/** * Deserialize a Certificate message */ Certificate::Certificate(const std::vector<byte>& buf) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]); if(total_size != buf.size() - 3) throw Decoding_Error("Certificate: Message malformed"); const byte* certs = buf.data() + 3; while(size_t remaining_bytes = buf.data() + buf.size() - certs) { if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); if(remaining_bytes < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); DataSource_Memory cert_buf(&certs[3], cert_size); m_certs.push_back(X509_Certificate(cert_buf)); certs += cert_size + 3; } }
/* * Create a new certificate */ X509_Certificate X509_CA::make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, const std::vector<byte>& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, const X509_DN& subject_dn, const Extensions& extensions) { const size_t X509_CERT_VERSION = 3; const size_t SERIAL_BITS = 128; BigInt serial_no(rng, SERIAL_BITS); // clang-format off return X509_Certificate(X509_Object::make_signed( signer, rng, sig_algo, DER_Encoder().start_cons(SEQUENCE) .start_explicit(0) .encode(X509_CERT_VERSION-1) .end_explicit() .encode(serial_no) .encode(sig_algo) .encode(issuer_dn) .start_cons(SEQUENCE) .encode(not_before) .encode(not_after) .end_cons() .encode(subject_dn) .raw_bytes(pub_key) .start_explicit(3) .start_cons(SEQUENCE) .encode(extensions) .end_cons() .end_explicit() .end_cons() .get_contents() ));; // clang-format on }
std::vector<X509_CRL> Certificate_Store_In_SQL::generate_crls() const { auto stmt = m_database->new_statement( "SELECT certificate,reason,time FROM " + m_prefix + "revoked " "JOIN " + m_prefix + "certificates ON " + m_prefix + "certificates.fingerprint == " + m_prefix + "revoked.fingerprint"); std::map<X509_DN,std::vector<CRL_Entry>> crls; while(stmt->step()) { auto blob = stmt->get_blob(0); auto cert = X509_Certificate( std::vector<uint8_t>(blob.first,blob.first + blob.second)); auto code = static_cast<CRL_Code>(stmt->get_size_t(1)); auto ent = CRL_Entry(cert,code); auto i = crls.find(cert.issuer_dn()); if(i == crls.end()) { crls.insert(std::make_pair(cert.issuer_dn(),std::vector<CRL_Entry>({ent}))); } else { i->second.push_back(ent); } } std::vector<X509_CRL> ret; X509_Time t(std::chrono::system_clock::now()); for(auto p: crls) { ret.push_back(X509_CRL(p.first,t,t,p.second)); } return ret; }