diff options
Diffstat (limited to 'src/cert/x509path')
-rw-r--r-- | src/cert/x509path/info.txt | 5 | ||||
-rw-r--r-- | src/cert/x509path/x509path.cpp | 47 | ||||
-rw-r--r-- | src/cert/x509path/x509path.h | 82 |
3 files changed, 134 insertions, 0 deletions
diff --git a/src/cert/x509path/info.txt b/src/cert/x509path/info.txt new file mode 100644 index 000000000..b24b03a02 --- /dev/null +++ b/src/cert/x509path/info.txt @@ -0,0 +1,5 @@ +define X509_STORE + +<requires> +x509cert +</requires> diff --git a/src/cert/x509path/x509path.cpp b/src/cert/x509path/x509path.cpp new file mode 100644 index 000000000..d0153309c --- /dev/null +++ b/src/cert/x509path/x509path.cpp @@ -0,0 +1,47 @@ +/* +* X.509 Certificate Path Validation +* (C) 2010-2011 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/x509path.h> +#include <botan/parsing.h> +#include <botan/pubkey.h> +#include <botan/oids.h> +#include <botan/time.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +Path_Validation_Result x509_path_validate( + const X509_Certificate& cert, + const std::vector<Certificate_Store*>& certstores) + { + const X509_DN issuer_dn = cert.issuer_dn(); + const MemoryVector<byte> auth_key_id = cert.authority_key_id(); + + Path_Validation_Result result; + + std::vector<X509_Certificate> cert_path; + + cert_path.push_back(cert); + + for(size_t i = 0; i != certstores.size(); ++i) + { + std::vector<X509_Certificate> got = + certstores[i]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id); + + // What to do if it returns more than one match? + if(got.size() == 1) + { + cert_path.push_back(got[0]); + break; + } + } + + return result; + } + +} diff --git a/src/cert/x509path/x509path.h b/src/cert/x509path/x509path.h new file mode 100644 index 000000000..57e4764cc --- /dev/null +++ b/src/cert/x509path/x509path.h @@ -0,0 +1,82 @@ +/* +* X.509 Cert Path Validation +* (C) 2010-2011 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_X509_CERT_PATH_VALIDATION_H__ +#define BOTAN_X509_CERT_PATH_VALIDATION_H__ + +#include <botan/x509cert.h> +#include <botan/certstor.h> +#include <set> + +namespace Botan { + +/** +* X.509 Certificate Validation Result +*/ +enum X509_Path_Validation_Code { + VERIFIED, + UNKNOWN_X509_ERROR, + CANNOT_ESTABLISH_TRUST, + CERT_CHAIN_TOO_LONG, + SIGNATURE_ERROR, + POLICY_ERROR, + INVALID_USAGE, + + CERT_MULTIPLE_ISSUERS_FOUND, + + CERT_FORMAT_ERROR, + CERT_ISSUER_NOT_FOUND, + CERT_NOT_YET_VALID, + CERT_HAS_EXPIRED, + CERT_IS_REVOKED, + + CRL_FORMAT_ERROR, + CRL_ISSUER_NOT_FOUND, + CRL_NOT_YET_VALID, + CRL_HAS_EXPIRED, + + CA_CERT_CANNOT_SIGN, + CA_CERT_NOT_FOR_CERT_ISSUER, + CA_CERT_NOT_FOR_CRL_ISSUER +}; + +enum X509_Cert_Usage { + NO_RESTRICTIONS = 0x00, + TLS_SERVER = 0x01, + TLS_CLIENT = 0x02, + CODE_SIGNING = 0x04, + EMAIL_PROTECTION = 0x08, + TIME_STAMPING = 0x10, + CRL_SIGNING = 0x20 +}; + +class Path_Validation_Result + { + public: + X509_Path_Validation_Code validation_result; + X509_Cert_Usage allowed_usages; + std::vector<X509_Certificate> cert_path; + + std::set<std::string> trusted_hashes() const; + }; + +Path_Validation_Result BOTAN_DLL x509_path_validate( + const X509_Certificate& end_cert, + const std::vector<Certificate_Store*>& certstores); + +inline Path_Validation_Result x509_path_validate( + const X509_Certificate& end_cert, + Certificate_Store& store) + { + std::vector<Certificate_Store*> store_vec; + store_vec.push_back(&store); + return x509_path_validate(end_cert, store_vec); + } + +} + +#endif |