aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509/x509cert.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-04-23 08:21:51 -0400
committerJack Lloyd <[email protected]>2016-04-23 08:21:51 -0400
commit4ad555977b03cb92dfac0b87a00febe4d8e7ff5e (patch)
treeab84082c6365f9b9fdd68bc0d444e3faae187f19 /src/lib/cert/x509/x509cert.cpp
parent9404bddb4d86ac79befa7b17a3ba8e7a5512a765 (diff)
parentc297b8b5ead53fd2f8c7f5c8db7c534867a5485a (diff)
Merge GH #469 Generate error on unknown critical extension during path validation
Previously an unknown extension would be rejected during parsing, which prevents examining such a cert at all
Diffstat (limited to 'src/lib/cert/x509/x509cert.cpp')
-rw-r--r--src/lib/cert/x509/x509cert.cpp51
1 files changed, 38 insertions, 13 deletions
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp
index 959cddb53..f68956859 100644
--- a/src/lib/cert/x509/x509cert.cpp
+++ b/src/lib/cert/x509/x509cert.cpp
@@ -42,9 +42,10 @@ std::vector<std::string> lookup_oids(const std::vector<std::string>& in)
* X509_Certificate Constructor
*/
X509_Certificate::X509_Certificate(DataSource& in) :
- X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
+ X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"),
+ m_self_signed(false),
+ m_v3_extensions(false)
{
- m_self_signed = false;
do_decode();
}
@@ -52,9 +53,10 @@ X509_Certificate::X509_Certificate(DataSource& in) :
* X509_Certificate Constructor
*/
X509_Certificate::X509_Certificate(const std::string& in) :
- X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
+ X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"),
+ m_self_signed(false),
+ m_v3_extensions(false)
{
- m_self_signed = false;
do_decode();
}
@@ -62,12 +64,39 @@ X509_Certificate::X509_Certificate(const std::string& in) :
* X509_Certificate Constructor
*/
X509_Certificate::X509_Certificate(const std::vector<byte>& in) :
- X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
+ X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"),
+ m_self_signed(false),
+ m_v3_extensions(false)
{
- m_self_signed = false;
do_decode();
}
+X509_Certificate::X509_Certificate(const X509_Certificate& other) :
+ X509_Object(other)
+ {
+ m_subject = other.m_subject;
+ m_issuer = other.m_issuer;
+ m_self_signed = other.m_self_signed;
+ m_v3_extensions = other.m_v3_extensions;
+ }
+
+X509_Certificate& X509_Certificate::operator=(const X509_Certificate& other)
+ {
+ if(&other == this)
+ {
+ return *this;
+ }
+ else
+ {
+ m_subject = other.m_subject;
+ m_issuer = other.m_issuer;
+ m_self_signed = other.m_self_signed;
+ m_v3_extensions = other.m_v3_extensions;
+ }
+ return *this;
+ }
+
+
/*
* Decode the TBSCertificate data
*/
@@ -120,12 +149,8 @@ void X509_Certificate::force_decode()
if(v3_exts_data.type_tag == 3 &&
v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
{
- Extensions extensions;
-
- BER_Decoder(v3_exts_data.value).decode(extensions).verify_end();
-
- m_v3_extensions = extensions.extensions_raw();
- extensions.contents_to(m_subject, m_issuer);
+ BER_Decoder(v3_exts_data.value).decode(m_v3_extensions).verify_end();
+ m_v3_extensions.contents_to(m_subject, m_issuer);
}
else if(v3_exts_data.type_tag != NO_OBJECT)
throw BER_Bad_Tag("Unknown tag in X.509 cert",
@@ -332,7 +357,7 @@ std::vector<std::string> X509_Certificate::policies() const
return lookup_oids(m_subject.get("X509v3.CertificatePolicies"));
}
-std::map<OID, std::pair<std::vector<byte>, bool>> X509_Certificate::v3_extensions() const
+Extensions X509_Certificate::v3_extensions() const
{
return m_v3_extensions;
}