aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2011-02-14 20:48:27 +0000
committerlloyd <[email protected]>2011-02-14 20:48:27 +0000
commit9326c35f54bf64f1d5d7cdec92e0375ae00326c2 (patch)
tree3df772e1a5a8e11997cc8cebae8685391383645e /src/cert
parentd8d5ce7a524820b462d192310db1e50add1f4702 (diff)
parent6302ebff9765c572264f4b58a36154c1ce7fee4a (diff)
propagate from branch 'net.randombit.botan' (head a4ea4629f9caa98bd72b87de6050d9e52190d09a)
to branch 'net.randombit.botan.x509-path-validation' (head 6217561bf05ef77a49ab2ebe39f16bf7133a005a)
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/certstore/certstor.h3
-rw-r--r--src/cert/certstore/info.txt3
-rw-r--r--src/cert/cvc/asn1_eac_str.cpp49
-rw-r--r--src/cert/cvc/asn1_eac_tm.cpp48
-rw-r--r--src/cert/cvc/cvc_cert.cpp2
-rw-r--r--src/cert/cvc/cvc_gen_cert.h7
-rw-r--r--src/cert/cvc/cvc_req.cpp2
-rw-r--r--src/cert/cvc/cvc_self.cpp7
-rw-r--r--src/cert/cvc/ecdsa_sig.cpp5
-rw-r--r--src/cert/pkcs10/pkcs10.cpp2
-rw-r--r--src/cert/x509ca/x509_ca.cpp6
-rw-r--r--src/cert/x509cert/info.txt1
-rw-r--r--src/cert/x509cert/x509_ext.cpp8
-rw-r--r--src/cert/x509cert/x509_ext.h14
-rw-r--r--src/cert/x509cert/x509_obj.h1
-rw-r--r--src/cert/x509cert/x509cert.cpp113
-rw-r--r--src/cert/x509cert/x509cert.h5
-rw-r--r--src/cert/x509crl/x509_crl.cpp2
-rw-r--r--src/cert/x509self/x509opt.cpp2
-rw-r--r--src/cert/x509self/x509self.cpp2
-rw-r--r--src/cert/x509self/x509self.h4
21 files changed, 206 insertions, 80 deletions
diff --git a/src/cert/certstore/certstor.h b/src/cert/certstore/certstor.h
index aaa46bd4e..374013984 100644
--- a/src/cert/certstore/certstor.h
+++ b/src/cert/certstore/certstor.h
@@ -50,6 +50,9 @@ class BOTAN_DLL Certificate_Store
const MemoryRegion<byte>& key_id) const = 0;
};
+/**
+* In Memory Certificate Store
+*/
class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store
{
public:
diff --git a/src/cert/certstore/info.txt b/src/cert/certstore/info.txt
index ee730490f..a5de1baff 100644
--- a/src/cert/certstore/info.txt
+++ b/src/cert/certstore/info.txt
@@ -1,5 +1,6 @@
define CERTIFICATE_STORE
<requires>
-asn1
+x509cert
+x509crl
</requires>
diff --git a/src/cert/cvc/asn1_eac_str.cpp b/src/cert/cvc/asn1_eac_str.cpp
index a306ffb01..37a601e4e 100644
--- a/src/cert/cvc/asn1_eac_str.cpp
+++ b/src/cert/cvc/asn1_eac_str.cpp
@@ -1,7 +1,7 @@
/*
* Simple ASN.1 String Types
* (C) 2007 FlexSecure GmbH
-* 2008 Jack Lloyd
+* 2008-2011 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -12,6 +12,7 @@
#include <botan/charset.h>
#include <botan/parsing.h>
#include <sstream>
+#include <ios>
namespace Botan {
@@ -21,10 +22,9 @@ namespace Botan {
ASN1_EAC_String::ASN1_EAC_String(const std::string& str, ASN1_Tag t) : tag(t)
{
iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET);
- if (!sanity_check())
- {
- throw Invalid_Argument("attempted to construct ASN1_EAC_String with illegal characters");
- }
+
+ if(!sanity_check())
+ throw Invalid_Argument("ASN1_EAC_String contains illegal characters");
}
/*
@@ -66,23 +66,19 @@ void ASN1_EAC_String::encode_into(DER_Encoder& encoder) const
void ASN1_EAC_String::decode_from(BER_Decoder& source)
{
BER_Object obj = source.get_next_object();
- if (obj.type_tag != this->tag)
- {
- std::string message("decoding type mismatch for ASN1_EAC_String, tag is ");
+ if(obj.type_tag != this->tag)
+ {
std::stringstream ss;
- std::string str_is;
- ss << std::hex << obj.type_tag;
- ss >> str_is;
- message.append(str_is);
- message.append(", while it should be ");
- std::stringstream ss2;
- std::string str_should;
- ss2 << std::hex << this->tag;
- ss2 >> str_should;
- message.append(str_should);
- throw Decoding_Error(message);
+
+ ss << "ASN1_EAC_String tag mismatch, tag was "
+ << std::hex << obj.type_tag
+ << " expected "
+ << std::hex << this->tag;
+
+ throw Decoding_Error(ss.str());
}
+
Character_Set charset_is;
charset_is = LATIN1_CHARSET;
@@ -92,9 +88,10 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source)
Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET),
obj.type_tag);
}
- catch (Invalid_Argument inv_arg)
+ catch(Invalid_Argument inv_arg)
{
- throw Decoding_Error(std::string("error while decoding ASN1_EAC_String: ") + std::string(inv_arg.what()));
+ throw Decoding_Error(std::string("ASN1_EAC_String decoding failed: ") +
+ inv_arg.what());
}
}
@@ -103,14 +100,14 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source)
bool ASN1_EAC_String::sanity_check() const
{
const byte* rep = reinterpret_cast<const byte*>(iso_8859_str.data());
- const u32bit rep_len = iso_8859_str.size();
- for (u32bit i=0; i<rep_len; i++)
+ const size_t rep_len = iso_8859_str.size();
+
+ for(size_t i = 0; i != rep_len; ++i)
{
- if ((rep[i] < 0x20) || ((rep[i] >= 0x7F) && (rep[i] < 0xA0)))
- {
+ if((rep[i] < 0x20) || ((rep[i] >= 0x7F) && (rep[i] < 0xA0)))
return false;
- }
}
+
return true;
}
diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp
index 0eaca49d6..db5d2fbaf 100644
--- a/src/cert/cvc/asn1_eac_tm.cpp
+++ b/src/cert/cvc/asn1_eac_tm.cpp
@@ -45,6 +45,7 @@ u32bit dec_two_digit(byte b1, byte b2)
return upper*10 + lower;
}
+
}
/*
@@ -62,19 +63,15 @@ EAC_Time::EAC_Time(u64bit timer, ASN1_Tag t) : tag(t)
/*
* Create an EAC_Time
*/
-EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t)
- :tag(t)
+EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : tag(t)
{
set_to(t_spec);
}
/*
* Create an EAC_Time
*/
-EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t)
- : year(y),
- month(m),
- day(d),
- tag(t)
+EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) :
+ year(y), month(m), day(d), tag(t)
{
}
@@ -229,22 +226,27 @@ bool operator==(const EAC_Time& t1, const EAC_Time& t2)
{
return (t1.cmp(t2) == 0);
}
+
bool operator!=(const EAC_Time& t1, const EAC_Time& t2)
{
return (t1.cmp(t2) != 0);
}
+
bool operator<=(const EAC_Time& t1, const EAC_Time& t2)
{
return (t1.cmp(t2) <= 0);
}
+
bool operator>=(const EAC_Time& t1, const EAC_Time& t2)
{
return (t1.cmp(t2) >= 0);
}
+
bool operator>(const EAC_Time& t1, const EAC_Time& t2)
{
return (t1.cmp(t2) > 0);
}
+
bool operator<(const EAC_Time& t1, const EAC_Time& t2)
{
return (t1.cmp(t2) < 0);
@@ -285,10 +287,12 @@ u32bit EAC_Time::get_year() const
{
return year;
}
+
u32bit EAC_Time::get_month() const
{
return month;
}
+
u32bit EAC_Time::get_day() const
{
return day;
@@ -306,28 +310,34 @@ SecureVector<byte> EAC_Time::encoded_eac_time() const
return result;
}
-ASN1_Ced::ASN1_Ced(std::string const& str)
- : EAC_Time(str, ASN1_Tag(37))
+ASN1_Ced::ASN1_Ced(std::string const& str) :
+ EAC_Time(str, ASN1_Tag(37))
{}
-ASN1_Ced::ASN1_Ced(u64bit val)
- : EAC_Time(val, ASN1_Tag(37))
+ASN1_Ced::ASN1_Ced(u64bit val) :
+ EAC_Time(val, ASN1_Tag(37))
{}
-ASN1_Ced::ASN1_Ced(EAC_Time const& other)
- : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(37))
+ASN1_Ced::ASN1_Ced(EAC_Time const& other) :
+ EAC_Time(other.get_year(),
+ other.get_month(),
+ other.get_day(),
+ ASN1_Tag(37))
{}
-ASN1_Cex::ASN1_Cex(std::string const& str)
- : EAC_Time(str, ASN1_Tag(36))
+ASN1_Cex::ASN1_Cex(std::string const& str) :
+ EAC_Time(str, ASN1_Tag(36))
{}
-ASN1_Cex::ASN1_Cex(u64bit val)
- : EAC_Time(val, ASN1_Tag(36))
+ASN1_Cex::ASN1_Cex(u64bit val) :
+ EAC_Time(val, ASN1_Tag(36))
{}
-ASN1_Cex::ASN1_Cex(EAC_Time const& other)
- : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(36))
+ASN1_Cex::ASN1_Cex(EAC_Time const& other) :
+ EAC_Time(other.get_year(),
+ other.get_month(),
+ other.get_day(),
+ ASN1_Tag(36))
{}
}
diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp
index 536520b37..54f72ecfc 100644
--- a/src/cert/cvc/cvc_cert.cpp
+++ b/src/cert/cvc/cvc_cert.cpp
@@ -35,7 +35,7 @@ void EAC1_1_CVC::force_decode()
{
SecureVector<byte> enc_pk;
SecureVector<byte> enc_chat_val;
- u32bit cpi;
+ size_t cpi;
BER_Decoder tbs_cert(tbs_bits);
tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION)
.decode(m_car)
diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h
index 61861df41..ad61b85bf 100644
--- a/src/cert/cvc/cvc_gen_cert.h
+++ b/src/cert/cvc/cvc_gen_cert.h
@@ -13,7 +13,6 @@
#include <botan/eac_asn_obj.h>
#include <botan/ecdsa.h>
#include <botan/pubkey.h>
-#include <memory>
namespace Botan {
@@ -31,7 +30,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1
* Get this certificates public key.
* @result this certificates public key
*/
- std::auto_ptr<Public_Key> subject_public_key() const;
+ Public_Key* subject_public_key() const;
/**
* Find out whether this object is self signed.
