aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/pkcs10.cpp2
-rw-r--r--src/cert/x509/x509_ca.cpp10
-rw-r--r--src/cert/x509/x509_ca.h6
-rw-r--r--src/cert/x509/x509_crl.cpp2
-rw-r--r--src/cert/x509/x509_obj.cpp2
-rw-r--r--src/cert/x509/x509cert.cpp61
-rw-r--r--src/cert/x509/x509find.cpp95
-rw-r--r--src/cert/x509/x509find.h58
-rw-r--r--src/cert/x509/x509self.cpp4
-rw-r--r--src/cert/x509/x509stor.cpp11
-rw-r--r--src/cert/x509/x509stor.h20
11 files changed, 114 insertions, 157 deletions
diff --git a/src/cert/x509/pkcs10.cpp b/src/cert/x509/pkcs10.cpp
index 5617cece4..5645552a0 100644
--- a/src/cert/x509/pkcs10.cpp
+++ b/src/cert/x509/pkcs10.cpp
@@ -45,7 +45,7 @@ void PKCS10_Request::force_decode()
cert_req_info.decode(version);
if(version != 0)
throw Decoding_Error("Unknown version code in PKCS #10 request: " +
- to_string(version));
+ std::to_string(version));
X509_DN dn_subject;
cert_req_info.decode(dn_subject);
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 16b7b3b9b..80e808177 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -15,9 +15,6 @@
#include <botan/look_pk.h>
#include <botan/oids.h>
#include <botan/time.h>
-#include <algorithm>
-#include <typeinfo>
-#include <iterator>
#include <memory>
#include <set>
@@ -61,7 +58,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
else
{
- std::auto_ptr<Public_Key> key(req.subject_public_key());
+ std::unique_ptr<Public_Key> key(req.subject_public_key());
constraints = X509::find_constraints(*key, req.constraints());
}
@@ -173,8 +170,7 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
for(u32bit j = 0; j != already_revoked.size(); ++j)
{
- std::set<SecureVector<byte> >::const_iterator i;
- i = removed_from_crl.find(already_revoked[j].serial_number());
+ auto i = removed_from_crl.find(already_revoked[j].serial_number());
if(i == removed_from_crl.end())
all_revoked.push_back(already_revoked[j]);
@@ -275,7 +271,7 @@ PK_Signer* choose_sig_format(const Private_Key& key,
sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
- std::auto_ptr<X509_Encoder> encoding(key.x509_encoder());
+ std::unique_ptr<X509_Encoder> encoding(key.x509_encoder());
if(!encoding.get())
throw Encoding_Error("Key " + algo_name + " does not support "
"X.509 encoding");
diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h
index 6eb4bbbef..b680bd0e4 100644
--- a/src/cert/x509/x509_ca.h
+++ b/src/cert/x509/x509_ca.h
@@ -97,11 +97,11 @@ class BOTAN_DLL X509_CA
const Private_Key& key,
const std::string& hash_fn);
+ X509_CA(const X509_CA&) = delete;
+ X509_CA& operator=(const X509_CA&) = delete;
+
~X509_CA();
private:
- X509_CA(const X509_CA&) {}
- X509_CA& operator=(const X509_CA&) { return (*this); }
-
X509_CRL make_crl(const std::vector<CRL_Entry>& entries,
u32bit crl_number, u32bit next_update,
RandomNumberGenerator& rng) const;
diff --git a/src/cert/x509/x509_crl.cpp b/src/cert/x509/x509_crl.cpp
index f6a344dba..3613c1a91 100644
--- a/src/cert/x509/x509_crl.cpp
+++ b/src/cert/x509/x509_crl.cpp
@@ -44,7 +44,7 @@ void X509_CRL::force_decode()
if(version != 0 && version != 1)
throw X509_CRL_Error("Unknown X.509 CRL version " +
- to_string(version+1));
+ std::to_string(version+1));
AlgorithmIdentifier sig_algo_inner;
tbs_crl.decode(sig_algo_inner);
diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp
index 31b4a309f..95a1c1cca 100644
--- a/src/cert/x509/x509_obj.cpp
+++ b/src/cert/x509/x509_obj.cpp
@@ -168,7 +168,7 @@ bool X509_Object::check_signature(Public_Key& pub_key) const
Signature_Format format =
(pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
- std::auto_ptr<PK_Verifier> verifier;
+ std::unique_ptr<PK_Verifier> verifier;
if(dynamic_cast<PK_Verifying_with_MR_Key*>(&pub_key))
{
diff --git a/src/cert/x509/x509cert.cpp b/src/cert/x509/x509cert.cpp
index ac5839fb6..32c508a0c 100644
--- a/src/cert/x509/x509cert.cpp
+++ b/src/cert/x509/x509cert.cpp
