diff options
author | Jack Lloyd <[email protected]> | 2016-04-23 08:21:51 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-04-23 08:21:51 -0400 |
commit | 4ad555977b03cb92dfac0b87a00febe4d8e7ff5e (patch) | |
tree | ab84082c6365f9b9fdd68bc0d444e3faae187f19 /src/lib/cert/x509/x509cert.cpp | |
parent | 9404bddb4d86ac79befa7b17a3ba8e7a5512a765 (diff) | |
parent | c297b8b5ead53fd2f8c7f5c8db7c534867a5485a (diff) |
Merge GH #469 Generate error on unknown critical extension during path validation
Previously an unknown extension would be rejected during parsing, which
prevents examining such a cert at all
Diffstat (limited to 'src/lib/cert/x509/x509cert.cpp')
-rw-r--r-- | src/lib/cert/x509/x509cert.cpp | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index 959cddb53..f68956859 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -42,9 +42,10 @@ std::vector<std::string> lookup_oids(const std::vector<std::string>& in) * X509_Certificate Constructor */ X509_Certificate::X509_Certificate(DataSource& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"), + m_self_signed(false), + m_v3_extensions(false) { - m_self_signed = false; do_decode(); } @@ -52,9 +53,10 @@ X509_Certificate::X509_Certificate(DataSource& in) : * X509_Certificate Constructor */ X509_Certificate::X509_Certificate(const std::string& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"), + m_self_signed(false), + m_v3_extensions(false) { - m_self_signed = false; do_decode(); } @@ -62,12 +64,39 @@ X509_Certificate::X509_Certificate(const std::string& in) : * X509_Certificate Constructor */ X509_Certificate::X509_Certificate(const std::vector<byte>& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"), + m_self_signed(false), + m_v3_extensions(false) { - m_self_signed = false; do_decode(); } +X509_Certificate::X509_Certificate(const X509_Certificate& other) : + X509_Object(other) + { + m_subject = other.m_subject; + m_issuer = other.m_issuer; + m_self_signed = other.m_self_signed; + m_v3_extensions = other.m_v3_extensions; + } + +X509_Certificate& X509_Certificate::operator=(const X509_Certificate& other) + { + if(&other == this) + { + return *this; + } + else + { + m_subject = other.m_subject; + m_issuer = other.m_issuer; + m_self_signed = other.m_self_signed; + m_v3_extensions = other.m_v3_extensions; + } + return *this; + } + + /* * Decode the TBSCertificate data */ @@ -120,12 +149,8 @@ void X509_Certificate::force_decode() if(v3_exts_data.type_tag == 3 && v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) { - Extensions extensions; - - BER_Decoder(v3_exts_data.value).decode(extensions).verify_end(); - - m_v3_extensions = extensions.extensions_raw(); - extensions.contents_to(m_subject, m_issuer); + BER_Decoder(v3_exts_data.value).decode(m_v3_extensions).verify_end(); + m_v3_extensions.contents_to(m_subject, m_issuer); } else if(v3_exts_data.type_tag != NO_OBJECT) throw BER_Bad_Tag("Unknown tag in X.509 cert", @@ -332,7 +357,7 @@ std::vector<std::string> X509_Certificate::policies() const return lookup_oids(m_subject.get("X509v3.CertificatePolicies")); } -std::map<OID, std::pair<std::vector<byte>, bool>> X509_Certificate::v3_extensions() const +Extensions X509_Certificate::v3_extensions() const { return m_v3_extensions; } |