diff options
| author | Jack Lloyd <[email protected]> | 2016-11-16 01:34:19 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-11-26 12:41:03 -0500 |
| commit | 10244d3fa88365a3740eb66ccfd9c90f3a866fcd (patch) | |
| tree | 54a746fdcdebd327bbd71d023ce6d02ef7e66b44 /src/lib/tls/msg_cert_status.cpp | |
| parent | 5372d0b499ad317ab3776c9ac92df866cc6a1e84 (diff) | |
Add OCSP stapling support to TLS client
Diffstat (limited to 'src/lib/tls/msg_cert_status.cpp')
| -rw-r--r-- | src/lib/tls/msg_cert_status.cpp | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/src/lib/tls/msg_cert_status.cpp b/src/lib/tls/msg_cert_status.cpp new file mode 100644 index 000000000..f28fe10d2 --- /dev/null +++ b/src/lib/tls/msg_cert_status.cpp @@ -0,0 +1,65 @@ +/* +* Certificate Status +* (C) 2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/internal/tls_messages.h> +#include <botan/internal/tls_reader.h> +#include <botan/internal/tls_extensions.h> +#include <botan/internal/tls_handshake_io.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> + +namespace Botan { + +namespace TLS { + +Certificate_Status::Certificate_Status(const std::vector<byte>& buf) + { + if(buf.size() < 5) + throw Decoding_Error("Invalid Certificate_Status message: too small"); + + if(buf[0] != 1) + throw Decoding_Error("Unexpected Certificate_Status message: unexpected message type"); + + size_t len = make_u32bit(0, buf[1], buf[2], buf[3]); + + // Verify the redundant length field... + if(buf.size() != len + 4) + throw Decoding_Error("Invalid Certificate_Status: invalid length field"); + + m_response = std::make_shared<OCSP::Response>(buf.data() + 4, buf.size() - 4); + } + +Certificate_Status::Certificate_Status(Handshake_IO& io, + Handshake_Hash& hash, + std::shared_ptr<const OCSP::Response> ocsp) : + m_response(ocsp) + { + hash.update(io.send(*this)); + } + +std::vector<byte> Certificate_Status::serialize() const + { + BOTAN_ASSERT_NONNULL(m_response); + const std::vector<byte>& m_resp_bits = m_response->raw_bits(); + + if(m_resp_bits.size() > 0xFFFFFF) // unlikely + throw Encoding_Error("OCSP response too long to encode in TLS"); + + const uint32_t m_resp_bits_len = static_cast<u32bit>(m_resp_bits.size()); + + std::vector<byte> buf; + buf.push_back(1); // type OCSP + for(size_t i = 1; i < 4; ++i) + buf[i] = get_byte(i, m_resp_bits_len); + + buf += m_resp_bits; + return buf; + } + +} + +} |