aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509path
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509path')
-rw-r--r--src/cert/x509path/info.txt5
-rw-r--r--src/cert/x509path/x509path.cpp47
-rw-r--r--src/cert/x509path/x509path.h82
3 files changed, 134 insertions, 0 deletions
diff --git a/src/cert/x509path/info.txt b/src/cert/x509path/info.txt
new file mode 100644
index 000000000..b24b03a02
--- /dev/null
+++ b/src/cert/x509path/info.txt
@@ -0,0 +1,5 @@
+define X509_STORE
+
+<requires>
+x509cert
+</requires>
diff --git a/src/cert/x509path/x509path.cpp b/src/cert/x509path/x509path.cpp
new file mode 100644
index 000000000..d0153309c
--- /dev/null
+++ b/src/cert/x509path/x509path.cpp
@@ -0,0 +1,47 @@
+/*
+* X.509 Certificate Path Validation
+* (C) 2010-2011 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/x509path.h>
+#include <botan/parsing.h>
+#include <botan/pubkey.h>
+#include <botan/oids.h>
+#include <botan/time.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+Path_Validation_Result x509_path_validate(
+ const X509_Certificate& cert,
+ const std::vector<Certificate_Store*>& certstores)
+ {
+ const X509_DN issuer_dn = cert.issuer_dn();
+ const MemoryVector<byte> auth_key_id = cert.authority_key_id();
+
+ Path_Validation_Result result;
+
+ std::vector<X509_Certificate> cert_path;
+
+ cert_path.push_back(cert);
+
+ for(size_t i = 0; i != certstores.size(); ++i)
+ {
+ std::vector<X509_Certificate> got =
+ certstores[i]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id);
+
+ // What to do if it returns more than one match?
+ if(got.size() == 1)
+ {
+ cert_path.push_back(got[0]);
+ break;
+ }
+ }
+
+ return result;
+ }
+
+}
diff --git a/src/cert/x509path/x509path.h b/src/cert/x509path/x509path.h
new file mode 100644
index 000000000..57e4764cc
--- /dev/null
+++ b/src/cert/x509path/x509path.h
@@ -0,0 +1,82 @@
+/*
+* X.509 Cert Path Validation
+* (C) 2010-2011 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_X509_CERT_PATH_VALIDATION_H__
+#define BOTAN_X509_CERT_PATH_VALIDATION_H__
+
+#include <botan/x509cert.h>
+#include <botan/certstor.h>
+#include <set>
+
+namespace Botan {
+
+/**
+* X.509 Certificate Validation Result
+*/
+enum X509_Path_Validation_Code {
+ VERIFIED,
+ UNKNOWN_X509_ERROR,
+ CANNOT_ESTABLISH_TRUST,
+ CERT_CHAIN_TOO_LONG,
+ SIGNATURE_ERROR,
+ POLICY_ERROR,
+ INVALID_USAGE,
+
+ CERT_MULTIPLE_ISSUERS_FOUND,
+
+ CERT_FORMAT_ERROR,
+ CERT_ISSUER_NOT_FOUND,
+ CERT_NOT_YET_VALID,
+ CERT_HAS_EXPIRED,
+ CERT_IS_REVOKED,
+
+ CRL_FORMAT_ERROR,
+ CRL_ISSUER_NOT_FOUND,
+ CRL_NOT_YET_VALID,
+ CRL_HAS_EXPIRED,
+
+ CA_CERT_CANNOT_SIGN,
+ CA_CERT_NOT_FOR_CERT_ISSUER,
+ CA_CERT_NOT_FOR_CRL_ISSUER
+};
+
+enum X509_Cert_Usage {
+ NO_RESTRICTIONS = 0x00,
+ TLS_SERVER = 0x01,
+ TLS_CLIENT = 0x02,
+ CODE_SIGNING = 0x04,
+ EMAIL_PROTECTION = 0x08,
+ TIME_STAMPING = 0x10,
+ CRL_SIGNING = 0x20
+};
+
+class Path_Validation_Result
+ {
+ public:
+ X509_Path_Validation_Code validation_result;
+ X509_Cert_Usage allowed_usages;
+ std::vector<X509_Certificate> cert_path;
+
+ std::set<std::string> trusted_hashes() const;
+ };
+
+Path_Validation_Result BOTAN_DLL x509_path_validate(
+ const X509_Certificate& end_cert,
+ const std::vector<Certificate_Store*>& certstores);
+
+inline Path_Validation_Result x509_path_validate(
+ const X509_Certificate& end_cert,
+ Certificate_Store& store)
+ {
+ std::vector<Certificate_Store*> store_vec;
+ store_vec.push_back(&store);
+ return x509_path_validate(end_cert, store_vec);
+ }
+
+}
+
+#endif