@@ -27,12 +27,8 @@ std::vector<std::string> lookup_oids(const std::vector<std::string>& in)
{
std::vector<std::string> out;
- std::vector<std::string>::const_iterator i = in.begin();
- while(i != in.end())
- {
+ for(auto i = in.begin(); i != in.end(); ++i)
out.push_back(OIDS::lookup(OID(*i)));
- ++i;
- }
return out;
}
@@ -84,7 +80,7 @@ void X509_Certificate::force_decode()
.decode(dn_subject);
if(version > 2)
- throw Decoding_Error("Unknown X.509 cert version " + to_string(version));
+ throw Decoding_Error("Unknown X.509 cert version " + std::to_string(version));
if(sig_algo != sig_algo_inner)
throw Decoding_Error("Algorithm identifier mismatch");
@@ -304,25 +300,16 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
*/
X509_DN create_dn(const Data_Store& info)
{
- class DN_Matcher : public Data_Store::Matcher
+ auto names = info.search_for(
+ [](const std::string& key, const std::string&)
{
- public:
- bool operator()(const std::string& key, const std::string&) const
- {
- if(key.find("X520.") != std::string::npos)
- return true;
- return false;
- }
- };
-
- std::multimap<std::string, std::string> names =
- info.search_with(DN_Matcher());
+ return (key.find("X520.") != std::string::npos);
+ });
X509_DN dn;
- std::multimap<std::string, std::string>::iterator j;
- for(j = names.begin(); j != names.end(); ++j)
- dn.add_attribute(j->first, j->second);
+ for(auto i = names.begin(); i != names.end(); ++i)
+ dn.add_attribute(i->first, i->second);
return dn;
}
@@ -332,33 +319,19 @@ X509_DN create_dn(const Data_Store& info)
*/
AlternativeName create_alt_name(const Data_Store& info)
{
- class AltName_Matcher : public Data_Store::Matcher
+ auto names = info.search_for(
+ [](const std::string& key, const std::string&)
{
- public:
- bool operator()(const std::string& key, const std::string&) const
- {
- for(u32bit j = 0; j != matches.size(); ++j)
- if(key.compare(matches[j]) == 0)
- return true;
- return false;
- }
-
- AltName_Matcher(const std::string& match_any_of)
- {
- matches = split_on(match_any_of, '/');
- }
- private:
- std::vector<std::string> matches;
- };
-
- std::multimap<std::string, std::string> names =
- info.search_with(AltName_Matcher("RFC822/DNS/URI/IP"));
+ return (key == "RFC822" ||
+ key == "DNS" ||
+ key == "URI" ||
+ key == "IP");
+ });
AlternativeName alt_name;
- std::multimap<std::string, std::string>::iterator j;
- for(j = names.begin(); j != names.end(); ++j)
- alt_name.add_attribute(j->first, j->second);
+ for(auto i = names.begin(); i != names.end(); ++i)
+ alt_name.add_attribute(i->first, i->second);
return alt_name;
}
diff --git a/src/cert/x509/x509find.cpp b/src/cert/x509/x509find.cpp
index 257367da9..41643a94a 100644
--- a/src/cert/x509/x509find.cpp
+++ b/src/cert/x509/x509find.cpp
@@ -11,6 +11,8 @@
namespace Botan {
+namespace X509_Store_Search {
+
namespace {
/*
@@ -42,70 +44,65 @@ bool ignore_case(const std::string& searching_for, const std::string& found)
/*
* Search based on the contents of a DN entry
*/
-bool DN_Check::match(const X509_Certificate& cert) const
+std::function<bool (const X509_Certificate&)>
+by_dn(const std::string& dn_entry,
+ const std::string& to_find,
+ DN_Search_Type method)
{
- std::vector<std::string> info = cert.subject_info(dn_entry);
-
- for(u32bit j = 0; j != info.size(); ++j)
- if(compare(info[j], looking_for))
- return true;
- return false;
- }
+ if(method == SUBSTRING_MATCHING)
+ return by_dn(dn_entry, to_find, substring_match);
+ else if(method == IGNORE_CASE)
+ return by_dn(dn_entry, to_find, ignore_case);
-/*
-* DN_Check Constructor
-*/
-DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for,
- compare_fn func)
- {
- this->dn_entry = dn_entry;
- this->looking_for = looking_for;
- compare = func;
+ throw Invalid_Argument("Unknown method argument to by_dn");
}
-/*
-* DN_Check Constructor
-*/
-DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for,
- Search_Type method)
