1 /*
2 * X.509 Certificates
3 * (C) 1999-2010,2015,2017 Jack Lloyd
4 * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9 #include <botan/x509cert.h>
10 #include <botan/x509_key.h>
11 #include <botan/datastor.h>
12 #include <botan/pk_keys.h>
13 #include <botan/x509_ext.h>
14 #include <botan/ber_dec.h>
15 #include <botan/parsing.h>
16 #include <botan/bigint.h>
17 #include <botan/oids.h>
18 #include <botan/hash.h>
19 #include <botan/hex.h>
20 #include <algorithm>
21 #include <sstream>
22
23 namespace Botan {
24
25 struct X509_Certificate_Data
26 {
27 std::vector<uint8_t> m_serial;
28 AlgorithmIdentifier m_sig_algo_inner;
29 X509_DN m_issuer_dn;
30 X509_DN m_subject_dn;
31 std::vector<uint8_t> m_issuer_dn_bits;
32 std::vector<uint8_t> m_subject_dn_bits;
33 X509_Time m_not_before;
34 X509_Time m_not_after;
35 std::vector<uint8_t> m_subject_public_key_bits;
36 std::vector<uint8_t> m_subject_public_key_bits_seq;
37 std::vector<uint8_t> m_subject_public_key_bitstring;
38 std::vector<uint8_t> m_subject_public_key_bitstring_sha1;
39 AlgorithmIdentifier m_subject_public_key_algid;
40
41 std::vector<uint8_t> m_v2_issuer_key_id;
42 std::vector<uint8_t> m_v2_subject_key_id;
43 Extensions m_v3_extensions;
44
45 std::vector<OID> m_extended_key_usage;
46 std::vector<uint8_t> m_authority_key_id;
47 std::vector<uint8_t> m_subject_key_id;
48 std::vector<OID> m_cert_policies;
49
50 std::vector<std::string> m_crl_distribution_points;
51 std::string m_ocsp_responder;
52 std::vector<std::string> m_ca_issuers;
53
54 std::vector<uint8_t> m_issuer_dn_bits_sha256;
55 std::vector<uint8_t> m_subject_dn_bits_sha256;
56
57 std::string m_fingerprint_sha1;
58 std::string m_fingerprint_sha256;
59
60 AlternativeName m_subject_alt_name;
61 AlternativeName m_issuer_alt_name;
62 NameConstraints m_name_constraints;
63
64 Data_Store m_subject_ds;
65 Data_Store m_issuer_ds;
66
67 size_t m_version = 0;
68 size_t m_path_len_constraint = 0;
69 Key_Constraints m_key_constraints = NO_CONSTRAINTS;
70 bool m_self_signed = false;
71 bool m_is_ca_certificate = false;
72 bool m_serial_negative = false;
73 };
74
PEM_label() const75 std::string X509_Certificate::PEM_label() const
76 {
77 return "CERTIFICATE";
78 }
79
alternate_PEM_labels() const80 std::vector<std::string> X509_Certificate::alternate_PEM_labels() const
81 {
82 return { "X509 CERTIFICATE" };
83 }
84
X509_Certificate(DataSource & src)85 X509_Certificate::X509_Certificate(DataSource& src)
86 {
87 load_data(src);
88 }
89
X509_Certificate(const std::vector<uint8_t> & vec)90 X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec)
91 {
92 DataSource_Memory src(vec.data(), vec.size());
93 load_data(src);
94 }
95
X509_Certificate(const uint8_t data[],size_t len)96 X509_Certificate::X509_Certificate(const uint8_t data[], size_t len)
97 {
98 DataSource_Memory src(data, len);
99 load_data(src);
100 }
101
102 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
X509_Certificate(const std::string & fsname)103 X509_Certificate::X509_Certificate(const std::string& fsname)
104 {
105 DataSource_Stream src(fsname, true);
106 load_data(src);
107 }
108 #endif
109
110 namespace {
111
parse_x509_cert_body(const X509_Object & obj)112 std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& obj)
113 {
114 std::unique_ptr<X509_Certificate_Data> data(new X509_Certificate_Data);
115
116 BigInt serial_bn;
117 BER_Object public_key;
118 BER_Object v3_exts_data;
119
120 BER_Decoder(obj.signed_body())
121 .decode_optional(data->m_version, ASN1_Tag(0), ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
122 .decode(serial_bn)
123 .decode(data->m_sig_algo_inner)
124 .decode(data->m_issuer_dn)
125 .start_cons(SEQUENCE)
126 .decode(data->m_not_before)
127 .decode(data->m_not_after)
128 .end_cons()
129 .decode(data->m_subject_dn)
130 .get_next(public_key)
131 .decode_optional_string(data->m_v2_issuer_key_id, BIT_STRING, 1)
132 .decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2)
133 .get_next(v3_exts_data)
134 .verify_end("TBSCertificate has extra data after extensions block");
135
136 if(data->m_version > 2)
137 throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version));
138 if(obj.signature_algorithm() != data->m_sig_algo_inner)
139 throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields");
140
141 public_key.assert_is_a(SEQUENCE, CONSTRUCTED, "X.509 certificate public key");
142
143 // crude method to save the serial's sign; will get lost during decoding, otherwise
144 data->m_serial_negative = serial_bn.is_negative();
145
146 // for general sanity convert wire version (0 based) to standards version (v1 .. v3)
147 data->m_version += 1;
148
149 data->m_serial = BigInt::encode(serial_bn);
150 data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits());
151 data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits());
152
153 // validate_public_key_params(public_key.value);
154 AlgorithmIdentifier public_key_alg_id;
155 BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining();
156
157 const std::vector<std::string> public_key_info =
158 split_on(OIDS::oid2str_or_empty(public_key_alg_id.get_oid()), '/');
159
160 if(!public_key_info.empty() && public_key_info[0] == "RSA")
161 {
162 // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP
163 if(public_key_info.size() >= 2)
164 {
165 if(public_key_info[1] == "EMSA4")
166 {
167 /*
168 When the RSA private key owner wishes to limit the use of the public
169 key exclusively to RSASSA-PSS, then the id-RSASSA-PSS object
170 identifier MUST be used in the algorithm field within the subject
171 public key information, and, if present, the parameters field MUST
172 contain RSASSA-PSS-params.
173
174 All parameters in the signature structure algorithm identifier MUST
175 match the parameters in the key structure algorithm identifier
176 except the saltLength field. The saltLength field in the signature parameters
177 MUST be greater or equal to that in the key parameters field.
178
179 ToDo: Allow salt length to be greater
180 */
181 if(public_key_alg_id != obj.signature_algorithm())
182 {
183 throw Decoding_Error("Algorithm identifier mismatch");
184 }
185 }
186 }
187 else
188 {
189 // oid = rsaEncryption -> parameters field MUST contain NULL
190 if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM))
191 {
192 throw Decoding_Error("RSA algorithm parameters field MUST contain NULL");
193 }
194 }
195 }
196
197 data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length());
198
199 data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits);
200
201 BER_Decoder(data->m_subject_public_key_bits)
202 .decode(data->m_subject_public_key_algid)
203 .decode(data->m_subject_public_key_bitstring, BIT_STRING);
204
205 if(v3_exts_data.is_a(3, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)))
206 {
207 // Path validation will reject a v1/v2 cert with v3 extensions
208 BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end();
209 }
210 else if(v3_exts_data.is_set())
211 {
212 throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging());
213 }
214
215 // Now cache some fields from the extensions
216 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>())
217 {
218 data->m_key_constraints = ext->get_constraints();
219 /*
220 RFC 5280: When the keyUsage extension appears in a certificate,
221 at least one of the bits MUST be set to 1.
222 */
223 if(data->m_key_constraints == NO_CONSTRAINTS)
224 {
225 throw Decoding_Error("Certificate has invalid encoding for KeyUsage");
226 }
227 }
228 else
229 {
230 data->m_key_constraints = NO_CONSTRAINTS;
231 }
232
233 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Key_ID>())
234 {
235 data->m_subject_key_id = ext->get_key_id();
236 }
237
238 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>())
239 {
240 data->m_authority_key_id = ext->get_key_id();
241 }
242
243 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>())
244 {
245 data->m_name_constraints = ext->get_name_constraints();
246 }
247
248 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>())
249 {
250 if(ext->get_is_ca() == true)
251 {
252 /*
253 * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all
254 * intermediate CA certificates they issue. Currently we accept it being
255 * missing, as do most other implementations. But it may be worth
256 * removing this entirely, or alternately adding a warning level
257 * validation failure for it.
258 */
259 if(data->m_key_constraints == NO_CONSTRAINTS ||
260 (data->m_key_constraints & KEY_CERT_SIGN))
261 {
262 data->m_is_ca_certificate = true;
263 data->m_path_len_constraint = ext->get_path_limit();
264 }
265 }
266 }
267
268 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Issuer_Alternative_Name>())
269 {
270 data->m_issuer_alt_name = ext->get_alt_name();
271 }
272
273 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>())
274 {
275 data->m_subject_alt_name = ext->get_alt_name();
276 }
277
278 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Extended_Key_Usage>())
279 {
280 data->m_extended_key_usage = ext->get_oids();
281 }
282
283 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>())
284 {
285 data->m_cert_policies = ext->get_policy_oids();
286 }
287
288 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>())
289 {
290 data->m_ocsp_responder = ext->ocsp_responder();
291 data->m_ca_issuers = ext->ca_issuers();
292 }
293
294 if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::CRL_Distribution_Points>())
295 {
296 data->m_crl_distribution_points = ext->crl_distribution_urls();
297 }
298
299 // Check for self-signed vs self-issued certificates
300 if(data->m_subject_dn == data->m_issuer_dn)
301 {
302 if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false)
303 {
304 data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id);
305 }
306 else
307 {
308 /*
309 If a parse error or unknown algorithm is encountered, default
310 to assuming it is self signed. We have no way of being certain but
311 that is usually the default case (self-issued is rare in practice).
312 */
313 data->m_self_signed = true;
314
315 try
316 {
317 std::unique_ptr<Public_Key> pub_key(X509::load_key(data->m_subject_public_key_bits_seq));
318
319 Certificate_Status_Code sig_status = obj.verify_signature(*pub_key);
320
321 if(sig_status == Certificate_Status_Code::OK ||
322 sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN)
323 {
324 data->m_self_signed = true;
325 }
326 else
327 {
328 data->m_self_signed = false;
329 }
330 }
331 catch(...)
