diff options
author | lloyd <[email protected]> | 2011-02-14 20:48:27 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2011-02-14 20:48:27 +0000 |
commit | 9326c35f54bf64f1d5d7cdec92e0375ae00326c2 (patch) | |
tree | 3df772e1a5a8e11997cc8cebae8685391383645e /src/cert | |
parent | d8d5ce7a524820b462d192310db1e50add1f4702 (diff) | |
parent | 6302ebff9765c572264f4b58a36154c1ce7fee4a (diff) |
propagate from branch 'net.randombit.botan' (head a4ea4629f9caa98bd72b87de6050d9e52190d09a)
to branch 'net.randombit.botan.x509-path-validation' (head 6217561bf05ef77a49ab2ebe39f16bf7133a005a)
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/certstore/certstor.h | 3 | ||||
-rw-r--r-- | src/cert/certstore/info.txt | 3 | ||||
-rw-r--r-- | src/cert/cvc/asn1_eac_str.cpp | 49 | ||||
-rw-r--r-- | src/cert/cvc/asn1_eac_tm.cpp | 48 | ||||
-rw-r--r-- | src/cert/cvc/cvc_cert.cpp | 2 | ||||
-rw-r--r-- | src/cert/cvc/cvc_gen_cert.h | 7 | ||||
-rw-r--r-- | src/cert/cvc/cvc_req.cpp | 2 | ||||
-rw-r--r-- | src/cert/cvc/cvc_self.cpp | 7 | ||||
-rw-r--r-- | src/cert/cvc/ecdsa_sig.cpp | 5 | ||||
-rw-r--r-- | src/cert/pkcs10/pkcs10.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 6 | ||||
-rw-r--r-- | src/cert/x509cert/info.txt | 1 | ||||
-rw-r--r-- | src/cert/x509cert/x509_ext.cpp | 8 | ||||
-rw-r--r-- | src/cert/x509cert/x509_ext.h | 14 | ||||
-rw-r--r-- | src/cert/x509cert/x509_obj.h | 1 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.cpp | 113 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.h | 5 | ||||
-rw-r--r-- | src/cert/x509crl/x509_crl.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509self/x509opt.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509self/x509self.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509self/x509self.h | 4 |
21 files changed, 206 insertions, 80 deletions
diff --git a/src/cert/certstore/certstor.h b/src/cert/certstore/certstor.h index aaa46bd4e..374013984 100644 --- a/src/cert/certstore/certstor.h +++ b/src/cert/certstore/certstor.h @@ -50,6 +50,9 @@ class BOTAN_DLL Certificate_Store const MemoryRegion<byte>& key_id) const = 0; }; +/** +* In Memory Certificate Store +*/ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store { public: diff --git a/src/cert/certstore/info.txt b/src/cert/certstore/info.txt index ee730490f..a5de1baff 100644 --- a/src/cert/certstore/info.txt +++ b/src/cert/certstore/info.txt @@ -1,5 +1,6 @@ define CERTIFICATE_STORE <requires> -asn1 +x509cert +x509crl </requires> diff --git a/src/cert/cvc/asn1_eac_str.cpp b/src/cert/cvc/asn1_eac_str.cpp index a306ffb01..37a601e4e 100644 --- a/src/cert/cvc/asn1_eac_str.cpp +++ b/src/cert/cvc/asn1_eac_str.cpp @@ -1,7 +1,7 @@ /* * Simple ASN.1 String Types * (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd +* 2008-2011 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -12,6 +12,7 @@ #include <botan/charset.h> #include <botan/parsing.h> #include <sstream> +#include <ios> namespace Botan { @@ -21,10 +22,9 @@ namespace Botan { ASN1_EAC_String::ASN1_EAC_String(const std::string& str, ASN1_Tag t) : tag(t) { iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); - if (!sanity_check()) - { - throw Invalid_Argument("attempted to construct ASN1_EAC_String with illegal characters"); - } + + if(!sanity_check()) + throw Invalid_Argument("ASN1_EAC_String contains illegal characters"); } /* @@ -66,23 +66,19 @@ void ASN1_EAC_String::encode_into(DER_Encoder& encoder) const void ASN1_EAC_String::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); - if (obj.type_tag != this->tag) - { - std::string message("decoding type mismatch for ASN1_EAC_String, tag is "); + if(obj.type_tag != this->tag) + { std::stringstream ss; - std::string str_is; - ss << std::hex << obj.type_tag; - ss >> str_is; - message.append(str_is); - message.append(", while