+std::function<bool (const X509_Certificate&)>
+by_dn(const std::string& dn_entry,
+ const std::string& to_find,
+ std::function<bool (std::string, std::string)> compare)
{
- this->dn_entry = dn_entry;
- this->looking_for = looking_for;
+ return [&](const X509_Certificate& cert)
+ {
+ std::vector<std::string> info = cert.subject_info(dn_entry);
- if(method == SUBSTRING_MATCHING)
- compare = &substring_match;
- else if(method == IGNORE_CASE)
- compare = &ignore_case;
- else
- throw Invalid_Argument("Unknown method argument to DN_Check()");
+ for(u32bit i = 0; i != info.size(); ++i)
+ if(compare(info[i], to_find))
+ return true;
+ return false;
+ };
}
-/*
-* Match by issuer and serial number
-*/
-bool IandS_Match::match(const X509_Certificate& cert) const
+std::function<bool (const X509_Certificate&)>
+by_issuer_and_serial(const X509_DN& issuer, const MemoryRegion<byte>& serial)
{
- if(cert.serial_number() != serial)
- return false;
- return (cert.issuer_dn() == issuer);
+ /* Serial number compare is much faster than X.509 DN, and unlikely
+ to collide even across issuers, so do that first to fail fast
+ */
+
+ return [&](const X509_Certificate& cert)
+ {
+ if(cert.serial_number() != serial)
+ return false;
+ return (cert.issuer_dn() == issuer);
+ };
}
-/*
-* IandS_Match Constructor
-*/
-IandS_Match::IandS_Match(const X509_DN& issuer,
- const MemoryRegion<byte>& serial)
+std::function<bool (const X509_Certificate&)>
+by_issuer_and_serial(const X509_DN& issuer, const BigInt& serial)
{
- this->issuer = issuer;
- this->serial = serial;
+ return by_issuer_and_serial(issuer, BigInt::encode(serial));
}
-/*
-* Match by subject key identifier
-*/
-bool SKID_Match::match(const X509_Certificate& cert) const
+std::function<bool (const X509_Certificate&)>
+by_skid(const MemoryRegion<byte>& subject_key_id)
{
- return (cert.subject_key_id() == skid);
+ return [&](const X509_Certificate& cert)
+ {
+ return (cert.subject_key_id() == subject_key_id);
+ };
}
}
+
+}
diff --git a/src/cert/x509/x509find.h b/src/cert/x509/x509find.h
index a7a84c7a5..1bf29dfbc 100644
--- a/src/cert/x509/x509find.h
+++ b/src/cert/x509/x509find.h
@@ -9,51 +9,43 @@
#define BOTAN_X509_CERT_STORE_SEARCH_H__
#include <botan/x509stor.h>
+#include <botan/bigint.h>
namespace Botan {
+namespace X509_Store_Search {
+
/*
* Search based on the contents of a DN entry
*/
-class BOTAN_DLL DN_Check : public X509_Store::Search_Func
- {
- public:
- typedef bool (*compare_fn)(const std::string&, const std::string&);
- enum Search_Type { SUBSTRING_MATCHING, IGNORE_CASE };
+enum DN_Search_Type { SUBSTRING_MATCHING, IGNORE_CASE };
- bool match(const X509_Certificate& cert) const;
+std::function<bool (const X509_Certificate&)>
+by_dn(const std::string& dn_entry,
+ const std::string& to_find,
+ DN_Search_Type method);
- DN_Check(const std::string&, const std::string&, compare_fn);
- DN_Check(const std::string&, const std::string&, Search_Type);
- private:
- std::string dn_entry, looking_for;
- compare_fn compare;
- };
+std::function<bool (const X509_Certificate&)>
+by_dn(const std::string& dn_entry,
+ const std::string& to_find,
+ std::function<bool (std::string, std::string)> method);
-/*
-* Search for a certificate by issuer/serial
+/**
+* Search for certs by issuer + serial number
*/
-class BOTAN_DLL IandS_Match : public X509_Store::Search_Func
- {
- public:
- bool match(const X509_Certificate& cert) const;
- IandS_Match(const X509_DN&, const MemoryRegion<byte>&);
- private:
- X509_DN issuer;
- MemoryVector<byte> serial;
- };
+std::function<bool (const X509_Certificate&)>
+by_issuer_and_serial(const X509_DN& issuer, const MemoryRegion<byte>& serial);
-/*
-* Search for a certificate by subject keyid
+std::function<bool (const X509_Certificate&)>
+by_issuer_and_serial(const X509_DN& issuer, const BigInt& serial);
+
+/**
+* Search for certs by subject key identifier
*/