332 {
333 // ignore errors here to allow parsing to continue
334 }
335 }
336 }
337
338 const std::vector<uint8_t> full_encoding = obj.BER_encode();
339
340 std::unique_ptr<HashFunction> sha1(HashFunction::create("SHA-1"));
341 if(sha1)
342 {
343 sha1->update(data->m_subject_public_key_bitstring);
344 data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec();
345 // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called
346
347 data->m_fingerprint_sha1 = create_hex_fingerprint(full_encoding, "SHA-1");
348 }
349
350 std::unique_ptr<HashFunction> sha256(HashFunction::create("SHA-256"));
351 if(sha256)
352 {
353 sha256->update(data->m_issuer_dn_bits);
354 data->m_issuer_dn_bits_sha256 = sha256->final_stdvec();
355
356 sha256->update(data->m_subject_dn_bits);
357 data->m_subject_dn_bits_sha256 = sha256->final_stdvec();
358
359 data->m_fingerprint_sha256 = create_hex_fingerprint(full_encoding, "SHA-256");
360 }
361
362 data->m_subject_ds.add(data->m_subject_dn.contents());
363 data->m_issuer_ds.add(data->m_issuer_dn.contents());
364 data->m_v3_extensions.contents_to(data->m_subject_ds, data->m_issuer_ds);
365
366 return data;
367 }
368
369 }
370
371 /*
372 * Decode the TBSCertificate data
373 */
force_decode()374 void X509_Certificate::force_decode()
375 {
376 m_data.reset();
377
378 std::unique_ptr<X509_Certificate_Data> data = parse_x509_cert_body(*this);
379
380 m_data.reset(data.release());
381 }
382
data() const383 const X509_Certificate_Data& X509_Certificate::data() const
384 {
385 if(m_data == nullptr)
386 {
387 throw Invalid_State("X509_Certificate uninitialized");
388 }
389 return *m_data.get();
390 }
391
x509_version() const392 uint32_t X509_Certificate::x509_version() const
393 {
394 return static_cast<uint32_t>(data().m_version);
395 }
396
is_self_signed() const397 bool X509_Certificate::is_self_signed() const
398 {
399 return data().m_self_signed;
400 }
401
not_before() const402 const X509_Time& X509_Certificate::not_before() const
403 {
404 return data().m_not_before;
405 }
406
not_after() const407 const X509_Time& X509_Certificate::not_after() const
408 {
409 return data().m_not_after;
410 }
411
subject_public_key_algo() const412 const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const
413 {
414 return data().m_subject_public_key_algid;
415 }
416
v2_issuer_key_id() const417 const std::vector<uint8_t>& X509_Certificate::v2_issuer_key_id() const
418 {
419 return data().m_v2_issuer_key_id;
420 }
421
v2_subject_key_id() const422 const std::vector<uint8_t>& X509_Certificate::v2_subject_key_id() const
423 {
424 return data().m_v2_subject_key_id;
425 }
426
subject_public_key_bits() const427 const std::vector<uint8_t>& X509_Certificate::subject_public_key_bits() const
428 {
429 return data().m_subject_public_key_bits;
430 }
431
subject_public_key_info() const432 const std::vector<uint8_t>& X509_Certificate::subject_public_key_info() const
433 {
434 return data().m_subject_public_key_bits_seq;
435 }
436
subject_public_key_bitstring() const437 const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring() const
438 {
439 return data().m_subject_public_key_bitstring;
440 }
441
subject_public_key_bitstring_sha1() const442 const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring_sha1() const
443 {
444 if(data().m_subject_public_key_bitstring_sha1.empty())
445 throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build");
446
447 return data().m_subject_public_key_bitstring_sha1;
448 }
449
authority_key_id() const450 const std::vector<uint8_t>& X509_Certificate::authority_key_id() const
451 {
452 return data().m_authority_key_id;
453 }
454
subject_key_id() const455 const std::vector<uint8_t>& X509_Certificate::subject_key_id() const
456 {
457 return data().m_subject_key_id;
458 }
459
serial_number() const460 const std::vector<uint8_t>& X509_Certificate::serial_number() const
461 {
462 return data().m_serial;
463 }
464
is_serial_negative() const465 bool X509_Certificate::is_serial_negative() const
466 {
467 return data().m_serial_negative;
468 }
469
470
issuer_dn() const471 const X509_DN& X509_Certificate::issuer_dn() const
472 {
473 return data().m_issuer_dn;
474 }
475
subject_dn() const476 const X509_DN& X509_Certificate::subject_dn() const
477 {
478 return data().m_subject_dn;
479 }
480
raw_issuer_dn() const481 const std::vector<uint8_t>& X509_Certificate::raw_issuer_dn() const
482 {
483 return data().m_issuer_dn_bits;
484 }
485
raw_subject_dn() const486 const std::vector<uint8_t>& X509_Certificate::raw_subject_dn() const
487 {
488 return data().m_subject_dn_bits;
489 }
490
is_CA_cert() const491 bool X509_Certificate::is_CA_cert() const
492 {
493 if(data().m_version < 3 && data().m_self_signed)
494 return true;
495
496 return data().m_is_ca_certificate;
497 }
498
path_limit() const499 uint32_t X509_Certificate::path_limit() const
500 {
501 if(data().m_version < 3 && data().m_self_signed)
502 return 32; // in theory infinite, but this is more than enough
503
504 return static_cast<uint32_t>(data().m_path_len_constraint);
505 }
506
constraints() const507 Key_Constraints X509_Certificate::constraints() const
508 {
509 return data().m_key_constraints;
510 }
511
extended_key_usage() const512 const std::vector<OID>& X509_Certificate::extended_key_usage() const
513 {
514 return data().m_extended_key_usage;
515 }
516
certificate_policy_oids() const517 const std::vector<OID>& X509_Certificate::certificate_policy_oids() const
518 {
519 return data().m_cert_policies;
520 }
521
name_constraints() const522 const NameConstraints& X509_Certificate::name_constraints() const
523 {
524 return data().m_name_constraints;
525 }
526
v3_extensions() const527 const Extensions& X509_Certificate::v3_extensions() const
528 {
529 return data().m_v3_extensions;
530 }
531
allowed_usage(Key_Constraints usage) const532 bool X509_Certificate::allowed_usage(Key_Constraints usage) const
533 {
534 if(constraints() == NO_CONSTRAINTS)
535 return true;
536 return ((constraints() & usage) == usage);
537 }
538
allowed_extended_usage(const std::string & usage) const539 bool X509_Certificate::allowed_extended_usage(const std::string& usage) const
540 {
541 return allowed_extended_usage(OID::from_string(usage));
542 }
543
allowed_extended_usage(const OID & usage) const544 bool X509_Certificate::allowed_extended_usage(const OID& usage) const
545 {
546 const std::vector<OID>& ex = extended_key_usage();
547 if(ex.empty())
548 return true;
549
550 if(std::find(ex.begin(), ex.end(), usage) != ex.end())
551 return true;
552
553 return false;
554 }
555
allowed_usage(Usage_Type usage) const556 bool X509_Certificate::allowed_usage(Usage_Type usage) const
557 {
558 // These follow suggestions in RFC 5280 4.2.1.12
559
560 switch(usage)
561 {
562 case Usage_Type::UNSPECIFIED:
563 return true;
564
565 case Usage_Type::TLS_SERVER_AUTH:
566 return (allowed_usage(KEY_AGREEMENT) || allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth");
567
568 case Usage_Type::TLS_CLIENT_AUTH:
569 return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(KEY_AGREEMENT)) && allowed_extended_usage("PKIX.ClientAuth");
570
571 case Usage_Type::OCSP_RESPONDER:
572 return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && allowed_extended_usage("PKIX.OCSPSigning");
573
574 case Usage_Type::CERTIFICATE_AUTHORITY:
575 return is_CA_cert();
576
577 case Usage_Type::ENCRYPTION:
578 return (allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DATA_ENCIPHERMENT));
579 }
580
581 return false;
582 }
583
has_constraints(Key_Constraints constraints) const584 bool X509_Certificate::has_constraints(Key_Constraints constraints) const
585 {
586 if(this->constraints() == NO_CONSTRAINTS)
587 {
588 return false;
589 }
590
591 return ((this->constraints() & constraints) != 0);
592 }
593
has_ex_constraint(const std::string & ex_constraint) const594 bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const
595 {
596 return has_ex_constraint(OID::from_string(ex_constraint));
597 }
598
has_ex_constraint(const OID & usage) const599 bool X509_Certificate::has_ex_constraint(const OID& usage) const
600 {
601 const std::vector<OID>& ex = extended_key_usage();
602 return (std::find(ex.begin(), ex.end(), usage) != ex.end());
603 }
604
605 /*
606 * Return if a certificate extension is marked critical
607 */
is_critical(const std::string & ex_name) const608 bool X509_Certificate::is_critical(const std::string& ex_name) const
609 {
610 return v3_extensions().critical_extension_set(OID::from_string(ex_name));
611 }
612
ocsp_responder() const613 std::string X509_Certificate::ocsp_responder() const
614 {
615 return data().m_ocsp_responder;
616 }
617
ca_issuers() const618 std::vector<std::string> X509_Certificate::ca_issuers() const
619 {
620 return data().m_ca_issuers;
621 }
622
crl_distribution_point() const623 std::string X509_Certificate::crl_distribution_point() const
624 {
625 // just returns the first (arbitrarily)
626 if(data().m_crl_distribution_points.size() > 0)
627 return data().m_crl_distribution_points[0];
628 return "";
629 }
630
subject_alt_name() const631 const AlternativeName& X509_Certificate::subject_alt_name() const
632 {
633 return data().m_subject_alt_name;
634 }
635
issuer_alt_name() const636 const AlternativeName& X509_Certificate::issuer_alt_name() const
637 {
638 return data().m_issuer_alt_name;
639 }
640
641 /*
642 * Return information about the subject
643 */
644 std::vector<std::string>
subject_info(const std::string & req) const645 X509_Certificate::subject_info(const std::string& req) const
646 {
647 if(req == "Email")
648 return this->subject_info("RFC822");
649
650 if(subject_dn().has_field(req))
651 return subject_dn().get_attribute(req);
652
653 if(subject_alt_name().has_field(req))
654 return subject_alt_name().get_attribute(req);
655
656 // These will be removed later:
657 if(req == "X509.Certificate.v2.key_id")
658 return {hex_encode(this->v2_subject_key_id())};
659 if(req == "X509v3.SubjectKeyIdentifier")
660 return {hex_encode(this->subject_key_id())};
661 if(req == "X509.Certificate.dn_bits")
662 return {hex_encode(this->raw_subject_dn())};
663 if(req == "X509.Certificate.start")
664 return {not_before().to_string()};
665 if(req == "X509.Certificate.end")
666 return {not_after().to_string()};
667
668 if(req == "X509.Certificate.version")
669 return {std::to_string(x509_version())};
670 if(req == "X509.Certificate.serial")
671 return {hex_encode(serial_number())};
672
673 return data().m_subject_ds.get(req);
674 }
675
676 /*
677 * Return information about the issuer
678 */
679 std::vector<std::string>
issuer_info(const std::string & req) const680 X509_Certificate::issuer_info(const std::string& req) const
681 {
682 if(issuer_dn().has_field(req))
683 return issuer_dn().get_attribute(req);
684
685 if(issuer_alt_name().has_field(req))
686 return issuer_alt_name().get_attribute(req);
687
688 // These will be removed later:
689 if(req == "X509.Certificate.v2.key_id")
690 return {hex_encode(this->v2_issuer_key_id())};
691 if(req == "X509v3.AuthorityKeyIdentifier")
692 return {hex_encode(this->authority_key_id())};
693 if(req == "X509.Certificate.dn_bits")
694 return {hex_encode(this->raw_issuer_dn())};
695
696 return data().m_issuer_ds.get(req);
697 }
698
699 /*
700 * Return the public key in this certificate
701 */
load_subject_public_key() const702 std::unique_ptr<Public_Key> X509_Certificate::load_subject_public_key() const
703 {
704 try
705 {
