16249365818

Committed 13 Jul 2025 12:56PM UTC coverage: 90.618% (+0.002%) from 90.616%

Build # 16249365818

Build Type

Pull #4985

github

Committed by

web-flow

Commit Message

Merge 34acb0b10 into cf74a5db8

Pull Request Pull Request #4985: Enable and fix clang-tidy warning cppcoreguidelines-prefer-member-initializer

Run Details

99527 of 109831 relevant lines covered (90.62%)

12274327.89 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

89.58

/src/lib/x509/ocsp_types.cpp

/*
* OCSP subtypes
* (C) 2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/ocsp.h>

#include <botan/ber_dec.h>
#include <botan/der_enc.h>
#include <botan/hash.h>
#include <botan/x509_ext.h>

namespace Botan::OCSP {

CertID::CertID(const X509_Certificate& issuer, const BigInt& subject_serial) : m_subject_serial(subject_serial) {
   /*
   In practice it seems some responders, including, notably,
   ocsp.verisign.com, will reject anything but SHA-1 here
   */
   auto hash = HashFunction::create_or_throw("SHA-1");

   m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
   m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
   m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
}

bool CertID::is_id_for(const X509_Certificate& issuer, const X509_Certificate& subject) const {
   try {
      if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {
         return false;
      }

      const std::string hash_algo = m_hash_id.oid().to_formatted_string();
      auto hash = HashFunction::create_or_throw(hash_algo);

      if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) {
         return false;
      }

      if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) {
         return false;
      }
   } catch(...) {
      return false;
   }

   return true;
}

void CertID::encode_into(DER_Encoder& to) const {
   to.start_sequence()
      .encode(m_hash_id)
      .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
      .encode(m_issuer_key_hash, ASN1_Type::OctetString)
      .encode(m_subject_serial)
      .end_cons();
}

void CertID::decode_from(BER_Decoder& from) {
   from.start_sequence()
      .decode(m_hash_id)
      .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
      .decode(m_issuer_key_hash, ASN1_Type::OctetString)
      .decode(m_subject_serial)
      .end_cons();
}

void SingleResponse::encode_into(DER_Encoder& /*to*/) const {
   throw Not_Implemented("SingleResponse::encode_into");
}

void SingleResponse::decode_from(BER_Decoder& from) {
   BER_Object cert_status;
   Extensions extensions;

   from.start_sequence()
      .decode(m_certid)
      .get_next(cert_status)
      .decode(m_thisupdate)
      .decode_optional(m_nextupdate, ASN1_Type(0), ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
      .decode_optional(extensions, ASN1_Type(1), ASN1_Class::ContextSpecific | ASN1_Class::Constructed)
      .end_cons();

   /* CertStatus ::= CHOICE {
       good        [0]     IMPLICIT NULL,
       revoked     [1]     IMPLICIT RevokedInfo,
       unknown     [2]     IMPLICIT UnknownInfo }

   RevokedInfo ::= SEQUENCE {
       revocationTime              GeneralizedTime,
       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

   UnknownInfo ::= NULL

   We should verify the expected body and decode the RevokedInfo
   */
   m_cert_status = static_cast<uint32_t>(cert_status.type());
}

}  // namespace Botan::OCSP

1	/*
2	* OCSP subtypes
3	* (C) 2012 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/ocsp.h>
9
10	#include <botan/ber_dec.h>
11	#include <botan/der_enc.h>
12	#include <botan/hash.h>
13	#include <botan/x509_ext.h>
14
15	namespace Botan::OCSP {
16
17	CertID::CertID(const X509_Certificate& issuer, const BigInt& subject_serial) : m_subject_serial(subject_serial) {	4✔
18	/*
19	In practice it seems some responders, including, notably,
20	ocsp.verisign.com, will reject anything but SHA-1 here
21	*/
22	auto hash = HashFunction::create_or_throw("SHA-1");	4✔
23
24	m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);	4✔
25	m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));	8✔
26	m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));	12✔
27	}	4✔
28
29	bool CertID::is_id_for(const X509_Certificate& issuer, const X509_Certificate& subject) const {	37✔
30	try {	37✔
31	if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {	74✔
32	return false;	×
33	}
34
35	const std::string hash_algo = m_hash_id.oid().to_formatted_string();	37✔
36	auto hash = HashFunction::create_or_throw(hash_algo);	37✔
37
38	if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) {	148✔
39	return false;
40	}
41
42	if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) {	148✔
43	return false;
44	}
45	} catch(...) {	37✔
46	return false;	×
47	}	×
48
49	return true;	37✔
50	}
51
52	void CertID::encode_into(DER_Encoder& to) const {	3✔
53	to.start_sequence()	3✔
54	.encode(m_hash_id)	3✔
55	.encode(m_issuer_dn_hash, ASN1_Type::OctetString)	3✔
56	.encode(m_issuer_key_hash, ASN1_Type::OctetString)	3✔
57	.encode(m_subject_serial)	3✔
58	.end_cons();	3✔
59	}	3✔
60
61	void CertID::decode_from(BER_Decoder& from) {	76✔
62	from.start_sequence()	152✔
63	.decode(m_hash_id)	76✔
64	.decode(m_issuer_dn_hash, ASN1_Type::OctetString)	71✔
65	.decode(m_issuer_key_hash, ASN1_Type::OctetString)	71✔
66	.decode(m_subject_serial)	67✔
67	.end_cons();	59✔
68	}	59✔
69
70	void SingleResponse::encode_into(DER_Encoder& /to/) const {	×
71	throw Not_Implemented("SingleResponse::encode_into");	×
72	}
73
74	void SingleResponse::decode_from(BER_Decoder& from) {	76✔
75	BER_Object cert_status;	76✔
76	Extensions extensions;	76✔
77
78	from.start_sequence()	101✔
79	.decode(m_certid)	76✔
80	.get_next(cert_status)	59✔
81	.decode(m_thisupdate)	59✔
82	.decode_optional(m_nextupdate, ASN1_Type(0), ASN1_Class::ContextSpecific \| ASN1_Class::Constructed)	105✔
83	.decode_optional(extensions, ASN1_Type(1), ASN1_Class::ContextSpecific \| ASN1_Class::Constructed)	129✔
84	.end_cons();	51✔
85
86	/* CertStatus ::= CHOICE {
87	good [0] IMPLICIT NULL,
88	revoked [1] IMPLICIT RevokedInfo,
89	unknown [2] IMPLICIT UnknownInfo }
90
91	RevokedInfo ::= SEQUENCE {
92	revocationTime GeneralizedTime,
93	revocationReason [0] EXPLICIT CRLReason OPTIONAL }
94
95	UnknownInfo ::= NULL
96
97	We should verify the expected body and decode the RevokedInfo
98	*/
99	m_cert_status = static_cast<uint32_t>(cert_status.type());	51✔
100	}	77✔
101
102	} // namespace Botan::OCSP

randombit / botan / 16249365818

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous