a5bbaf8 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -14,10 +14,6 @@ #include <botan/lookup.h> #include <botan/look_pk.h> #include <botan/oids.h> -#include <botan/time.h> -#include <algorithm> -#include <typeinfo> -#include <iterator> #include <memory> #include <set> @@ -61,7 +57,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN); else { - std::auto_ptr<Public_Key> key(req.subject_public_key()); + std::unique_ptr<Public_Key> key(req.subject_public_key()); constraints = X509::find_constraints(*key, req.constraints()); } @@ -173,8 +169,7 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl, for(u32bit j = 0; j != already_revoked.size(); ++j) { - std::set<SecureVector<byte> >::const_iterator i; - i = removed_from_crl.find(already_revoked[j].serial_number()); + auto i = removed_from_crl.find(already_revoked[j].serial_number()); if(i == removed_from_crl.end()) all_revoked.push_back(already_revoked[j]); @@ -201,7 +196,8 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, next_update = timespec_to_u32bit("7d"); // Totally stupid: ties encoding logic to the return of std::time!! - const u64bit current_time = system_time(); + auto current_time = std::chrono::system_clock::now(); + auto expire_time = current_time + std::chrono::seconds(next_update); Extensions extensions; extensions.add( @@ -214,7 +210,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, .encode(ca_sig_algo) .encode(cert.issuer_dn()) .encode(X509_Time(current_time)) - .encode(X509_Time(current_time + next_update)) + .encode(X509_Time(expire_time)) .encode_if(revoked.size() > 0, DER_Encoder() .start_cons(SEQUENCE) @@ -275,7 +271,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); - std::auto_ptr<X509_Encoder> encoding(key.x509_encoder()); + std::unique_ptr<X509_Encoder> encoding(key.x509_encoder()); if(!encoding.get()) throw Encoding_Error("Key " + algo_name + " does not support " "X.509 encoding"); diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h index 6eb4bbbef..b680bd0e4 100644 --- a/src/cert/x509/x509_ca.h +++ b/src/cert/x509/x509_ca.h @@ -97,11 +97,11 @@ class BOTAN_DLL X509_CA const Private_Key& key, const std::string& hash_fn); + X509_CA(const X509_CA&) = delete; + X509_CA& operator=(const X509_CA&) = delete; + ~X509_CA(); private: - X509_CA(const X509_CA&) {} - X509_CA& operator=(const X509_CA&) { return (*this); } - X509_CRL make_crl(const std::vector<CRL_Entry>& entries, u32bit crl_number, u32bit next_update, RandomNumberGenerator& rng) const; diff --git a/src/cert/x509/x509_crl.cpp b/src/cert/x509/x509_crl.cpp index f6a344dba..3613c1a91 100644 --- a/src/cert/x509/x509_crl.cpp +++ b/src/cert/x509/x509_crl.cpp @@ -44,7 +44,7 @@ void X509_CRL::force_decode() if(version != 0 && version != 1) throw X509_CRL_Error("Unknown X.509 CRL version " + - to_string(version+1)); + std::to_string(version+1)); AlgorithmIdentifier sig_algo_inner; tbs_crl.decode(sig_algo_inner); diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index 31b4a309f..95a1c1cca 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -168,7 +168,7 @@ bool X509_Object::check_signature(Public_Key& pub_key) const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - std::auto_ptr<PK_Verifier> verifier; + std::unique_ptr<PK_Verifier> verifier; if(dynamic_cast<PK_Verifying_with_MR_Key*>(&pub_key)) { diff --git a/src/cert/x509/x509cert.cpp b/src/cert/x509/x509cert.cpp index 05f23298b..e3844e8e9 100644 --- a/src/cert/x509/x509cert.cpp +++ b/src/cert/x509/x509cert.cpp @@ -27,12 +27,8 @@ std::vector<std::string> lookup_oids(const std::vector<std::string>& in) { std::vector<std::string> out; - std::vector<std::string>::const_iterator i = in.begin(); - while(i != in.end()) - { + for(auto i = in.begin(); i != in.end(); ++i) out.push_back(OIDS::lookup(OID(*i))); - ++i; - } return out; } @@ -84,7 +80,7 @@ void X509_Certificate::force_decode() .decode(dn_subject); if(version > 2) - throw Decoding_Error("Unknown X.509 cert