Allow parsing and printing certificates with unknown public key algos

author: Jack Lloyd <[email protected]> 2017-11-18 16:37:02 -0500
committer: Jack Lloyd <[email protected]> 2017-11-18 16:37:02 -0500
commit: c8f026ef5958f2e4732c406f45b9d070e98be2c0 (patch)
tree: abfd5d5c10373bfc806a81800c895cf1187e874b /src/lib
parent: 5f7a90fd7c3eecc83c2e17b85a7082f052954bd6 (diff)
2 files changed, 31 insertions, 6 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp
index 74bd17811..ca1fe8e3c 100644
--- a/src/lib/x509/x509cert.cpp
+++ b/src/lib/x509/x509cert.cpp
@@ -257,9 +257,16 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o
    // Check for self-signed vs self-issued certificates
    if(data->m_subject_dn == data->m_issuer_dn)
       {
-      std::unique_ptr<Public_Key> pub_key(
-         X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits)));
-      data->m_self_signed = obj.check_signature(*pub_key);
+      try
+         {
+         std::unique_ptr<Public_Key> pub_key(
+            X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits)));
+         data->m_self_signed = obj.check_signature(*pub_key);
+         }
+      catch(Decoding_Error&)
+         {
+         // ignore errors here to allow parsing to continue
+         }
       }
 
    std::unique_ptr<HashFunction> sha1(HashFunction::create("SHA-1"));
@@ -320,6 +327,11 @@ const X509_Time& X509_Certificate::not_after() const
    return data().m_not_after;
    }
 
+const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const
+   {
+   return data().m_subject_public_key_algid;
+   }
+
 const std::vector<uint8_t>& X509_Certificate::v2_issuer_key_id() const
    {
    return data().m_v2_issuer_key_id;
@@ -814,9 +826,17 @@ std::string X509_Certificate::to_string() const
    if(this->subject_key_id().size())
      out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
 
-   std::unique_ptr<Public_Key> pubkey(this->subject_public_key());
-   out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n";
-   out << X509::PEM_encode(*pubkey);
+   try
+      {
+      std::unique_ptr<Public_Key> pubkey(this->subject_public_key());
+      out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n";
+      out << X509::PEM_encode(*pubkey);
+      }
+   catch(Decoding_Error&)
+      {
+      const AlgorithmIdentifier& alg_id = this->subject_public_key_algo();
+      out << "Failed to decode key with oid " << alg_id.oid.as_string() << "\n";
+      }
 
    return out.str();
    }
diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h
index c9cf8bb7b..3b35c6575 100644
--- a/src/lib/x509/x509cert.h
+++ b/src/lib/x509/x509cert.h
@@ -70,6 +70,11 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object
       const std::vector<uint8_t>& subject_public_key_bits() const;
 
       /**
+      * Return the algorithm identifier of the public key
+      */
+      const AlgorithmIdentifier& subject_public_key_algo() const;
+
+      /**
       * Get the bit string of the public key associated with this certificate
       * @return public key bits
       */
author	Jack Lloyd <[email protected]>	2017-11-18 16:37:02 -0500
committer	Jack Lloyd <[email protected]>	2017-11-18 16:37:02 -0500
commit	c8f026ef5958f2e4732c406f45b9d070e98be2c0 (patch)
tree	abfd5d5c10373bfc806a81800c895cf1187e874b /src/lib
parent	5f7a90fd7c3eecc83c2e17b85a7082f052954bd6 (diff)