-class BOTAN_DLL SKID_Match : public X509_Store::Search_Func
- {
- public:
- bool match(const X509_Certificate& cert) const;
- SKID_Match(const MemoryRegion<byte>& s) : skid(s) {}
- private:
- MemoryVector<byte> skid;
- };
+std::function<bool (const X509_Certificate&)>
+by_skid(const MemoryRegion<byte>& subject_key_id);
+
+}
}
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index f915c6ff5..df31897bb 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -73,7 +73,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
AlternativeName subject_alt;
MemoryVector<byte> pub_key = shared_setup(opts, key);
- std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
+ std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
Key_Constraints constraints;
@@ -112,7 +112,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
AlternativeName subject_alt;
MemoryVector<byte> pub_key = shared_setup(opts, key);
- std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
+ std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
const u32bit PKCS10_VERSION = 0;
diff --git a/src/cert/x509/x509stor.cpp b/src/cert/x509/x509stor.cpp
index e9e8f4575..323890f2d 100644
--- a/src/cert/x509/x509stor.cpp
+++ b/src/cert/x509/x509stor.cpp
@@ -380,8 +380,8 @@ X509_Code X509_Store::check_sig(const Cert_Info& cert_info,
*/
X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key)
{
- std::auto_ptr<Public_Key> pub_key(key);
- std::auto_ptr<PK_Verifier> verifier;
+ std::unique_ptr<Public_Key> pub_key(key);
+ std::unique_ptr<PK_Verifier> verifier;
try {
std::vector<std::string> sig_info =
@@ -464,12 +464,12 @@ bool X509_Store::is_revoked(const X509_Certificate& cert) const
* Retrieve all the certificates in the store
*/
std::vector<X509_Certificate>
-X509_Store::get_certs(const Search_Func& search) const
+X509_Store::get_certs(std::function<bool (const X509_Certificate&)> pred) const
{
std::vector<X509_Certificate> found_certs;
for(u32bit j = 0; j != certs.size(); ++j)
{
- if(search.match(certs[j].cert))
+ if(pred(certs[j].cert))
found_certs.push_back(certs[j].cert);
}
return found_certs;
@@ -603,8 +603,7 @@ X509_Code X509_Store::add_crl(const X509_CRL& crl)
revoked_info.serial = revoked_certs[j].serial_number();
revoked_info.auth_key_id = crl.authority_key_id();
- std::vector<CRL_Data>::iterator p =
- std::find(revoked.begin(), revoked.end(), revoked_info);
+ auto p = std::find(revoked.begin(), revoked.end(), revoked_info);
if(revoked_certs[j].reason_code() == REMOVE_FROM_CRL)
{
diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h
index 4e6037883..958b6da0f 100644
--- a/src/cert/x509/x509stor.h
+++ b/src/cert/x509/x509stor.h
@@ -11,6 +11,7 @@
#include <botan/x509cert.h>
#include <botan/x509_crl.h>
#include <botan/certstor.h>
+#include <functional>
namespace Botan {
@@ -48,13 +49,6 @@ enum X509_Code {
class BOTAN_DLL X509_Store
{
public:
- class BOTAN_DLL Search_Func
- {
- public:
- virtual bool match(const X509_Certificate&) const = 0;
- virtual ~Search_Func() {}
- };
-
enum Cert_Usage {
ANY = 0x00,
TLS_SERVER = 0x01,
@@ -67,7 +61,13 @@ class BOTAN_DLL X509_Store
X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY);
- std::vector<X509_Certificate> get_certs(const Search_Func&) const;
+ /**
+ * @param match the matching function
+ * @return list of certs for which match returns true
+ */
+ std::vector<X509_Certificate>
+ get_certs(std::function<bool (const X509_Certificate&)> match) const;
+
std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&);
std::string PEM_encode() const;
@@ -94,14 +94,14 @@ class BOTAN_DLL X509_Store
static X509_Code check_sig(const X509_Object&, Public_Key*);
+ X509_Store& operator=(const X509_Store&) = delete;
+
X509_Store(u32bit time_slack = 24*60*60,
u32bit cache_results = 30*60);
X509_Store(const X509_Store&);
~X509_Store();
private:
- X509_Store& operator=(const X509_Store&) { return (*this); }
-
class BOTAN_DLL Cert_Info
{
public: