예제 #1
0
파일: ocsp.cpp 프로젝트: evpo/EncryptPad 
Request::Request(const X509_Certificate& issuer_cert,
                 const X509_Certificate& subject_cert) :
   m_issuer(issuer_cert),
   m_certid(m_issuer, BigInt::decode(subject_cert.serial_number()))
   {
   if(subject_cert.issuer_dn() != issuer_cert.subject_dn())
      throw Invalid_Argument("Invalid cert pair to OCSP::Request (mismatched issuer,subject args?)");
   }
예제 #2
0
std::shared_ptr<const X509_CRL>
Certificate_Store_In_SQL::find_crl_for(const X509_Certificate& subject) const
   {
   auto all_crls = generate_crls();

   for(auto crl: all_crls)
      {
      if(!crl.get_revoked().empty() && crl.issuer_dn() == subject.issuer_dn())
         return std::shared_ptr<X509_CRL>(new X509_CRL(crl));
      }

   return std::shared_ptr<X509_CRL>();
   }
예제 #3
0
파일: ocsp.cpp 프로젝트: evpo/EncryptPad 
Response online_check(const X509_Certificate& issuer,
                      const X509_Certificate& subject,
                      Certificate_Store* trusted_roots,
                      std::chrono::milliseconds timeout)
   {
   if(subject.issuer_dn() != issuer.subject_dn())
      throw Invalid_Argument("Invalid cert pair to OCSP::online_check (mismatched issuer,subject args?)");

   return online_check(issuer,
                       BigInt::decode(subject.serial_number()),
                       subject.ocsp_responder(),
                       trusted_roots,
                       timeout);
   }
예제 #4
0
std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
   {
   const std::vector<uint8_t>& key_id = subject.authority_key_id();

   for(const auto& c : m_crls)
      {
      // Only compare key ids if set in both call and in the CRL
      if(key_id.size())
         {
         std::vector<uint8_t> akid = c->authority_key_id();

         if(akid.size() && akid != key_id) // no match
            continue;
         }

      if(c->issuer_dn() == subject.issuer_dn())
         return c;
      }

   return {};
   }
예제 #5
0
/**
* Check if this particular certificate is listed in the CRL
*/
bool X509_CRL::is_revoked(const X509_Certificate& cert) const
   {
   /*
   If the cert wasn't issued by the CRL issuer, it's possible the cert
   is revoked, but not by this CRL. Maybe throw an exception instead?
   */
   if(cert.issuer_dn() != issuer_dn())
      return false;

   std::vector<uint8_t> crl_akid = authority_key_id();
   std::vector<uint8_t> cert_akid = cert.authority_key_id();

   if(!crl_akid.empty() && !cert_akid.empty())
      {
      if(crl_akid != cert_akid)
         return false;
      }

   std::vector<uint8_t> cert_serial = cert.serial_number();

   bool is_revoked = false;

   // FIXME would be nice to avoid a linear scan here - maybe sort the entries?
   for(const CRL_Entry& entry : get_revoked())
      {
      if(cert_serial == entry.serial_number())
         {
         if(entry.reason_code() == REMOVE_FROM_CRL)
            is_revoked = false;
         else
            is_revoked = true;
         }
      }

   return is_revoked;
   }
예제 #6
0
/*
* Match by issuer and serial number
*/
bool IandS_Match::match(const X509_Certificate& cert) const
   {
   if(cert.serial_number() != serial)
      return false;
   return (cert.issuer_dn() == issuer);
   }