@@ -121,9 +120,9 @@ MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_signed(
}
template<typename Derived>
-std::auto_ptr<Public_Key> EAC1_1_gen_CVC<Derived>::subject_public_key() const
+Public_Key* EAC1_1_gen_CVC<Derived>::subject_public_key() const
{
- return std::auto_ptr<Public_Key>(new ECDSA_PublicKey(*m_pk));
+ return new ECDSA_PublicKey(*m_pk);
}
template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(MemoryRegion<byte> const& tbs)
diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp
index 0a33d4dca..ad9e2f4ca 100644
--- a/src/cert/cvc/cvc_req.cpp
+++ b/src/cert/cvc/cvc_req.cpp
@@ -21,7 +21,7 @@ void EAC1_1_Req::force_decode()
{
SecureVector<byte> enc_pk;
BER_Decoder tbs_cert(tbs_bits);
- u32bit cpi;
+ size_t cpi;
tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION)
.start_cons(ASN1_Tag(73))
.raw_bytes(enc_pk)
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index f1d539923..1097d45d1 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -11,6 +11,7 @@
#include <botan/time.h>
#include <botan/oids.h>
#include <sstream>
+#include <memory>
namespace Botan {
@@ -231,7 +232,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
AlgorithmIdentifier sig_algo = signer.signature_algorithm();
std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid);
PK_Signer pk_signer(*priv_key, padding_and_hash);
- std::auto_ptr<Public_Key> pk = signee.subject_public_key();
+ std::auto_ptr<Public_Key> pk(signee.subject_public_key());
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
@@ -265,9 +266,9 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
ASN1_Chr chr(chr_str);
std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid);
PK_Signer pk_signer(*priv_key, padding_and_hash);
- std::auto_ptr<Public_Key> pk = signee.subject_public_key();
+ std::auto_ptr<Public_Key> pk(signee.subject_public_key());
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
- std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key();
+ std::auto_ptr<Public_Key> signer_pk(signer_cert.subject_public_key());
// for the case that the domain parameters are not set...
// (we use those from the signer because they must fit)
diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp
index dba2ece8d..e8fd7f051 100644
--- a/src/cert/cvc/ecdsa_sig.cpp
+++ b/src/cert/cvc/ecdsa_sig.cpp
@@ -32,7 +32,8 @@ MemoryVector<byte> ECDSA_Signature::DER_encode() const
MemoryVector<byte> ECDSA_Signature::get_concatenation() const
{
- u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger
+ // use the larger
+ const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes();
SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len);
SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len);
@@ -47,7 +48,7 @@ ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concat)
if(concat.size() % 2 != 0)
throw Invalid_Argument("Erroneous length of signature");
- const u32bit rs_len = concat.size() / 2;
+ const size_t rs_len = concat.size() / 2;
BigInt r = BigInt::decode(&concat[0], rs_len);
BigInt s = BigInt::decode(&concat[rs_len], rs_len);
diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp
index 539022d08..784318d3d 100644
--- a/src/cert/pkcs10/pkcs10.cpp
+++ b/src/cert/pkcs10/pkcs10.cpp
@@ -41,7 +41,7 @@ void PKCS10_Request::force_decode()
{
BER_Decoder cert_req_info(tbs_bits);
- u32bit version;
+ size_t version;
cert_req_info.decode(version);
if(version != 0)
throw Decoding_Error("Unknown version code in PKCS #10 request: " +
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index 4c4e62baa..9cb4c0a7f 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -97,8 +97,8 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