it should be "); - std::stringstream ss2; - std::string str_should; - ss2 << std::hex << this->tag; - ss2 >> str_should; - message.append(str_should); - throw Decoding_Error(message); + + ss << "ASN1_EAC_String tag mismatch, tag was " + << std::hex << obj.type_tag + << " expected " + << std::hex << this->tag; + + throw Decoding_Error(ss.str()); } + Character_Set charset_is; charset_is = LATIN1_CHARSET; @@ -92,9 +88,10 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source) Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET), obj.type_tag); } - catch (Invalid_Argument inv_arg) + catch(Invalid_Argument inv_arg) { - throw Decoding_Error(std::string("error while decoding ASN1_EAC_String: ") + std::string(inv_arg.what())); + throw Decoding_Error(std::string("ASN1_EAC_String decoding failed: ") + + inv_arg.what()); } } @@ -103,14 +100,14 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source) bool ASN1_EAC_String::sanity_check() const { const byte* rep = reinterpret_cast<const byte*>(iso_8859_str.data()); - const u32bit rep_len = iso_8859_str.size(); - for (u32bit i=0; i<rep_len; i++) + const size_t rep_len = iso_8859_str.size(); + + for(size_t i = 0; i != rep_len; ++i) { - if ((rep[i] < 0x20) || ((rep[i] >= 0x7F) && (rep[i] < 0xA0))) - { + if((rep[i] < 0x20) || ((rep[i] >= 0x7F) && (rep[i] < 0xA0))) return false; - } } + return true; } diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index 0eaca49d6..db5d2fbaf 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -45,6 +45,7 @@ u32bit dec_two_digit(byte b1, byte b2) return upper*10 + lower; } + } /* @@ -62,19 +63,15 @@ EAC_Time::EAC_Time(u64bit timer, ASN1_Tag t) : tag(t) /* * Create an EAC_Time */ -EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) - :tag(t) +EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : tag(t) { set_to(t_spec); } /* * Create an EAC_Time */ -EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) - : year(y), - month(m), - day(d), - tag(t) +EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) : + year(y), month(m), day(d), tag(t) { } @@ -229,22 +226,27 @@ bool operator==(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) == 0); } + bool operator!=(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) != 0); } + bool operator<=(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) <= 0); } + bool operator>=(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) >= 0); } + bool operator>(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) > 0); } + bool operator<(const EAC_Time& t1, const EAC_Time& t2) { return (t1.cmp(t2) < 0); @@ -285,10 +287,12 @@ u32bit EAC_Time::get_year() const { return year; } + u32bit EAC_Time::get_month() const { return month; } + u32bit EAC_Time::get_day() const { return day; @@ -306,28 +310,34 @@ SecureVector<byte> EAC_Time::encoded_eac_time() const return result; } -ASN1_Ced::ASN1_Ced(std::string const& str) - : EAC_Time(str, ASN1_Tag(37)) +ASN1_Ced::ASN1_Ced(std::string const& str) : + EAC_Time(str, ASN1_Tag(37)) {} -ASN1_Ced::ASN1_Ced(u64bit val) - : EAC_Time(val, ASN1_Tag(37)) +ASN1_Ced::ASN1_Ced(u64bit val) : + EAC_Time(val, ASN1_Tag(37)) {} -ASN1_Ced::ASN1_Ced(EAC_Time const& other) - : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(37)) +ASN1_Ced::ASN1_Ced(EAC_Time const& other) : + EAC_Time(other.get_year(), + other.get_month(), + other.get_day(), + ASN1_Tag(37)) {} -ASN1_Cex::ASN1_Cex(std::string const& str) - : EAC_Time(str, ASN1_Tag(36)) +ASN1_Cex::ASN1_Cex(std::string const& str) : + EAC_Time(str, ASN1_Tag(36)) {} -ASN1_Cex::ASN1_Cex(u64bit val) - : EAC_Time(val, ASN1_Tag(36)) +ASN1_Cex::ASN1_Cex(u64bit val) : + EAC_Time(val, ASN1_Tag(36)) {} -ASN1_Cex::ASN1_Cex(EAC_Time const& other) - : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(36)) +ASN1_Cex::ASN1_Cex(EAC_Time