/* * Certificate Request Message * (C) 2004-2006,2012 Jack Lloyd * * Released under the terms of the Botan license */ #include #include #include #include #include #include namespace Botan { /** * Create a new Certificate Request message */ Certificate_Req::Certificate_Req(Record_Writer& writer, TLS_Handshake_Hash& hash, const std::vector& ca_certs, const std::vector& cert_types) { for(size_t i = 0; i != ca_certs.size(); ++i) names.push_back(ca_certs[i].subject_dn()); if(cert_types.empty()) // default is RSA/DSA is OK { types.push_back(RSA_CERT); types.push_back(DSS_CERT); } else types = cert_types; send(writer, hash); } /** * Serialize a Certificate Request message */ MemoryVector Certificate_Req::serialize() const { MemoryVector buf; append_tls_length_value(buf, types, 1); for(size_t i = 0; i != names.size(); ++i) { DER_Encoder encoder; encoder.encode(names[i]); append_tls_length_value(buf, encoder.get_contents(), 2); } return buf; } /** * Deserialize a Certificate Request message */ void Certificate_Req::deserialize(const MemoryRegion& buf) { if(buf.size() < 4) throw Decoding_Error("Certificate_Req: Bad certificate request"); const size_t types_size = buf[0]; if(buf.size() < types_size + 3) throw Decoding_Error("Certificate_Req: Bad certificate request"); for(size_t i = 0; i != types_size; ++i) types.push_back(static_cast(buf[i+1])); const size_t names_size = make_u16bit(buf[types_size+1], buf[types_size+2]); if(buf.size() != names_size + types_size + 3) throw Decoding_Error("Certificate_Req: Bad certificate request"); size_t offset = types_size + 3; while(offset < buf.size()) { const size_t name_size = make_u16bit(buf[offset], buf[offset+1]); if(offset + 2 + name_size > buf.size()) throw Decoding_Error("Certificate_Req: Bad certificate request"); BER_Decoder decoder(&buf[offset + 2], name_size); X509_DN name; decoder.decode(name); names.push_back(name); offset += (2 + name_size); } } /** * Create a new Certificate message */ Certificate::Certificate(Record_Writer& writer, TLS_Handshake_Hash& hash, const std::vector& cert_list) { certs = cert_list; send(writer, hash); } /** * Serialize a Certificate message */ MemoryVector Certificate::serialize() const { MemoryVector buf(3); for(size_t i = 0; i != certs.size(); ++i) { MemoryVector raw_cert = certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t i = 0; i != 3; ++i) buf.push_back(get_byte(i+1, cert_size)); buf += raw_cert; } const size_t buf_size = buf.size() - 3; for(size_t i = 0; i != 3; ++i) buf[i] = get_byte(i+1, buf_size); return buf; } /** * Deserialize a Certificate message */ void Certificate::deserialize(const MemoryRegion& buf) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]); SecureQueue queue; queue.write(&buf[3], buf.size() - 3); if(queue.size() != total_size) throw Decoding_Error("Certificate: Message malformed"); while(queue.size()) { if(queue.size() < 3) throw Decoding_Error("Certificate: Message malformed"); byte len[3]; queue.read(len, 3); const size_t cert_size = make_u32bit(0, len[0], len[1], len[2]); const size_t original_size = queue.size(); X509_Certificate cert(queue); if(queue.size() + cert_size != original_size) throw Decoding_Error("Certificate: Message malformed"); certs.push_back(cert); } } }