diff options
| author | lloyd <[email protected]> | 2006-05-19 00:07:25 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2006-05-19 00:07:25 +0000 |
| commit | f090e030be53e574fecbe7cf50edfb5fdacb53e1 (patch) | |
| tree | 0bff0c249a9dbcb674fcd2491ab17e3d123ef1f9 /src/x509cert.cpp | |
| parent | a0af7b26591f8fb79d1f06fe42548e1eb0c35e90 (diff) | |
Syntax changes to the BER and DER APIs to improve readability of code
that uses them. These changes are not backwards compatible, this commit
updates all uses of the APIs within the library.
Diffstat (limited to 'src/x509cert.cpp')
| -rw-r--r-- | src/x509cert.cpp | 72 |
1 files changed, 38 insertions, 34 deletions
diff --git a/src/x509cert.cpp b/src/x509cert.cpp index 143cc84b0..9f8fe85a2 100644 --- a/src/x509cert.cpp +++ b/src/x509cert.cpp @@ -4,7 +4,9 @@ *************************************************/ #include <botan/x509cert.h> -#include <botan/asn1_int.h> +#include <botan/x509_ext.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> #include <botan/stl_util.h> #include <botan/parsing.h> #include <botan/bigint.h> @@ -132,8 +134,9 @@ void X509_Certificate::force_decode() BER_Decoder tbs_cert(tbs_bits); u32bit version; - BER::decode_optional(tbs_cert, version, ASN1_Tag(0), - ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)); + tbs_cert.decode_optional(version, ASN1_Tag(0), + ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)); + if(version > 2) throw Decoding_Error("Unknown X.509 cert version " + to_string(version)); if(version < 2) @@ -146,24 +149,25 @@ void X509_Certificate::force_decode() tbs_cert.decode(serial_bn); AlgorithmIdentifier sig_algo_inner; - BER::decode(tbs_cert, sig_algo_inner); + tbs_cert.decode(sig_algo_inner); if(sig_algo != sig_algo_inner) throw Decoding_Error("Algorithm identifier mismatch"); X509_DN dn_issuer; - BER::decode(tbs_cert, dn_issuer); + tbs_cert.decode(dn_issuer); load_info(issuer, dn_issuer); X509_Time start, end; - BER_Decoder validity = BER::get_subsequence(tbs_cert); - BER::decode(validity, start); - BER::decode(validity, end); - validity.verify_end(); + tbs_cert.start_cons(SEQUENCE) + .decode(start) + .decode(end) + .verify_end() + .end_cons(); X509_DN dn_subject; - BER::decode(tbs_cert, dn_subject); + tbs_cert.decode(dn_subject); load_info(subject, dn_subject); BER_Object public_key = tbs_cert.get_next_object(); @@ -173,26 +177,24 @@ void X509_Certificate::force_decode() MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id; - BER::decode_optional_string(tbs_cert, v2_issuer_key_id, BIT_STRING, - ASN1_Tag(1), CONTEXT_SPECIFIC); - BER::decode_optional_string(tbs_cert, v2_subject_key_id, BIT_STRING, - ASN1_Tag(2), CONTEXT_SPECIFIC); + tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); + tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); BER_Object v3_exts_data = tbs_cert.get_next_object(); if(v3_exts_data.type_tag == 3 && v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) { BER_Decoder v3_exts_decoder(v3_exts_data.value); - BER_Decoder sequence = BER::get_subsequence(v3_exts_decoder); + BER_Decoder ext_data = v3_exts_decoder.start_cons(SEQUENCE); + v3_exts_decoder.verify_end(); - while(sequence.more_items()) + while(ext_data.more_items()) { Extension extn; - BER::decode(sequence, extn); + ext_data.decode(extn); handle_v3_extension(extn); } - sequence.verify_end(); - v3_exts_decoder.verify_end(); + ext_data.end_cons(); } else if(v3_exts_data.type_tag != NO_OBJECT) throw BER_Bad_Tag("Unknown tag in X.509 cert", @@ -234,22 +236,24 @@ void X509_Certificate::handle_v3_extension(const Extension& extn) } else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage")) { - BER_Decoder key_usage = BER::get_subsequence(value); + BER_Decoder key_usage = value.start_cons(SEQUENCE); while(key_usage.more_items()) { OID usage_oid; - BER::decode(key_usage, usage_oid); + key_usage.decode(usage_oid); info.add("X509v3.ExtendedKeyUsage", usage_oid.as_string()); } } else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints")) { u32bit max_path_len = 0; - BER_Decoder basic_constraints = BER::get_subsequence(value); - BER::decode_optional(basic_constraints, is_ca, - BOOLEAN, UNIVERSAL, false); - BER::decode_optional(basic_constraints, max_path_len, - INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT); + + value.start_cons(SEQUENCE) + .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false) + .decode_optional(max_path_len, INTEGER, UNIVERSAL, + NO_CERT_PATH_LIMIT) + .verify_end() + .end_cons(); info.add("X509v3.BasicConstraints.is_ca", is_ca); info.add("X509v3.BasicConstraints.path_constraint", max_path_len); @@ -263,32 +267,32 @@ void X509_Certificate::handle_v3_extension(const Extension& extn) else if(extn.oid == OIDS::lookup("X509v3.AuthorityKeyIdentifier")) { MemoryVector<byte> v3_issuer_key_id; - BER_Decoder key_id = BER::get_subsequence(value); - BER::decode_optional_string(key_id, v3_issuer_key_id, OCTET_STRING, - ASN1_Tag(0), CONTEXT_SPECIFIC); + BER_Decoder key_id = value.start_cons(SEQUENCE); + key_id.decode_optional_string(v3_issuer_key_id, OCTET_STRING, 0); info.add("X509v3.AuthorityKeyIdentifier", v3_issuer_key_id); } else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName")) { AlternativeName alt_name; - BER::decode(value, alt_name); + value.decode(alt_name); load_info(subject, alt_name); } else if(extn.oid == OIDS::lookup("X509v3.IssuerAlternativeName")) { AlternativeName alt_name; - BER::decode(value, alt_name); + value.decode(alt_name); load_info(issuer, alt_name); } else if(extn.oid == OIDS::lookup("X509v3.CertificatePolicies")) { - BER_Decoder ber_policies = BER::get_subsequence(value); + + BER_Decoder ber_policies = value.start_cons(SEQUENCE); while(ber_policies.more_items()) { OID oid; - BER_Decoder policy = BER::get_subsequence(ber_policies); - BER::decode(policy, oid); + BER_Decoder policy = ber_policies.start_cons(SEQUENCE); + policy.decode(oid); if(extn.critical && policy.more_items()) throw Decoding_Error("X.509 v3 critical policy has qualifiers"); |