const& other) : + EAC_Time(other.get_year(), + other.get_month(), + other.get_day(), + ASN1_Tag(36)) {} } diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index 536520b37..54f72ecfc 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -35,7 +35,7 @@ void EAC1_1_CVC::force_decode() { SecureVector<byte> enc_pk; SecureVector<byte> enc_chat_val; - u32bit cpi; + size_t cpi; BER_Decoder tbs_cert(tbs_bits); tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) .decode(m_car) diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index 61861df41..ad61b85bf 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -13,7 +13,6 @@ #include <botan/eac_asn_obj.h> #include <botan/ecdsa.h> #include <botan/pubkey.h> -#include <memory> namespace Botan { @@ -31,7 +30,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 * Get this certificates public key. * @result this certificates public key */ - std::auto_ptr<Public_Key> subject_public_key() const; + Public_Key* subject_public_key() const; /** * Find out whether this object is self signed. @@ -121,9 +120,9 @@ MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_signed( } template<typename Derived> -std::auto_ptr<Public_Key> EAC1_1_gen_CVC<Derived>::subject_public_key() const +Public_Key* EAC1_1_gen_CVC<Derived>::subject_public_key() const { - return std::auto_ptr<Public_Key>(new ECDSA_PublicKey(*m_pk)); + return new ECDSA_PublicKey(*m_pk); } template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(MemoryRegion<byte> const& tbs) diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp index 0a33d4dca..ad9e2f4ca 100644 --- a/src/cert/cvc/cvc_req.cpp +++ b/src/cert/cvc/cvc_req.cpp @@ -21,7 +21,7 @@ void EAC1_1_Req::force_decode() { SecureVector<byte> enc_pk; BER_Decoder tbs_cert(tbs_bits); - u32bit cpi; + size_t cpi; tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) .start_cons(ASN1_Tag(73)) .raw_bytes(enc_pk) diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index f1d539923..1097d45d1 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -11,6 +11,7 @@ #include <botan/time.h> #include <botan/oids.h> #include <sstream> +#include <memory> namespace Botan { @@ -231,7 +232,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, AlgorithmIdentifier sig_algo = signer.signature_algorithm(); std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid); PK_Signer pk_signer(*priv_key, padding_and_hash); - std::auto_ptr<Public_Key> pk = signee.subject_public_key(); + std::auto_ptr<Public_Key> pk(signee.subject_public_key()); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); @@ -265,9 +266,9 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, ASN1_Chr chr(chr_str); std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid); PK_Signer pk_signer(*priv_key, padding_and_hash); - std::auto_ptr<Public_Key> pk = signee.subject_public_key(); + std::auto_ptr<Public_Key> pk(signee.subject_public_key()); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); - std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); + std::auto_ptr<Public_Key> signer_pk(signer_cert.subject_public_key()); // for the case that the domain parameters are not set... // (we use those from the signer because they must fit) diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index dba2ece8d..e8fd7f051 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -32,7 +32,8 @@ MemoryVector<byte> ECDSA_Signature::DER_encode() const MemoryVector<byte> ECDSA_Signature::get_concatenation() const { - u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger + // use the larger + const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); @@ -47,7 +48,7 @@ ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concat) if(concat.size() % 2 != 0) throw