aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/x509_obj.cpp38
-rw-r--r--src/cert/x509/x509_obj.h7
-rw-r--r--src/cert/x509/x509cert.cpp6
-rw-r--r--src/cert/x509/x509cert.h2
-rw-r--r--src/cert/x509/x509path.cpp13
-rw-r--r--src/cert/x509/x509path.h4
6 files changed, 46 insertions, 24 deletions
diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp
index 4270dfec2..ff116d894 100644
--- a/src/cert/x509/x509_obj.cpp
+++ b/src/cert/x509/x509_obj.cpp
@@ -58,7 +58,10 @@ void X509_Object::init(DataSource& in, const std::string& labels)
try {
if(ASN1::maybe_BER(in) && !PEM_Code::matches(in))
- decode_info(in);
+ {
+ BER_Decoder dec(in);
+ decode_from(dec);
+ }
else
{
std::string got_label;
@@ -67,7 +70,9 @@ void X509_Object::init(DataSource& in, const std::string& labels)
if(!std::binary_search(PEM_labels_allowed.begin(),
PEM_labels_allowed.end(), got_label))
throw Decoding_Error("Invalid PEM label: " + got_label);
- decode_info(ber);
+
+ BER_Decoder dec(ber);
+ decode_from(dec);
}
}
catch(Decoding_Error& e)
@@ -76,13 +81,24 @@ void X509_Object::init(DataSource& in, const std::string& labels)
}
}
+
+void X509_Object::encode_into(DER_Encoder& to) const
+ {
+ to.start_cons(SEQUENCE)
+ .start_cons(SEQUENCE)
+ .raw_bytes(tbs_bits)
+ .end_cons()
+ .encode(sig_algo)
+ .encode(sig, BIT_STRING)
+ .end_cons();
+ }
+
/*
* Read a BER encoded X.509 object
*/
-void X509_Object::decode_info(DataSource& source)
+void X509_Object::decode_from(BER_Decoder& from)
{
- BER_Decoder(source)
- .start_cons(SEQUENCE)
+ from.start_cons(SEQUENCE)
.start_cons(SEQUENCE)
.raw_bytes(tbs_bits)
.end_cons()
@@ -108,15 +124,9 @@ void X509_Object::encode(Pipe& out, X509_Encoding encoding) const
*/
std::vector<byte> X509_Object::BER_encode() const
{
- return DER_Encoder()
- .start_cons(SEQUENCE)
- .start_cons(SEQUENCE)
- .raw_bytes(tbs_bits)
- .end_cons()
- .encode(sig_algo)
- .encode(sig, BIT_STRING)
- .end_cons()
- .get_contents_unlocked();
+ DER_Encoder der;
+ encode_into(der);
+ return der.get_contents_unlocked();
}
/*
diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h
index e91389acf..75a0b5c02 100644
--- a/src/cert/x509/x509_obj.h
+++ b/src/cert/x509/x509_obj.h
@@ -20,7 +20,7 @@ namespace Botan {
* This class represents abstract X.509 signed objects as
* in the X.500 SIGNED macro
*/
-class BOTAN_DLL X509_Object
+class BOTAN_DLL X509_Object : public ASN1_Object
{
public:
/**
@@ -72,6 +72,10 @@ class BOTAN_DLL X509_Object
*/
bool check_signature(const Public_Key* key) const;
+ void encode_into(class DER_Encoder& to) const override;
+
+ void decode_from(class BER_Decoder& from) override;
+
/**
* @return BER encoding of this
*/
@@ -104,7 +108,6 @@ class BOTAN_DLL X509_Object
private:
virtual void force_decode() = 0;
void init(DataSource&, const std::string&);
- void decode_info(DataSource&);
std::vector<std::string> PEM_labels_allowed;
std::string PEM_label_pref;
diff --git a/src/cert/x509/x509cert.cpp b/src/cert/x509/x509cert.cpp
index a2dc1d7b5..176604b63 100644
--- a/src/cert/x509/x509cert.cpp
+++ b/src/cert/x509/x509cert.cpp
@@ -144,6 +144,12 @@ void X509_Certificate::force_decode()
subject.add("X509.Certificate.public_key",
hex_encode(public_key.value));
+ if(self_signed && version == 0)
+ {
+ subject.add("X509v3.BasicConstraints.is_ca", 1);
+ subject.add("X509v3.BasicConstraints.path_constraint", Cert_Extension::NO_CERT_PATH_LIMIT);
+ }
+
if(is_CA_cert() &&
!subject.has_value("X509v3.BasicConstraints.path_constraint"))
{
diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h
index 9f8fdadb8..0accf7113 100644
--- a/src/cert/x509/x509cert.h
+++ b/src/cert/x509/x509cert.h
@@ -200,6 +200,8 @@ class BOTAN_DLL X509_Certificate : public X509_Object
private:
void force_decode();
friend class X509_CA;
+ friend class BER_Decoder;
+
X509_Certificate() {}
Data_Store subject, issuer;
diff --git a/src/cert/x509/x509path.cpp b/src/cert/x509/x509path.cpp
index 159787800..9b2b3227f 100644
--- a/src/cert/x509/x509path.cpp
+++ b/src/cert/x509/x509path.cpp
@@ -41,8 +41,9 @@ X509_Certificate find_issuing_cert(const X509_Certificate& cert,
certstores[i]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id);
if(certs.size() == 0)
- throw PKIX_Validation_Failure(Path_Validation_Result::CERT_ISSUER_NOT_FOUND);
- else if(certs.size() > 1)
+ continue;
+
+ if(certs.size() > 1)
throw PKIX_Validation_Failure(Path_Validation_Result::CERT_MULTIPLE_ISSUERS_FOUND);
return certs[0];
@@ -160,10 +161,10 @@ Path_Validation_Result x509_path_validate(
Path_Validation_Result x509_path_validate(
const std::vector<X509_Certificate>& end_certs,
const Path_Validation_Restrictions& restrictions,
- Certificate_Store& store)
+ const Certificate_Store& store)
{
std::vector<Certificate_Store*> certstores;
- certstores.push_back(&store);
+ certstores.push_back(const_cast<Certificate_Store*>(&store));
return x509_path_validate(end_certs, restrictions, certstores);
}
@@ -171,13 +172,13 @@ Path_Validation_Result x509_path_validate(
Path_Validation_Result x509_path_validate(
const X509_Certificate& end_cert,
const Path_Validation_Restrictions& restrictions,
- Certificate_Store& store)
+ const Certificate_Store& store)
{
std::vector<X509_Certificate> certs;
certs.push_back(end_cert);
std::vector<Certificate_Store*> certstores;
- certstores.push_back(&store);
+ certstores.push_back(const_cast<Certificate_Store*>(&store));
return x509_path_validate(certs, restrictions, certstores);
}
diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h
index 18129a236..21b808073 100644
--- a/src/cert/x509/x509path.h
+++ b/src/cert/x509/x509path.h
@@ -112,12 +112,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate(
Path_Validation_Result BOTAN_DLL x509_path_validate(
const X509_Certificate& end_cert,
const Path_Validation_Restrictions& restrictions,
- Certificate_Store& store);
+ const Certificate_Store& store);
Path_Validation_Result BOTAN_DLL x509_path_validate(
const std::vector<X509_Certificate>& end_certs,
const Path_Validation_Restrictions& restrictions,
- Certificate_Store& store);
+ const Certificate_Store& store);
}