diff options
author | Jack Lloyd <[email protected]> | 2018-05-21 17:53:33 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-05-21 17:53:33 -0400 |
commit | ea8c01fddc8197bfdc453d3c4c76e98c9f3149cd (patch) | |
tree | eec6a2a600a0e5f68a7621273a64c62b57461a4c /src/lib/x509 | |
parent | ac7354da6788e31a77af6908f289a0724363da84 (diff) |
Use BER_Decoder::get_next to cleanup X.509 cert decoding code
Diffstat (limited to 'src/lib/x509')
-rw-r--r-- | src/lib/x509/x509cert.cpp | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 8d74d614e..ddfe5d5b2 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -106,11 +106,12 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o { std::unique_ptr<X509_Certificate_Data> data(new X509_Certificate_Data); - BER_Decoder tbs_cert(obj.signed_body()); BigInt serial_bn; + BER_Object public_key; + BER_Object v3_exts_data; - tbs_cert.decode_optional(data->m_version, ASN1_Tag(0), - ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + BER_Decoder(obj.signed_body()) + .decode_optional(data->m_version, ASN1_Tag(0), ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) .decode(serial_bn) .decode(data->m_sig_algo_inner) .decode(data->m_issuer_dn) @@ -118,12 +119,20 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o .decode(data->m_not_before) .decode(data->m_not_after) .end_cons() - .decode(data->m_subject_dn); + .decode(data->m_subject_dn) + .get_next(public_key) + .decode_optional_string(data->m_v2_issuer_key_id, BIT_STRING, 1) + .decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2) + .get_next(v3_exts_data) + .verify_end("TBSCertificate has extra data after extensions block"); if(data->m_version > 2) throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); if(obj.signature_algorithm() != data->m_sig_algo_inner) throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields"); + + public_key.assert_is_a(SEQUENCE, CONSTRUCTED, "X.509 certificate public key"); + // crude method to save the serial's sign; will get lost during decoding, otherwise data->m_serial_negative = serial_bn.is_negative(); @@ -134,9 +143,6 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); - BER_Object public_key = tbs_cert.get_next_object(); - public_key.assert_is_a(SEQUENCE, CONSTRUCTED, "X.509 certificate public key"); - // validate_public_key_params(public_key.value); AlgorithmIdentifier public_key_alg_id; BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); @@ -193,10 +199,6 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o .decode(data->m_subject_public_key_algid) .decode(data->m_subject_public_key_bitstring, BIT_STRING); - tbs_cert.decode_optional_string(data->m_v2_issuer_key_id, BIT_STRING, 1); - tbs_cert.decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2); - - BER_Object v3_exts_data = tbs_cert.get_next_object(); if(v3_exts_data.is_a(3, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) { BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end(); @@ -204,9 +206,6 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o else if(v3_exts_data.is_set()) throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); - if(tbs_cert.more_items()) - throw Decoding_Error("TBSCertificate has extra data after extensions block"); - // Now cache some fields from the extensions if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>()) { |