diff options
Diffstat (limited to 'src/lib/x509')
-rw-r--r-- | src/lib/x509/asn1_alt_name.cpp | 6 | ||||
-rw-r--r-- | src/lib/x509/ocsp.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/ocsp_types.cpp | 3 | ||||
-rw-r--r-- | src/lib/x509/pkcs10.cpp | 14 | ||||
-rw-r--r-- | src/lib/x509/x509_ca.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/x509_dn.cpp | 18 | ||||
-rw-r--r-- | src/lib/x509/x509_ext.cpp | 6 | ||||
-rw-r--r-- | src/lib/x509/x509_obj.cpp | 12 | ||||
-rw-r--r-- | src/lib/x509/x509cert.cpp | 20 | ||||
-rw-r--r-- | src/lib/x509/x509opt.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/x509path.cpp | 7 | ||||
-rw-r--r-- | src/lib/x509/x509self.cpp | 2 |
12 files changed, 46 insertions, 48 deletions
diff --git a/src/lib/x509/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp index 4e052ca58..60e767543 100644 --- a/src/lib/x509/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -69,10 +69,14 @@ std::multimap<std::string, std::string> AlternativeName::contents() const std::multimap<std::string, std::string> names; for(auto i = m_alt_info.begin(); i != m_alt_info.end(); ++i) + { multimap_insert(names, i->first, i->second); + } for(auto i = m_othernames.begin(); i != m_othernames.end(); ++i) - multimap_insert(names, OIDS::lookup(i->first), i->second.value()); + { + multimap_insert(names, OIDS::oid2str_or_raw(i->first), i->second.value()); + } return names; } diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 249ce7817..b119c4490 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -164,7 +164,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key()); const std::vector<std::string> sig_info = - split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); + split_on(OIDS::oid2str_or_throw(m_sig_algo.get_oid()), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name()) return Certificate_Status_Code::OCSP_RESPONSE_INVALID; diff --git a/src/lib/x509/ocsp_types.cpp b/src/lib/x509/ocsp_types.cpp index 3eda5c05b..98c63a31b 100644 --- a/src/lib/x509/ocsp_types.cpp +++ b/src/lib/x509/ocsp_types.cpp @@ -39,7 +39,8 @@ bool CertID::is_id_for(const X509_Certificate& issuer, if(BigInt::decode(subject.serial_number()) != m_subject_serial) return false; - std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid()))); + const std::string hash_algo = OIDS::oid2str_or_throw(m_hash_id.get_oid()); + std::unique_ptr<HashFunction> hash = HashFunction::create(hash_algo); if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) return false; diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 2da002cd1..1270e4159 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -148,19 +148,19 @@ std::unique_ptr<PKCS10_Data> decode_pkcs10(const std::vector<uint8_t>& body) const OID& oid = attr.get_oid(); BER_Decoder value(attr.get_parameters()); - if(oid == OIDS::lookup("PKCS9.EmailAddress")) + if(oid == OIDS::str2oid_or_throw("PKCS9.EmailAddress")) { ASN1_String email; value.decode(email); pkcs9_email.insert(email.value()); } - else if(oid == OIDS::lookup("PKCS9.ChallengePassword")) + else if(oid == OIDS::str2oid_or_throw("PKCS9.ChallengePassword")) { ASN1_String challenge_password; value.decode(challenge_password); data->m_challenge = challenge_password.value(); } - else if(oid == OIDS::lookup("PKCS9.ExtensionRequest")) + else if(oid == OIDS::str2oid_or_throw("PKCS9.ExtensionRequest")) { value.decode(data->m_extensions).verify_end(); } @@ -260,7 +260,7 @@ const Extensions& PKCS10_Request::extensions() const */ Key_Constraints PKCS10_Request::constraints() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.KeyUsage"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.KeyUsage"))) { return dynamic_cast<Cert_Extension::Key_Usage&>(*ext).get_constraints(); } @@ -273,7 +273,7 @@ Key_Constraints PKCS10_Request::constraints() const */ std::vector<OID> PKCS10_Request::ex_constraints() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.ExtendedKeyUsage"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.ExtendedKeyUsage"))) { return dynamic_cast<Cert_Extension::Extended_Key_Usage&>(*ext).get_oids(); } @@ -286,7 +286,7 @@ std::vector<OID> PKCS10_Request::ex_constraints() const */ bool PKCS10_Request::is_CA() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.BasicConstraints"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.BasicConstraints"))) { return dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext).get_is_ca(); } @@ -299,7 +299,7 @@ bool PKCS10_Request::is_CA() const */ size_t PKCS10_Request::path_limit() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.BasicConstraints"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.BasicConstraints"))) { Cert_Extension::Basic_Constraints& basic_constraints = dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext); if(basic_constraints.get_is_ca()) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 73eea4a95..74ca1bcfc 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -40,7 +40,7 @@ X509_CA::X509_CA(const X509_Certificate& c, // constructor without additional options: use the padding used in the CA certificate // sig_oid_str = <sig_alg>/<padding>, so padding with all its options will look // like a cipher mode to the scanner - std::string sig_oid_str = OIDS::lookup(c.signature_algorithm().oid); + std::string sig_oid_str = OIDS::oid2str_or_throw(c.signature_algorithm().oid); SCAN_Name scanner(sig_oid_str); std::string pad = scanner.cipher_mode(); if(!pad.empty()) diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index 6e2707673..e9d825256 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -23,7 +23,7 @@ namespace Botan { void X509_DN::add_attribute(const std::string& type, const std::string& str) { - add_attribute(OIDS::lookup(type), str); + add_attribute(OIDS::str2oid_or_throw(type), str); } /* @@ -59,10 +59,7 @@ std::multimap<std::string, std::string> X509_DN::contents() const for(auto& i : m_rdn) { - std::string str_value = OIDS::oid2str(i.first); - - if(str_value.empty()) - str_value = i.first.to_string(); + const std::string str_value = OIDS::oid2str_or_raw(i.first); multimap_insert(retval, str_value, i.second.value()); } return retval; @@ -70,7 +67,7 @@ std::multimap<std::string, std::string> X509_DN::contents() const bool X509_DN::has_field(const std::string& attr) const { - return has_field(OIDS::lookup(deref_info_field(attr))); + return has_field(OIDS::str2oid_or_throw(deref_info_field(attr))); } bool X509_DN::has_field(const OID& oid) const @@ -86,7 +83,7 @@ bool X509_DN::has_field(const OID& oid) const std::string X509_DN::get_first_attribute(const std::string& attr) const { - const OID oid = OIDS::lookup(deref_info_field(attr)); + const OID oid = OIDS::str2oid_or_throw(deref_info_field(attr)); return get_first_attribute(oid).value(); } @@ -108,7 +105,7 @@ ASN1_String X509_DN::get_first_attribute(const OID& oid) const */ std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const { - const OID oid = OIDS::lookup(deref_info_field(attr)); + const OID oid = OIDS::str2oid_or_throw(deref_info_field(attr)); std::vector<std::string> values; @@ -304,10 +301,7 @@ namespace { std::string to_short_form(const OID& oid) { - const std::string long_id = OIDS::oid2str(oid); - - if(long_id.empty()) - return oid.to_string(); + const std::string long_id = OIDS::oid2str_or_raw(oid); if(long_id == "X520.CommonName") return "CN"; diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 9b938f4d3..cfcc7da59 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -786,7 +786,7 @@ std::vector<uint8_t> Authority_Information_Access::encode_inner() const DER_Encoder(output) .start_cons(SEQUENCE) .start_cons(SEQUENCE) - .encode(OIDS::lookup("PKIX.OCSP")) + .encode(OIDS::str2oid_or_throw("PKIX.OCSP")) .add_object(ASN1_Tag(6), CONTEXT_SPECIFIC, url.value()) .end_cons() .end_cons(); @@ -805,7 +805,7 @@ void Authority_Information_Access::decode_inner(const std::vector<uint8_t>& in) info.decode(oid); - if(oid == OIDS::lookup("PKIX.OCSP")) + if(oid == OIDS::str2oid_or_throw("PKIX.OCSP")) { BER_Object name = info.get_next_object(); @@ -815,7 +815,7 @@ void Authority_Information_Access::decode_inner(const std::vector<uint8_t>& in) } } - if(oid == OIDS::lookup("PKIX.CertificateAuthorityIssuers")) + if(oid == OIDS::str2oid_or_throw("PKIX.CertificateAuthorityIssuers")) { BER_Object name = info.get_next_object(); diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index dd1e51cd7..dded17b4b 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -139,7 +139,7 @@ std::vector<uint8_t> X509_Object::tbs_data() const std::string X509_Object::hash_used_for_signature() const { const OID& oid = m_sig_algo.get_oid(); - const std::vector<std::string> sig_info = split_on(OIDS::lookup(oid), '/'); + const std::vector<std::string> sig_info = split_on(OIDS::oid2str_or_throw(oid), '/'); if(sig_info.size() == 1 && sig_info[0] == "Ed25519") return "SHA-512"; @@ -148,7 +148,7 @@ std::string X509_Object::hash_used_for_signature() const if(sig_info[1] == "EMSA4") { - return OIDS::lookup(decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid()); + return OIDS::oid2str_or_throw(decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid()); } else { @@ -184,7 +184,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) const { const std::vector<std::string> sig_info = - split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); + split_on(OIDS::oid2str_or_throw(m_sig_algo.get_oid()), '/'); if(sig_info.size() < 1 || sig_info.size() > 2 || sig_info[0] != pub_key.algo_name()) return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; @@ -210,7 +210,7 @@ Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - const std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); + const std::string hash_algo = OIDS::oid2str_or_throw(pss_parameter.hash_algo.oid); if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && @@ -220,7 +220,7 @@ Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) return Certificate_Status_Code::UNTRUSTED_HASH; } - const std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); + const std::string mgf_algo = OIDS::oid2str_or_throw(pss_parameter.mask_gen_algo.oid); if(mgf_algo != "MGF1") { return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; @@ -354,7 +354,7 @@ std::string choose_sig_algo(AlgorithmIdentifier& sig_algo, } else { - sig_algo = AlgorithmIdentifier(OIDS::lookup("Ed25519"), AlgorithmIdentifier::USE_EMPTY_PARAM); + sig_algo = AlgorithmIdentifier(OIDS::str2oid_or_throw("Ed25519"), AlgorithmIdentifier::USE_EMPTY_PARAM); return "Pure"; } } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 0212267ec..890360c8a 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -148,7 +148,7 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); std::vector<std::string> public_key_info = - split_on(OIDS::oid2str(public_key_alg_id.get_oid()), '/'); + split_on(OIDS::oid2str_or_throw(public_key_alg_id.get_oid()), '/'); if(!public_key_info.empty() && public_key_info[0] == "RSA") { @@ -500,7 +500,7 @@ bool X509_Certificate::allowed_usage(Key_Constraints usage) const bool X509_Certificate::allowed_extended_usage(const std::string& usage) const { - return allowed_extended_usage(OIDS::str2oid(usage)); + return allowed_extended_usage(OIDS::str2oid_or_throw(usage)); } bool X509_Certificate::allowed_extended_usage(const OID& usage) const @@ -552,7 +552,7 @@ bool X509_Certificate::has_constraints(Key_Constraints constraints) const bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const { - return has_ex_constraint(OIDS::str2oid(ex_constraint)); + return has_ex_constraint(OIDS::str2oid_or_throw(ex_constraint)); } bool X509_Certificate::has_ex_constraint(const OID& usage) const @@ -566,7 +566,7 @@ bool X509_Certificate::has_ex_constraint(const OID& usage) const */ bool X509_Certificate::is_critical(const std::string& ex_name) const { - return v3_extensions().critical_extension_set(OIDS::str2oid(ex_name)); + return v3_extensions().critical_extension_set(OIDS::str2oid_or_throw(ex_name)); } std::string X509_Certificate::ocsp_responder() const @@ -695,7 +695,7 @@ std::vector<std::string> lookup_oids(const std::vector<OID>& oids) for(const OID& oid : oids) { - out.push_back(OIDS::oid2str(oid)); + out.push_back(OIDS::oid2str_or_raw(oid)); } return out; } @@ -823,12 +823,8 @@ std::string X509_Certificate::to_string() const out << "Extended Constraints:\n"; for(auto&& oid : ex_constraints) { - const std::string oid_str = OIDS::oid2str(oid); - - if(oid_str.empty()) - out << " " << oid.to_string() << "\n"; - else - out << " " << oid_str << "\n"; + const std::string oid_str = OIDS::oid2str_or_raw(oid); + out << " " << oid.to_string() << "\n"; } } @@ -874,7 +870,7 @@ std::string X509_Certificate::to_string() const out << "CRL " << crl_distribution_point() << "\n"; out << "Signature algorithm: " << - OIDS::oid2str(this->signature_algorithm().get_oid()) << "\n"; + OIDS::oid2str_or_raw(this->signature_algorithm().get_oid()) << "\n"; out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; diff --git a/src/lib/x509/x509opt.cpp b/src/lib/x509/x509opt.cpp index e31ead91f..723d57742 100644 --- a/src/lib/x509/x509opt.cpp +++ b/src/lib/x509/x509opt.cpp @@ -49,7 +49,7 @@ void X509_Cert_Options::add_ex_constraint(const OID& oid) */ void X509_Cert_Options::add_ex_constraint(const std::string& oid_str) { - ex_constraints.push_back(OIDS::lookup(oid_str)); + ex_constraints.push_back(OIDS::str2oid_or_throw(oid_str)); } /* diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index cecefcc79..52be8263f 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -117,7 +117,7 @@ PKIX::check_chain(const std::vector<std::shared_ptr<const X509_Certificate>>& ce std::unique_ptr<Public_Key> issuer_key(issuer->subject_public_key()); // Check the signature algorithm - if(OIDS::lookup(subject->signature_algorithm().oid).empty()) + if(OIDS::oid2str_or_empty(subject->signature_algorithm().oid).empty()) { status.insert(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN); } @@ -298,8 +298,11 @@ PKIX::check_crl(const std::vector<std::shared_ptr<const X509_Certificate>>& cert for(const auto& extension : crls[i]->extensions().extensions()) { + // XXX this is wrong - the OID might be defined but the extention not full parsed + // for example see #1652 + // is the extension critical and unknown? - if(extension.second && OIDS::lookup(extension.first->oid_of()) == "") + if(extension.second && OIDS::oid2str_or_empty(extension.first->oid_of()) == "") { /* NIST Certificate Path Valiadation Testing document: "When an implementation does not recognize a critical extension in the * crlExtensions field, it shall assume that identified certificates have been revoked and are no longer valid" diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index d84544eff..d848185ec 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -35,7 +35,7 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, subject_dn.add_attribute("X520.SerialNumber", opts.serial_number); subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip); - subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), + subject_alt.add_othername(OIDS::str2oid_or_throw("PKIX.XMPPAddr"), opts.xmpp, UTF8_STRING); for(auto dns : opts.more_dns) |