version " + to_string(version)); + throw Decoding_Error("Unknown X.509 cert version " + std::to_string(version)); if(sig_algo != sig_algo_inner) throw Decoding_Error("Algorithm identifier mismatch"); @@ -304,25 +300,16 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) */ X509_DN create_dn(const Data_Store& info) { - class DN_Matcher : public Data_Store::Matcher + auto names = info.search_for( + [](const std::string& key, const std::string&) { - public: - bool operator()(const std::string& key, const std::string&) const - { - if(key.find("X520.") != std::string::npos) - return true; - return false; - } - }; - - std::multimap<std::string, std::string> names = - info.search_with(DN_Matcher()); + return (key.find("X520.") != std::string::npos); + }); X509_DN dn; - std::multimap<std::string, std::string>::iterator j; - for(j = names.begin(); j != names.end(); ++j) - dn.add_attribute(j->first, j->second); + for(auto i = names.begin(); i != names.end(); ++i) + dn.add_attribute(i->first, i->second); return dn; } @@ -332,33 +319,19 @@ X509_DN create_dn(const Data_Store& info) */ AlternativeName create_alt_name(const Data_Store& info) { - class AltName_Matcher : public Data_Store::Matcher + auto names = info.search_for( + [](const std::string& key, const std::string&) { - public: - bool operator()(const std::string& key, const std::string&) const - { - for(u32bit j = 0; j != matches.size(); ++j) - if(key.compare(matches[j]) == 0) - return true; - return false; - } - - AltName_Matcher(const std::string& match_any_of) - { - matches = split_on(match_any_of, '/'); - } - private: - std::vector<std::string> matches; - }; - - std::multimap<std::string, std::string> names = - info.search_with(AltName_Matcher("RFC822/DNS/URI/IP")); + return (key == "RFC822" || + key == "DNS" || + key == "URI" || + key == "IP"); + }); AlternativeName alt_name; - std::multimap<std::string, std::string>::iterator j; - for(j = names.begin(); j != names.end(); ++j) - alt_name.add_attribute(j->first, j->second); + for(auto i = names.begin(); i != names.end(); ++i) + alt_name.add_attribute(i->first, i->second); return alt_name; } diff --git a/src/cert/x509/x509find.cpp b/src/cert/x509/x509find.cpp index 257367da9..41643a94a 100644 --- a/src/cert/x509/x509find.cpp +++ b/src/cert/x509/x509find.cpp @@ -11,6 +11,8 @@ namespace Botan { +namespace X509_Store_Search { + namespace { /* @@ -42,70 +44,65 @@ bool ignore_case(const std::string& searching_for, const std::string& found) /* * Search based on the contents of a DN entry */ -bool DN_Check::match(const X509_Certificate& cert) const +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + DN_Search_Type method) { - std::vector<std::string> info = cert.subject_info(dn_entry); - - for(u32bit j = 0; j != info.size(); ++j) - if(compare(info[j], looking_for)) - return true; - return false; - } + if(method == SUBSTRING_MATCHING) + return by_dn(dn_entry, to_find, substring_match); + else if(method == IGNORE_CASE) + return by_dn(dn_entry, to_find, ignore_case); -/* -* DN_Check Constructor -*/ -DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, - compare_fn func) - { - this->dn_entry = dn_entry; - this->looking_for = looking_for; - compare = func; + throw Invalid_Argument("Unknown method argument to by_dn"); } -/* -* DN_Check Constructor -*/ -DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, - Search_Type method) +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + std::function<bool (std::string, std::string)> compare) { - this->dn_entry = dn_entry; - this->looking_for = looking_for; + return [&](const X509_Certificate& cert) + { + std::vector<std::string> info = cert.subject_info(dn_entry); - if(method == SUBSTRING_MATCHING) - compare = &substring_match; - else if(method == IGNORE_CASE) - compare = &ignore_case; - else - throw Invalid_Argument("Unknown method argument to DN_Check()"); + for(u32bit i = 0; i != info.size(); ++i) + if(compare(info[i], to_find)) + return