aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509/x509cert.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-21 19:58:20 -0500
committerJack Lloyd <[email protected]>2016-11-23 08:31:06 -0500
commitec7c6e4d3d70077199523fa1b0f3ee17b2f86de2 (patch)
tree991cadc539bf23682e65daa7a02b52a0d83c114f /src/lib/x509/x509cert.cpp
parent13be30e33e0aac0e5d566d77c4775293a2c363f7 (diff)
Add X509_Certificate helper functions for OCSP
Using the SHA-1 of the public key to identify the signing cert is hardcoded in OCSP and unlikely to change.
Diffstat (limited to 'src/lib/x509/x509cert.cpp')
-rw-r--r--src/lib/x509/x509cert.cpp34
1 files changed, 30 insertions, 4 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp
index f56495a79..52802a8e4 100644
--- a/src/lib/x509/x509cert.cpp
+++ b/src/lib/x509/x509cert.cpp
@@ -143,11 +143,14 @@ void X509_Certificate::force_decode()
m_issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id);
m_subject.add("X509.Certificate.v2.key_id", v2_subject_key_id);
- m_subject.add("X509.Certificate.public_key",
- hex_encode(public_key.value));
+ m_subject.add("X509.Certificate.public_key", hex_encode(public_key.value));
- std::unique_ptr<Public_Key> pub_key(subject_public_key());
- m_self_signed = (dn_subject == dn_issuer) && check_signature(*pub_key);
+ m_self_signed = false;
+ if(dn_subject == dn_issuer)
+ {
+ std::unique_ptr<Public_Key> pub_key(subject_public_key());
+ m_self_signed = check_signature(*pub_key);
+ }
if(m_self_signed && version == 0)
{
@@ -221,6 +224,29 @@ std::vector<byte> X509_Certificate::subject_public_key_bits() const
return hex_decode(m_subject.get1("X509.Certificate.public_key"));
}
+std::vector<byte> X509_Certificate::subject_public_key_bitstring() const
+ {
+ // TODO: cache this
+ const std::vector<byte> key_bits = subject_public_key_bits();
+
+ AlgorithmIdentifier public_key_algid;
+ std::vector<byte> public_key_bitstr;
+
+ BER_Decoder(key_bits)
+ .decode(public_key_algid)
+ .decode(public_key_bitstr, BIT_STRING);
+
+ return public_key_bitstr;
+ }
+
+std::vector<byte> X509_Certificate::subject_public_key_bitstring_sha1() const
+ {
+ // TODO: cache this value
+ std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
+ hash->update(this->subject_public_key_bitstring());
+ return hash->final_stdvec();
+ }
+
/*
* Check if the certificate is for a CA
*/