5079590438

Committed 25 May 2023 12:28PM UTC coverage: 92.228% (+0.5%) from 91.723%

Build # 5079590438

Build Type

Pull #3502

github

Pull Request Pull Request #3502: Apply clang-format to the codebase

Run Details

75589 of 81959 relevant lines covered (92.23%)

12139530.51 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.65

/src/lib/x509/ocsp_types.cpp

/*
* OCSP subtypes
* (C) 2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/ocsp.h>

#include <botan/ber_dec.h>
#include <botan/der_enc.h>
#include <botan/hash.h>
#include <botan/x509_ext.h>

namespace Botan::OCSP {

CertID::CertID(const X509_Certificate& issuer, const BigInt& subject_serial) {
   /*
   In practice it seems some responders, including, notably,
   ocsp.verisign.com, will reject anything but SHA-1 here
   */
   auto hash = HashFunction::create_or_throw("SHA-1");

   m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
   m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
   m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
   m_subject_serial = subject_serial;
}

bool CertID::is_id_for(const X509_Certificate& issuer, const X509_Certificate& subject) const {
   try {
      if(BigInt::decode(subject.serial_number()) != m_subject_serial)
         return false;

      const std::string hash_algo = m_hash_id.oid().to_formatted_string();
      auto hash = HashFunction::create_or_throw(hash_algo);

      if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
         return false;

      if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
         return false;
   } catch(...) { return false; }

   return true;
}

void CertID::encode_into(DER_Encoder& to) const {
   to.start_sequence()
      .encode(m_hash_id)
      .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
      .encode(m_issuer_key_hash, ASN1_Type::OctetString)
      .encode(m_subject_serial)
      .end_cons();
}

void CertID::decode_from(BER_Decoder& from) {
   from.start_sequence()
      .decode(m_hash_id)
      .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
      .decode(m_issuer_key_hash, ASN1_Type::OctetString)
      .decode(m_subject_serial)
      .end_cons();
}

void SingleResponse::encode_into(DER_Encoder& /*to*/) const { throw Not_Implemented("SingleResponse::encode_into"); }

void SingleResponse::decode_from(BER_Decoder& from) {
   BER_Object cert_status;
   Extensions extensions;

   from.start_sequence()
      .decode(m_certid)
      .get_next(cert_status)
      .decode(m_thisupdate)
      .decode_optional(m_nextupdate, ASN1_Type(0), ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
      .decode_optional(extensions, ASN1_Type(1), ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
      .end_cons();

   /* CertStatus ::= CHOICE {
       good        [0]     IMPLICIT NULL,
       revoked     [1]     IMPLICIT RevokedInfo,
       unknown     [2]     IMPLICIT UnknownInfo }

   RevokedInfo ::= SEQUENCE {
       revocationTime              GeneralizedTime,
       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

   UnknownInfo ::= NULL

   We should verify the expected body and decode the RevokedInfo
   */
   m_cert_status = static_cast<uint32_t>(cert_status.type());
}

}

1	/*
2	* OCSP subtypes
3	* (C) 2012 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/ocsp.h>
9
10	#include <botan/ber_dec.h>
11	#include <botan/der_enc.h>
12	#include <botan/hash.h>
13	#include <botan/x509_ext.h>
14
15	namespace Botan::OCSP {
16
17	CertID::CertID(const X509_Certificate& issuer, const BigInt& subject_serial) {	4✔
18	/*
19	In practice it seems some responders, including, notably,
20	ocsp.verisign.com, will reject anything but SHA-1 here
21	*/
22	auto hash = HashFunction::create_or_throw("SHA-1");	4✔
23
24	m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);	4✔
25	m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));	8✔
26	m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));	8✔
27	m_subject_serial = subject_serial;	4✔
28	}	4✔
29
30	bool CertID::is_id_for(const X509_Certificate& issuer, const X509_Certificate& subject) const {	37✔
31	try {	37✔
32	if(BigInt::decode(subject.serial_number()) != m_subject_serial)	111✔
33	return false;	×
34
35	const std::string hash_algo = m_hash_id.oid().to_formatted_string();	37✔
36	auto hash = HashFunction::create_or_throw(hash_algo);	37✔
37
38	if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))	148✔
39	return false;
40
41	if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))	148✔
42	return false;
43	} catch(...) { return false; }	37✔
44
45	return true;	37✔
46	}
47
48	void CertID::encode_into(DER_Encoder& to) const {	3✔
49	to.start_sequence()	3✔
50	.encode(m_hash_id)	3✔
51	.encode(m_issuer_dn_hash, ASN1_Type::OctetString)	3✔
52	.encode(m_issuer_key_hash, ASN1_Type::OctetString)	3✔
53	.encode(m_subject_serial)	3✔
54	.end_cons();	3✔
55	}	3✔
56
57	void CertID::decode_from(BER_Decoder& from) {	134✔
58	from.start_sequence()	264✔
59	.decode(m_hash_id)	130✔
60	.decode(m_issuer_dn_hash, ASN1_Type::OctetString)	123✔
61	.decode(m_issuer_key_hash, ASN1_Type::OctetString)	119✔
62	.decode(m_subject_serial)	115✔
63	.end_cons();	104✔
64	}	92✔
65
66	void SingleResponse::encode_into(DER_Encoder& /to/) const { throw Not_Implemented("SingleResponse::encode_into"); }	×
67
68	void SingleResponse::decode_from(BER_Decoder& from) {	135✔
69	BER_Object cert_status;	135✔
70	Extensions extensions;	135✔
71
72	from.start_sequence()	194✔
73	.decode(m_certid)	134✔
74	.get_next(cert_status)	92✔
75	.decode(m_thisupdate)	92✔
76	.decode_optional(m_nextupdate, ASN1_Type(0), ASN1_Class::ContextSpecific \| ASN1_Class::Constructed)	155✔
77	.decode_optional(extensions, ASN1_Type(1), ASN1_Class::ContextSpecific \| ASN1_Class::Constructed)	211✔
78	.end_cons();	75✔
79
80	/* CertStatus ::= CHOICE {
81	good [0] IMPLICIT NULL,
82	revoked [1] IMPLICIT RevokedInfo,
83	unknown [2] IMPLICIT UnknownInfo }
84
85	RevokedInfo ::= SEQUENCE {
86	revocationTime GeneralizedTime,
87	revocationReason [0] EXPLICIT CRLReason OPTIONAL }
88
89	UnknownInfo ::= NULL
90
91	We should verify the expected body and decode the RevokedInfo
92	*/
93	m_cert_status = static_cast<uint32_t>(cert_status.type());	75✔
94	}	136✔
95
96	}

randombit / botan / 5079590438

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous