diff options
| author | Jack Lloyd <[email protected]> | 2016-11-21 19:58:20 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-11-23 08:31:06 -0500 |
| commit | ec7c6e4d3d70077199523fa1b0f3ee17b2f86de2 (patch) | |
| tree | 991cadc539bf23682e65daa7a02b52a0d83c114f /src | |
| parent | 13be30e33e0aac0e5d566d77c4775293a2c363f7 (diff) | |
Add X509_Certificate helper functions for OCSP
Using the SHA-1 of the public key to identify the signing cert is
hardcoded in OCSP and unlikely to change.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/x509/x509cert.cpp | 34 | ||||
| -rw-r--r-- | src/lib/x509/x509cert.h | 13 |
2 files changed, 43 insertions, 4 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index f56495a79..52802a8e4 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -143,11 +143,14 @@ void X509_Certificate::force_decode() m_issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id); m_subject.add("X509.Certificate.v2.key_id", v2_subject_key_id); - m_subject.add("X509.Certificate.public_key", - hex_encode(public_key.value)); + m_subject.add("X509.Certificate.public_key", hex_encode(public_key.value)); - std::unique_ptr<Public_Key> pub_key(subject_public_key()); - m_self_signed = (dn_subject == dn_issuer) && check_signature(*pub_key); + m_self_signed = false; + if(dn_subject == dn_issuer) + { + std::unique_ptr<Public_Key> pub_key(subject_public_key()); + m_self_signed = check_signature(*pub_key); + } if(m_self_signed && version == 0) { @@ -221,6 +224,29 @@ std::vector<byte> X509_Certificate::subject_public_key_bits() const return hex_decode(m_subject.get1("X509.Certificate.public_key")); } +std::vector<byte> X509_Certificate::subject_public_key_bitstring() const + { + // TODO: cache this + const std::vector<byte> key_bits = subject_public_key_bits(); + + AlgorithmIdentifier public_key_algid; + std::vector<byte> public_key_bitstr; + + BER_Decoder(key_bits) + .decode(public_key_algid) + .decode(public_key_bitstr, BIT_STRING); + + return public_key_bitstr; + } + +std::vector<byte> X509_Certificate::subject_public_key_bitstring_sha1() const + { + // TODO: cache this value + std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1")); + hash->update(this->subject_public_key_bitstring()); + return hash->final_stdvec(); + } + /* * Check if the certificate is for a CA */ diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index acdba7e02..5cf7c81fa 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -49,6 +49,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object std::vector<byte> subject_public_key_bits() const; /** + * Get the bit string of the public key associated with this certificate + * @return subject public key of this certificate + */ + std::vector<byte> subject_public_key_bitstring() const; + + /** + * Get the SHA-1 bit string of the public key associated with this certificate. + * This is used for OCSP among other protocols + * @return hash of subject public key of this certificate + */ + std::vector<byte> subject_public_key_bitstring_sha1() const; + + /** * Get the certificate's issuer distinguished name (DN). * @return issuer DN of this certificate */ |