706 return std::unique_ptr<Public_Key>(X509::load_key(subject_public_key_info()));
707 }
708 catch(std::exception& e)
709 {
710 throw Decoding_Error("X509_Certificate::load_subject_public_key", e);
711 }
712 }
713
subject_public_key() const714 Public_Key* X509_Certificate::subject_public_key() const
715 {
716 return load_subject_public_key().release();
717 }
718
raw_issuer_dn_sha256() const719 std::vector<uint8_t> X509_Certificate::raw_issuer_dn_sha256() const
720 {
721 if(data().m_issuer_dn_bits_sha256.empty())
722 throw Encoding_Error("X509_Certificate::raw_issuer_dn_sha256 called but SHA-256 disabled in build");
723 return data().m_issuer_dn_bits_sha256;
724 }
725
raw_subject_dn_sha256() const726 std::vector<uint8_t> X509_Certificate::raw_subject_dn_sha256() const
727 {
728 if(data().m_subject_dn_bits_sha256.empty())
729 throw Encoding_Error("X509_Certificate::raw_subject_dn_sha256 called but SHA-256 disabled in build");
730 return data().m_subject_dn_bits_sha256;
731 }
732
733 namespace {
734
735 /*
736 * Lookup each OID in the vector
737 */
lookup_oids(const std::vector<OID> & oids)738 std::vector<std::string> lookup_oids(const std::vector<OID>& oids)
739 {
740 std::vector<std::string> out;
741
742 for(const OID& oid : oids)
743 {
744 out.push_back(oid.to_formatted_string());
745 }
746 return out;
747 }
748
749 }
750
751 /*
752 * Return the list of extended key usage OIDs
753 */
ex_constraints() const754 std::vector<std::string> X509_Certificate::ex_constraints() const
755 {
756 return lookup_oids(extended_key_usage());
757 }
758
759 /*
760 * Return the list of certificate policies
761 */
policies() const762 std::vector<std::string> X509_Certificate::policies() const
763 {
764 return lookup_oids(certificate_policy_oids());
765 }
766
fingerprint(const std::string & hash_name) const767 std::string X509_Certificate::fingerprint(const std::string& hash_name) const
768 {
769 /*
770 * The SHA-1 and SHA-256 fingerprints are precomputed since these
771 * are the most commonly used. Especially, SHA-256 fingerprints are
772 * used for cycle detection during path construction.
773 *
774 * If SHA-1 or SHA-256 was missing at parsing time the vectors are
775 * left empty in which case we fall back to create_hex_fingerprint
776 * which will throw if the hash is unavailable.
777 */
778 if(hash_name == "SHA-256" && data().m_fingerprint_sha256.size() > 0)
779 return data().m_fingerprint_sha256;
780 else if(hash_name == "SHA-1" && data().m_fingerprint_sha1.size() > 0)
781 return data().m_fingerprint_sha1;
782 else
783 return create_hex_fingerprint(this->BER_encode(), hash_name);
784 }
785
matches_dns_name(const std::string & name) const786 bool X509_Certificate::matches_dns_name(const std::string& name) const
787 {
788 if(name.empty())
789 return false;
790
791 std::vector<std::string> issued_names = subject_info("DNS");
792
793 // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4)
794 if(issued_names.empty())
795 issued_names = subject_info("Name");
796
797 for(size_t i = 0; i != issued_names.size(); ++i)
798 {
799 if(host_wildcard_match(issued_names[i], name))
800 return true;
801 }
802
803 return false;
804 }
805
806 /*
807 * Compare two certificates for equality
808 */
operator ==(const X509_Certificate & other) const809 bool X509_Certificate::operator==(const X509_Certificate& other) const
810 {
811 return (this->signature() == other.signature() &&
812 this->signature_algorithm() == other.signature_algorithm() &&
813 this->signed_body() == other.signed_body());
814 }
815
operator <(const X509_Certificate & other) const816 bool X509_Certificate::operator<(const X509_Certificate& other) const
817 {
818 /* If signature values are not equal, sort by lexicographic ordering of that */
819 if(this->signature() != other.signature())
820 {
821 return (this->signature() < other.signature());
822 }
