aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509crl
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509crl')
-rw-r--r--src/cert/x509crl/crl_ent.cpp104
-rw-r--r--src/cert/x509crl/crl_ent.h94
-rw-r--r--src/cert/x509crl/info.txt6
-rw-r--r--src/cert/x509crl/x509_crl.cpp185
-rw-r--r--src/cert/x509crl/x509_crl.h101
5 files changed, 0 insertions, 490 deletions
diff --git a/src/cert/x509crl/crl_ent.cpp b/src/cert/x509crl/crl_ent.cpp
deleted file mode 100644
index d566637f6..000000000
--- a/src/cert/x509crl/crl_ent.cpp
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
-* CRL Entry
-* (C) 1999-2010 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/crl_ent.h>
-#include <botan/x509_ext.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/bigint.h>
-#include <botan/oids.h>
-#include <botan/time.h>
-
-namespace Botan {
-
-/*
-* Create a CRL_Entry
-*/
-CRL_Entry::CRL_Entry(bool t_on_unknown_crit) :
- throw_on_unknown_critical(t_on_unknown_crit)
- {
- reason = UNSPECIFIED;
- }
-
-/*
-* Create a CRL_Entry
-*/
-CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) :
- throw_on_unknown_critical(false)
- {
- serial = cert.serial_number();
- time = X509_Time(system_time());
- reason = why;
- }
-
-/*
-* Compare two CRL_Entrys for equality
-*/
-bool operator==(const CRL_Entry& a1, const CRL_Entry& a2)
- {
- if(a1.serial_number() != a2.serial_number())
- return false;
- if(a1.expire_time() != a2.expire_time())
- return false;
- if(a1.reason_code() != a2.reason_code())
- return false;
- return true;
- }
-
-/*
-* Compare two CRL_Entrys for inequality
-*/
-bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2)
- {
- return !(a1 == a2);
- }
-
-/*
-* DER encode a CRL_Entry
-*/
-void CRL_Entry::encode_into(DER_Encoder& der) const
- {
- Extensions extensions;
-
- extensions.add(new Cert_Extension::CRL_ReasonCode(reason));
-
- der.start_cons(SEQUENCE)
- .encode(BigInt::decode(serial))
- .encode(time)
- .start_cons(SEQUENCE)
- .encode(extensions)
- .end_cons()
- .end_cons();
- }
-
-/*
-* Decode a BER encoded CRL_Entry
-*/
-void CRL_Entry::decode_from(BER_Decoder& source)
- {
- BigInt serial_number_bn;
- reason = UNSPECIFIED;
-
- BER_Decoder entry = source.start_cons(SEQUENCE);
-
- entry.decode(serial_number_bn).decode(time);
-
- if(entry.more_items())
- {
- Extensions extensions(throw_on_unknown_critical);
- entry.decode(extensions);
- Data_Store info;
- extensions.contents_to(info, info);
- reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode"));
- }
-
- entry.end_cons();
-
- serial = BigInt::encode(serial_number_bn);
- }
-
-}
diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h
deleted file mode 100644
index ae9535484..000000000
--- a/src/cert/x509crl/crl_ent.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
-* CRL Entry
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_CRL_ENTRY_H__
-#define BOTAN_CRL_ENTRY_H__
-
-#include <botan/x509cert.h>
-
-namespace Botan {
-
-/**
-* X.509v2 CRL Reason Code.
-*/
-enum CRL_Code {
- UNSPECIFIED = 0,
- KEY_COMPROMISE = 1,
- CA_COMPROMISE = 2,
- AFFILIATION_CHANGED = 3,
- SUPERSEDED = 4,
- CESSATION_OF_OPERATION = 5,
- CERTIFICATE_HOLD = 6,
- REMOVE_FROM_CRL = 8,
- PRIVLEDGE_WITHDRAWN = 9,
- AA_COMPROMISE = 10,
-
- DELETE_CRL_ENTRY = 0xFF00,
- OCSP_GOOD = 0xFF01,
- OCSP_UNKNOWN = 0xFF02
-};
-
-/**
-* This class represents CRL entries
-*/
-class BOTAN_DLL CRL_Entry : public ASN1_Object
- {
- public:
- void encode_into(class DER_Encoder&) const;
- void decode_from(class BER_Decoder&);
-
- /**
- * Get the serial number of the certificate associated with this entry.