true; + return false; + }; } -/* -* Match by issuer and serial number -*/ -bool IandS_Match::match(const X509_Certificate& cert) const +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const MemoryRegion<byte>& serial) { - if(cert.serial_number() != serial) - return false; - return (cert.issuer_dn() == issuer); + /* Serial number compare is much faster than X.509 DN, and unlikely + to collide even across issuers, so do that first to fail fast + */ + + return [&](const X509_Certificate& cert) + { + if(cert.serial_number() != serial) + return false; + return (cert.issuer_dn() == issuer); + }; } -/* -* IandS_Match Constructor -*/ -IandS_Match::IandS_Match(const X509_DN& issuer, - const MemoryRegion<byte>& serial) +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const BigInt& serial) { - this->issuer = issuer; - this->serial = serial; + return by_issuer_and_serial(issuer, BigInt::encode(serial)); } -/* -* Match by subject key identifier -*/ -bool SKID_Match::match(const X509_Certificate& cert) const +std::function<bool (const X509_Certificate&)> +by_skid(const MemoryRegion<byte>& subject_key_id) { - return (cert.subject_key_id() == skid); + return [&](const X509_Certificate& cert) + { + return (cert.subject_key_id() == subject_key_id); + }; } } + +} diff --git a/src/cert/x509/x509find.h b/src/cert/x509/x509find.h index a7a84c7a5..1bf29dfbc 100644 --- a/src/cert/x509/x509find.h +++ b/src/cert/x509/x509find.h @@ -9,51 +9,43 @@ #define BOTAN_X509_CERT_STORE_SEARCH_H__ #include <botan/x509stor.h> +#include <botan/bigint.h> namespace Botan { +namespace X509_Store_Search { + /* * Search based on the contents of a DN entry */ -class BOTAN_DLL DN_Check : public X509_Store::Search_Func - { - public: - typedef bool (*compare_fn)(const std::string&, const std::string&); - enum Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; +enum DN_Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; - bool match(const X509_Certificate& cert) const; +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + DN_Search_Type method); - DN_Check(const std::string&, const std::string&, compare_fn); - DN_Check(const std::string&, const std::string&, Search_Type); - private: - std::string dn_entry, looking_for; - compare_fn compare; - }; +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + std::function<bool (std::string, std::string)> method); -/* -* Search for a certificate by issuer/serial +/** +* Search for certs by issuer + serial number */ -class BOTAN_DLL IandS_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const; - IandS_Match(const X509_DN&, const MemoryRegion<byte>&); - private: - X509_DN issuer; - MemoryVector<byte> serial; - }; +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const MemoryRegion<byte>& serial); -/* -* Search for a certificate by subject keyid +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const BigInt& serial); + +/** +* Search for certs by subject key identifier */ -class BOTAN_DLL SKID_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const; - SKID_Match(const MemoryRegion<byte>& s) : skid(s) {} - private: - MemoryVector<byte> skid; - }; +std::function<bool (const X509_Certificate&)> +by_skid(const MemoryRegion<byte>& subject_key_id); + +} } diff --git a/src/cert/x509/x509opt.cpp b/src/cert/x509/x509opt.cpp index c6421d9ca..8d235ad5d 100644 --- a/src/cert/x509/x509opt.cpp +++ b/src/cert/x509/x509opt.cpp @@ -8,7 +8,7 @@ #include <botan/x509self.h> #include <botan/oids.h> #include <botan/parsing.h> -#include <botan/time.h> +#include <chrono> namespace Botan { @@ -78,16 +78,16 @@ void X509_Cert_Options::sanity_check() const * Initialize the certificate options */ X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, - u32bit expiration_time_in_seconds) + u32bit expiration_time) { is_CA = false; path_limit = 0; constraints = NO_CONSTRAINTS; - const u32bit now = system_time(); + auto now = std::chrono::system_clock::now(); start = X509_Time(now); - end = X509_Time(now + expiration_time_in_seconds); + end = X509_Time(now + std::chrono::seconds(expiration_time)); if(initial_opts == "") return; diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp index f915c6ff5..df31897bb 100644 --- a/src/cert/x509/x509self.cpp +++ b/src/cert/x509/x509self.cpp @@ -73,7 +73,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, AlternativeName subject_alt; MemoryVector<byte> pub_key = shared_setup(opts, key); - std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); + std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); Key_Constraints constraints; @@ -112,7 +112,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, AlternativeName subject_alt; MemoryVector<byte> pub_key = shared_setup(opts, key); - std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); + std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); const u32bit PKCS10_VERSION = 0; diff --git a/src/cert/x509/x509stor.cpp b/src/cert/x509/x509stor.cpp index e9e8f4575..80507c1dd 100644 --- a/src/cert/x509/x509stor.cpp +++ b/src/cert/x509/x509stor.cpp @@ -10,8 +10,8 @@ #include <botan/pubkey.h> #include <botan/look_pk.h> #include <botan/oids.h> -#include <botan/time.h> #include <algorithm> +#include <chrono> #include <memory> namespace Botan { @@ -22,13 +22,14 @@ namespace { * Do a validity check */ s32bit validity_check(const X509_Time& start, const X509_Time& end, - u64bit current_time, u32bit slack) + const std::chrono::system_clock::time_point& now, + std::chrono::seconds slack) { const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1; - if(start.cmp(current_time + slack) > 0) + if(start.cmp(now + slack) > 0) return NOT_YET_VALID; - if(end.cmp(current_time - slack) < 0) + if(end.cmp(now - slack) < 0) return EXPIRED; return VALID_TIME; } @@ -169,7 +170,8 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const /* * X509_Store Constructor */ -X509_Store::X509_Store(u32bit slack, u32bit cache_timeout) +X509_Store::X509_Store(std::chrono::seconds slack, + std::chrono::seconds cache_timeout) { revoked_info_valid = true; @@ -212,10 +214,11 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, if(chaining_result != VERIFIED) return chaining_result; - const u64bit current_time = system_time(); + auto current_time = std::chrono::system_clock::now(); s32bit time_check = validity_check(cert.start_time(), cert.end_time(), current_time, time_slack); + if(time_check < 0) return CERT_NOT_YET_VALID; else if(time_check > 0) return CERT_HAS_EXPIRED; @@ -380,8 +383,8 @@ X509_Code X509_Store::check_sig(const Cert_Info& cert_info, */ X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key) { - std::auto_ptr<Public_Key> pub_key(key); - std::auto_ptr<PK_Verifier> verifier; + std::unique_ptr<Public_Key> pub_key(key); + std::unique_ptr<PK_Verifier> verifier; try { std::vector<std::string> sig_info = @@ -464,12 +467,12 @@ bool X509_Store::is_revoked(const X509_Certificate& cert) const * Retrieve all the certificates in the store */ std::vector<X509_Certificate> -X509_Store::get_certs(const Search_Func& search) const +X509_Store::get_certs(std::function<bool (const X509_Certificate&)> pred) const { std::vector<X509_Certificate> found_certs; for(u32bit j = 0; j != certs.size(); ++j) { - if(search.match(certs[j].cert)) + if(pred(certs[j].cert)) found_certs.push_back(certs[j].cert); } return found_certs; @@ -563,8 +566,10 @@ void X509_Store::add_trusted_certs(DataSource& source) */ X509_Code X509_Store::add_crl(const X509_CRL& crl) { + auto current_time = std::chrono::system_clock::now(); + s32bit time_check = validity_check(crl.this_update(), crl.next_update(), - system_time(), time_slack); + current_time, time_slack); if(time_check < 0) return CRL_NOT_YET_VALID; else if(time_check > 0) return CRL_HAS_EXPIRED; @@ -603,8 +608,7 @@ X509_Code X509_Store::add_crl(const X509_CRL& crl) revoked_info.serial = revoked_certs[j].serial_number(); revoked_info.auth_key_id = crl.authority_key_id(); - std::vector<CRL_Data>::iterator p = - std::find(revoked.begin(), revoked.end(), revoked_info); + auto p = std::find(revoked.begin(), revoked.end(), revoked_info); if(revoked_certs[j].reason_code() == REMOVE_FROM_CRL) { @@ -642,8 +646,8 @@ X509_Store::Cert_Info::Cert_Info(const X509_Certificate& c, bool t) : cert(c), trusted(t) { checked = false; + last_checked = std::chrono::system_clock::time_point::min(); result = UNKNOWN_X509_ERROR; - last_checked = 0; } /* @@ -661,9 +665,9 @@ X509_Code X509_Store::Cert_Info::verify_result() const */ void X509_Store::Cert_Info::set_result(X509_Code code) const { - result = code; - last_checked = system_time(); checked = true; + last_checked = std::chrono::system_clock::now(); + result = code; } /* @@ -677,16 +681,16 @@ bool X509_Store::Cert_Info::is_trusted() const /* * Check if this certificate has been verified */ -bool X509_Store::Cert_Info::is_verified(u32bit timeout) const +bool X509_Store::Cert_Info::is_verified(std::chrono::seconds timeout) const { if(!checked) return false; if(result != VERIFIED && result != CERT_NOT_YET_VALID) return true; - const u64bit current_time = system_time(); + auto now = std::chrono::system_clock::now(); - if(current_time > last_checked + timeout) + if(now > last_checked + timeout) checked = false; return checked; diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h index 4e6037883..1911c6b6a 100644 --- a/src/cert/x509/x509stor.h +++ b/src/cert/x509/x509stor.h @@ -11,6 +11,7 @@ #include <botan/x509cert.h> #include <botan/x509_crl.h> #include <botan/certstor.h> +#include <functional> namespace Botan { @@ -48,13 +49,6 @@ enum X509_Code { class BOTAN_DLL X509_Store { public: - class BOTAN_DLL Search_Func - { - public: - virtual bool match(const X509_Certificate&) const = 0; - virtual ~Search_Func() {} - }; - enum Cert_Usage { ANY = 0x00, TLS_SERVER = 0x01, @@ -67,7 +61,13 @@ class BOTAN_DLL X509_Store X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY); - std::vector<X509_Certificate> get_certs(const Search_Func&) const; + /** + * @param match the matching function + * @return list of certs for which match returns true + */ + std::vector<X509_Certificate> + get_certs(std::function<bool (const X509_Certificate&)> match) const; + std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&); std::string PEM_encode() const; @@ -94,18 +94,22 @@ class BOTAN_DLL X509_Store static X509_Code check_sig(const X509_Object&, Public_Key*); - X509_Store(u32bit time_slack = 24*60*60, - u32bit cache_results = 30*60); + X509_Store& operator=(const X509_Store&) = delete; + + /** + * @param slack the slack in checking validity times against current clock + * @param cache how long to cache validation results before rechecking + */ + X509_Store(std::chrono::seconds slack = std::chrono::seconds(24*60*60), + std::chrono::seconds cache = std::chrono::seconds(30*60)); X509_Store(const X509_Store&); ~X509_Store(); private: - X509_Store& operator=(const X509_Store&) { return (*this); } - class BOTAN_DLL Cert_Info { public: - bool is_verified(u32bit timeout) const; + bool is_verified(std::chrono::seconds cache_timeout) const; bool is_trusted() const; X509_Code verify_result() const; void set_result(X509_Code) const; @@ -116,7 +120,7 @@ class BOTAN_DLL X509_Store private: mutable bool checked; mutable X509_Code result; - mutable u64bit last_checked; + mutable std::chrono::system_clock::time_point last_checked; }; u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const; @@ -131,10 +135,12 @@ class BOTAN_DLL X509_Store bool is_revoked(const X509_Certificate&) const; static const u32bit NO_CERT_FOUND = 0xFFFFFFFF; + std::vector<Cert_Info> certs; std::vector<CRL_Data> revoked; std::vector<Certificate_Store*> stores; - u32bit time_slack, validation_cache_timeout; + + std::chrono::seconds time_slack, validation_cache_timeout; mutable bool revoked_info_valid; }; |