From 697fdc8fcb7f4ada4699ccad80def4673270d133 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Mon, 4 Dec 2017 14:00:47 -0500
Subject: Support uninitialized certificate objects

Issued raised by @securitykernel on Slack, there was no non-hacky
way to decode a list of certificate objects because creating an
uninitialized one wasn't allowed. However after #884 that got much
closer to being viable, this is the last pieces.
---
 src/tests/data/x509/misc/cert_seq.der | Bin 0 -> 1271 bytes
 src/tests/unit_x509.cpp               |  37 ++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 src/tests/data/x509/misc/cert_seq.der

(limited to 'src/tests')

diff --git a/src/tests/data/x509/misc/cert_seq.der b/src/tests/data/x509/misc/cert_seq.der
new file mode 100644
index 000000000..4d93ccaff
Binary files /dev/null and b/src/tests/data/x509/misc/cert_seq.der differ
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index 72c497ca7..5fbea2f4f 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -755,6 +755,41 @@ Test::Result test_self_issued(const std::string& sig_algo, const std::string& ha
    return result;
    }
 
+Test::Result test_x509_uninit()
+   {
+   Test::Result result("X509 object uninitialized access");
+
+   Botan::X509_Certificate cert;
+   result.test_throws("uninitialized cert access causes exception",
+                      "X509_Certificate uninitialized",
+                      [&cert]() { cert.x509_version(); });
+
+   Botan::X509_CRL crl;
+   result.test_throws("uninitialized crl access causes exception",
+                      "X509_CRL uninitialized",
+                      [&crl]() { crl.crl_number(); });
+
+   return result;
+   }
+
+Test::Result test_x509_decode_list()
+   {
+   Test::Result result("X509_Certificate list decode");
+
+   Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der"));
+
+   Botan::BER_Decoder dec(input);
+   std::vector<Botan::X509_Certificate> certs;
+   dec.decode_list(certs);
+
+   result.test_eq("Expected number of certs in list", certs.size(), 2);
+
+   result.test_eq("Expected cert 1 CN", certs[0].subject_dn().get_first_attribute("CN"), "CA1-PP.01.02");
+   result.test_eq("Expected cert 2 CN", certs[1].subject_dn().get_first_attribute("CN"), "User1-PP.01.02");
+
+   return result;
+   }
+
 
 using Botan::Key_Constraints;
 
@@ -1250,6 +1285,8 @@ class X509_Cert_Unit_Tests final : public Test
          results.push_back(test_x509_utf8());
          results.push_back(test_x509_bmpstring());
          results.push_back(test_crl_dn_name());
+         results.push_back(test_x509_uninit());
+         results.push_back(test_x509_decode_list());
 
          return results;
          }
-- 
cgit v1.2.3


From 5022191613a44f6d603294abfa79b2faf5a175ed Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Mon, 4 Dec 2017 15:57:31 -0500
Subject: Need binary IO for Windows

---
 src/lib/x509/pkcs10.cpp   |  2 +-
 src/lib/x509/x509_crl.cpp |  2 +-
 src/lib/x509/x509_obj.cpp | 12 +-----------
 src/lib/x509/x509cert.cpp |  2 +-
 src/tests/unit_x509.cpp   |  2 +-
 5 files changed, 5 insertions(+), 15 deletions(-)

(limited to 'src/tests')

diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp
index a17ffeb0f..1f7e915ff 100644
--- a/src/lib/x509/pkcs10.cpp
+++ b/src/lib/x509/pkcs10.cpp
@@ -47,7 +47,7 @@ PKCS10_Request::PKCS10_Request(const std::vector<uint8_t>& vec)
 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
 PKCS10_Request::PKCS10_Request(const std::string& fsname)
    {
-   DataSource_Stream src(fsname);
+   DataSource_Stream src(fsname, true);
    load_data(src);
    }
 #endif
diff --git a/src/lib/x509/x509_crl.cpp b/src/lib/x509/x509_crl.cpp
index 4fa5df44f..a739d2f60 100644
--- a/src/lib/x509/x509_crl.cpp
+++ b/src/lib/x509/x509_crl.cpp
@@ -49,7 +49,7 @@ X509_CRL::X509_CRL(const std::vector<uint8_t>& vec)
 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
 X509_CRL::X509_CRL(const std::string& fsname)
    {
-   DataSource_Stream src(fsname);
+   DataSource_Stream src(fsname, true);
    load_data(src);
    }
 #endif
diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp
index 019bac0b1..4450df7bb 100644
--- a/src/lib/x509/x509_obj.cpp
+++ b/src/lib/x509/x509_obj.cpp
@@ -113,17 +113,7 @@ void X509_Object::decode_from(BER_Decoder& from)
          .decode(m_sig, BIT_STRING)
       .end_cons();
 
-   try {
-      force_decode();
-      }
-   catch(Decoding_Error& e)
-      {
-      throw Decoding_Error(PEM_label() + " decoding failed", e.what());
-      }
-   catch(Invalid_Argument& e)
-      {
-      throw Decoding_Error(PEM_label() + " decoding failed", e.what());
-      }
+   force_decode();
    }
 
 /*
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp
index 35dbd4c38..acd6b3362 100644
--- a/src/lib/x509/x509cert.cpp
+++ b/src/lib/x509/x509cert.cpp
@@ -84,7 +84,7 @@ X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec)
 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
 X509_Certificate::X509_Certificate(const std::string& fsname)
    {
-   DataSource_Stream src(fsname);
+   DataSource_Stream src(fsname, true);
    load_data(src);
    }
 #endif
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index 5fbea2f4f..da5439a05 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -776,7 +776,7 @@ Test::Result test_x509_decode_list()
    {
    Test::Result result("X509_Certificate list decode");
 
-   Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der"));
+   Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der"), true);
 
    Botan::BER_Decoder dec(input);
    std::vector<Botan::X509_Certificate> certs;
-- 
cgit v1.2.3