- * @return certificate's serial number
- */
- MemoryVector<byte> serial_number() const { return serial; }
-
- /**
- * Get the revocation date of the certificate associated with this entry
- * @return certificate's revocation date
- */
- X509_Time expire_time() const { return time; }
-
- /**
- * Get the entries reason code
- * @return reason code
- */
- CRL_Code reason_code() const { return reason; }
-
- /**
- * Construct an empty CRL entry.
- */
- CRL_Entry(bool throw_on_unknown_critical_extension = false);
-
- /**
- * Construct an CRL entry.
- * @param cert the certificate to revoke
- * @param reason the reason code to set in the entry
- */
- CRL_Entry(const X509_Certificate& cert,
- CRL_Code reason = UNSPECIFIED);
-
- private:
- bool throw_on_unknown_critical;
- MemoryVector<byte> serial;
- X509_Time time;
- CRL_Code reason;
- };
-
-/**
-* Test two CRL entries for equality in all fields.
-*/
-BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&);
-
-/**
-* Test two CRL entries for inequality in at least one field.
-*/
-BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&);
-
-}
-
-#endif
diff --git a/src/cert/x509crl/info.txt b/src/cert/x509crl/info.txt
deleted file mode 100644
index 77de46074..000000000
--- a/src/cert/x509crl/info.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-define X509_CRL
-
-<requires>
-x509cert
-</requires>
-
diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp
deleted file mode 100644
index 9c6b891c7..000000000
--- a/src/cert/x509crl/x509_crl.cpp
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
-* X.509 CRL
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/x509_crl.h>
-#include <botan/x509_ext.h>
-#include <botan/x509cert.h>
-#include <botan/ber_dec.h>
-#include <botan/parsing.h>
-#include <botan/bigint.h>
-#include <botan/oids.h>
-
-namespace Botan {
-
-/*
-* Load a X.509 CRL
-*/
-X509_CRL::X509_CRL(DataSource& in, bool touc) :
- X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc)
- {
- do_decode();
- }
-
-/*
-* Load a X.509 CRL
-*/
-X509_CRL::X509_CRL(const std::string& in, bool touc) :
- X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
- {
- do_decode();
- }
-
-/**
-* Check if this particular certificate is listed in the CRL
-*/
-bool X509_CRL::is_revoked(const X509_Certificate& cert) const
- {
- /*
- If the cert wasn't issued by the CRL issuer, it's possible the cert
- is revoked, but not by this CRL. Maybe throw an exception instead?
- */
- if(cert.issuer_dn() != issuer_dn())
- return false;
-
- MemoryVector<byte> crl_akid = authority_key_id();
- MemoryVector<byte> cert_akid = cert.authority_key_id();
-
- if(!crl_akid.empty() && !cert_akid.empty())
- if(crl_akid != cert_akid)
- return false;
-
- MemoryVector<byte> cert_serial = cert.serial_number();
-
- bool is_revoked = false;
-
- for(size_t i = 0; i != revoked.size(); ++i)
- {
- if(cert_serial == revoked[i].serial_number())
- {
- if(revoked[i].reason_code() == REMOVE_FROM_CRL)
- is_revoked = false;
- else
- is_revoked = true;
- }
- }
-
- return is_revoked;
- }
-
-/*
-* Decode the TBSCertList data
-*/
-void X509_CRL::force_decode()
- {
- BER_Decoder tbs_crl(tbs_bits);
-
- size_t version;
- tbs_crl.decode_optional(version, INTEGER, UNIVERSAL);
-
- if(version != 0 && version != 1)
- throw X509_CRL_Error("Unknown X.509 CRL version " +
- to_string(version+1));
-
- AlgorithmIdentifier sig_algo_inner;
- tbs_crl.decode(sig_algo_inner);
-
- if(sig_algo != sig_algo_inner)
- throw X509_CRL_Error("Algorithm identifier mismatch");
-
- X509_DN dn_issuer;
- tbs_crl.decode(dn_issuer);
- info.add(dn_issuer.contents());
-
- X509_Time start, end;
- tbs_crl.decode(start).decode(end);
- info.add("X509.CRL.start", start.readable_string());
- info.add("X509.CRL.end", end.readable_string());
-
- BER_Object next = tbs_crl.get_next_object();
-
- if(next.type_tag == SEQUENCE && next.class_tag == CONSTRUCTED)
- {
- BER_Decoder cert_list(next.value);
-
- while(cert_list.more_items())
- {
