aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-12-19 01:18:40 -0500
committerJack Lloyd <[email protected]>2017-12-19 01:33:40 -0500
commitafabd4a6b33336815614288f01b80bcbf31ba79c (patch)
treebae42c4560c37f8090f6658eefc45bac77eb7b13 /src/lib/x509
parentac754772afbf7be397f8631ebbb3d2921b0a7753 (diff)
Add accessors to ASN1_Attribute and AlgorithmIdentifier
Diffstat (limited to 'src/lib/x509')
-rw-r--r--src/lib/x509/ocsp.cpp2
-rw-r--r--src/lib/x509/ocsp_types.cpp2
-rw-r--r--src/lib/x509/pkcs10.cpp10
-rw-r--r--src/lib/x509/x509_ca.cpp4
-rw-r--r--src/lib/x509/x509_obj.cpp18
-rw-r--r--src/lib/x509/x509cert.cpp8
6 files changed, 23 insertions, 21 deletions
diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
index 6d8d66687..5a98b7495 100644
--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
@@ -148,7 +148,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue
std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key());
const std::vector<std::string> sig_info =
- split_on(OIDS::lookup(m_sig_algo.oid), '/');
+ split_on(OIDS::lookup(m_sig_algo.get_oid()), '/');
if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name())
return Certificate_Status_Code::OCSP_RESPONSE_INVALID;
diff --git a/src/lib/x509/ocsp_types.cpp b/src/lib/x509/ocsp_types.cpp
index d09681fcd..353cb100a 100644
--- a/src/lib/x509/ocsp_types.cpp
+++ b/src/lib/x509/ocsp_types.cpp
@@ -39,7 +39,7 @@ bool CertID::is_id_for(const X509_Certificate& issuer,
if(BigInt::decode(subject.serial_number()) != m_subject_serial)
return false;
- std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.oid)));
+ std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid())));
if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
return false;
diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp
index 1f7e915ff..b1543e398 100644
--- a/src/lib/x509/pkcs10.cpp
+++ b/src/lib/x509/pkcs10.cpp
@@ -90,21 +90,23 @@ std::unique_ptr<PKCS10_Data> decode_pkcs10(const std::vector<uint8_t>& body)
{
Attribute attr;
attributes.decode(attr);
- BER_Decoder value(attr.parameters);
- if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
+ const OID& oid = attr.get_oid();
+ BER_Decoder value(attr.get_parameters());
+
+ if(oid == OIDS::lookup("PKCS9.EmailAddress"))
{
ASN1_String email;
value.decode(email);
pkcs9_email.insert(email.value());
}
- else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
+ else if(oid == OIDS::lookup("PKCS9.ChallengePassword"))
{
ASN1_String challenge_password;
value.decode(challenge_password);
data->m_challenge = challenge_password.value();
}
- else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
+ else if(oid == OIDS::lookup("PKCS9.ExtensionRequest"))
{
value.decode(data->m_extensions).verify_end();
}
diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp
index 22fb8ce80..0a470762f 100644
--- a/src/lib/x509/x509_ca.cpp
+++ b/src/lib/x509/x509_ca.cpp
@@ -273,8 +273,8 @@ PK_Signer* choose_sig_format(const Private_Key& key,
padding = padding + "(" + hash->name() + ")";
- sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
- sig_algo.parameters = key.algorithm_identifier().parameters;
+ sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding),
+ key.algorithm_identifier().get_parameters());
return new PK_Signer(key, rng, padding, format);
}
diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp
index 4450df7bb..309bdb1f9 100644
--- a/src/lib/x509/x509_obj.cpp
+++ b/src/lib/x509/x509_obj.cpp
@@ -40,7 +40,7 @@ Pss_params decode_pss_params(const std::vector<uint8_t>& encoded_pss_params)
.decode_optional(pss_parameter.trailer_field, ASN1_Tag(3), PRIVATE, size_t(1))
.end_cons();
- BER_Decoder(pss_parameter.mask_gen_algo.parameters).decode(pss_parameter.mask_gen_hash);
+ BER_Decoder(pss_parameter.mask_gen_algo.get_parameters()).decode(pss_parameter.mask_gen_hash);
return pss_parameter;
}
@@ -147,7 +147,7 @@ std::vector<uint8_t> X509_Object::tbs_data() const
*/
std::string X509_Object::hash_used_for_signature() const
{
- const OID oid = m_sig_algo.oid;
+ const OID& oid = m_sig_algo.get_oid();
std::vector<std::string> sig_info = split_on(OIDS::lookup(oid), '/');
if(sig_info.size() != 2)
@@ -156,7 +156,7 @@ std::string X509_Object::hash_used_for_signature() const
if(sig_info[1] == "EMSA4")
{
- return OIDS::lookup(decode_pss_params(signature_algorithm().parameters).hash_algo.oid);
+ return OIDS::lookup(decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid());
}
else
{
@@ -190,7 +190,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const
{
try {
std::vector<std::string> sig_info =
- split_on(OIDS::lookup(m_sig_algo.oid), '/');
+ split_on(OIDS::lookup(m_sig_algo.get_oid()), '/');
if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
return false;
@@ -202,22 +202,22 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const
if(padding == "EMSA4")
{
// "MUST contain RSASSA-PSS-params"
- if(signature_algorithm().parameters.empty())
+ if(signature_algorithm().get_parameters().empty())
{
return false;
}
- Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters);
+ Pss_params pss_parameter = decode_pss_params(signature_algorithm().get_parameters());
// hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512
- std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid);
+ std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.get_oid());
if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && hash_algo != "SHA-384"
&& hash_algo != "SHA-512")
{
return false;
}
- std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid);
+ std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.get_oid());
if(mgf_algo != "MGF1")
{
return false;
@@ -225,7 +225,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const
// For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm
// Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512
- if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid)
+ if(pss_parameter.mask_gen_hash.get_oid() != pss_parameter.hash_algo.get_oid())
{
return false;
}
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp
index 1370d52b0..da691452b 100644
--- a/src/lib/x509/x509cert.cpp
+++ b/src/lib/x509/x509cert.cpp
@@ -131,7 +131,7 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o
BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining();
std::vector<std::string> public_key_info =
- split_on(OIDS::oid2str(public_key_alg_id.oid), '/');
+ split_on(OIDS::oid2str(public_key_alg_id.get_oid()), '/');
if(!public_key_info.empty() && public_key_info[0] == "RSA")
{
@@ -167,7 +167,7 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o
else
{
// oid = rsaEncryption -> parameters field MUST contain NULL
- if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.oid, AlgorithmIdentifier::USE_NULL_PARAM))
+ if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM))
{
throw Decoding_Error("Parameters field MUST contain NULL");
}
@@ -801,7 +801,7 @@ std::string X509_Certificate::to_string() const
out << "CRL " << crl_distribution_point() << "\n";
out << "Signature algorithm: " <<
- OIDS::oid2str(this->signature_algorithm().oid) << "\n";
+ OIDS::oid2str(this->signature_algorithm().get_oid()) << "\n";
out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
@@ -820,7 +820,7 @@ std::string X509_Certificate::to_string() const
catch(Decoding_Error&)
{
const AlgorithmIdentifier& alg_id = this->subject_public_key_algo();
- out << "Failed to decode key with oid " << alg_id.oid.as_string() << "\n";
+ out << "Failed to decode key with oid " << alg_id.get_oid().as_string() << "\n";
}
return out.str();