const X509_DN& subject_dn,
const Extensions& extensions)
{
- const u32bit X509_CERT_VERSION = 3;
- const size_t SERIAL_BITS = 128;
+ const size_t X509_CERT_VERSION = 3;
+ const size_t SERIAL_BITS = 256;
BigInt serial_no(rng, SERIAL_BITS);
@@ -166,7 +166,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
u32bit crl_number, u32bit next_update,
RandomNumberGenerator& rng) const
{
- const u32bit X509_CRL_VERSION = 2;
+ const size_t X509_CRL_VERSION = 2;
if(next_update == 0)
next_update = timespec_to_u32bit("7d");
diff --git a/src/cert/x509cert/info.txt b/src/cert/x509cert/info.txt
index 3be50f077..5e3715e7a 100644
--- a/src/cert/x509cert/info.txt
+++ b/src/cert/x509cert/info.txt
@@ -2,4 +2,5 @@ define X509_CERTIFICATES
<requires>
certstore
+datastor
</requires>
diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp
index 88cab96c5..462b29669 100644
--- a/src/cert/x509cert/x509_ext.cpp
+++ b/src/cert/x509cert/x509_ext.cpp
@@ -166,7 +166,7 @@ namespace Cert_Extension {
/*
* Checked accessor for the path_limit member
*/
-u32bit Basic_Constraints::get_path_limit() const
+size_t Basic_Constraints::get_path_limit() const
{
if(!is_ca)
throw Invalid_State("Basic_Constraints::get_path_limit: Not a CA");
@@ -505,7 +505,7 @@ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const
/*
* Checked accessor for the crl_number member
*/
-u32bit CRL_Number::get_crl_number() const
+size_t CRL_Number::get_crl_number() const
{
if(!has_value)
throw Invalid_State("CRL_Number::get_crl_number: Not set");
@@ -552,7 +552,7 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const
MemoryVector<byte> CRL_ReasonCode::encode_inner() const
{
return DER_Encoder()
- .encode(static_cast<u32bit>(reason), ENUMERATED, UNIVERSAL)
+ .encode(static_cast<size_t>(reason), ENUMERATED, UNIVERSAL)
.get_contents();
}
@@ -561,7 +561,7 @@ MemoryVector<byte> CRL_ReasonCode::encode_inner() const
*/
void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in)
{
- u32bit reason_code = 0;
+ size_t reason_code = 0;
BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL);
reason = static_cast<CRL_Code>(reason_code);
}
diff --git a/src/cert/x509cert/x509_ext.h b/src/cert/x509cert/x509_ext.h
index 213a077a2..8799c5921 100644
--- a/src/cert/x509cert/x509_ext.h
+++ b/src/cert/x509cert/x509_ext.h
@@ -87,6 +87,8 @@ class BOTAN_DLL Extensions : public ASN1_Object
namespace Cert_Extension {
+static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
+
/**
* Basic Constraints Extension
*/
@@ -96,11 +98,11 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension
Basic_Constraints* copy() const
{ return new Basic_Constraints(is_ca, path_limit); }
- Basic_Constraints(bool ca = false, u32bit limit = 0) :
+ Basic_Constraints(bool ca = false, size_t limit = 0) :
is_ca(ca), path_limit(limit) {}
bool get_is_ca() const { return is_ca; }
- u32bit get_path_limit() const;
+ size_t get_path_limit() const;
private:
std::string config_id() const { return "basic_constraints"; }
std::string oid_name() const { return "X509v3.BasicConstraints"; }
@@ -110,7 +112,7 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension
void contents_to(Data_Store&, Data_Store&) const;
bool is_ca;
- u32bit path_limit;
+ size_t path_limit;
};
/**
@@ -292,9 +294,9 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension
CRL_Number* copy() const;
CRL_Number() : has_value(false), crl_number(0) {}
- CRL_Number(u32bit n) : has_value(true), crl_number(n) {}
+ CRL_Number(size_t n) : has_value(true), crl_number(n) {}