Invalid_Argument("Erroneous length of signature"); - const u32bit rs_len = concat.size() / 2; + const size_t rs_len = concat.size() / 2; BigInt r = BigInt::decode(&concat[0], rs_len); BigInt s = BigInt::decode(&concat[rs_len], rs_len); diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp index 539022d08..784318d3d 100644 --- a/src/cert/pkcs10/pkcs10.cpp +++ b/src/cert/pkcs10/pkcs10.cpp @@ -41,7 +41,7 @@ void PKCS10_Request::force_decode() { BER_Decoder cert_req_info(tbs_bits); - u32bit version; + size_t version; cert_req_info.decode(version); if(version != 0) throw Decoding_Error("Unknown version code in PKCS #10 request: " + diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 4c4e62baa..9cb4c0a7f 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -97,8 +97,8 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const X509_DN& subject_dn, const Extensions& extensions) { - const u32bit X509_CERT_VERSION = 3; - const size_t SERIAL_BITS = 128; + const size_t X509_CERT_VERSION = 3; + const size_t SERIAL_BITS = 256; BigInt serial_no(rng, SERIAL_BITS); @@ -166,7 +166,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, u32bit crl_number, u32bit next_update, RandomNumberGenerator& rng) const { - const u32bit X509_CRL_VERSION = 2; + const size_t X509_CRL_VERSION = 2; if(next_update == 0) next_update = timespec_to_u32bit("7d"); diff --git a/src/cert/x509cert/info.txt b/src/cert/x509cert/info.txt index 3be50f077..5e3715e7a 100644 --- a/src/cert/x509cert/info.txt +++ b/src/cert/x509cert/info.txt @@ -2,4 +2,5 @@ define X509_CERTIFICATES <requires> certstore +datastor </requires> diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 88cab96c5..462b29669 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -166,7 +166,7 @@ namespace Cert_Extension { /* * Checked accessor for the path_limit member */ -u32bit Basic_Constraints::get_path_limit() const +size_t Basic_Constraints::get_path_limit() const { if(!is_ca) throw Invalid_State("Basic_Constraints::get_path_limit: Not a CA"); @@ -505,7 +505,7 @@ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const /* * Checked accessor for the crl_number member */ -u32bit CRL_Number::get_crl_number() const +size_t CRL_Number::get_crl_number() const { if(!has_value) throw Invalid_State("CRL_Number::get_crl_number: Not set"); @@ -552,7 +552,7 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const MemoryVector<byte> CRL_ReasonCode::encode_inner() const { return DER_Encoder() - .encode(static_cast<u32bit>(reason), ENUMERATED, UNIVERSAL) + .encode(static_cast<size_t>(reason), ENUMERATED, UNIVERSAL) .get_contents(); } @@ -561,7 +561,7 @@ MemoryVector<byte> CRL_ReasonCode::encode_inner() const */ void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in) { - u32bit reason_code = 0; + size_t reason_code = 0; BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); reason = static_cast<CRL_Code>(reason_code); } diff --git a/src/cert/x509cert/x509_ext.h b/src/cert/x509cert/x509_ext.h index 213a077a2..8799c5921 100644 --- a/src/cert/x509cert/x509_ext.h +++ b/src/cert/x509cert/x509_ext.h @@ -87,6 +87,8 @@ class BOTAN_DLL Extensions : public ASN1_Object namespace Cert_Extension { +static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0; + /** * Basic Constraints Extension */ @@ -96,11 +98,11 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension Basic_Constraints* copy() const { return new Basic_Constraints(is_ca, path_limit); } - Basic_Constraints(bool ca = false, u32bit limit = 0) : + Basic_Constraints(bool ca = false, size_t limit = 0) : is_ca(ca), path_limit(limit) {} bool get_is_ca() const { return is_ca; } - u32bit get_path_limit() const; + size_t get_path_limit() const; private: std::string config_id() const { return "basic_constraints"; } std::string oid_name() const { return "X509v3.BasicConstraints"; } @@ -110,7 +112,7 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension void contents_to(Data_Store&, Data_Store&) const; bool is_ca; - u32bit path_limit; + size_t path_limit; }; /** @@ -292,9 +294,9 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension CRL_Number* copy() const; CRL_Number() : has_value(false), crl_number(0) {} - CRL_Number(u32bit n) : has_value(true), crl_number(n) {} + CRL_Number(size_t n) : has_value(true), crl_number(n) {} - u32bit get_crl_number() const; + size_t get_crl_number() const; private: std::string config_id() const { return "crl_number"; } std::string oid_name() const { return "X509v3.CRLNumber"; } @@ -305,7 +307,7 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension void contents_to(Data_Store&, Data_Store&) const; bool has_value; - u32bit crl_number; + size_t crl_number; }; /** diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 6579565f9..570b00f51 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -88,6 +88,7 @@ class BOTAN_DLL X509_Object * @param out the pipe to write to * @param encoding the encoding to use */ + BOTAN_DEPRECATED("Use BER_encode or PEM_encode") void encode(Pipe& out, X509_Encoding encoding = PEM) const; virtual ~X509_Object() {} diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 05f23298b..b7c399078 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -1,6 +1,6 @@ /* * X.509 Certificates -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -14,7 +14,10 @@ #include <botan/bigint.h> #include <botan/oids.h> #include <botan/pem.h> +#include <botan/hex.h> #include <algorithm> +#include <iterator> +#include <sstream> namespace Botan { @@ -63,7 +66,7 @@ X509_Certificate::X509_Certificate(const std::string& in) : */ void X509_Certificate::force_decode() { - u32bit version; + size_t version; BigInt serial_bn; AlgorithmIdentifier sig_algo_inner; X509_DN dn_issuer, dn_subject; @@ -84,7 +87,7 @@ void X509_Certificate::force_decode() .decode(dn_subject); if(version > 2) - throw Decoding_Error("Unknown X.509 cert version " + to_string(version)); + throw Decoding_Error("Unknown X.509 cert version " + Botan::to_string(version)); if(sig_algo != sig_algo_inner) throw Decoding_Error("Algorithm identifier mismatch"); @@ -138,7 +141,9 @@ void X509_Certificate::force_decode() if(is_CA_cert() && !subject.has_value("X509v3.BasicConstraints.path_constraint")) { - u32bit limit = (x509_version() < 3) ? NO_CERT_PATH_LIMIT : 0; + const size_t limit = (x509_version() < 3) ? + Cert_Extension::NO_CERT_PATH_LIMIT : 0; + subject.add("X509v3.BasicConstraints.path_constraint", limit); } } @@ -299,6 +304,106 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) return !(cert1 == cert2); } +std::string X509_Certificate::to_string() const + { + const char* dn_fields[] = { "Name", + "Email", + "Organization", + "Organizational Unit", + "Locality", + "State", + "Country", + "IP", + "DNS", + "URI", + "PKIX.XMPPAddr", + 0 }; + + std::ostringstream out; + + for(size_t i = 0; dn_fields[i]; ++i) + { + const std::vector<std::string> vals = this->subject_info(dn_fields[i]); + + if(vals.empty()) + continue; + + out << "Subject " << dn_fields[i] << ":"; + for(size_t i = 0; i != vals.size(); ++i) + out << " " << vals[i]; + out << "\n"; + } + + for(size_t i = 0; dn_fields[i]; ++i) + { + const std::vector<std::string> vals = this->issuer_info(dn_fields[i]); + + if(vals.empty()) + continue; + + out << "Issuer " << dn_fields[i] << ":"; + for(size_t i = 0; i != vals.size(); ++i) + out << " " << vals[i]; + out << "\n"; + } + + out << "Version: " << this->x509_version() << "\n"; + + out << "Not valid before: " << this->start_time() << "\n"; + out << "Not valid after: " << this->end_time() << "\n"; + + out << "Constraints:\n"; + Key_Constraints constraints = this->constraints(); + if(constraints == NO_CONSTRAINTS) + out << " None\n"; + else + { + if(constraints & DIGITAL_SIGNATURE) + out << " Digital Signature\n"; + if(constraints & NON_REPUDIATION) + out << " Non-Repuidation\n"; + if(constraints & KEY_ENCIPHERMENT) + out << " Key Encipherment\n"; + if(constraints & DATA_ENCIPHERMENT) + out << " Data Encipherment\n"; + if(constraints & KEY_AGREEMENT) + out << " Key Agreement\n"; + if(constraints & KEY_CERT_SIGN) + out << " Cert Sign\n"; + if(constraints & CRL_SIGN) + out << " CRL Sign\n"; + } + + std::vector<std::string> policies = this->policies(); + if(policies.size()) + { + out << "Policies: " << "\n"; + for(u32bit j = 0; j != policies.size(); j++) + out << " " << policies[j] << "\n"; + } + + std::vector<std::string> ex_constraints = this->ex_constraints(); + if(ex_constraints.size()) + { + out << "Extended Constraints:\n"; + for(u32bit j = 0; j != ex_constraints.size(); j++) + out << " " << ex_constraints[j] << "\n"; + } + + out << "Signature algorithm: " << + OIDS::lookup(this->signature_algorithm().oid) << "\n"; + + out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; + out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; + out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; + + X509_PublicKey* pubkey = this->subject_public_key(); + out << "Public Key:\n" << X509::PEM_encode(*pubkey); + delete pubkey; + + return out.str(); + } + /* * Create and populate a X509_DN */ diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h index 754553f3d..8798ef1c2 100644 --- a/src/cert/x509cert/x509cert.h +++ b/src/cert/x509cert/x509cert.h @@ -141,6 +141,11 @@ class BOTAN_DLL X509_Certificate : public X509_Object std::vector<std::string> policies() const; /** + * @return a string describing the certificate + */ + std::string to_string() const; + + /** * Check to certificates for equality. * @return true both certificates are (binary) equal */ diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp index f6a344dba..01fce4c52 100644 --- a/src/cert/x509crl/x509_crl.cpp +++ b/src/cert/x509crl/x509_crl.cpp @@ -39,7 +39,7 @@ void X509_CRL::force_decode() { BER_Decoder tbs_crl(tbs_bits); - u32bit version; + size_t version; tbs_crl.decode_optional(version, INTEGER, UNIVERSAL); if(version != 0 && version != 1) diff --git a/src/cert/x509self/x509opt.cpp b/src/cert/x509self/x509opt.cpp index 0702ebf19..345df1fe0 100644 --- a/src/cert/x509self/x509opt.cpp +++ b/src/cert/x509self/x509opt.cpp @@ -55,7 +55,7 @@ void X509_Cert_Options::add_ex_constraint(const std::string& oid_str) /* * Mark this certificate for CA usage */ -void X509_Cert_Options::CA_key(u32bit limit) +void X509_Cert_Options::CA_key(size_t limit) { is_CA = true; path_limit = limit; diff --git a/src/cert/x509self/x509self.cpp b/src/cert/x509self/x509self.cpp index e420ca503..a2f89159f 100644 --- a/src/cert/x509self/x509self.cpp +++ b/src/cert/x509self/x509self.cpp @@ -103,7 +103,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); - const u32bit PKCS10_VERSION = 0; + const size_t PKCS10_VERSION = 0; Extensions extensions; diff --git a/src/cert/x509self/x509self.h b/src/cert/x509self/x509self.h index df5731050..2850096c8 100644 --- a/src/cert/x509self/x509self.h +++ b/src/cert/x509self/x509self.h @@ -102,7 +102,7 @@ class BOTAN_DLL X509_Cert_Options /** * Indicates the BasicConstraints path limit */ - u32bit path_limit; + size_t path_limit; /** * The key constraints for the subject public key @@ -123,7 +123,7 @@ class BOTAN_DLL X509_Cert_Options * Mark the certificate as a CA certificate and set the path limit. * @param limit the path limit to be set in the BasicConstraints extension. */ - void CA_key(u32bit limit = 1); + void CA_key(size_t limit = 1); /** * Set the notBefore of the certificate. |