diff options
Diffstat (limited to 'src/cert/x509cert')
-rw-r--r-- | src/cert/x509cert/x509_ext.cpp | 60 | ||||
-rw-r--r-- | src/cert/x509cert/x509_ext.h | 52 | ||||
-rw-r--r-- | src/cert/x509cert/x509_obj.cpp | 25 | ||||
-rw-r--r-- | src/cert/x509cert/x509_obj.h | 18 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.cpp | 20 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.h | 9 |
6 files changed, 104 insertions, 80 deletions
diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 6e0befaf3..873de4264 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -114,7 +114,7 @@ void Extensions::decode_from(BER_Decoder& from_source) while(sequence.more_items()) { OID oid; - MemoryVector<byte> value; + std::vector<byte> value; bool critical; sequence.start_cons(SEQUENCE) @@ -176,7 +176,7 @@ size_t Basic_Constraints::get_path_limit() const /* * Encode the extension */ -MemoryVector<byte> Basic_Constraints::encode_inner() const +std::vector<byte> Basic_Constraints::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -186,13 +186,13 @@ MemoryVector<byte> Basic_Constraints::encode_inner() const .encode_optional(path_limit, NO_CERT_PATH_LIMIT) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in) +void Basic_Constraints::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -217,14 +217,14 @@ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector<byte> Key_Usage::encode_inner() const +std::vector<byte> Key_Usage::encode_inner() const { if(constraints == NO_CONSTRAINTS) throw Encoding_Error("Cannot encode zero usage constraints"); const size_t unused_bits = low_bit(constraints) - 1; - MemoryVector<byte> der; + std::vector<byte> der; der.push_back(BIT_STRING); der.push_back(2 + ((unused_bits < 8) ? 1 : 0)); der.push_back(unused_bits % 8); @@ -238,7 +238,7 @@ MemoryVector<byte> Key_Usage::encode_inner() const /* * Decode the extension */ -void Key_Usage::decode_inner(const MemoryRegion<byte>& in) +void Key_Usage::decode_inner(const std::vector<byte>& in) { BER_Decoder ber(in); @@ -274,15 +274,15 @@ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector<byte> Subject_Key_ID::encode_inner() const +std::vector<byte> Subject_Key_ID::encode_inner() const { - return DER_Encoder().encode(key_id, OCTET_STRING).get_contents(); + return DER_Encoder().encode(key_id, OCTET_STRING).get_contents_unlocked(); } /* * Decode the extension */ -void Subject_Key_ID::decode_inner(const MemoryRegion<byte>& in) +void Subject_Key_ID::decode_inner(const std::vector<byte>& in) { BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end(); } @@ -298,28 +298,28 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key) +Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key) { SHA_160 hash; - key_id = hash.process(pub_key); + key_id = unlock(hash.process(pub_key)); } /* * Encode the extension */ -MemoryVector<byte> Authority_Key_ID::encode_inner() const +std::vector<byte> Authority_Key_ID::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in) +void Authority_Key_ID::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -338,15 +338,15 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const /* * Encode the extension */ -MemoryVector<byte> Alternative_Name::encode_inner() const +std::vector<byte> Alternative_Name::encode_inner() const { - return DER_Encoder().encode(alt_name).get_contents(); + return DER_Encoder().encode(alt_name).get_contents_unlocked(); } /* * Decode the extension */ -void Alternative_Name::decode_inner(const MemoryRegion<byte>& in) +void Alternative_Name::decode_inner(const std::vector<byte>& in) { BER_Decoder(in).decode(alt_name); } @@ -404,19 +404,19 @@ Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : /* * Encode the extension */ -MemoryVector<byte> Extended_Key_Usage::encode_inner() const +std::vector<byte> Extended_Key_Usage::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode_list(oids) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in) +void Extended_Key_Usage::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -467,7 +467,7 @@ class Policy_Information : public ASN1_Object /* * Encode the extension */ -MemoryVector<byte> Certificate_Policies::encode_inner() const +std::vector<byte> Certificate_Policies::encode_inner() const { std::vector<Policy_Information> policies; @@ -478,13 +478,13 @@ MemoryVector<byte> Certificate_Policies::encode_inner() const .start_cons(SEQUENCE) .encode_list(policies) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in) +void Certificate_Policies::decode_inner(const std::vector<byte>& in) { std::vector<Policy_Information> policies; @@ -530,15 +530,15 @@ CRL_Number* CRL_Number::copy() const /* * Encode the extension */ -MemoryVector<byte> CRL_Number::encode_inner() const +std::vector<byte> CRL_Number::encode_inner() const { - return DER_Encoder().encode(crl_number).get_contents(); + return DER_Encoder().encode(crl_number).get_contents_unlocked(); } /* * Decode the extension */ -void CRL_Number::decode_inner(const MemoryRegion<byte>& in) +void CRL_Number::decode_inner(const std::vector<byte>& in) { BER_Decoder(in).decode(crl_number); } @@ -554,17 +554,17 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const /* * Encode the extension */ -MemoryVector<byte> CRL_ReasonCode::encode_inner() const +std::vector<byte> CRL_ReasonCode::encode_inner() const { return DER_Encoder() .encode(static_cast<size_t>(reason), ENUMERATED, UNIVERSAL) - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in) +void CRL_ReasonCode::decode_inner(const std::vector<byte>& in) { size_t reason_code = 0; BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); diff --git a/src/cert/x509cert/x509_ext.h b/src/cert/x509cert/x509_ext.h index 8799c5921..ee0e66959 100644 --- a/src/cert/x509cert/x509_ext.h +++ b/src/cert/x509cert/x509_ext.h @@ -56,8 +56,8 @@ class BOTAN_DLL Certificate_Extension protected: friend class Extensions; virtual bool should_encode() const { return true; } - virtual MemoryVector<byte> encode_inner() const = 0; - virtual void decode_inner(const MemoryRegion<byte>&) = 0; + virtual std::vector<byte> encode_inner() const = 0; + virtual void decode_inner(const std::vector<byte>&) = 0; }; /** @@ -107,8 +107,8 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension std::string config_id() const { return "basic_constraints"; } std::string oid_name() const { return "X509v3.BasicConstraints"; } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; bool is_ca; @@ -131,8 +131,8 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.KeyUsage"; } bool should_encode() const { return (constraints != NO_CONSTRAINTS); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; Key_Constraints constraints; @@ -147,19 +147,19 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } Subject_Key_ID() {} - Subject_Key_ID(const MemoryRegion<byte>&); + Subject_Key_ID(const std::vector<byte>&); - MemoryVector<byte> get_key_id() const { return key_id; } + std::vector<byte> get_key_id() const { return key_id; } private: std::string config_id() const { return "subject_key_id"; } std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector<byte> key_id; + std::vector<byte> key_id; }; /** @@ -171,19 +171,19 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } Authority_Key_ID() {} - Authority_Key_ID(const MemoryRegion<byte>& k) : key_id(k) {} + Authority_Key_ID(const std::vector<byte>& k) : key_id(k) {} - MemoryVector<byte> get_key_id() const { return key_id; } + std::vector<byte> get_key_id() const { return key_id; } private: std::string config_id() const { return "authority_key_id"; } std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector<byte> key_id; + std::vector<byte> key_id; }; /** @@ -204,8 +204,8 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension std::string oid_name() const { return oid_name_str; } bool should_encode() const { return alt_name.has_items(); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; std::string config_name_str, oid_name_str; @@ -253,8 +253,8 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; std::vector<OID> oids; @@ -278,8 +278,8 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension std::string oid_name() const { return "X509v3.CertificatePolicies"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; std::vector<OID> oids; @@ -302,8 +302,8 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension std::string oid_name() const { return "X509v3.CRLNumber"; } bool should_encode() const { return has_value; } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; bool has_value; @@ -326,8 +326,8 @@ class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension std::string oid_name() const { return "X509v3.ReasonCode"; } bool should_encode() const { return (reason != UNSPECIFIED); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; CRL_Code reason; diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp index eff8e2543..5de4049ba 100644 --- a/src/cert/x509cert/x509_obj.cpp +++ b/src/cert/x509cert/x509_obj.cpp @@ -27,7 +27,7 @@ X509_Object::X509_Object(DataSource& stream, const std::string& labels) } /* -* Createa a generic X.509 object +* Create a generic X.509 object */ X509_Object::X509_Object(const std::string& file, const std::string& labels) { @@ -36,6 +36,15 @@ X509_Object::X509_Object(const std::string& file, const std::string& labels) } /* +* Create a generic X.509 object +*/ +X509_Object::X509_Object(const std::vector<byte>& vec, const std::string& labels) + { + DataSource_Memory stream(&vec[0], vec.size()); + init(stream, labels); + } + +/* * Read a PEM or BER X.509 object */ void X509_Object::init(DataSource& in, const std::string& labels) @@ -97,7 +106,7 @@ void X509_Object::encode(Pipe& out, X509_Encoding encoding) const /* * Return a BER encoded X.509 object */ -MemoryVector<byte> X509_Object::BER_encode() const +std::vector<byte> X509_Object::BER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -107,7 +116,7 @@ MemoryVector<byte> X509_Object::BER_encode() const .encode(sig_algo) .encode(sig, BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -121,7 +130,7 @@ std::string X509_Object::PEM_encode() const /* * Return the TBS data */ -MemoryVector<byte> X509_Object::tbs_data() const +std::vector<byte> X509_Object::tbs_data() const { return ASN1::put_in_sequence(tbs_bits); } @@ -129,7 +138,7 @@ MemoryVector<byte> X509_Object::tbs_data() const /* * Return the signature of this object */ -MemoryVector<byte> X509_Object::signature() const +std::vector<byte> X509_Object::signature() const { return sig; } @@ -201,10 +210,10 @@ bool X509_Object::check_signature(Public_Key& pub_key) const /* * Apply the X.509 SIGNED macro */ -MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, +std::vector<byte> X509_Object::make_signed(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& algo, - const MemoryRegion<byte>& tbs_bits) + const secure_vector<byte>& tbs_bits) { return DER_Encoder() .start_cons(SEQUENCE) @@ -212,7 +221,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, .encode(algo) .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 570b00f51..26c9e22bf 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -27,12 +27,12 @@ class BOTAN_DLL X509_Object * The underlying data that is to be or was signed * @return data that is or was signed */ - MemoryVector<byte> tbs_data() const; + std::vector<byte> tbs_data() const; /** * @return signature on tbs_data() */ - MemoryVector<byte> signature() const; + std::vector<byte> signature() const; /** * @return signature algorithm that was used to generate signature @@ -52,10 +52,10 @@ class BOTAN_DLL X509_Object * @param tbs the tbs bits to be signed * @return signed X509 object */ - static MemoryVector<byte> make_signed(class PK_Signer* signer, - RandomNumberGenerator& rng, - const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& tbs); + static std::vector<byte> make_signed(class PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const secure_vector<byte>& tbs); /** * Check the signature on this data @@ -75,7 +75,7 @@ class BOTAN_DLL X509_Object /** * @return BER encoding of this */ - MemoryVector<byte> BER_encode() const; + std::vector<byte> BER_encode() const; /** * @return PEM encoding of this @@ -95,15 +95,17 @@ class BOTAN_DLL X509_Object protected: X509_Object(DataSource& src, const std::string& pem_labels); X509_Object(const std::string& file, const std::string& pem_labels); + X509_Object(const std::vector<byte>& vec, const std::string& labels); void do_decode(); X509_Object() {} AlgorithmIdentifier sig_algo; - MemoryVector<byte> tbs_bits, sig; + std::vector<byte> tbs_bits, sig; private: virtual void force_decode() = 0; void init(DataSource&, const std::string&); void decode_info(DataSource&); + std::vector<std::string> PEM_labels_allowed; std::string PEM_label_pref; }; diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 4cff28c39..8dc4b8b0c 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -58,6 +58,16 @@ X509_Certificate::X509_Certificate(const std::string& in) : } /* +* X509_Certificate Constructor +*/ +X509_Certificate::X509_Certificate(const std::vector<byte>& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + { + self_signed = false; + do_decode(); + } + +/* * Decode the TBSCertificate data */ void X509_Certificate::force_decode() @@ -97,7 +107,7 @@ void X509_Certificate::force_decode() throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id; + std::vector<byte> v2_issuer_key_id, v2_subject_key_id; tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); @@ -129,7 +139,7 @@ void X509_Certificate::force_decode() subject.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -243,7 +253,7 @@ std::vector<std::string> X509_Certificate::policies() const /* * Return the authority key id */ -MemoryVector<byte> X509_Certificate::authority_key_id() const +std::vector<byte> X509_Certificate::authority_key_id() const { return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); } @@ -251,7 +261,7 @@ MemoryVector<byte> X509_Certificate::authority_key_id() const /* * Return the subject key id */ -MemoryVector<byte> X509_Certificate::subject_key_id() const +std::vector<byte> X509_Certificate::subject_key_id() const { return subject.get1_memvec("X509v3.SubjectKeyIdentifier"); } @@ -259,7 +269,7 @@ MemoryVector<byte> X509_Certificate::subject_key_id() const /* * Return the certificate serial number */ -MemoryVector<byte> X509_Certificate::serial_number() const +std::vector<byte> X509_Certificate::serial_number() const { return subject.get1_memvec("X509.Certificate.serial"); } diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h index 26c57e524..87a8069d6 100644 --- a/src/cert/x509cert/x509cert.h +++ b/src/cert/x509cert/x509cert.h @@ -85,19 +85,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Get the serial number of this certificate. * @return certificates serial number */ - MemoryVector<byte> serial_number() const; + std::vector<byte> serial_number() const; /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. * @return DER encoded AuthorityKeyIdentifier */ - MemoryVector<byte> authority_key_id() const; + std::vector<byte> authority_key_id() const; /** * Get the DER encoded SubjectKeyIdentifier of this certificate. * @return DER encoded SubjectKeyIdentifier */ - MemoryVector<byte> subject_key_id() const; + std::vector<byte> subject_key_id() const; /** * Check whether this certificate is self signed. @@ -176,6 +176,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object * @param filename the name of the certificate file */ X509_Certificate(const std::string& filename); + + X509_Certificate(const std::vector<byte>& in); + private: void force_decode(); friend class X509_CA; |