- CRL_Entry entry(throw_on_unknown_critical);
- cert_list.decode(entry);
- revoked.push_back(entry);
- }
- next = tbs_crl.get_next_object();
- }
-
- if(next.type_tag == 0 &&
- next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
- {
- BER_Decoder crl_options(next.value);
-
- Extensions extensions(throw_on_unknown_critical);
-
- crl_options.decode(extensions).verify_end();
-
- extensions.contents_to(info, info);
-
- next = tbs_crl.get_next_object();
- }
-
- if(next.type_tag != NO_OBJECT)
- throw X509_CRL_Error("Unknown tag in CRL");
-
- tbs_crl.verify_end();
- }
-
-/*
-* Return the list of revoked certificates
-*/
-std::vector<CRL_Entry> X509_CRL::get_revoked() const
- {
- return revoked;
- }
-
-/*
-* Return the distinguished name of the issuer
-*/
-X509_DN X509_CRL::issuer_dn() const
- {
- return create_dn(info);
- }
-
-/*
-* Return the key identifier of the issuer
-*/
-MemoryVector<byte> X509_CRL::authority_key_id() const
- {
- return info.get1_memvec("X509v3.AuthorityKeyIdentifier");
- }
-
-/*
-* Return the CRL number of this CRL
-*/
-u32bit X509_CRL::crl_number() const
- {
- return info.get1_u32bit("X509v3.CRLNumber");
- }
-
-/*
-* Return the issue data of the CRL
-*/
-X509_Time X509_CRL::this_update() const
- {
- return info.get1("X509.CRL.start");
- }
-
-/*
-* Return the date when a new CRL will be issued
-*/
-X509_Time X509_CRL::next_update() const
- {
- return info.get1("X509.CRL.end");
- }
-
-}
diff --git a/src/cert/x509crl/x509_crl.h b/src/cert/x509crl/x509_crl.h
deleted file mode 100644
index 55eb8424b..000000000
--- a/src/cert/x509crl/x509_crl.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
-* X.509 CRL
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_X509_CRL_H__
-#define BOTAN_X509_CRL_H__
-
-#include <botan/x509_obj.h>
-#include <botan/crl_ent.h>
-#include <vector>
-
-namespace Botan {
-
-class X509_Certificate;
-
-/**
-* This class represents X.509 Certificate Revocation Lists (CRLs).
-*/
-class BOTAN_DLL X509_CRL : public X509_Object
- {
- public:
- /**
- * This class represents CRL related errors.
- */
- struct BOTAN_DLL X509_CRL_Error : public Exception
- {
- X509_CRL_Error(const std::string& error) :
- Exception("X509_CRL: " + error) {}
- };
-
- /**
- * Check if this particular certificate is listed in the CRL
- */
- bool is_revoked(const X509_Certificate& cert) const;
-
- /**
- * Get the entries of this CRL in the form of a vector.
- * @return vector containing the entries of this CRL.
- */
- std::vector<CRL_Entry> get_revoked() const;
-
- /**
- * Get the issuer DN of this CRL.
- * @return CRLs issuer DN
- */
- X509_DN issuer_dn() const;
-
- /**
- * Get the AuthorityKeyIdentifier of this CRL.
- * @return this CRLs AuthorityKeyIdentifier
- */
- MemoryVector<byte> authority_key_id() const;
-
- /**
- * Get the serial number of this CRL.
- * @return CRLs serial number
- */
- u32bit crl_number() const;
-
- /**
- * Get the CRL's thisUpdate value.
- * @return CRLs thisUpdate
- */
- X509_Time this_update() const;
-
- /**
- * Get the CRL's nextUpdate value.
- * @return CRLs nextdUpdate
- */
- X509_Time next_update() const;
-
- /**
- * Construct a CRL from a data source.
- * @param source the data source providing the DER or PEM encoded CRL.
- * @param throw_on_unknown_critical should we throw an exception
- * if an unknown CRL extension marked as critical is encountered.
- */
- X509_CRL(DataSource& source, bool throw_on_unknown_critical = false);
-
- /**
- * Construct a CRL from a file containing the DER or PEM encoded CRL.
- * @param filename the name of the CRL file
- * @param throw_on_unknown_critical should we throw an exception
- * if an unknown CRL extension marked as critical is encountered.
- */
- X509_CRL(const std::string& filename,
- bool throw_on_unknown_critical = false);
- private:
- void force_decode();
-
- bool throw_on_unknown_critical;
- std::vector<CRL_Entry> revoked;
- Data_Store info;
- };
-
-}
-
-#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 00:39:27 +0000