823
824 // Then compare the signed contents
825 return this->signed_body() < other.signed_body();
826 }
827
828 /*
829 * X.509 Certificate Comparison
830 */
operator !=(const X509_Certificate & cert1,const X509_Certificate & cert2)831 bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
832 {
833 return !(cert1 == cert2);
834 }
835
to_string() const836 std::string X509_Certificate::to_string() const
837 {
838 std::ostringstream out;
839
840 out << "Version: " << this->x509_version() << "\n";
841 out << "Subject: " << subject_dn() << "\n";
842 out << "Issuer: " << issuer_dn() << "\n";
843 out << "Issued: " << this->not_before().readable_string() << "\n";
844 out << "Expires: " << this->not_after().readable_string() << "\n";
845
846 out << "Constraints:\n";
847 Key_Constraints constraints = this->constraints();
848 if(constraints == NO_CONSTRAINTS)
849 out << " None\n";
850 else
851 {
852 if(constraints & DIGITAL_SIGNATURE)
853 out << " Digital Signature\n";
854 if(constraints & NON_REPUDIATION)
855 out << " Non-Repudiation\n";
856 if(constraints & KEY_ENCIPHERMENT)
857 out << " Key Encipherment\n";
858 if(constraints & DATA_ENCIPHERMENT)
859 out << " Data Encipherment\n";
860 if(constraints & KEY_AGREEMENT)
861 out << " Key Agreement\n";
862 if(constraints & KEY_CERT_SIGN)
863 out << " Cert Sign\n";
864 if(constraints & CRL_SIGN)
865 out << " CRL Sign\n";
866 if(constraints & ENCIPHER_ONLY)
867 out << " Encipher Only\n";
868 if(constraints & DECIPHER_ONLY)
869 out << " Decipher Only\n";
870 }
871
872 const std::vector<OID>& policies = this->certificate_policy_oids();
873 if(!policies.empty())
874 {
875 out << "Policies: " << "\n";
876 for(auto oid : policies)
877 out << " " << oid.to_string() << "\n";
878 }
879
880 const std::vector<OID>& ex_constraints = this->extended_key_usage();
881 if(!ex_constraints.empty())
882 {
883 out << "Extended Constraints:\n";
884 for(auto&& oid : ex_constraints)
885 {
886 out << " " << oid.to_formatted_string() << "\n";
887 }
888 }
889
890 const NameConstraints& name_constraints = this->name_constraints();
891
892 if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty())
893 {
894 out << "Name Constraints:\n";
895
896 if(!name_constraints.permitted().empty())
897 {
898 out << " Permit";
899 for(auto st: name_constraints.permitted())
900 {
901 out << " " << st.base();
902 }
903 out << "\n";
904 }
905
906 if(!name_constraints.excluded().empty())
907 {
908 out << " Exclude";
909 for(auto st: name_constraints.excluded())
910 {
911 out << " " << st.base();
912 }
913 out << "\n";
914 }
915 }
916
917 if(!ocsp_responder().empty())
918 out << "OCSP responder " << ocsp_responder() << "\n";
919
920 const std::vector<std::string> ca_issuers = this->ca_issuers();
921 if(!ca_issuers.empty())
922 {
923 out << "CA Issuers:\n";
924 for(size_t i = 0; i != ca_issuers.size(); i++)
925 out << " URI: " << ca_issuers[i] << "\n";
926 }
927
928 if(!crl_distribution_point().empty())
929 out << "CRL " << crl_distribution_point() << "\n";
930
931 out << "Signature algorithm: " << this->signature_algorithm().get_oid().to_formatted_string() << "\n";
932
933 out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
934
935 if(this->authority_key_id().size())
936 out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
937
938 if(this->subject_key_id().size())
939 out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
940
941 try
942 {
943 std::unique_ptr<Public_Key> pubkey(this->subject_public_key());
944 out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n";
945 out << X509::PEM_encode(*pubkey);
946 }
947 catch(Decoding_Error&)
948 {
949 const AlgorithmIdentifier& alg_id = this->subject_public_key_algo();
950 out << "Failed to decode key with oid " << alg_id.get_oid().to_string() << "\n";
951 }
952
953 return out.str();
954 }
955
956 }
957