- u32bit get_crl_number() const;
+ size_t get_crl_number() const;
private:
std::string config_id() const { return "crl_number"; }
std::string oid_name() const { return "X509v3.CRLNumber"; }
@@ -305,7 +307,7 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension
void contents_to(Data_Store&, Data_Store&) const;
bool has_value;
- u32bit crl_number;
+ size_t crl_number;
};
/**
diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h
index 6579565f9..570b00f51 100644
--- a/src/cert/x509cert/x509_obj.h
+++ b/src/cert/x509cert/x509_obj.h
@@ -88,6 +88,7 @@ class BOTAN_DLL X509_Object
* @param out the pipe to write to
* @param encoding the encoding to use
*/
+ BOTAN_DEPRECATED("Use BER_encode or PEM_encode")
void encode(Pipe& out, X509_Encoding encoding = PEM) const;
virtual ~X509_Object() {}
diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp
index 05f23298b..b7c399078 100644
--- a/src/cert/x509cert/x509cert.cpp
+++ b/src/cert/x509cert/x509cert.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Certificates
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -14,7 +14,10 @@
#include <botan/bigint.h>
#include <botan/oids.h>
#include <botan/pem.h>
+#include <botan/hex.h>
#include <algorithm>
+#include <iterator>
+#include <sstream>
namespace Botan {
@@ -63,7 +66,7 @@ X509_Certificate::X509_Certificate(const std::string& in) :
*/
void X509_Certificate::force_decode()
{
- u32bit version;
+ size_t version;
BigInt serial_bn;
AlgorithmIdentifier sig_algo_inner;
X509_DN dn_issuer, dn_subject;
@@ -84,7 +87,7 @@ void X509_Certificate::force_decode()
.decode(dn_subject);
if(version > 2)
- throw Decoding_Error("Unknown X.509 cert version " + to_string(version));
+ throw Decoding_Error("Unknown X.509 cert version " + Botan::to_string(version));
if(sig_algo != sig_algo_inner)
throw Decoding_Error("Algorithm identifier mismatch");
@@ -138,7 +141,9 @@ void X509_Certificate::force_decode()
if(is_CA_cert() &&
!subject.has_value("X509v3.BasicConstraints.path_constraint"))
{
- u32bit limit = (x509_version() < 3) ? NO_CERT_PATH_LIMIT : 0;
+ const size_t limit = (x509_version() < 3) ?
+ Cert_Extension::NO_CERT_PATH_LIMIT : 0;
+
subject.add("X509v3.BasicConstraints.path_constraint", limit);
}
}
@@ -299,6 +304,106 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
return !(cert1 == cert2);
}
+std::string X509_Certificate::to_string() const
+ {
+ const char* dn_fields[] = { "Name",
+ "Email",
+ "Organization",
+ "Organizational Unit",
+ "Locality",
+ "State",
+ "Country",
+ "IP",
+ "DNS",
+ "URI",
+ "PKIX.XMPPAddr",
+ 0 };
+
+ std::ostringstream out;
+
+ for(size_t i = 0; dn_fields[i]; ++i)
+ {
+ const std::vector<std::string> vals = this->subject_info(dn_fields[i]);
+
+ if(vals.empty())
+ continue;
+
+ out << "Subject " << dn_fields[i] << ":";
+ for(size_t i = 0; i != vals.size(); ++i)
+ out << " " << vals[i];
+ out << "\n";
+ }
+
+ for(size_t i = 0; dn_fields[i]; ++i)
+ {
+ const std::vector<std::string> vals = this->issuer_info(dn_fields[i]);
+
+ if(vals.empty())
+ continue;
+
+ out << "Issuer " << dn_fields[i] << ":";
+ for(size_t i = 0; i != vals.size(); ++i)
+ out << " " << vals[i];
+ out << "\n";
+ }
+
+ out << "Version: " << this->x509_version() << "\n";
+
+ out << "Not valid before: " << this->start_time() << "\n";
+ out << "Not valid after: " << this->end_time() << "\n";
+
+ out << "Constraints:\n";
+ Key_Constraints constraints = this->constraints();
+ if(constraints == NO_CONSTRAINTS)
+ out << " None\n";
+ else
+ {
+ if(constraints & DIGITAL_SIGNATURE)
+ out << " Digital Signature\n";
+ if(constraints & NON_REPUDIATION)
+ out << " Non-Repuidation\n";
+ if(constraints & KEY_ENCIPHERMENT)
+ out << " Key Encipherment\n";
+ if(constraints & DATA_ENCIPHERMENT)
+ out << " Data Encipherment\n";
+ if(constraints & KEY_AGREEMENT)
+ out << " Key Agreement\n";
+ if(constraints & KEY_CERT_SIGN)
+ out << " Cert Sign\n";
+ if(constraints & CRL_SIGN)
+ out << " CRL Sign\n";
+ }
+
+ std::vector<std::string> policies = this->policies();
+ if(policies.size())
+ {
+ out << "Policies: " << "\n";
+ for(u32bit j = 0; j != policies.size(); j++)
+ out << " " << policies[j] << "\n";
+ }
+
+ std::vector<std::string> ex_constraints = this->ex_constraints();
+ if(ex_constraints.size())
+ {
+ out << "Extended Constraints:\n";
+ for(u32bit j = 0; j != ex_constraints.size(); j++)
+ out << " " << ex_constraints[j] << "\n";
+ }
+
+ out << "Signature algorithm: " <<
+ OIDS::lookup(this->signature_algorithm().oid) << "\n";
+
+ out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
+ out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
+ out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
+
+ X509_PublicKey* pubkey = this->subject_public_key();
+ out << "Public Key:\n" << X509::PEM_encode(*pubkey);
+ delete pubkey;
+
+ return out.str();
+ }
+
/*
* Create and populate a X509_DN
*/
diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h
index 754553f3d..8798ef1c2 100644
--- a/src/cert/x509cert/x509cert.h
+++ b/src/cert/x509cert/x509cert.h
@@ -141,6 +141,11 @@ class BOTAN_DLL X509_Certificate : public X509_Object
std::vector<std::string> policies() const;
/**
+ * @return a string describing the certificate
+ */
+ std::string to_string() const;
+
+ /**
* Check to certificates for equality.
* @return true both certificates are (binary) equal
*/
diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp
index f6a344dba..01fce4c52 100644
--- a/src/cert/x509crl/x509_crl.cpp
+++ b/src/cert/x509crl/x509_crl.cpp
@@ -39,7 +39,7 @@ void X509_CRL::force_decode()
{
BER_Decoder tbs_crl(tbs_bits);
- u32bit version;
+ size_t version;
tbs_crl.decode_optional(version, INTEGER, UNIVERSAL);
if(version != 0 && version != 1)
diff --git a/src/cert/x509self/x509opt.cpp b/src/cert/x509self/x509opt.cpp
index 0702ebf19..345df1fe0 100644
--- a/src/cert/x509self/x509opt.cpp
+++ b/src/cert/x509self/x509opt.cpp
@@ -55,7 +55,7 @@ void X509_Cert_Options::add_ex_constraint(const std::string& oid_str)
/*
* Mark this certificate for CA usage
*/
-void X509_Cert_Options::CA_key(u32bit limit)
+void X509_Cert_Options::CA_key(size_t limit)
{
is_CA = true;
path_limit = limit;
diff --git a/src/cert/x509self/x509self.cpp b/src/cert/x509self/x509self.cpp
index e420ca503..a2f89159f 100644
--- a/src/cert/x509self/x509self.cpp
+++ b/src/cert/x509self/x509self.cpp
@@ -103,7 +103,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
- const u32bit PKCS10_VERSION = 0;
+ const size_t PKCS10_VERSION = 0;
Extensions extensions;
diff --git a/src/cert/x509self/x509self.h b/src/cert/x509self/x509self.h
index df5731050..2850096c8 100644
--- a/src/cert/x509self/x509self.h
+++ b/src/cert/x509self/x509self.h
@@ -102,7 +102,7 @@ class BOTAN_DLL X509_Cert_Options
/**
* Indicates the BasicConstraints path limit
*/
- u32bit path_limit;
+ size_t path_limit;
/**
* The key constraints for the subject public key
@@ -123,7 +123,7 @@ class BOTAN_DLL X509_Cert_Options
* Mark the certificate as a CA certificate and set the path limit.
* @param limit the path limit to be set in the BasicConstraints extension.
*/
- void CA_key(u32bit limit = 1);
+ void CA_key(size_t limit = 1);
/**
* Set the notBefore of the certificate.